In the previous episode we talked about some very important concepts, such as virtualization, containers and we ran our first local image. In this episode, we’ll learn about the cloud we’ll use to host our application and the services we’ll use.
CLOUD PROVIDER — AMAZON WEB SERVICES
The cloud that we are going to use is AWS, it is through it that we are going to host our application. You can read more about what AWS is in my article.
The AWS services we will be using are:
- ECR
- VPC
- SECURITY GROUP
- APPLICATION LOAD BALANCER
- ECS COM FARGATE
With these services we will be able to have our game in the cloud in a reliable and secure way. Now that we know what AWS is and what services we are going to use, it's time to understand these services, how they work and how to use them.
ECR
ECR is an AWS service that lets you store, manage, and deploy Docker container images in the cloud. With it, share the images that are in the repository to deploy containers in services such as ECS and EKS.
The coolest thing about ECR is that it brings security, scalability and high availability, ensuring that our images are ready to be deployed when needed.
Now that we understand what ECR is, let’s put it into practice. The first thing we’re going to do is create a repository with ECR to host our image. Just access the ECR and create a repository for our image. Here I called it supermario, but you can name it whatever you want. Once we insert the name, just create
The next step is to download our Docker image to later use it. The image we will use in this practice is on Docker-hub and its author is pengbai. To download it, open your terminal and use the following command:
docker pull pengbai/docker-supermario
Once this is done, we will have our image ready locally.
Our next step is to upload the image we just downloaded to our repository and for that we will click on view push commands to see the necessary commands to upload our image and execute them. Step 2 of Push commands for supermario is not necessary, as we already have our image ready and for this reason we will not build it, skipping from step 1 to step 3.
VPC
Show, the first part of our journey has been completed, now let’s get into the network concepts a little bit so we can connect our services, as well as make it work there on the internet.
Amazon VPC (Virtual Private Cloud) is a service that allows you to create an isolated virtual network in the cloud.
Simply put, a VPC is like a “bubble” in the cloud that lets you create an isolated and secure virtual private network where you can run your cloud computing resources along with your own subnets, firewall rules, internet gateways, and more. , all within a highly customizable and controlled environment.
The advantage of using a VPC is that we can create a secure virtual private network to run our applications on our own managed network infrastructure.
Now that we understand what VPC is and we have our image ready, let’s create a network along with its respective subnets and all the dependencies we’ll need to play our game.
Let’s access the VPC service, click on create VPC and fill in the settings for our VPC. Mine I called supermario-vpc.
SECURITY GROUP
The Security Group is a very important security service that allows us to control access to our cloud services and environments.
Basically, it’s like a “gateway” that we configure to allow or block traffic to our cloud resources based on protocol, port, and IP. It works with rules, where we decide which IPs or resources can access our environment/resource and on which port this access will happen.
To create the security group, we will access the page of this service and click on create security group. That done, let’s enter the settings of our SG such as the name we are going to give it, description, the VPC it will use and the entry and exit rules. It is important to remember that in the entry rules we will leave all tcps and only for your IP and also for the security group itself (Add an all tcps rule, select custom in the source field and insert the ID of the SG itself).
APPLICATION LOAD BALANCER
The next service to be created will be our Target Group and our Load Balancer that will do all our balancing.
The Target Group, an AWS resource, is a group of resources that will receive traffic routed by the Load Balancer. It is through it that we manage where by determining our application’s incoming traffic should be directed. With it we can direct traffic between various destinations such as EC2 instances, containers and Lambda functions.
In the Load Balancer part, we will use the application type which is responsible for allowing applications to be highly available and scalable, distributing traffic to the healthiest Target Groups, improving fault tolerance and working with the HTTP and HTTPS protocols
FARGATE
At this moment we will host our application on ECS fargate. To understand more about fargate you can see my article here.
TASK DEFINITION
Before creating our cluster, It is the specification of an ECS task. In it, you can inform the configuration of containers, amount of memory/CPU, configuration of volumes, network mode, etc..
We will need to open ECR -> REPOSITORIES -> SUPERMARIO and copy the URI of our image.
Now let’s click on task definition and create new task definition. That done, let’s add all the necessary settings such as the name of the task definition, operating system family, task size and the execution role. Now, scrolling down the page a bit, in the Container definitions label, let’s add an add container and choose a name for our container, insert the URI of the image we copied and the port it will run on. Here, it will run on port 8080.
CLUSTER
Go to ECS -> Clusters -> Create Cluster, select Networking Only, go to the next step, choose a name for our cluster and create.
SERVICE
Once that’s done, let’s go to our last step, creating the service that will manage our task. The service will manage our task which contains our container and it is created based on our task definition
For this, we will access our cluster and click on create service. At this point, we are going to add all the necessary configurations for our service, such as which type of service, which task definition we are going to use, how many tasks are going to be executed, which VPC, Load Balancer, Target Group, security group and autoscaling configurations will be part of the service.
TASK
The task is the resource that contains all the configurations and information of our container and it runs and manages it.
To make sure that everything went well, first we must check the status of our task, if it is RUNNING, it means that it is working. To test whether our application is operating the way we expect it to and that nothing is wrong, just copy the task’s Public IP and add the container’s port, for example IP:8080.
Done, now you can enjoy your game :)