The latest articles on DEV Community by Jinwook Baek (@kokospapa8). https://dev.to/kokospapa8 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F367659%2F1067d331-541f-4ec9-b7dc-c49540b89ff9.jpg https://dev.to/kokospapa8 en Jinwook Baek Sun, 17 Apr 2022 07:34:50 +0000 https://dev.to/kokospapa8/majestic-monolith-django-3690 https://dev.to/kokospapa8/majestic-monolith-django-3690 <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fap1h3bvum61mdt1fgewd.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fap1h3bvum61mdt1fgewd.png" alt="Image description"></a></p> <h2> Introduction </h2> <p><a href="https://github.com/kokospapa8/majestic-monolith-django" rel="noopener noreferrer">https://github.com/kokospapa8/majestic-monolith-django</a></p> <p>This project is a starter django repo aiming to achieve majestic <code>modular</code> monolith architecture. Main purpose is to provide scaffolding skeleton and sample architecture for rapid prototype structure that can scale to mid-range size application. I have complied useful techniques and libraries to help build backend API server.</p> <p>Inspired by <a href="https://m.signalvnoise.com/the-majestic-monolith/" rel="noopener noreferrer">Majestic monolith</a> and <a href="https://www.feldroy.com/books/two-scoops-of-django-3-x" rel="noopener noreferrer">Two Scoops of Django</a>, this starter code will help you build scalable application for a small team of developers.</p> <h2> Majestic monolith </h2> <p>MicroService is everywhere and no doubt that they are the next big thing, for a company with many developers and in need for concurrent feature releases.</p> <p>However, MSA needs a lot of coordination and preparation to make is work. If you are the only developer in the team or developing ina a relatively small to medium scale architecture, MSA can be overwhelming.</p> <p>You can reduce cognitive load by following DDD practice. With <strong>code isolation</strong>, <strong>data isolation</strong> and some cloud architecture help, majestic monolith django(MMD) can prepare for the scale and bigger team coordination.</p> <h1> Example application </h1> <p>This repo provides sample application illustrating following usecase.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxmk4cmagfwbud9fi2o6v.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxmk4cmagfwbud9fi2o6v.png" alt="Image description"></a></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmynjyd1p79g1sh9z9hvq.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmynjyd1p79g1sh9z9hvq.png" alt="Image description"></a></p> <p>I have broken down the application into four modules(<code>auth</code>, <code>user</code>, <code>shipping</code>, <code>distribution</code>) using techniques I used for application prototyping.</p> <h1> Module Structure </h1> <h2> Code </h2> <p>Each domain consists of following structure.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fse52p037mz29o6a6lwr4.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fse52p037mz29o6a6lwr4.png" alt="Image description"></a></p> <ul> <li>admin: django admin</li> <li>apps: Django App Config</li> <li>choices: Enum files used in module</li> <li>docs: yasg doc</li> <li>events: events emitted from django module</li> <li>exceptions: Custom exceptions</li> <li>models: Ordinary django models</li> <li>manager: Queryset managers</li> <li>serializers: DRF serialiers</li> <li>selectors: Query that requires join</li> <li>services: Biz logics for domain <ul> <li>domain services (domain specific biz logic)</li> <li>application services (UoW)</li> </ul> </li> <li>schema: api or model schema for testing</li> <li>urls: django url resolver</li> <li>utils_*: utils method</li> <li>views: DRF views</li> </ul> <h2> Infrastructure </h2> <p>In order to achieve modular structure in single monolith, we need to use eventbus for inter-module communications. Also we are fully utilizing lambda compute to unburden load of api servers. Python application typically utilizes celery beat for heartbeat (cron) process but it is much easier to use eventbridge schedule with lambda calling heartbeat api.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgarae5k9auxj7y6wlqom.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgarae5k9auxj7y6wlqom.png" alt="Image description"></a></p> <ul> <li>Eventbus <ul> <li>In order to decouple models, mmd uses serverless event bus(Eventbridge)</li> </ul> </li> <li>SAM (lambda) for async compute <ul> <li>notification</li> <li>long runnign tasks</li> <li>Heartbeat with lambda to call api</li> </ul> </li> </ul> <h2> Cookie cutter </h2> <p>You can use cookie cutter to start the repo.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="nx">pip</span> <span class="nx">install</span> <span class="nx">cookiecutter</span> <span class="nx">cookiecutter</span> <span class="nx">https</span><span class="p">:</span><span class="c1">//github.com/kokospapa8/majestic-monolith-django.git --checkout cookie-cutter</span> </code></pre> </div> <h1> Future todo </h1> <ul> <li>Async support</li> <li>Dependency injection</li> <li>SQS for batch POST request</li> </ul> <h1> TL;DR </h1> <p>Try out my sample application! </p> <p><a href="https://github.com/kokospapa8/majestic-monolith-django/" rel="noopener noreferrer">https://github.com/kokospapa8/majestic-monolith-django/</a></p> Jinwook Baek Fri, 29 Jan 2021 14:17:26 +0000 https://dev.to/kokospapa8/migrate-log-analysis-from-aws-elasticsearch-to-bigquery-28p https://dev.to/kokospapa8/migrate-log-analysis-from-aws-elasticsearch-to-bigquery-28p <p><a href="https://blog.kokospapa.com/kokospapa/Migrate-log-analysis-from-AWS-ElasticSearch-to-BigQuery-5e1f145b4fba4c8095df7df65ca612c3" rel="noopener noreferrer">Original blog post</a></p> <h1> Introduction </h1> <p>I have been using AWS ElasticSearch for near-real time analysis for API servers. AWS provides built-in Elasticsearch subscription filter for CloudWatch. With less than a hour of effort I can spin up an Elasticsearch cluster to visualize and analyze server logs. However AWS Elasticsearch is not cheap in production setup, also as logs accumulate, it needs some maintenance (lifecycle policy, JVM pressure, etc). Also dev team was not fully utilizing the elastic stack as much. I have been meaning to decommission the Elasticsearch and find alternative option for several month. And finally I decided that it's time to migrate to other solution for following reason.</p> <p><a href="https://www.elastic.co/kr/blog/why-license-change-AWS" rel="noopener noreferrer">Amazon: NOT OK - why we had to change Elastic licensing</a></p> <p>After some survey, I listed requirements for the substitue</p> <ul> <li>Near-realtime analysis (no batch load)</li> <li>Simple filter and aggregation by time range, api status, etc</li> <li>Access management</li> <li>Support for visualization tool (substitue Kibana)</li> <li>No extra setup on server code (no splunk, fluntd, etc)</li> </ul> <p>Anchoring CloudWatch logs are the inception point of all the logs(nginx, api logs, etc) There were couple of alternatives I could think about.</p> <ul> <li>Vanilla CloudWatch (manually searching through logs and no visulization, query support → no need to implement anything else)</li> <li>CloudWatch → S3(firehose) → Athena</li> <li>CloudWatch → S3(firehose) → Redshift Spectrum</li> <li>CloudWatch → Kinesis Stream → Kinesis Analysis</li> <li>CloudWatch → Lambda → BigQuery</li> </ul> <p>I was initially inclined to choose something from AWS since I prefer to have less moving pieces and do less coding. However I am already using BigQuery for Data warehouse. I concluded that if I was going to stash some data somewhere I might as well centralize all of them in single place. So I chose to go with lambda+Bigquery. For this post, I will be using nginx log for example, since these formats are common for most of people.</p> <h3> Load vs. Stream </h3> <p>Before going into actual setup process I must acknowledge couple things such as distinction between<code>Load</code> and <code>streaming</code>. Load is when you load batch of data for once or in recurrence. In BigQuery, <code>Load</code> is free and it only charge for storage. However <code>Stream</code> incurs charge and each insert is <code>$0.010 per 200 MB</code> . </p> <h3> Prerequisite </h3> <ul> <li>GCP Account with billing enabled (streaming is disabled on free tier)</li> <li>Nginx log on Cloudwatch</li> <li>SAM environment setup + Lambda role (refer to previous blog post regarding lambda env setup) <a href="https://www.notion.so/Migrate-python-async-worker-to-asynchrounous-Lambda-36a0551c835b4bd1b6559b0d9450bb56" rel="noopener noreferrer">Migrate python async worker to asynchrounous Lambda </a> </li> </ul> <h1> Setup </h1> <p>I am going to cover following components</p> <ul> <li>Inspect Cloudwatch logs</li> <li>BigQuery table</li> <li>Lambda code</li> <li>Cloudwatch subscription</li> <li>Biquery + datastudio</li> </ul> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F0z49darc2nxft70oyn76.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F0z49darc2nxft70oyn76.png" alt="Alt Text"></a></p> <h2> BigQuery Table and Schema </h2> <p>First of all, I need to create BigQuery table for the nginx logs to be stored. In order to create correct schema, let's take a look at how the logs will be sent from CloudWatch to lambda subscription filter.</p> <h3> Nginx log </h3> <p>Default nginx log format looks like this. (My log sample has remote ip appended at the end.)<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">log_format</span> <span class="n">combined</span> <span class="sh">'</span><span class="s">$remote_addr - $remote_user [$time_local] </span><span class="sh">'</span> <span class="sh">'"</span><span class="s">$request</span><span class="sh">"</span><span class="s"> $status $body_bytes_sent </span><span class="sh">'</span> <span class="sh">'"</span><span class="s">$http_referer</span><span class="sh">"</span><span class="s"> </span><span class="sh">"</span><span class="s">$http_user_agent</span><span class="sh">"'</span><span class="p">;</span> <span class="o">//</span><span class="n">sample</span> <span class="mf">172.11</span><span class="p">.</span><span class="mf">1.1111</span> <span class="o">-</span> <span class="o">-</span> <span class="p">[</span><span class="mi">28</span><span class="o">/</span><span class="n">Jan</span><span class="o">/</span><span class="mi">2021</span><span class="p">:</span><span class="mi">16</span><span class="p">:</span><span class="mi">24</span><span class="p">:</span><span class="mi">03</span> <span class="o">+</span><span class="mi">0000</span><span class="p">]</span> <span class="sh">"</span><span class="s">GET /api/healthcheck/ HTTP/1.1</span><span class="sh">"</span> <span class="mi">200</span> <span class="mi">2</span> <span class="sh">"</span><span class="s">-</span><span class="sh">"</span> <span class="sh">"</span><span class="s">CRAZY_USER_AGENT/2.0</span><span class="sh">"</span> <span class="sh">"</span><span class="s">111.111.111.111</span><span class="sh">"</span> </code></pre> </div> <p>I need to transform this log in order to insert to bigquery table in certain format. Thankfully, CloudWatch subscription filter provide filter pattern.</p> <p><a href="https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html" rel="noopener noreferrer">Filter and Pattern Syntax</a></p> <p>If I provide following filter pattern like <code>[internal_ip, identitiy , auth_user, date, request, status, bytes, referer, useragent, remote_addr]</code>, subscription filter automatically breaks down the log in json format as <code>extractedFields</code>. You can even select certain logs for this filter like <code>[internal_ip, identity , auth_user, date, request !="**/api/healthcheck/**", status, bytes, referer, useragent, remote_addr]</code></p> <p>Now we know that the log will come in certain format, I will create a table with following format.