Streamlining Application Containerization Utilizing EC2, ECR, ECS, Fargate, and Load Balancing

Abstract.

This project outlines a comprehensive strategy for application containerization utilizing essential AWS services. The process starts with packaging apps into Docker containers and storing their images in Amazon Elastic Container Registry (ECR). These container images are then deployed and managed using Amazon Elastic Container Service (ECS), which is a highly scalable container orchestration platform. The solution provides flexibility for computational resources by using either AWS Fargate, which eliminates the need to manage servers, or Amazon EC2 instances, which offer more control over the underlying infrastructure. To ensure high availability and efficient traffic distribution, load balancing is integrated, typically employing Application Load Balancers (ALBs) to distribute incoming requests across multiple containerized tasks within the ECS cluster. This architecture enables scalable, resilient, and readily manageable containerized application deployments on the AWS cloud.

Table of Contents.

1. An Overview of AWS Services and Containerization.

2. Storing and administering container images via Amazon ECR.

3. Using Application Load Balancing (ALB) in conjunction with load balancing.

4. Deploying containerized applications with Amazon ECS.

5. Monitoring ECS services and tasks for connecting applications to the internet.

6. The Best Practices on Web Application Containerization.

7. Conclusion.

1. An Overview of AWS Services and Containerization.

   On this project, containers are a type of operating system-level virtualization that packages application code with all its dependencies into a single, portable unit. This enables applications to be delivered and executed consistently across several settings, ranging from developer workstations to cloud servers. Containers are lightweight, efficient, and provide better mobility, isolation, and resource usage than standard virtualization solutions such as virtual machines. By offering a standardized environment for creating, testing, and deploying applications, containers simplify the development process.

   Why Amazon ECS? You can deploy, manage, and scale containerized apps more effectively with the support of Amazon Elastic Container Service (Amazon ECS), a fully managed container orchestration service. It offers a user-friendly solution for executing container workloads both on-premises and in the cloud with sophisticated security features through Amazon ECS Anywhere, thanks to its tight integration with the AWS environment. AWS is an elastic, secure, adaptable, and developer-focused cloud provider, making it suitable for container workloads. AWS provides scalable infrastructure, APIs, and a Software Development Kit that interact with the development lifecycle and highlight the benefits of containers. Furthermore, ECS provides three alternatives for running your container-based application: AWS EC2 instances, AWS Fargate, and Amazon ECS, which allows you to register other instances, such as on-premises servers or virtual machines, into your ECS cluster.

   Now, let’s create an EC2 instance, key pair, and network settings to add a security group rule as shown below.

   

   

   

   Now you can connect to EC2 to launch your instance and input for updates as yum updates -y, curl -fsSL https://get.docker.com -o get-docker.sh, and install Docker as yum install docker -y , systemctl start docker as shown below.

   

   

   Then, you enter a Dockerfile and type vi Index.html to generate your HTML file. Enter your code, save, and exit. As shown below.

   

   

   Now, log in to your Docker account by typing docker login and inputting all the necessary information, and build a Docker image as docker build -t gic-automobile .

   

   The next step is to create an access key through the IAM console. IAM → Users → Create Access Keys (for CLI use), select CLI as your use case, and create access keys.

   

   

   

   At this point, after creating the access keys, navigate back to the terminal and type aws configure and enter your Access Key, Secret Key, region, and output format once prompted.

   

   Having containerized our application, we may proceed to the subsequent phase.

2. Storing and administering container images via Amazon ECR

   1. Creating an ECR repository: Amazon Elastic Container Registry (Amazon ECR) is a dependable, scalable, and secure managed container image registry service offered by AWS. Amazon ECR supports private repositories with resource-based permissions via AWS IAM. Using the command aws ecr create-repository --repository-name gicdocker

   

   You can verify it on the AWS ECR Console after generating the repository using the command line. Select the newly established repository by clicking on it. Next, a dialog box will open when you click View Push Commands.

