ECS Task Definitions
This document provides a comprehensive overview of the task-definition.ts file, which defines Amazon ECS (Elastic Container Service) task definitions for various components of the Ghost application infrastructure.
Table of Contents
Overview
This TypeScript file uses Pulumi to define ECS task definitions for different components of the Ghost application, including:
- Web Application
- Celery Worker
- Celery Scheduler
- Flower (Celery monitoring tool)
- pgAdmin (PostgreSQL administration tool)
Each task definition includes specific configurations for CPU, memory, network mode, IAM roles, and container definitions.
Imports and Configuration
import * as aws from "@pulumi/aws";
import * as pulumi from "@pulumi/pulumi";
import { pgAdminConfig, environmentVariables, image, flowerConfig, appConfig } from "./config";
The file imports necessary modules from Pulumi and AWS SDKs, as well as configuration variables from a local config file.
const stack = pulumi.getStack();
const region = process.env.REGION || "use2";
It also sets up variables for the current stack and region.
IAM Roles
A helper function createIAMRoles is defined to create IAM roles for ECS tasks:
const createIAMRoles = (name: string) => {
// ... (role creation logic)
};
This function creates two roles for each task:
- Execution Role: Allows ECS to pull container images and publish logs to Amazon CloudWatch on your behalf.
- Task Role: Grants permissions to the task itself, allowing it to access AWS services.
The following policies are attached to the task role:
- AmazonSSMManagedInstanceCore
- CloudWatchLogsFullAccess
- AmazonS3FullAccess
note refer to Iam-roles for more details about the policies attached to the task role
Task Definitions
Web Application
const webappRole = createIAMRoles("webapp");
export const webappTaskDefinition = new aws.ecs.TaskDefinition(`webapp-task-${stack}`, {
// ... (task definition properties)
});
Key features:
- Uses 512 CPU units and 1024 MB of memory
- Runs on Fargate
- Exposes port 8080
- Uses a custom entry point script
- Logs to CloudWatch
Celery Worker
const celeryWorkerRole = createIAMRoles("celeryworker");
export const celeryWorkerTaskDefinition = new aws.ecs.TaskDefinition(`celeryworker-${stack}-ecs-${region}-task`, {
// ... (task definition properties)
});
Key features:
- Uses 256 CPU units and 512 MB of memory
- Runs the Celery worker process
- Logs to CloudWatch
Celery Scheduler
const celerySchedulerRole = createIAMRoles("celeryscheduler");
export const celerySchedulerTaskDefinition = new aws.ecs.TaskDefinition(`celeryscheduler-${stack}-ecs-${region}-task`, {
// ... (task definition properties)
});
Key features:
- Uses 256 CPU units and 512 MB of memory
- Runs the Celery scheduler with Django Celery Beat
- Logs to CloudWatch
Flower
const flowerRole = createIAMRoles("flower");
export const flowerTaskDefinition = new aws.ecs.TaskDefinition(`flower-${stack}-ecs-${region}-task`, {
// ... (task definition properties)
});
Key features:
- Uses 256 CPU units and 512 MB of memory
- Runs the Flower monitoring tool for Celery
- Exposes port 5555
- Configures basic authentication
- Logs to CloudWatch
pgAdmin
const pgAdminRole = createIAMRoles("pgadmin");
export const pgAdminTaskDefinition = new aws.ecs.TaskDefinition(`pgadmin-${stack}-ecs-${region}-task`, {
// ... (task definition properties)
});
Key features:
- Uses 256 CPU units and 512 MB of memory
- Runs pgAdmin 4 for PostgreSQL management
- Exposes port 80
- Configures default email and password
- Logs to CloudWatch
CloudWatch Log Group
export const logGroup = new aws.cloudwatch.LogGroup(`gh-webapp-${stack}-cw-${region}-log-group`, {
name: `gh-webapp-${stack}-cw-${region}-log-group`,
retentionInDays: 30,
});
A CloudWatch Log Group is created to store logs from all the ECS tasks. Logs are retained for 30 days.