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="n">id</span><span class="p">:</span><span class="n">string</span><span class="p">,</span> <span class="nb">timestamp</span><span class="p">:</span><span class="nb">timestamp</span><span class="p">,</span> <span class="n">remote_addr</span><span class="p">:</span><span class="n">string</span><span class="p">,</span> <span class="n">useragent</span><span class="p">:</span><span class="n">string</span><span class="p">,</span> <span class="n">referer</span><span class="p">:</span><span class="n">string</span><span class="p">,</span> <span class="n">bytes</span><span class="p">:</span><span class="nb">numeric</span><span class="p">,</span> <span class="n">status</span><span class="p">:</span><span class="n">string</span><span class="p">,</span> <span class="n">request</span><span class="p">:</span><span class="n">string</span><span class="p">,</span> <span class="n">auth_user</span><span class="p">:</span><span class="n">string</span><span class="p">,</span> <span class="nb">date</span><span class="p">:</span><span class="n">string</span><span class="p">,</span> <span class="n">internal_ip</span><span class="p">:</span><span class="n">string</span><span class="p">,</span> <span class="k">identity</span><span class="p">:</span><span class="n">string</span> </code></pre> </div> <p>If I need more fields later, I will add them. Make sure that the table is partitioned by <code>timestamp</code> for the query performance and also expire the table after certain time for the cost reduction. (BQ applies cold storage for untouched data after certain periods of time so you might just want to keep them)</p> <h3> Create BigQuery table </h3> <p>Let's go to GCP console and create table with following schema.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fvqq9drl1z64a5byvxch9.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fvqq9drl1z64a5byvxch9.png" alt="Alt Text"></a></p> <p>You can use cloudshell if you prefer CLI.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>bq mk \ --table \ --description description \ --time_partitioning_field timestamp \ --time_partitioning_type DAY \ --label key:value, key:value \ &lt;project_id&gt;:&lt;dataset&gt;.&lt;table&gt; \ id:string,timestamp:timestamp,remote_addr:string,\ useragent:string,referer:string,bytes:numeric,status:string,\ request:string,auth_user:string,date:string,internal_ip:string,\ identity:string, </code></pre> </div> <p>Once table is created, copy the table name from detail tab. <code>&lt;project_id&gt;.&lt;dataset&gt;.&lt;table-name&gt;</code></p> <h3> Service Account </h3> <p>Before going back to AWS and create a lambda function, we need to create a service account for lambda in order to gain permission to insert rows to BQ.</p> <p>Go to service account under IAM menu and click <code>+ create service account</code></p> <p><a href="https://console.cloud.google.com/iam-admin/serviceaccounts" rel="noopener noreferrer">Google Cloud Platform</a></p> <p>service account name : lambda_bq_stream</p> <p>permissions : <code>bigquery dataeditor</code></p> <p>you can defined custom role with more restrictive permission you only need</p> <ul> <li>bigquery.tables.list</li> <li>bigquery.tables.get</li> <li>bigquery.tables.updateData</li> </ul> <p>Once you created a service account you can download a json key click <code>Add key -&gt; create new key</code>. Download and stash somewhere safe, we will be using this key later.</p> <p>Json key sample<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"service_account"</span><span class="p">,</span><span class="w"> </span><span class="nl">"project_id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"****"</span><span class="p">,</span><span class="w"> </span><span class="nl">"private_key_id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"****"</span><span class="p">,</span><span class="w"> </span><span class="nl">"private_key"</span><span class="p">:</span><span class="w"> </span><span class="s2">"****"</span><span class="p">,</span><span class="w"> </span><span class="nl">"client_email"</span><span class="p">:</span><span class="w"> </span><span class="s2">"****"</span><span class="p">,</span><span class="w"> </span><span class="nl">"client_id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"****"</span><span class="p">,</span><span class="w"> </span><span class="nl">"auth_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://accounts.google.com/o/oauth2/auth"</span><span class="p">,</span><span class="w"> </span><span class="nl">"token_uri"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://oauth2.googleapis.com/token"</span><span class="p">,</span><span class="w"> </span><span class="nl">"auth_provider_x509_cert_url"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.googleapis.com/oauth2/v1/certs"</span><span class="p">,</span><span class="w"> </span><span class="nl">"client_x509_cert_url"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://www.googleapis.com/robot/v1/metadata/x509/lambda-bigquery-stream%40hangfive-26bb4.iam.gserviceaccount.com"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>I will use SAM for lambda deployment, please refer to previous post for the SAM setup.</p> <p><a href="https://www.notion.so/Migrate-python-async-worker-to-asynchrounous-Lambda-36a0551c835b4bd1b6559b0d9450bb56" rel="noopener noreferrer">Migrate python async worker to asynchrounous Lambda </a></p> <h2> Lambda Fucntion </h2> <p>Ok, now let's focus on the code. This function will receive stream of cloudwatch logs and stream insert rows to BQ table using google bigquery SDK written in python. I will break down the code in pieces to explanation.</p> <h3> Library </h3> <p>All you need is single pip library.</p> <p><a href="https://googleapis.dev/python/bigquery/latest/index.html" rel="noopener noreferrer">google-cloud-bigquery</a></p> <h3> Authentication </h3> <p>Client requires authentication and there are two ways to authenticate; from <code>file</code> or json <code>dictionary</code>. There are couple options to do this.<br> <a href="https://googleapis.dev/python/google-auth/latest/reference/google.oauth2.service_account.html#google.oauth2.service_account.Credentials.from_service_account_file" rel="noopener noreferrer">google-auth</a></p> <ul> <li>Json file <ul> <li>upload file to s3 and load them from lambda</li> <li>package json with the lambda code → (x)</li> </ul> </li> </ul> <p><a href="https://googleapis.dev/python/google-auth/latest/reference/google.oauth2.service_account.html#google.oauth2.service_account.Credentials.from_service_account_info" rel="noopener noreferrer">google-auth</a></p> <ul> <li>dictionary <ul> <li>environment variable → I will use this for the purpose of simplicity</li> <li>load key info from secret manager or parameter store</li> </ul> </li> </ul> <h3> Environment Variable </h3> <p>Although it is better to manage key from secret manager, I will use env var for the simplicity of exercise. I will supply following Environment Variable from json dictionary I have downloaded from previous sections<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> "project_id": "private_key_id": "private_key": "client_email": "client_id": </code></pre> </div> <h3> Decompress and decode cloudwatch logs </h3> <p>When you add lambda subscription filter to CloudWatch, the CloudWatch log event will be sent in gzipped / base64 encoded data. This is an example format. (Don't try to decode the data it's broken.)</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fburthiuaeaodco5mk3b8.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fburthiuaeaodco5mk3b8.png" alt="Alt Text"></a></p> <p>You decompress and decode the message with following code.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">compressed_payload</span> <span class="o">=</span> <span class="nf">b64decode</span><span class="p">(</span><span class="n">data</span><span class="p">)</span> <span class="n">cloudwatch_payload</span> <span class="o">=</span> <span class="n">zlib</span><span class="p">.</span><span class="nf">decompress</span><span class="p">(</span><span class="n">compressed_payload</span><span class="p">,</span> <span class="mi">16</span> <span class="o">+</span> <span class="n">zlib</span><span class="p">.</span><span class="n">MAX_WBITS</span><span class="p">)</span> <span class="n">json_payload</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="nf">loads</span><span class="p">(</span><span class="n">cloudwatch_payload</span><span class="p">)</span> </code></pre> </div> <p>Resulting message will be decoded as following example format. Notice <code>logEvents</code> for the list of logs. Notice that <code>message</code> is actually log and they are broken as into <code>extractedFields</code> according to filter supplied as <code>[internal_ip, identity , auth_user, date, request, status, bytes, referer, useragent, remote_addr]</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="err">'messageType':</span><span class="w"> </span><span class="err">'DATA_MESSAGE'</span><span class="p">,</span><span class="w"> </span><span class="err">'owner':</span><span class="w"> </span><span class="err">'</span><span class="mi">12341244</span><span class="err">'</span><span class="p">,</span><span class="w"> </span><span class="err">'logGroup':</span><span class="w"> </span><span class="err">'/ecs/nginx'</span><span class="p">,</span><span class="w"> </span><span class="err">'logStream':</span><span class="w"> </span><span class="err">'ecs/nginx/</span><span class="mi">65366</span><span class="err">ed</span><span class="mi">9299</span><span class="err">f</span><span class="mi">4554</span><span class="err">a</span><span class="mi">2</span><span class="err">cf</span><span class="mi">0</span><span class="err">dbd</span><span class="mi">4</span><span class="err">c</span><span class="mi">49</span><span class="err">ee</span><span class="mi">08</span><span class="err">'</span><span class="p">,</span><span class="w"> </span><span class="err">'subscriptionFilters':</span><span class="w"> </span><span class="p">[</span><span class="err">'nginx_filter_sample'</span><span class="p">],</span><span class="w"> </span><span class="err">'logEvents':</span><span class="w"> </span><span class="p">[{</span><span class="w"> </span><span class="err">'id':</span><span class="w"> </span><span class="err">'</span><span class="mi">35945479414329140852051181308733124824760966176424001536</span><span class="err">'</span><span class="p">,</span><span class="w"> </span><span class="err">'timestamp':</span><span class="w"> </span><span class="mi">1611851043287</span><span class="p">,</span><span class="w"> </span><span class="err">'message':</span><span class="w"> </span><span class="err">'</span><span class="mf">172.11</span><span class="err">.</span><span class="mf">1.1111</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="p">[</span><span class="mi">28</span><span class="err">/Jan/</span><span class="mi">2021</span><span class="err">:</span><span class="mi">16</span><span class="err">:</span><span class="mi">24</span><span class="err">:</span><span class="mi">03</span><span class="w"> </span><span class="err">+</span><span class="mi">0000</span><span class="p">]</span><span class="w"> </span><span class="s2">"GET /api/healthcheck/ HTTP/1.1"</span><span class="w"> </span><span class="mi">200</span><span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="s2">"-"</span><span class="w"> </span><span class="s2">"CRAZY_USER_AGENT/2.0"</span><span class="w"> </span><span class="s2">"111.111.111.111"</span><span class="err">'</span><span class="p">,</span><span class="w"> </span><span class="err">'extractedFields':</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">'date':</span><span class="w"> </span><span class="err">'</span><span class="mi">28</span><span class="err">/Jan/</span><span class="mi">2021</span><span class="err">:</span><span class="mi">16</span><span class="err">:</span><span class="mi">24</span><span class="err">:</span><span class="mi">03</span><span class="w"> </span><span class="err">+</span><span class="mi">0000</span><span class="err">'</span><span class="p">,</span><span class="w"> </span><span class="err">'request':</span><span class="w"> </span><span class="err">'GET</span><span class="w"> </span><span class="err">/api/healthcheck/</span><span class="w"> </span><span class="err">HTTP/</span><span class="mf">1.1</span><span class="err">'</span><span class="p">,</span><span class="w"> </span><span class="err">'referer':</span><span class="w"> </span><span class="err">'-'</span><span class="p">,</span><span class="w"> </span><span class="err">'remote_addr':</span><span class="w"> </span><span class="err">'-'</span><span class="p">,</span><span class="w"> </span><span class="err">'bytes':</span><span class="w"> </span><span class="err">'</span><span class="mi">2</span><span class="err">'</span><span class="p">,</span><span class="w"> </span><span class="err">'ip':</span><span class="w"> </span><span class="err">'</span><span class="mf">172.11</span><span class="err">.