   

   Follow the commands on the AWS CLI as indicated by the pop-up and build your build on the AWS CLI as shown below.

   

   

   2. Pushing the Docker image to ECR: A local image can be pushed to a regular Docker repository by first tagging it with the name of the repository. A tag must always refer to the same image digest in the Artifact Registry Docker repository if tag immutability is enabled.

   

   We can see that the repository has been pushed, and Docker has been built with the container generated, so we can continue on to the next phase.

3. Using Application Load Balancing (ALB) in conjunction with load balancing.

   1. Understanding Load Balancing Concepts: In AWS, load balancing, which is mostly controlled by Elastic Load Balancing (ELB), entails allocating incoming application traffic across several targets in one or more Availability Zones, such as IP addresses, Amazon EC2 instances, or containers. Applications' performance, scalability, and availability are improved by this distribution. The main part that receives incoming traffic and directs it to targets that have been registered. AWS provides four primary categories:

   i. Application load balancers (ALBs) are appropriate for HTTP/HTTPS traffic and function at the application layer, or Layer 7 of the OSI model. Requests can be routed to several target groups according to content (such as the host header or URL path).

   ii. Network Load Balancer (NLB): Manages TCP, UDP, and TLS traffic at the connection level (Layer 4). For applications requiring exceptional performance, its high throughput and ultra-low latency make it perfect.

   iii. The Gateway Load Balancer (GLB) is a network layer (Layer 3) device that is used to deploy and manage virtual appliances such as intrusion detection systems and firewalls.

   iv. The Classic Load Balancer (CLB) is a legacy load balancer that is typically advised to be replaced for new deployments by ALBs or NLBs.

   A. Distributing traffic across healthy targets: The main way that AWS divides traffic among healthy targets is as mentioned above, however for the time being, you will build a load balancer by selecting Load Balancing - Load Balancers - Create load balancer from the EC2 instance dashboard.

   

   You choose the Application Load Balancer (ALB) as indicated below since this project is based on host-based routing, which routes traffic to various apps or services based on the hostname in the request.

   

   Assign a name to your load balancer, keep the other settings as they are, and then proceed to Network mapping to choose the VPC as the default and two AZs that will automatically attach the subnets as seen below.

   

   B. Target groups and routing rules: All of this cooperates to route incoming traffic to the relevant backend resources. logical grouping of targets that are registered to accept traffic from a load balancer, such as IP addresses, Lambda functions, or EC2 instances. Choose the security group you established when you created the EC2 by clicking the drop-down arrow under Security groups. Choose Create Target group under Listeners and routes, then name it.

   

   Navigate to Healthy threshold after selecting Advanced health check options. After choosing your instance, choose Create Target group.

   

   

   2. Configuring a load balancer for applications (ALB): To improve fault tolerance, divide load balancer nodes over several zones for the ALB's Availability Zones and regulate incoming and outgoing traffic to the ALB and targets.To add and create the load balancer, go back to the Listener and Routing tab.

   

4. Deploying containerized applications with Amazon ECS.

   1. Defining ECS Task Definitions with Creating and Managing ECS Services: For containerized apps, including those that are launched on Amazon EC2 instances, to execute within an Amazon ECS cluster, an Amazon ECS task definition acts as a guide or specification. It outlines the settings and parameters required for ECS to deploy and oversee your containers.

   A. Configuring Task Roles and IAM permissions: To give EC2 instances the permissions they need to communicate with other AWS services, such as ECR, ECS, and Fargate, task roles and IAM permissions must be created and attached. By avoiding the necessity of directly embedding AWS credentials into the instance, this method improves security. Choose Elastic Container Service under AWS Service in IAM → Roles, then attach the necessary policies and the role with policies are created.

   

   

   

   

   

   B. Depolying and specifying container images, resources (CPU/memory), and port mappings: With its application code, dependencies, and runtime environment, the container image acts as your container's blueprint. Create ECS Resources in the ECS Console. Navigate to Task Definitions → ECS. Make a new task role and use the one you just created and making sure the IAM role is modified from the EC2 path to suit the deployment.

