ECS Service
This document provides a detailed explanation of the ECS (Elastic Container Service) service configuration defined in the service.ts file.
Table of Contents
- Overview
- Imports and Configuration
- Load Balancers and Target Groups
- SSL Certificates
- Listeners
- ECS Services
- Exports
Overview
This TypeScript file configures various AWS ECS services, load balancers, target groups, and listeners for a distributed application stack. The stack includes:
- Web application
- Celery worker
- Celery scheduler
- Flower (Celery monitoring tool)
- pgAdmin (PostgreSQL administration tool)
Imports and Configuration
The file starts by importing necessary modules and configurations:
import * as aws from "@pulumi/aws";
import * as pulumi from "@pulumi/pulumi";
// ... other imports
Key configurations are set up:
const stack = pulumi.getStack();
const region = process.env.REGION || "use2";
Load Balancers and Target Groups
Web Application
A target group is created for the web application:
const webappTargetGroup = new aws.lb.TargetGroup(`webapp-${stack}-tg-${region}`, {
// ... configuration
});
An Application Load Balancer (ALB) is set up:
const alb = new aws.lb.LoadBalancer(`webapp-${stack}-alb-${region}`, {
// ... configuration
});
Flower
Similar configurations are made for the Flower service:
const flowerTargetGroup = new aws.lb.TargetGroup(`flower-${stack}-tg-${region}`, {
// ... configuration
});
const flowerAlb = new aws.lb.LoadBalancer(`flower-${stack}-alb-${region}`, {
// ... configuration
});
pgAdmin
And for pgAdmin:
const pgAdminTargetGroup = new aws.lb.TargetGroup(`pgadmin-${stack}-tg-${region}`, {
// ... configuration
});
const pgAdminAlb = new aws.lb.LoadBalancer(`pgadmin-${stack}-alb-${region}`, {
// ... configuration
});
SSL Certificates
SSL certificates are retrieved for secure HTTPS connections:
const certificate = pulumi.output(aws.acm.getCertificate({
// ... configuration
}));
// Similar configurations for pgAdmin and Flower
Listeners
HTTPS and HTTP listeners are set up for each service:
Web Application
const httpsListener = new aws.lb.Listener(`webapp-${stack}-listener-${region}-https`, {
// ... configuration
});
const httpListener = new aws.lb.Listener(`webapp-${stack}-listener-${region}-http`, {
// ... configuration
});
Note: HTTP listeners are configured to redirect to HTTPS for enhanced security.
Similar listeners are created for Flower and pgAdmin services.
ECS Services
Five ECS services are defined:
-
Web Server Service
const webServerService = new aws.ecs.Service(`webapp-${stack}-ecs-${region}-service`, {
// ... configuration
}); -
Celery Worker Service
const celeryWorkerService = new aws.ecs.Service(`celeryworker-${stack}-ecs-${region}-service`, {
// ... configuration
}); -
Celery Scheduler Service
const celerySchedulerService = new aws.ecs.Service(`celeryscheduler-${stack}-esc-${region}-service`, {
// ... configuration
}); -
Flower Service
const flowerService = new aws.ecs.Service(`flower-${stack}-ecs-${region}-service`, {
// ... configuration
}); -
pgAdmin Service
const pgAdminService = new aws.ecs.Service(`pgadmin-${stack}-ecs-${region}-service`, {
// ... configuration
});
Each service is configured with:
- Cluster ARN
- Task definition
- Desired count
- Launch type (FARGATE)
- Network configuration
- Load balancer configuration (where applicable)
Exports
The file exports several important values:
export const targetGroupName = webappTargetGroup.name;
export const appUrl = alb.dnsName;
export { webServerService, celeryWorkerService, celerySchedulerService, pgAdminService };
These exports allow other parts of the infrastructure to reference these resources.
This configuration sets up a robust, scalable, and secure ECS-based infrastructure for a distributed application. It leverages AWS best practices such as using HTTPS, deploying across multiple availability zones, and utilizing managed services like ECS and ALB.