</span><span class="mf">1.111</span><span class="err">'</span><span class="p">,</span><span class="w"> </span><span class="err">'useragent':</span><span class="w"> </span><span class="err">'ELB-HealthChecker/</span><span class="mf">2.0</span><span class="err">'</span><span class="p">,</span><span class="w"> </span><span class="err">'identity':</span><span class="w"> </span><span class="err">'-'</span><span class="p">,</span><span class="w"> </span><span class="err">'auth_user':</span><span class="w"> </span><span class="err">'-'</span><span class="p">,</span><span class="w"> </span><span class="err">'status':</span><span class="w"> </span><span class="err">'</span><span class="mi">200</span><span class="err">'</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> SKIP CONTROL MESSAGE </h3> <p>If control message is passed, we will skip insert<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">if</span> <span class="n">json_payload</span><span class="p">[</span><span class="sh">'</span><span class="s">messageType</span><span class="sh">'</span><span class="p">]</span> <span class="o">==</span> <span class="sh">'</span><span class="s">CONTROL_MESSAGE</span><span class="sh">'</span><span class="p">:</span> <span class="k">return</span> </code></pre> </div> <h3> Create payload </h3> <p>We will create payload for the nginx log. Notice I have devided timestamp by 1000 since BQ supports microsecond resolution for timestamp type column.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">rows_to_insert</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">for</span> <span class="n">row</span> <span class="ow">in</span> <span class="n">json_payload</span><span class="p">[</span><span class="sh">'</span><span class="s">logEvents</span><span class="sh">'</span><span class="p">]:</span> <span class="n">item</span> <span class="o">=</span> <span class="p">{}</span> <span class="n">item</span><span class="p">[</span><span class="sh">'</span><span class="s">id</span><span class="sh">'</span><span class="p">]</span> <span class="o">=</span> <span class="n">row</span><span class="p">[</span><span class="sh">'</span><span class="s">id</span><span class="sh">'</span><span class="p">]</span> <span class="n">item</span><span class="p">[</span><span class="sh">'</span><span class="s">timestamp</span><span class="sh">'</span><span class="p">]</span> <span class="o">=</span> <span class="n">row</span><span class="p">[</span><span class="sh">'</span><span class="s">timestamp</span><span class="sh">'</span><span class="p">]</span> <span class="o">/</span> <span class="mi">1000</span> <span class="k">if</span> <span class="sh">'</span><span class="s">extractedFields</span><span class="sh">'</span> <span class="ow">in</span> <span class="n">row</span><span class="p">:</span> <span class="k">for</span> <span class="n">k</span><span class="p">,</span> <span class="n">v</span> <span class="ow">in</span> <span class="n">row</span><span class="p">[</span><span class="sh">'</span><span class="s">extractedFields</span><span class="sh">'</span><span class="p">].</span><span class="nf">items</span><span class="p">():</span> <span class="n">item</span><span class="p">[</span><span class="n">k</span><span class="p">]</span> <span class="o">=</span> <span class="n">v</span> <span class="n">rows_to_insert</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">item</span><span class="p">)</span> </code></pre> </div> <h3> Inserting rows </h3> <p>Before inserting to BQ, let's take a quick look at the description of <code>insert_rows_json</code> method.</p> <ul> <li> <code>insert_rows_json</code> method description Make sure to read <code>row_ids</code> params. It's a unique identifier in order to maintain deduplication. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="s2">"""Insert rows into a table without applying local type conversions. See https://cloud.google.com/bigquery/docs/reference/rest/v2/tabledata/insertAll Args: table (Union[ </span><span class="err">\</span><span class="s2"> google.cloud.bigquery.table.Table </span><span class="err">\</span><span class="s2"> google.cloud.bigquery.table.TableReference, </span><span class="err">\</span><span class="s2"> str </span><span class="err">\</span><span class="s2"> ]): The destination table for the row data, or a reference to it. json_rows (Sequence[Dict]): Row data to be inserted. Keys must match the table schema fields and values must be JSON-compatible representations. row_ids (Optional[Sequence[Optional[str]]]): Unique IDs, one per row being inserted. An ID can also be ``None``, indicating that an explicit insert ID should **not** be used for that row. If the argument is omitted altogether, unique IDs are created automatically. skip_invalid_rows (Optional[bool]): Insert all valid rows of a request, even if invalid rows exist. The default value is ``False``, which causes the entire request to fail if any invalid rows exist. ignore_unknown_values (Optional[bool]): Accept rows that contain values that do not match the schema. The unknown values are ignored. Default is ``False``, which treats unknown values as errors. template_suffix (Optional[str]): Treat ``name`` as a template table and provide a suffix. BigQuery will create the table ``&lt;name&gt; + &lt;template_suffix&gt;`` based on the schema of the template table. See https://cloud.google.com/bigquery/streaming-data-into-bigquery#template-tables retry (Optional[google.api_core.retry.Retry]): How to retry the RPC. timeout (Optional[float]): The number of seconds to wait for the underlying HTTP transport before using ``retry``. Returns: Sequence[Mappings]: One mapping per row with insert errors: the "</span><span class="err">index</span><span class="s2">" key identifies the row, and the "</span><span class="err">errors</span><span class="s2">" key contains a list of the mappings describing one or more problems with the row. Raises: TypeError: if `json_rows` is not a `Sequence`. """</span><span class="w"> </span></code></pre> </div> <p>Following code will insert a row into BQ table<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">table_id</span> <span class="o">=</span> <span class="sh">'</span><span class="s">&lt;project_id&gt;.&lt;dataset&gt;.&lt;table-name&gt;</span><span class="sh">'</span> <span class="n">errors</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="nf">insert_rows_json</span><span class="p">(</span><span class="n">table_id</span><span class="p">,</span> <span class="n">rows_to_insert</span><span class="p">)</span> <span class="c1"># Make an API request. </span> <span class="k">if</span> <span class="n">errors</span> <span class="o">==</span> <span class="p">[]:</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">New rows have been added.</span><span class="sh">"</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Encountered errors while inserting rows: {}</span><span class="sh">"</span><span class="p">.</span><span class="nf">format</span><span class="p">(</span><span class="n">errors</span><span class="p">))</span> </code></pre> </div> <h3> Full Lambda Code </h3> <p>Now that we have covered all the parts, let's combine together and create a function.</p> <h3> Full Lambda Code </h3> <p>Now that we have covered all the parts, let's combine together and create a function.</p> <div class="ltag_gist-liquid-tag"> </div> <h3> Test the function with sample events </h3> <p>Let's test the code for sample event payload. As a reminder, you can invoke function with following command<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="err">sam</span><span class="w"> </span><span class="err">local</span><span class="w"> </span><span class="err">invoke</span><span class="w"> </span><span class="err">--env-vars</span><span class="w"> </span><span class="err">env.json</span><span class="w"> </span><span class="err">-e</span><span class="w"> </span><span class="err">events/payload.json</span><span class="w"> </span></code></pre> </div> <p>Once you see following success message, let's go to BigQuery table and check if data is inserted successfully.<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fxhgtm6pq7jbe9qba7o63.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fxhgtm6pq7jbe9qba7o63.png" alt="Alt Text"></a><br> Successfully streamed to the table!<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fe2tcdlj8mqruex0ivwfu.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fe2tcdlj8mqruex0ivwfu.png" alt="Alt Text"></a></p> <h2> CloudWatch Subscription filter </h2> <p>IT's time to attach lambda subscription on log group. Refer to following CLI command or console.</p> <p><a href="https://docs.aws.amazon.com/cli/latest/reference/logs/put-subscription-filter.html" rel="noopener noreferrer">put-subscription-filter - AWS CLI 1.18.221 Command Reference</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="n">put</span><span class="o">-</span><span class="n">subscription</span><span class="o">-</span><span class="n">filter</span> <span class="c1">--log-group-name &lt;value&gt;</span> <span class="c1">--filter-name nginxToBQ</span> <span class="c1">--filter-pattern [internal_ip, identity , auth_user, date, request, status, bytes, referer, useragent, remote_addr]</span> <span class="c1">--destination-arn &lt;lambdaFUNCTIONARN&gt;</span> </code></pre> </div> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F0fbvr5mi8qceuubxmnr9.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F0fbvr5mi8qceuubxmnr9.png" alt="Alt Text"></a></p> <h3> Check Lambda Log </h3> <p>Let's make sure everything is working as expected before setting it on cruise mode. Check <strong>cloudwatch</strong> logs for the lambda for the <strong>cloudwatch</strong> subscription filter. If you don't see any error logs, it's all set!</p> <p>If you are not certain that the logs will be delivered as expected, there are couple way to get notification from abnormal errors.</p> <ul> <li> <p>Create another lambda to detect error from logs to trigger SNS notification. Refer to the post for detailed setup</p> <p><a href="https://aws.amazon.com/ko/blogs/mt/get-notified-specific-lambda-function-error-patterns-using-cloudwatch/" rel="noopener noreferrer">https://aws.amazon.com/ko/blogs/mt/get-notified-specific-lambda-function-error-patterns-using-cloudwatch/</a></p> </li> <li> <p>Setup AWS DevOps Guru with SNS notification. This ML powered devops support service will notify you when there are error on your lambda function automatically. (It's really useful!)</p> <p><a href="https://docs.aws.amazon.com/devops-guru/latest/userguide/setting-up.html" rel="noopener noreferrer">Setting up Amazon DevOps Guru</a></p> </li> </ul> <h1> Data in BigQuery </h1> <p>After a while if everything is working as expected, you will see streams of data in your table.<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fxyylha94fzdgqq0qdwch.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fxyylha94fzdgqq0qdwch.png" alt="Alt Text"></a></p> <p>It's time to make some visualization with the data we have. I will make a heat map of user request from the data. First using aggregation, create a query to get count of each valid <code>remote addr</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">SELECT</span> <span class="n">remote_addr</span> <span class="n">ip</span><span class="p">,</span> <span class="k">count</span><span class="p">(</span><span class="o">*</span><span class="p">)</span> <span class="k">c</span> <span class="k">FROM</span> <span class="nv">`&lt;project_id&gt;.&lt;dataset&gt;.&lt;table&gt;`</span> <span class="k">WHERE</span> <span class="nb">DATE</span><span class="p">(</span><span class="nb">timestamp</span><span class="p">)</span> <span class="o">=</span> <span class="nv">"2021-01-29"</span> <span class="k">and</span> <span class="n">remote_addr</span> <span class="k">not</span> <span class="k">like</span> <span class="nv">"-"</span> <span class="k">group</span> <span class="k">by</span> <span class="mi">1</span> </code></pre> </div> <p>Then join this info with <code>geolite2</code> table. (Since this query uses huge <code>geolite2</code> table, it will incur cost.)