Creating a Service Using a Deployment Strategy
Create an ECS service using the blue-green deployment strategy.
Introduction
The main objective of this lesson is to create an Amazon ECS service (containing a Fargate task) using the blue-green deployment strategy.
Creating the necessary IAM role
We need to create the ecsTaskExecutionRole, ecsCodeDeployRole, and a service role of ECS for later use. We also need to attach the necessary policies to these roles.
Press + to interact
aws iam create-role --role-name ecsTaskExecutionRole --assume-role-policy-document file:///usercode/ecs-tasks-trust-policy.jsonaws iam attach-role-policy --role-name ecsTaskExecutionRole --policy-arn arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicyaws iam attach-role-policy --role-name ecsTaskExecutionRole --policy-arn arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicyaws iam attach-role-policy --role-name ecsTaskExecutionRole --policy-arn arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnlyaws iam create-role --role-name ecsCodeDeployRole --assume-role-policy-document file:///usercode/ecs-codedeploy-trust-policy.jsonaws iam attach-role-policy --role-name ecsCodeDeployRole --policy-arn arn:aws:iam::aws:policy/AWSCodeDeployRoleForECSaws iam create-service-linked-role --aws-service-name ecs.amazonaws.com
Creating the network components
Note: Please note the relevant IDs for all resources created, like VPC, subnet, security group, and so on.
- Create the
Virtual Private Cloudas shown below:
Press + to interact
aws ec2 create-vpc --cidr-block 10.0.0.0/16 --region us-east-1
- Create the
two subnetsrequired as shown below:
Press + to interact
aws ec2 create-subnet --vpc-id <vpc-id> --cidr-block 10.0.1.0/24 --availability-zone us-east-1aaws ec2 create-subnet --vpc-id <vpc-id> --cidr-block 10.0.2.0/24 --availability-zone us-east-1b
- Create a
security groupto which we’ll attach aninbound rulefor traffic onport 80as shown below:
Press + to interact
aws ec2 create-security-group --group-name mysg --description "My security group" --region us-east-1 --vpc-id <vpc-id>aws ec2 authorize-security-group-ingress --group-id <security-group-id> --protocol tcp --port 80 --cidr 0.0.0.0/0 --region us-east-1
- Create the
internet gatewayas shown below:
Press + to interact
aws ec2 create-internet-gateway --region us-east-1
- Attach the
internet gatewayto thevpccreated earlier, as shown below:
Press + to interact
aws ec2 attach-internet-gateway --internet-gateway-id <internet-gateway-id> --vpc-id <vpc-id> --region us-east-1
- Create a
route-tableto route traffic to the internet in order to be able to view the application.
Press + to interact
aws ec2 create-route-table --vpc-id <vpc-id> --region us-east-1
- Create a route as shown below:
Press + to interact
aws ec2 create-route --route-table-id <route-table-id> --destination-cidr-block 0.0.0.0/0 --gateway-id <internet-gateway-id> --region us-east-1
- Associate the
route-tablewith the createdsubnets.
Press + to interact
aws ec2 associate-route-table --route-table-id <route-table-id> --subnet-id <subnet-1-id> --region us-east-1aws ec2 associate-route-table --route-table-id <route-table-id> --subnet-id <subnet-2-id> --region us-east-1
Playground I:
Use the widget below to try out commands that allow you to create roles and network components.
Note: In case the terminal shows a paginated output, kindly press “q” to skip through it. Fill in the placeholders
<>with the real values obtained from the commands that generate them.
# Create roles and attach policies
aws iam create-role \
--role-name ecsTaskExecutionRole \
--assume-role-policy-document file:///usercode/ecs-tasks-trust-policy.json
aws iam attach-role-policy \
--role-name ecsTaskExecutionRole \
--policy-arn arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
aws iam attach-role-policy \
--role-name ecsTaskExecutionRole \
--policy-arn arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy
aws iam attach-role-policy \
--role-name ecsTaskExecutionRole \
--policy-arn arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
aws iam create-role \
--role-name ecsCodeDeployRole \
--assume-role-policy-document file:///usercode/ecs-codedeploy-trust-policy.json
aws iam attach-role-policy \
--role-name ecsCodeDeployRole \
--policy-arn arn:aws:iam::aws:policy/AWSCodeDeployRoleForECS
aws iam create-service-linked-role \
--aws-service-name ecs.amazonaws.com
# Create the network components
aws ec2 create-vpc \
--cidr-block 10.0.0.0/16 \
--region us-east-1
aws ec2 create-subnet \
--vpc-id <vpc-id> \
--cidr-block 10.0.1.0/24 \
--availability-zone us-east-1a
aws ec2 create-subnet \
--vpc-id <vpc-id> \
--cidr-block 10.0.2.0/24 \
--availability-zone us-east-1b
aws ec2 create-security-group \
--group-name mysg \
--description "My security group" \
--region us-east-1 \
--vpc-id <vpc-id>
aws ec2 authorize-security-group-ingress \
--group-id <security-group-id> \
--protocol tcp \
--port 80 \
--cidr 0.0.0.0/0 \
--region us-east-1
aws ec2 create-internet-gateway \
--region us-east-1
aws ec2 attach-internet-gateway \
--internet-gateway-id <internet-gateway-id> \
--vpc-id <vpc-id> \
--region us-east-1
aws ec2 create-route-table \
--vpc-id <vpc-id> \
--region us-east-1
aws ec2 create-route \
--route-table-id <route-table-id> \
--destination-cidr-block 0.0.0.0/0 \
--gateway-id <internet-gateway-id> \
--region us-east-1
aws ec2 associate-route-table \
--route-table-id <route-table-id> \
--subnet-id <subnet-1-id> \
--region us-east-1
aws ec2 associate-route-table \
--route-table-id <route-table-id> \
--subnet-id <subnet-2-id> \
--region us-east-1Creating the IAM role and network components
Creating an application load balancer
A load balancer is used to provide high availability for our application by ensuring that incoming application traffic is distributed across multiple targets, such as an EC2 cluster.
To create an ECS service using the blue-green deployment strategy, we need to create an ELB (Elastic Load balancer). The steps to do this are as follows:
- We need to first create an application load balancer using the
create-load-balancercommand as shown