This week I needed to deploy a Docker image on ECS as part of a data ingestion pipeline. I found the process of deploying the Docker image to ECS to be fairly straight forward, but getting the correct permissions from the security team was a bear.
In this article we will dig into the steps to deploy a simple app to ECS and run it on a Fargate Cluster so you don’t have to worry about provisioning or maintaining EC2 instances. More importantly we’ll take a look at the necessary IAM user and IAM role permissions, how to set them up, and what to request from your cyber security team if you need to do this at work.
Let’s dig in, starting with terminology.
ECS, ECR, Fargate
The three AWS technologies we are going to use here are Elastic Container Service (ECS), Elastic Container Registry (ECR), and Fargate.
ECS
ECS is the core of our work. In ECS we will create a task and run that task to deploy our Docker image to a container. ECS also handles the scaling of applications that need multiple instances running. ECS Manages the deployment of our application. Learn more.
ECR
ECR is versioned storage for Docker images on AWS. ECS pulls images from ECR when deploying. Learn more.
Fargate
Fargate provisions and manages clusters of EC2 instances. This is amazing because:
- You don’t have to provision or manage the EC2 instances your application runs on.
- You are only charged for the time your app is running. In the case of an application that runs a periodic task and exits this can save a lot of money.
#python #containers #aws #fargate #docker