<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">WITH</span> <span class="n">source_of_ip_addresses</span> <span class="k">AS</span> <span class="p">(</span> <span class="k">SELECT</span> <span class="n">remote_addr</span> <span class="n">ip</span><span class="p">,</span> <span class="k">count</span><span class="p">(</span><span class="o">*</span><span class="p">)</span> <span class="k">c</span> <span class="k">FROM</span> <span class="nv">`hangfive-26bb4.cloudwatch.hangfive-nginx`</span> <span class="k">WHERE</span> <span class="nb">DATE</span><span class="p">(</span><span class="nb">timestamp</span><span class="p">)</span> <span class="o">=</span> <span class="nv">"2021-01-29"</span> <span class="k">and</span> <span class="n">remote_addr</span> <span class="k">not</span> <span class="k">like</span> <span class="nv">"-"</span> <span class="k">group</span> <span class="k">by</span> <span class="mi">1</span> <span class="p">)</span> <span class="k">SELECT</span> <span class="n">city_name</span><span class="p">,</span> <span class="k">SUM</span><span class="p">(</span><span class="k">c</span><span class="p">)</span> <span class="k">c</span><span class="p">,</span> <span class="n">ST_GeogPoint</span><span class="p">(</span><span class="k">AVG</span><span class="p">(</span><span class="n">longitude</span><span class="p">),</span> <span class="k">AVG</span><span class="p">(</span><span class="n">latitude</span><span class="p">))</span> <span class="n">point</span> <span class="k">FROM</span> <span class="p">(</span> <span class="k">SELECT</span> <span class="n">ip</span><span class="p">,</span> <span class="n">city_name</span><span class="p">,</span> <span class="k">c</span><span class="p">,</span> <span class="n">latitude</span><span class="p">,</span> <span class="n">longitude</span><span class="p">,</span> <span class="n">geoname_id</span> <span class="k">FROM</span> <span class="p">(</span> <span class="k">SELECT</span> <span class="o">*</span><span class="p">,</span> <span class="n">NET</span><span class="p">.</span><span class="n">SAFE_IP_FROM_STRING</span><span class="p">(</span><span class="n">ip</span><span class="p">)</span> <span class="o">&amp;</span> <span class="n">NET</span><span class="p">.</span><span class="n">IP_NET_MASK</span><span class="p">(</span><span class="mi">4</span><span class="p">,</span> <span class="n">mask</span><span class="p">)</span> <span class="n">network_bin</span> <span class="k">FROM</span> <span class="n">source_of_ip_addresses</span><span class="p">,</span> <span class="k">UNNEST</span><span class="p">(</span><span class="n">GENERATE_ARRAY</span><span class="p">(</span><span class="mi">9</span><span class="p">,</span><span class="mi">32</span><span class="p">))</span> <span class="n">mask</span> <span class="k">WHERE</span> <span class="n">BYTE_LENGTH</span><span class="p">(</span><span class="n">NET</span><span class="p">.</span><span class="n">SAFE_IP_FROM_STRING</span><span class="p">(</span><span class="n">ip</span><span class="p">))</span> <span class="o">=</span> <span class="mi">4</span> <span class="p">)</span> <span class="k">JOIN</span> <span class="nv">`fh-bigquery.geocode.201806_geolite2_city_ipv4_locs`</span> <span class="k">USING</span> <span class="p">(</span><span class="n">network_bin</span><span class="p">,</span> <span class="n">mask</span><span class="p">)</span> <span class="p">)</span> <span class="k">WHERE</span> <span class="n">city_name</span> <span class="k">IS</span> <span class="k">NOT</span> <span class="k">null</span> <span class="k">GROUP</span> <span class="k">BY</span> <span class="n">city_name</span><span class="p">,</span> <span class="n">geoname_id</span> <span class="k">ORDER</span> <span class="k">BY</span> <span class="k">c</span> <span class="k">DESC</span> <span class="k">LIMIT</span> <span class="mi">5000</span> </code></pre> </div> <p>This query will result in count of user in each city.<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fy5wkm5vi7ttcoxv8tufl.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fy5wkm5vi7ttcoxv8tufl.png" alt="Alt Text"></a></p> <h3> Visualize </h3> <p>Since we don't have support from Kibana anymore, I will visualize the data with <code>Data Studio</code>.<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fzar6sa1fg1f4jumgvf17.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fzar6sa1fg1f4jumgvf17.png" alt="Alt Text"></a></p> <h3> Data studio </h3> <p>visualize with data studio or your favorite BI tool.<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F5igwfhcu5kotdslv86rm.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F5igwfhcu5kotdslv86rm.png" alt="Alt Text"></a></p> <h1> Conclusion </h1> <p>We have looked bunch of different services to get here. At the core, as long as you know how to write a lambda code, you can stream and ingest app logs to anywhere regardless cloudplatform. It's different feeling knowing that you span across other cloud platform. I hope my blog helped you and thank you for reading.</p> <h1> Extra </h1> <h2> Concurrency </h2> <p>After letting the lambda to work for a while, my <code>devops guru</code> setup actaully kicked in warning me of concurrency issues. If traffic spike, lambda is bound to be throttled without conccurency configuration.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="err">'AccountId':</span><span class="w"> </span><span class="err">'</span><span class="mi">1111111111</span><span class="err">'</span><span class="p">,</span><span class="w"> </span><span class="err">'Region':</span><span class="w"> </span><span class="err">'us-east</span><span class="mi">-1</span><span class="err">'</span><span class="p">,</span><span class="w"> </span><span class="err">'MessageType':</span><span class="w"> </span><span class="err">'NEW_RECOMMENDATION'</span><span class="p">,</span><span class="w"> </span><span class="err">'InsightId':</span><span class="w"> </span><span class="err">'AGp</span><span class="mi">3</span><span class="err">byn_PgRryjAItOHdAlcAAAAAAAAAAV</span><span class="mi">8</span><span class="err">rYO_CKM</span><span class="mi">4</span><span class="err">aynEOZWZiTd</span><span class="mi">2</span><span class="err">_OV_</span><span class="mi">0</span><span class="err">bsqS'</span><span class="p">,</span><span class="w"> </span><span class="err">'Recommendations':</span><span class="w"> </span><span class="p">[{</span><span class="w"> </span><span class="err">'Name':</span><span class="w"> </span><span class="err">'Troubleshoot</span><span class="w"> </span><span class="err">errors</span><span class="w"> </span><span class="err">and</span><span class="w"> </span><span class="err">set</span><span class="w"> </span><span class="err">up</span><span class="w"> </span><span class="err">automatic</span><span class="w"> </span><span class="err">retries</span><span class="w"> </span><span class="err">in</span><span class="w"> </span><span class="err">AWS</span><span class="w"> </span><span class="err">Lambda'</span><span class="p">,</span><span class="w"> </span><span class="err">'Description':</span><span class="w"> </span><span class="err">'Your</span><span class="w"> </span><span class="err">Lambda</span><span class="w"> </span><span class="err">function</span><span class="w"> </span><span class="err">is</span><span class="w"> </span><span class="err">throwing</span><span class="w"> </span><span class="err">a</span><span class="w"> </span><span class="err">high</span><span class="w"> </span><span class="err">number</span><span class="w"> </span><span class="err">of</span><span class="w"> </span><span class="err">errors.</span><span class="w"> </span><span class="err">To</span><span class="w"> </span><span class="err">learn</span><span class="w"> </span><span class="err">about</span><span class="w"> </span><span class="err">common</span><span class="w"> </span><span class="err">Lambda</span><span class="w"> </span><span class="err">errors</span><span class="p">,</span><span class="w"> </span><span class="err">their</span><span class="w"> </span><span class="err">causes</span><span class="p">,</span><span class="w"> </span><span class="err">and</span><span class="w"> </span><span class="err">mitigation</span><span class="w"> </span><span class="err">strategies</span><span class="p">,</span><span class="w"> </span><span class="err">see</span><span class="w"> </span><span class="err">this</span><span class="w"> </span><span class="err">link.'</span><span class="p">,</span><span class="w"> </span><span class="err">'Reason':</span><span class="w"> </span><span class="err">'The</span><span class="w"> </span><span class="err">Errors</span><span class="w"> </span><span class="err">metric</span><span class="w"> </span><span class="err">in</span><span class="w"> </span><span class="err">AWS::Lambda::FunctionName</span><span class="w"> </span><span class="err">breached</span><span class="w"> </span><span class="err">a</span><span class="w"> </span><span class="err">high</span><span class="w"> </span><span class="err">threshold.</span><span class="w"> </span><span class="err">'</span><span class="p">,</span><span class="w"> </span><span class="err">'Link':</span><span class="w"> </span><span class="err">'https://docs.aws.amazon.com/lambda/latest/dg/invocation-retries.html'</span><span class="p">,</span><span class="w"> </span><span class="err">'RelatedEvents':</span><span class="w"> </span><span class="p">[],</span><span class="w"> </span><span class="err">'RelatedAnomalies':</span><span class="w"> </span><span class="p">[{</span><span class="w"> </span><span class="err">'SourceDetails':</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">'CloudWatchMetrics':</span><span class="w"> </span><span class="p">[{</span><span class="w"> </span><span class="err">'MetricName':</span><span class="w"> </span><span class="err">'Errors'</span><span class="p">,</span><span class="w"> </span><span class="err">'Namespace':</span><span class="w"> </span><span class="err">'AWS::Lambda::FunctionName'</span><span class="w"> </span><span class="p">}]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="err">'Resources':</span><span class="w"> </span><span class="p">[{</span><span class="w"> </span><span class="err">'Name':</span><span class="w"> </span><span class="err">'CloudwatchToBQ'</span><span class="p">,</span><span class="w"> </span><span class="err">'Type':</span><span class="w"> </span><span class="err">'AWS::Lambda::FunctionName'</span><span class="w"> </span><span class="p">}]</span><span class="w"> </span><span class="p">}]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">'Name':</span><span class="w"> </span><span class="err">'Configure</span><span class="w"> </span><span class="err">provisioned</span><span class="w"> </span><span class="err">concurrency</span><span class="w"> </span><span class="err">for</span><span class="w"> </span><span class="err">AWS</span><span class="w"> </span><span class="err">Lambda'</span><span class="p">,</span><span class="w"> </span><span class="err">'Description':</span><span class="w"> </span><span class="err">'Your</span><span class="w"> </span><span class="err">Lambda</span><span class="w"> </span><span class="err">function</span><span class="w"> </span><span class="err">is</span><span class="w"> </span><span class="err">having</span><span class="w"> </span><span class="err">trouble</span><span class="w"> </span><span class="err">scaling.</span><span class="w"> </span><span class="err">To</span><span class="w"> </span><span class="err">learn</span><span class="w"> </span><span class="err">how</span><span class="w"> </span><span class="err">to</span><span class="w"> </span><span class="err">enable</span><span class="w"> </span><span class="err">provisioned</span><span class="w"> </span><span class="err">concurrency</span><span class="p">,</span><span class="w"> </span><span class="err">which</span><span class="w"> </span><span class="err">allows</span><span class="w"> </span><span class="err">your</span><span class="w"> </span><span class="err">function</span><span class="w"> </span><span class="err">to</span><span class="w"> </span><span class="err">scale</span><span class="w"> </span><span class="err">without</span><span class="w"> </span><span class="err">fluctuations</span><span class="w"> </span><span class="err">in</span><span class="w"> </span><span class="err">latency</span><span class="p">,</span><span class="w"> </span><span class="err">see</span><span class="w"> </span><span class="err">this</span><span class="w"> </span><span class="err">link.'