Deploying Docker Containers on AWS ECS Fargate
This documentation provides a step-by-step guide on how to create a task definition, service, attach it to an Application Load Balancer (ALB) in order publish it to the internet.
Table of Contents
- Create a Task Definition
- Create an ECS Service
- Fix Your Health Checks
- Check Your Application
Here is a diagram explaining the architecture we will be following:
You can see our docker containers are pulled into AWS through the task definition and turned into a service. For the users to reach our services, we need to simply add a new target group to our existing load balancer.
Before proceeding with these steps, make sure you have the following:
- An AWS account with necessary permissions to create ECS resources, add target groups, and modify load balancers.
- Have created a docker container from our previous guide, and have it published on DockerHub.
Create a Task Definition
- In AWS, Navigate to Amazon Elastic Container Service > Task definition > Create new task definition
- Task name: choose something descriptive like:
- Container: Create a container definition
- Container name: ex.
- Image URI: your DockerHub image URI ex.
- Port mapping: add your exposed ports here, ex. TCP on port 80 (http)\ Make sure you use http; our load balancer will add https later for you.
- Environment Variables: these are the variables referenced in docker containers. For dashboards, we use
DASH_BASE_URLto set the URL path for the dashboard like
/dashboards/population. These variables need to be referenced in your code. It will not automatically work. Other applications we have use environment variables to pass in secret credentials.
- Container name: ex.
- Configure environment: resources
- Change the resources: Usually each container we set to 1 vCPU and 2 GiB of memory
- Task role: set to
- Keep storage and logging as default
- Finally review & create your task definition.
Create an ECS Service
- Go back to the cluster and click create a new service.
- Deployment Configuration:
- Make sure you have a service selected.
- Select Family and choose your new task definition.
- Service name: ex
- Make sure the default VPC is selected, and all 3 subnets are selected.
- Choose security group
GBADs-Dashboard-LB-SecurityGroup(Despite the name, this is used for all containers, not just dashboards)
- Load Balancing:
Use an existing load balancer
Dashboards-ALB(This is used for all containers, not just dashboards)
Use an existing listener
443: HTTPS- This is where https is added for you
Create a new target group
- Target group name: something like
- Path pattern: Change this to your applications base URL but add a '*'. \
/dashboards/population*, this forwards all traffic with this pattern to our new container.
- Evaluation order: scroll through the existing rules and select the next number in order.\
Sometimes we have applications with overlapping patterns like
/dashboards/population-v2. It is important here that the longest URL gets prioritized in the evaluation order (longer URL needs a lower number). You may need to shift around some rules to make space.
- Health Check Path: this path is used to check the status of your application. This usually is the base URL of your application, or the docs site of an API. Like
- Click create.
Fix Your Health Checks
Before checking your service, we need to make a change to our new target group to accept more HTTP return codes.
- Go to EC2 > Target Groups > your-new-target-group > Health Checks > Edit
- Open Advanced health check settings
- Change success codes to
- Save changes
Check Your Application
You can now go to
www.gbadske.org/[your base URL here] like,
www.gbadske.org/dashboards/population to check your application status.