   

   

   Proceed to Container-1 and name the container. Go to ECR, copy your image's URL, and then put it here as indicated by the diagram, and create.

   

   

   2. Building and setting up ECS clusters based on EC2: Proceed to the ECS Console: Select your preferred AWS region and launch the Amazon Elastic Container Service (ECS) console. Form a Cluster: "Create Cluster" should turn on.

   

   After creating the cluster, select Services - Create after scrolling down. Proceed to the Deployment configuration after leaving the Environment section as is. Under Task definition family, select the Task definition you produced. Next, name the service and observe health checks for task status monitoring.

   

   

   

   Select the security group you created at the EC2 instance by going to Networking - Security group - utilize existing security group.

   

   

5. Monitoring ECS services and tasks for connecting applications to the internet.

   Applications connecting to the internet can benefit from monitoring Amazon Elastic Container Service (ECS) services and tasks by utilizing AWS CloudWatch and other associated services to obtain information about network traffic, performance, and health. You may now verify the health of the Amazon ECS cluster service overview, which is displayed below.

   

   Based on the images above, every deployment was successful. The output is as follows after you return to your EC2 instance, choose the public IPv4 address, and open it in a web browser.

   

   

   

6. The Best Practices on Web Application Containerization.

   This involves optimizing performance, security, and reliability.

   For ECR (Elastic Container Registry), image security measures include using trusted base images, regularly scanning images for vulnerabilities, and utilizing image signing.
   Image management encompasses optimizing image size, accurately tagging photos, and implementing lifecycle strategies to remove outdated or unnecessary images.
   Access Control: To limit who can push and pull photos, use IAM policies.

   For ECS (Elastic Container Service) & Fargate: Task Definition Optimization: Utilize environment variables for setup, establish CPU/memory limitations for tasks, and employ health checks to ensure application readiness.
   Placement Techniques: For the best job distribution among instances (EC2) or Availability Zones (Fargate), use placement constraints and methods (e.g., spread, binpack). Logging and Monitoring: For tasks and services, use centralized logging (like Splunk's CloudWatch Logs) and monitoring (like Prometheus' CloudWatch metrics).
   Security: Create network security groups, assign duties to IAM roles, and securely handle secrets (e.g., AWS Secrets Manager, Parameter Store).

   For EC2 (for ECS EC2 launch type): Instance Sizing: Take into account the CPU, memory, and network requirements when selecting the right EC2 instance types for your task.
   Auto Scaling: To ensure sufficient capacity for your ECS cluster, use EC2 Auto Scaling groups to control the underlying infrastructure.
   Security: To manage incoming and outgoing traffic to EC2 instances, use security groups and network ACLs.

   For Load Balancing ALB (Application Load Balancer): Health Checks: To guarantee that only healthy tasks receive traffic, set up strong health checks for target populations.
   Configuring the Target Groups: Assign ECS tasks to the proper target groups using the instance ID (EC2) or IP address (Fargate).
   Establish listener rules to direct traffic according to host, path, or other parameters.

7. Conclusion.

   Whether utilizing Fargate for a serverless experience in simplified container management or EC2 instances for underlying computation, Amazon ECS offers a managed orchestration service that streamlines the deployment, scaling, and administration of containerized applications., Flexibility is provided by the option between Fargate and EC2. Fargate abstracts away server management, which is perfect for user-friendliness and lower operating cost, whereas EC2 offers fine-grained control over the underlying infrastructure, appropriate for certain performance or customisation needs.. Additionally, this improves the scalability and availability of load balancers (like the Application Load Balancer), which divide incoming traffic among several jobs or container instances to provide high availability and allow for smooth scaling to accommodate different workloads. By enabling automated builds, image pushes to ECR, and deployments to ECS, this set of services streamlines the CI/CD pipeline, leading to quicker release cycles and increased operational effectiveness.

   I'm delighted you visited and read through my blog !!

   Goodbye for now, and I hope to see you on my next blog.