</span><span class="p">,</span><span class="w"> </span><span class="err">'Reason':</span><span class="w"> </span><span class="err">'The</span><span class="w"> </span><span class="err">Duration</span><span class="w"> </span><span class="err">metric</span><span class="w"> </span><span class="err">in</span><span class="w"> </span><span class="err">AWS::Lambda::FunctionName</span><span class="w"> </span><span class="err">breached</span><span class="w"> </span><span class="err">a</span><span class="w"> </span><span class="err">high</span><span class="w"> </span><span class="err">threshold.</span><span class="w"> </span><span class="err">'</span><span class="p">,</span><span class="w"> </span><span class="err">'Link':</span><span class="w"> </span><span class="err">'https://docs.aws.amazon.com/lambda/latest/dg/configuration-concurrency.html#configuration-concurrency-provisioned'</span><span class="p">,</span><span class="w"> </span><span class="err">'RelatedEvents':</span><span class="w"> </span><span class="p">[],</span><span class="w"> </span><span class="err">'RelatedAnomalies':</span><span class="w"> </span><span class="p">[{</span><span class="w"> </span><span class="err">'SourceDetails':</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">'CloudWatchMetrics':</span><span class="w"> </span><span class="p">[{</span><span class="w"> </span><span class="err">'MetricName':</span><span class="w"> </span><span class="err">'Duration'</span><span class="p">,</span><span class="w"> </span><span class="err">'Namespace':</span><span class="w"> </span><span class="err">'AWS::Lambda::FunctionName'</span><span class="w"> </span><span class="p">}]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="err">'Resources':</span><span class="w"> </span><span class="p">[{</span><span class="w"> </span><span class="err">'Name':</span><span class="w"> </span><span class="err">'CloudwatchToBQ'</span><span class="p">,</span><span class="w"> </span><span class="err">'Type':</span><span class="w"> </span><span class="err">'AWS::Lambda::FunctionName'</span><span class="w"> </span><span class="p">}]</span><span class="w"> </span><span class="p">}]</span><span class="w"> </span><span class="p">}]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fdusfmfnf8cvbv8mqr3o1.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fdusfmfnf8cvbv8mqr3o1.png" alt="Alt Text"></a></p> <p><a href="https://docs.aws.amazon.com/lambda/latest/dg/configuration-concurrency.html" rel="noopener noreferrer">Managing concurrency for a Lambda function</a></p> <p>For remedial action I have inspected lambda metrics and updated reserved concurrencies.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Ff6o0ss8rib5thhxkpm1s.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Ff6o0ss8rib5thhxkpm1s.png" alt="Alt Text"></a></p> <p>you should inspect your lambda metrics and update concurrency accordingly. Also if this is not enough, I recommend you to add pub/sub or queue service such as SQS to handle the traffic.</p> <h2> Streaming Quota </h2> <p>I need to remind you that Google BigQuery also has streaming quota. (It's 500000 rows per second)</p> <p><a href="https://cloud.google.com/bigquery/quotas#streaming_inserts" rel="noopener noreferrer">Quotas and limits | BigQuery | Google Cloud</a></p> <h1> Reference </h1> <p><a href="https://cloud.google.com/bigquery/streaming-data-into-bigquery" rel="noopener noreferrer">Streaming data into BigQuery | Google Cloud</a></p> <p><a href="https://cloud.google.com/bigquery/docs/samples/bigquery-table-insert-rows" rel="noopener noreferrer">Streaming insert | BigQuery | Google Cloud</a></p> <p><a href="https://googleapis.dev/python/bigquery/latest/generated/google.cloud.bigquery.client.Client.html#google.cloud.bigquery.client.Client.insert_rows" rel="noopener noreferrer">google-cloud-bigquery</a></p> <p><a href="https://google-auth.readthedocs.io/en/latest/reference/google.oauth2.service_account.html#google.oauth2.service_account.Credentials.from_service_account_file" rel="noopener noreferrer">google-auth</a></p> <p><a href="https://cloud.google.com/blog/products/data-analytics/geolocation-with-bigquery-de-identify-76-million-ip-addresses-in-20-seconds" rel="noopener noreferrer">Geolocation with BigQuery: De-identify 76 million IP addresses in 20 seconds | Google Cloud Blog</a></p> aws elasticsearch bigquery loganalysis Jinwook Baek Thu, 31 Dec 2020 01:33:42 +0000 https://dev.to/kokospapa8/export-aws-gcp-cost-and-billing-data-to-bigquery-for-analytics-1g3h https://dev.to/kokospapa8/export-aws-gcp-cost-and-billing-data-to-bigquery-for-analytics-1g3h <p><a href="https://www.notion.so/kokospapa/Export-AWS-GCP-cost-and-billing-data-to-BigQuery-for-analytics-6dc08d8d66074c7083be386d88b8b62f" rel="noopener noreferrer">Original post</a> has better layout with images.</p> <h1> Intro </h1> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Ftx591arfbfk1un3nt94r.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Ftx591arfbfk1un3nt94r.png" alt="aws"></a><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fgh0xqbs5o41bkosucmkg.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fgh0xqbs5o41bkosucmkg.png" alt="gcp"></a></p> <p>I am currently using both GCP and AWS for a certain project. While each cloud providers provides very nice tool and visualizations for their own spending (Cloud billing for GCP and Cost&amp;Usage report for AWS respectively), I wanted to consolidate both cloud providers usage report and visualize using single BI tool. The report does not need to be realtime, I only need daily granularity on my report. (No streaming) </p> <p>So I had to spin up something and these were couple options</p> <ul> <li>House data to AWS using Athena+Quicksight(or other BI tool)</li> <li>House data to GCP using Bigquery+datastudio(or other BI tool)</li> <li>Spend more time searching for 3rd party tools</li> </ul> <p>I am a big fan of BigQuery and I prefer to to <strong>ELT</strong> rather than <strong>ETL</strong> on BQ. Moreover, I was already using BigQuery for the project with <a href="https://holistics.io" rel="noopener noreferrer">holistics.io</a>, I chose to house usage and cost data to bigquery.</p> <h1> Move data to BQ </h1> <h2> GCP Cloud Billing </h2> <h3> Setup </h3> <p>This is easy, cloud billing natively support bigquery export. </p> <ul> <li> <p>Enable billing for the GCP project.</p> <p>I assume that you already have billing account setup. (You wouldn't need data analytics unless you are spending any moeny) But if you need to enable billing for the project, refer to the following link.</p> <p><a href="https://cloud.google.com/billing/docs/how-to/modify-project#confirm_billing_is_enabled_on_a_project" rel="noopener noreferrer">Modify a project's billing settings | Cloud Billing | Google Cloud</a></p> </li> <li> <p>Create a dataset in BigQuery whthin the GCP project you desire - I named it <code>billing_export</code></p> <p><a href="https://cloud.google.com/bigquery/docs/datasets" rel="noopener noreferrer">Creating datasets | BigQuery | Google Cloud</a></p> </li> <li> <p>You need appropriate permissions to setup export</p> <ul> <li>Billing account Admin</li> <li>Bigquery Admin for the project</li> <li> <code>resourcemanager.projects.update</code> permission</li> </ul> </li> </ul> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F6out2dntyfh39vj4eyji.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F6out2dntyfh39vj4eyji.png" alt="Alt Text"></a></p> <ul> <li>Enable Cloud Billing export to BigQuery dataset <ul> <li>Go to <code>Billing</code> menu in Navigation menu (<a href="https://console.cloud.google.com/billing/" rel="noopener noreferrer">https://console.cloud.google.com/billing/</a>)</li> <li>Go to <code>linked billing account</code> (this should be already set, if not you need to add payment info)</li> <li>Select <code>Billing export</code> → Select <code>BigQuery export</code> tab</li> <li>Select <code>edit setting</code> on Daily cost detail <ul> <li>Select the project and dataset where you want the data to be sinked. (note) The BigQuery API is required to export data to BigQuery. If the project you selected doesn't have the BigQuery API enabled, you will be prompted to enable it. Click <strong>Enable BigQuery API</strong> and the API will be enabled for you</li> </ul> </li> </ul> </li> </ul> <p>Once everything is set, you will be able to see your screen like this.</p> <p>When you first enable the daily cost detail export to BigQuery, it might take a <strong>few hours</strong> to start seeing your Google Cloud cost data. Table with <code>gcp_billing_export_v1_&lt;some_hash&gt;</code> will be generated. Table will be automatically partitioned by day. (you can query partitioned data to save cost)</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fjgc7p3t4ld6xbc0thm5c.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fjgc7p3t4ld6xbc0thm5c.png" alt="Alt Text"></a></p> <h3> Schema </h3> <p>After a while you will notice a being exported to a table. You can click table and click preview or query. </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code> <span class="k">SELECT</span> <span class="n">usage_start_time</span><span class="p">,</span> <span class="k">location</span><span class="p">.</span><span class="n">region</span><span class="p">,</span> <span class="n">cost</span><span class="p">,</span> <span class="n">currency</span><span class="p">,</span> <span class="k">usage</span><span class="p">.</span><span class="n">amount</span><span class="p">,</span> <span class="k">usage</span><span class="p">.</span><span class="n">unit</span><span class="p">,</span> <span class="n">credits</span> <span class="k">FROM</span> <span class="nv">`&lt;project&gt;.billing_export.gcp_billing_export_v1_&lt;hash&gt;`</span> <span class="k">WHERE</span> <span class="n">_PARTITIONTIME</span> <span class="o">&gt;=</span> <span class="nv">"2020-12-01 00:00:00"</span> </code></pre> </div> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fxkc7rdff0sv8l3o84i5t.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fxkc7rdff0sv8l3o84i5t.png" alt="Alt Text"></a></p> <p>If you need specific information for each column, refer to this link. It will help you understand each columns of data.</p> <p><a href="https://cloud.google.com/billing/docs/how-to/export-data-bigquery-tables#data-schema" rel="noopener noreferrer">Understanding the Cloud Billing data tables in BigQuery | Google Cloud</a></p> <p>Special note on <code>credits</code> nested field if you are using free tier.</p> <p><strong>That's it for GCP! now to the hard part.</strong></p> <h2> AWS Cost &amp; Usage Report </h2> <p>I didn't want to reinvent the wheel, therefore as all the good developers do, I googled. I found couple of great articles regarding this subject, but they seemed to be complicated and outdated. Luckly, there were already a natively supported <strong>S3 transfer</strong> service in BigQuery. It supports transfer <code>csv</code> and <code>parquet</code>.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fm0j59ag733v7f278er85.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fm0j59ag733v7f278er85.png" alt="Alt Text"></a><br> seems too complicated.</p> <p><a href="https://cloud.google.com/bigquery-transfer/docs/s3-transfer" rel="noopener noreferrer">Amazon S3 transfers | BigQuery Data Transfer Service | Google Cloud</a></p> <p>Let's save the cost and usage report to S3 first. Go to AWS Cost and Usage Reports. You can create a report here.</p> <p><a href="https://console.aws.amazon.com/billing/home#/reports" rel="noopener noreferrer">aws usage and cost reports</a></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fs824zlnj6epjeti27txa.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fs824zlnj6epjeti27txa.png" alt="Alt Text"></a><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Ftmpew0662y9ab0lxw6ft.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Ftmpew0662y9ab0lxw6ft.png" alt="Alt Text"></a></p> <ul> <li>Report name - <code>daily_report_gzip</code> </li> <li>Include resource IDs - <code>check</code> </li> <li>Data refresh settings - <code>uncheck</code> </li> <li>S3 bucket - create a bucket or select a bucket</li> <li>prefix - <code>billing/daily_report_gzip</code> </li> <li>Time granularity - <code>Daily</code> </li> <li>Report versioning - <code>overwrite</code> </li> <li>Compression type - <code>gzip</code> </li> </ul> <p>After creating report, it takes couple hours to show up on S3. Once report is created, you will see <code>gz</code> file exported under following URI. </p> <p><code>s3://&lt;bucket&gt;/billing/daily_report_gzip/20201201-20210101/</code></p> <ul> <li>data - <code>daily_report_gzip-00001.csv.gz</code> </li> <li>metadata - <code>daily_report_gzip-Manifest.json</code> </li> </ul> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fscd3wszl9q830q61smss.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fscd3wszl9q830q61smss.png" alt="Alt Text"></a></p> <h3> Schema </h3> <p>We need to know the schema in order to house the data in BigQuery table. If you want to know what each fields represents, consult the document.</p> <p><a href="https://docs.aws.amazon.com/cur/latest/userguide/data-dictionary.html" rel="noopener noreferrer">Data dictionary</a></p> <p>When you open up the <code>daily_report_gzip-Manifest.json</code> file, you will discover how each columns are structued. Take a note on variety of types - <code>string</code>, <code>OptionalBigDecimal</code>, <code>DateInterval</code> and so on.</p> <ul> <li>Json - manifest file example</li> </ul> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fupnvl2iq9vcpuj0riia7.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fupnvl2iq9vcpuj0riia7.png" alt="Alt Text"></a></p> <h3> Converting manifest to bq table schema </h3> <p>In order to transfer the data, the BQ table needs to have correct schema to house the csv data. BQ have different types and there are too many fields to just copy and paste. You can configure table chema with <code>Edit as text</code>. (ex: Field1:TYPE, Field2:TYPE) Let's use <code>jq</code> to extract types as bq table schema. </p> <p>I also need to replace some fields type to BigQuery compatible types. </p> <ul> <li>BigDecimal, OptionalBigDecimal → bignumeric</li> <li>Interval → string</li> <li>datetime → timestamp</li> <li>OptionalString → string</li> </ul> <p>Download the json file and pipe with following jq command</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nb">cat </span>daily_report_gzip-Manifest.json | jq <span class="nt">-jr</span> <span class="s1">'.columns[] | .category+"_"+.name+":"+ .type +","'</span> | <span class="nb">sed </span>s/.<span class="nv">$/</span>/ | <span class="nb">sed</span> <span class="s1">'s/OptionalString/String/g'</span> | <span class="nb">sed</span> <span class="s1">'s/\&lt;Interval\&gt;/String/g'</span> | <span class="nb">sed</span> <span class="s1">'s/OptionalBigDecimal/BigNumeric/g'</span> | <span class="nb">sed</span> <span class="s1">'s/BigDecimal/BigNumeric/g'</span> | <span class="nb">sed</span> <span class="s1">'s/DateTime/Timestamp/g'</span> </code></pre> </div> <ul> <li> <code>jq -jr '.columns[] | .category+"_"+.name+":"+ .type +","'</code> <ul> <li>this will extract each items in array and struct filed as <code>&lt;category&gt;_&lt;name&gt;:&lt;type&gt;</code>. I needed category prepended because there are duplicate names</li> <li> <code>-r</code> for raw output</li> </ul> </li> <li> <code>sed s/.$//</code> <ul> <li>remove last <code>,</code> </li> </ul> </li> <li> <code>sed 's/&lt;original type&gt;/&lt;bq type&gt;/g'</code> <ul> <li>replace type to bq compatible types</li> </ul> </li> </ul> <p>This command will result in following texts</p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code> <p><span class="n">identity_LineItemId</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">identity_TimeInterval</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">bill_InvoiceId</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">bill_BillingEntity</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">bill_BillType</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">bill_PayerAccountId</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">bill_BillingPeriodStartDate</span><span class="p">:</span><span class="nb">Timestamp</span><span class="p">,</span><span class="n">bill_BillingPeriodEndDate</span><span class="p">:</span><span class="nb">Timestamp</span><span class="p">,</span><span class="n">lineItem_UsageAccountId</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">lineItem_LineItemType</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">lineItem_UsageStartDate</span><span class="p">:</span><span class="nb">Timestamp</span><span class="p">,</span><span class="n">lineItem_UsageEndDate</span><span class="p">:</span><span class="nb">Timestamp</span><span class="p">,</span><span class="n">lineItem_ProductCode</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">lineItem_UsageType</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">lineItem_Operation</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">lineItem_AvailabilityZone</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">lineItem_ResourceId</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">lineItem_UsageAmount</span><span class="p">:</span><span class="n">BigNumeric</span><span class="p">,</span><span class="n">lineItem_NormalizationFactor</span><span class="p">:</span><span class="n">BigNumeric</span><span class="p">,</span><span class="n">lineItem_NormalizedUsageAmount</span><span class="p">:</span><span class="n">BigNumeric</span><span class="p">,</span><span class="n">lineItem_CurrencyCode</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">lineItem_UnblendedRate</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">lineItem_UnblendedCost</span><span class="p">:</span><span class="n">BigNumeric</span><span class="p">,</span><span class="n">lineItem_BlendedRate</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">lineItem_BlendedCost</span><span class="p">:</span><span class="n">BigNumeric</span><span class="p">,</span><span class="n">lineItem_LineItemDescription</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">lineItem_TaxType</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">lineItem_LegalEntity</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_ProductName</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_accountAssistance</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_alarmType</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_architecturalReview</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_architectureSupport</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_availability</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_baseProductReferenceCode</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_bestPractices</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_cacheEngine</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_capacitystatus</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_caseSeverityresponseTimes</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_clientLocation</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_clockSpeed</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_computeFamily</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_computeType</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_cputype</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_currentGeneration</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_customerServiceAndCommunities</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_databaseEngine</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_deploymentOption</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_description</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_dominantnondominant</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_durability</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_ecu</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_endpointType</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_engineCode</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_enhancedNetworkingSupported</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_eventType</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_feeDescription</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_fromLocation</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_fromLocationType</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_group</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_groupDescription</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_includedServices</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_insightstype</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_instanceFamily</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_instanceType</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_instanceTypeFamily</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_intelAvx2Available</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_intelAvxAvailable</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_intelTurboAvailable</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_launchSupport</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_licenseModel</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_location</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_locationType</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_logsDestination</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_maxIopsBurstPerformance</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_maxIopsvolume</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_maxThroughputvolume</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_maxVolumeSize</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_memory</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_memoryGib</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_memorytype</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_messageDeliveryFrequency</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_messageDeliveryOrder</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_minVolumeSize</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_networkPerformance</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_normalizationSizeFactor</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_operatingSystem</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_operation</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_operationsSupport</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_physicalProcessor</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_preInstalledSw</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_pricingUnit</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_proactiveGuidance</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_processorArchitecture</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_processorFeatures</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_productFamily</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_programmaticCaseManagement</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_queueType</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_region</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_requestDescription</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_requestType</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_resourcePriceGroup</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_routingTarget</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_routingType</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_servicecode</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_servicename</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_sku</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_storage</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_storageClass</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_storageMedia</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_storageType</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_technicalSupport</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_tenancy</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_thirdpartySoftwareSupport</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_tiertype</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_toLocation</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_toLocationType</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_trafficDirection</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_training</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_transferType</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_usagetype</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_vcpu</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_version</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_volumeApiName</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_volumeType</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">product_whoCanOpenCases</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">pricing_LeaseContractLength</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">pricing_OfferingClass</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">pricing_PurchaseOption</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">pricing_RateId</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">pricing_currency</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">pricing_publicOnDemandCost</span><span class="p">:</span><span class="n">BigNumeric</span><span class="p">,</span><span class="n">pricing_publicOnDemandRate</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">pricing_term</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">pricing_unit</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">reservation_AmortizedUpfrontCostForUsage</span><span class="p">:</span><span class="n">BigNumeric</span><span class="p">,</span><span class="n">reservation_AmortizedUpfrontFeeForBillingPeriod</span><span class="p">:</span><span class="n">BigNumeric</span><span class="p">,</span><span class="n">reservation_EffectiveCost</span><span class="p">:</span><span class="n">BigNumeric</span><span class="p">,</span><span class="n">reservation_EndTime</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">reservation_ModificationStatus</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">reservation_NormalizedUnitsPerReservation</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">reservation_NumberOfReservations</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">reservation_RecurringFeeForUsage</span><span class="p">:</span><span class="n">BigNumeric</span><span class="p">,</span><span class="n">reservation_ReservationARN</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">reservation_StartTime</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">reservation_SubscriptionId</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">reservation_TotalReservedNormalizedUnits</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">reservation_TotalReservedUnits</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">reservation_UnitsPerReservation</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">reservation_UnusedAmortizedUpfrontFeeForBillingPeriod</span><span class="p">:</span><span class="n">BigNumeric</span><span class="p">,</span><span class="n">reservation_UnusedNormalizedUnitQuantity</span><span class="p">:</span><span class="n">BigNumeric</span><span class="p">,</span><span class="n">reservation_UnusedQuantity</span><span class="p">:</span><span class="n">BigNumeric</span><span class="p">,</span><span class="n">reservation_UnusedRecurringFee</span><span class="p">:</span><span class="n">BigNumeric</span><span class="p">,</span><span class="n">reservation_UpfrontValue</span><span class="p">:</span><span class="n">BigNumeric</span><span class="p">,</span><span class="n">savingsPlan_TotalCommitmentToDate</span><span class="p">:</span><span class="n">BigNumeric</span><span class="p">,</span><span class="n">savingsPlan_SavingsPlanARN</span><span class="p">:</span><span class="n">String</span><span class="p">,</span><span class="n">savingsPlan_SavingsPlanRate</span><span class="p">:</span><span class="n">BigNumeric</span><span class="p">,</span><span class="n">savingsPlan_UsedCommitment</span><span class="p">:</span><span class="n">BigNumeric</span><span class="p">,</span><span class="n">savingsPlan_SavingsPlanEffectiveCost</span><span class="p">:</span><span class="n">BigNumeric</span><span class="p">,</span><span class="n">savingsPlan_AmortizedUpfrontCommitmentForBillingPeriod</span><span class="p">:</span><span class="n">BigNumeric</span><span class="p">,</span><span class="n">savingsPlan_RecurringCommitmentForBillingPeriod</span><span class="p">:</span><span class="n">BigNumeric</span></p> </code></pre> </div> <h3> <br> <br> <br> Create BQ Table<br> </h3> <p>Let's create a BQ table. You should have a dataset created already if you exported a Cloud billing. If not, let's create now.</p> <p>Once dataset if created, click create table.</p> <ul> <li>table from - <code>Empty table</code> </li> <li>Destination - <code>search for a project</code> </li> <li>Project name - project you created a dataset</li> <li>Dataset name - select one you created</li> <li>Talbe name - <code>aws</code> </li> <li>For Schema, toggle <code>Edit as text</code> and paste the schema you generated with <code>jq</code> command</li> <li>Partion - you can skip this or select a timestap filed that you will be commonly filter with. I chose <code>billingPeriodStartData</code> and partition by <code>day</code>.</li> </ul> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F49rcoij3rv2xf2vax88o.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F49rcoij3rv2xf2vax88o.png" alt="Alt Text"></a><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fzkzriq52umontss5pnx0.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fzkzriq52umontss5pnx0.png" alt="Alt Text"></a></p> <h3> Transfer Prereq </h3> <p>Once the table is ready, let's create a transfer.</p> <p>You need to have following permissions first.</p> <ul> <li><code>bigquery.transfers.update</code></li> <li><code>bigquery.datasets.update</code></li> </ul> <p>These permissions are includede in predefiend <code>bigquery.admin</code> role.</p> <p><strong>AWS credential</strong></p> <p>Create IAM for AWS credential for transfer. You only need <code>AmazonS3ReadOnlyAccess</code> permission on specific bucket you created, but if you are lazy, just use <code>AmazonS3ReadOnlyAccess</code> AWS managed policy on all resources. If you don't know how to create a IAM user, please refer to following link.</p> <p><a href="https://docs.easydigitaldownloads.com/article/1455-amazon-s3-creating-an-iam-user" rel="noopener noreferrer">Amazon S3 - Creating an IAM user</a></p> <h3> Configure Transfer </h3> <p>On bigquery console, click <code>transfer</code> menu on left pane. You will be redirected to a transfer configuration page. Click <code>+ Create Transfer</code> button. <br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fayuc8wzw4iy6pc9x44t2.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fayuc8wzw4iy6pc9x44t2.png" alt="Alt Text"></a></p> <ul> <li>Source - <code>Amazon S3</code> </li> <li>Display Name - <code>aws-billing-export</code> </li> <li>Schedule options - <code>starts now</code>, <code>daily</code> </li> <li> <p>Destination</p> <ul> <li>Dataset ID - dataset you created</li> <li>Destination table - <code>aws</code> </li> <li>Amazon S3 URI - <code>s3://&lt;bucket&gt;/billing/daily_report_gzip/*/*.gz</code> </li> <li>Access key ID</li> <li>Secert access key</li> <li>File format - <code>csv</code> <ul> <li>Bq support gzip natively</li> </ul> </li> <li>Transfer option <ul> <li>number of errors allowed - <code>0</code> </li> <li>ignore unknown values - <code>check</code> </li> <li>field delimieter - <code>,</code> </li> <li>Header rows to skip - <code>1</code> </li> </ul> </li> <li>Notification <ul> <li>you can create new pub/sub and configure notification here. You can configure this later. So leave it blank for now.</li> </ul> </li> </ul> <p>Click <strong>Save</strong>! </p> </li> </ul> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fdjnzx1w5lkjx2t5jr2c4.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fdjnzx1w5lkjx2t5jr2c4.png" alt="Alt Text"></a><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fr8572jwldons436iaull.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fr8572jwldons436iaull.png" alt="Alt Text"></a></p> <p>You willing following green check mark if the transfer succeeds. </p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F33w6slo216t2fcq79llk.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F33w6slo216t2fcq79llk.png" alt="Alt Text"></a></p> <p>If you see error with red marker, exame the error logs on right pane. Common erros consist, </p> <ul> <li>Wrong S3 URI</li> <li>Wrong AWs credential</li> <li>Wrong table schema</li> <li>No objects</li> </ul> <h1> Cleaning Data </h1> <p>You have two tables populated with billing data! It's time do some analytics and visualizations.</p> <p>Let's review fields</p> <p>AWS</p> <p><a href="https://docs.aws.amazon.com/cur/latest/userguide/data-dictionary.html" rel="noopener noreferrer">Data dictionary</a></p> <p>GCP</p> <p><a href="https://cloud.google.com/billing/docs/how-to/export-data-bigquery-tables#data-schema" rel="noopener noreferrer">Understanding the Cloud Billing data tables in BigQuery | Google Cloud</a></p> <p>You can use BQ console to query and testout data for integrity to makesure the load is intact. I won't go into details with sql query. </p> <p>Once <strong>E</strong>xtracted and <strong>L</strong>oaded, I do <strong>T</strong>ransform on <a href="http://holistics.io" rel="noopener noreferrer">Holistics.io</a> leaving the data intact, but you can also create new view to minimize, clean and consolidate the data into single table or a view using scheduled query feature of BigQuery. </p> <h2> Visualize data </h2> <p>After inspecting the with couple queries, and I am just a newbie in sql world, I use Data Studio to inspect the data. </p> <p>When you use BigQuery, You can connect data to Data Studio without extra configuration. <br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F4eo650umm0bn5cd9u7xc.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F4eo650umm0bn5cd9u7xc.png" alt="Alt Text"></a><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fc199v07amqgqnqwvg86r.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fc199v07amqgqnqwvg86r.png" alt="Alt Text"></a></p> <p>You can use other BI tool to connect BQ to visualize and analyze you data from here.</p> <h1> Extra </h1> <ul> <li>[ ] Check data integrity with daily and monthly roll over</li> </ul> <h1> Conclusion </h1> <p>As BQ support <code>S3 transfer</code>, it was a lot easier for me to move data around but still there were some work to be done.</p> <p>Please let me know if you find more concrete solution to consolidate billing data in single place!</p> <p>Thank you for reading here are some pictures of Kokos!</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fwcndmlugjyah0p8qklav.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fwcndmlugjyah0p8qklav.png" alt="Alt Text"></a><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F4kieswgao3pw7zcsltd0.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F4kieswgao3pw7zcsltd0.png" alt="Alt Text"></a></p> <h1> Reference </h1> <p><a href="https://cloud.google.com/billing/docs/how-to/export-data-bigquery" rel="noopener noreferrer">Export Cloud Billing data to BigQuery | Google Cloud</a></p> <p><a href="https://www.google.com/url?q=https%3A%2F%2Fcloud.google.com%2Fbigquery%2Fdocs%2Fs3-transfer-intro%3Fhl%3Den_US" rel="noopener noreferrer">Overview of Amazon S3 transfers | BigQuery Data Transfer Service</a></p> <p><a href="https://cloud.google.com/bigquery-transfer/docs/s3-transfer-parameters" rel="noopener noreferrer">Using runtime parameters in transfers | BigQuery Data Transfer Service</a></p> aws bigquery gcp analytics Jinwook Baek Thu, 12 Nov 2020 04:35:18 +0000 https://dev.to/kokospapa8/aws-cdk-use-your-favorite-language-to-define-cloud-infrastructure-40na https://dev.to/kokospapa8/aws-cdk-use-your-favorite-language-to-define-cloud-infrastructure-40na <h1> Introduction </h1> <p>Infrastructure as code(IaC) is a popular term in cloud environment. I have been using CloudFormation to automate AWS infrastructure deployment. However I always had hard time writing out the configuration file since they are written in string json or yaml file. There are some best practice for writing out <a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/best-practices.html" rel="noopener noreferrer">CloudFormation</a> out there, I always have to validate and revalidate the stacks and had to double check whether the infrastructure was deployed as I intended to. Recently I have stumbled upon <strong>AWS CDK</strong> and I fell in love with it. Here are some plus using CDK.</p> <ul> <li>Organize your project into logical modules</li> <li>Use logic (if statements, for-loops, etc) when defining your infrastructure</li> <li>Use object-oriented techniques to create a model of your system</li> <li>Type-safety, code-completion, and open-source</li> <li>Define high level abstractions, share them, and publish them to your team, company, or community</li> <li>Share and reuse your infrastructure as a library</li> <li>Code completion within your IDE → This was huge plug for me!</li> </ul> <p>In short, AWS CDK provides high level abstraction of CloudFormation json/yaml syntax. In this blog post, I will rewrite my previous ecs-sample architecture(beta stage) in CDK. Please refer to my previous blog post <br> </p> <div class="ltag__link"> <a href="/kokospapa8" class="ltag__link__link"> <div class="ltag__link__pic"> <img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F367659%2F1067d331-541f-4ec9-b7dc-c49540b89ff9.jpg" alt="kokospapa8"> </div> </a> <a href="/kokospapa8/how-to-deploy-django-app-to-ecs-fargate-part2-io1" class="ltag__link__link"> <div class="ltag__link__content"> <h2>How to deploy django app to ECS Fargate Part2</h2> <h3>Jinwook Baek ・ Jul 3 '20</h3> <div class="ltag__link__taglist"> <span class="ltag__link__tag">#aws</span> <span class="ltag__link__tag">#docker</span> <span class="ltag__link__tag">#tutorial</span> <span class="ltag__link__tag">#webdev</span> </div> </div> </a> </div> for infrastructure that I will be deploying with CDK. <p><a href="https://github.com/kokospapa8/ecs-fargate-sample-app/blob/master/config/cloudformation/cf-ecs-sample.json" rel="noopener noreferrer">kokospapa8/ecs-fargate-sample-app</a></p> <p>Before diving into writing CDK code, let's take a quick look at CDK.</p> <h1> CDK Concepts </h1> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fo5ezf7dxqe9zd97kjw3u.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fo5ezf7dxqe9zd97kjw3u.png" alt="Alt Text"></a></p> <p>There are three main components in CDK: <strong>contruct</strong>, <strong>stack</strong> and <strong>app</strong>. Everything in the AWS CDK is a construct. You can think of constructs as cloud components that can represent architectures of any complexity: a single resource, such as an S3 bucket or an SNS topic, a static website, or even a complex, multi-stack application that spans multiple AWS accounts and regions. To foster reusability, constructs can include other constructs. You compose constructs together into stacks, that you can deploy into an AWS environment, and apps, a collection of one of more stacks.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fd2xt57iac8yb2jxpj2y0.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fd2xt57iac8yb2jxpj2y0.png" alt="Alt Text"></a></p> <h2> App </h2> <p>Written in TypeScript, JavaScript, Python, Java, or C# that uses the AWS CDK to define AWS infrastructure</p> <h2> Stack </h2> <ul> <li>Equivalent to AWS CloudFormation stacks</li> <li>Contains construct</li> <li>Defines one or more concrete AWS resources</li> </ul> <h2> Constructs </h2> <ul> <li>Represented as types in programming.</li> <li>Three fundamental flavors <ul> <li>L1 (AWS CloudFormaiton only) - directly to resource types defined by AWS CloudFormation <ul> <li>Always have names that begin with <code>Cfn</code> </li> </ul> </li> <li>L2 - Encapsulate L1 modules, providing sensible defaults and best-practice security policies, supporting resources needed by the primary resource</li> <li>L3 - Patterns declare multiple resources to create entire AWS architectures for particular use cases. All the plumbing is already hooked up, and configuration is boiled down to a few important parameters</li> </ul> </li> </ul> <h2> Core module </h2> <ul> <li>Imported into code as core or cdk</li> <li>Contains constructs used by the AWS CDK itself as well as base classes for constructs, apps, resources, and other AWS CDK objects.</li> </ul> <h2> Supported Languages </h2> <p>AWS CDK is developed in one language (TypeScript) and language bindings are generated for the other languages through the use of a tool called JSII. In this post, I will be using <code>python</code> .</p> <ul> <li>TypeScript</li> <li>JavaScript</li> <li>Python</li> <li>Java</li> <li>C#</li> </ul> <h1> Getting started CDK </h1> <h3> Setup AWS Credential </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws configure <span class="nb">cat</span> ~/.aws/credentials <span class="nt">---</span> <span class="o">[</span>default] <span class="nv">aws_access_key_id</span><span class="o">=</span>AKIAI44QH8XXXXXXXX <span class="nv">aws_secret_access_key</span><span class="o">=</span>je7MtGbClwBFXXXXXXXXXXXXXXXXXXXXX </code></pre> </div> <h2> Install on Mac OSX </h2> <p>Let's use brew 🍺 to install on Mac OSX.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>brew update brew doctor brew <span class="nb">install </span>aws-cdk cdk <span class="nt">--version</span> </code></pre> </div> <p>If you are using other OS, please refer to following link.</p> <p><a href="https://docs.aws.amazon.com/cdk/latest/guide/getting_started.html" rel="noopener noreferrer">Getting started with the AWS CDK</a></p> <h3> Python environment </h3> <p>you need to have <code>python 3.6</code> or later including <code>pip</code> and <code>virtualenv</code> .</p> <h1> Pycharm for IDE </h1> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fz8m94sjm3wpctmet5vi1.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fz8m94sjm3wpctmet5vi1.png" alt="Alt Text"></a></p> <p>I use pycharm for python development with AWS toolkit, I strongly recommend use IDE instead of good old <code>vim</code> or common text editors. Especially when you are devloping CDK, you don't need to go back and forth digging through huge list of API references.</p> <p><a href="https://aws.amazon.com/ko/pycharm/" rel="noopener noreferrer">AWS Toolkit for PyCharm</a></p> <p>Alternatively you can use VS Code with AWS toolkit. </p> <p><a href="https://aws.amazon.com/ko/visualstudiocode/" rel="noopener noreferrer">AWS Toolkit for Visual Studio Code</a></p> <h3> Project Setup </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git clone https://github.com/kokospapa8/ecs-fargate-sample-app.git <span class="nb">cd </span>config/cdk <span class="nb">source</span> .env/bin/activate pip <span class="nb">install</span> <span class="nt">-r</span> requirements.txt <span class="c"># set env with CDK_DEFAULT_ACCOUNT</span> <span class="nb">export </span><span class="nv">CDK_DEFAULT_ACCOUNT</span><span class="o">=</span>123456789 <span class="c"># set env with CDK_DEFAULT_REGION</span> <span class="nb">export </span><span class="nv">CDK_DEFAULT_REGION</span><span class="o">=</span>us-east-1 cdk synth </code></pre> </div> <p>(Alternatively) setup sample app instead of pulling github project<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>cdk init <span class="nt">-a</span> sample-app <span class="nt">--language</span> python </code></pre> </div> <p><code>cdk synth</code> will generate cloudformation stack file in <code>cdk.out</code> folder. You can just take this CloudFormation files and deploy manually. But there is a easier way to deploy with CDK. We will get into that on later part of the post</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fzyia1vn32e3pnl2bdbnz.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fzyia1vn32e3pnl2bdbnz.png" alt="Alt Text"></a></p> <h1> App structure </h1> <p>Before deploying the stack, let's review the infrastructure and review stacks one by one.</p> <p>We will build following resources </p> <ul> <li>VPC with public and private subnet</li> <li>API EC2 instance on ASG (in public subnet)</li> <li>Worker EC2 instance on ASG (in public subnet)</li> <li>ALB in front of API ASG</li> <li>RDS mysql (in private subnet)</li> <li>ElastiCache - Redis (private subnet)</li> </ul> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F701vrqtrvwd3ahykyr58.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F701vrqtrvwd3ahykyr58.png" alt="Alt Text"></a></p> <p>Now let's look at the file structures.</p> <p><code>app.py</code> - application wrapper</p> <p><code>requirements.txt</code> - required CDK pip libraries</p> <p><code>ecs_sample_cdk</code> folder consists of following stack files. <code>sample_stack</code> is wrapper for the whole infrastructure; <code>alb_stack</code> , <code>rds_stack</code> , <code>redis_stack</code> and <code>vpc_stack</code> are nested stack of <code>sample_stack</code></p> <h2> Deep-dive into codes </h2> <h3> app.py </h3> <p>Nothing special here. If you want to know what's going on behind the scene please refer to following document. </p> <p><a href="https://docs.aws.amazon.com/cdk/latest/guide/apps.html" rel="noopener noreferrer">Apps</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/usr/bin/env python3</span> import os from aws_cdk import core from ecs_sample_cdk.sample_stack import SampleStack <span class="nb">env</span> <span class="o">=</span> core.Environment<span class="o">(</span> <span class="nv">account</span><span class="o">=</span>os.environ.get<span class="o">(</span><span class="s2">"CDK_DEFAULT_ACCOUNT"</span>, <span class="s2">""</span><span class="o">)</span>, <span class="nv">region</span><span class="o">=</span>os.environ.get<span class="o">(</span><span class="s2">"CDK_DEFAULT_REGION"</span>, <span class="s2">""</span><span class="o">)</span> <span class="o">)</span> app <span class="o">=</span> core.App<span class="o">()</span> SampleStack<span class="o">(</span>app, <span class="s2">"ecs-sample"</span>, <span class="nb">env</span><span class="o">=</span><span class="nb">env</span><span class="o">)</span> app.synth<span class="o">()</span> </code></pre> </div> <h3> Sample Stack </h3> <p>This is a class that hold other nested stack and I have used <code>props</code> to pass around important resource reference such as vpc and security groups. You can also notice <code>add_dependency</code> method which enforces dependency between different nested stacks. Here we create VPC, ALB stacks then create RDS and Elasticache because we need vpc_id, subnets and security groups in order create these resources.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>class SampleStack<span class="o">(</span>core.Stack<span class="o">)</span>: def __init__<span class="o">(</span>self, scope: core.Construct, <span class="nb">id</span>: str, <span class="nb">env</span>, <span class="k">**</span>kwargs<span class="o">)</span> -&gt; None: super<span class="o">()</span>.__init__<span class="o">(</span>scope, <span class="nb">id</span>, <span class="k">**</span>kwargs<span class="o">)</span> props <span class="o">=</span> <span class="o">{</span><span class="s1">'namespace'</span>: <span class="s1">'sample'</span><span class="o">}</span> vpc_stack <span class="o">=</span> VPCStack<span class="o">(</span>self, f<span class="s2">"{id}-vpc"</span>, <span class="nb">env</span><span class="o">=</span><span class="nb">env</span>, <span class="nv">props</span><span class="o">=</span>props<span class="o">)</span> props.update<span class="o">(</span>vpc_stack.output_props<span class="o">)</span> alb_stack <span class="o">=</span> ALBStack<span class="o">(</span>self, f<span class="s2">"{id}-alb"</span>, <span class="nb">env</span><span class="o">=</span><span class="nb">env</span>, <span class="nv">props</span><span class="o">=</span>props<span class="o">)</span> alb_stack.add_dependency<span class="o">(</span>vpc_stack<span class="o">)</span> props.update<span class="o">(</span>alb_stack.output_props<span class="o">)</span> rds_stack <span class="o">=</span> RDSStack<span class="o">(</span>self, f<span class="s2">"{id}-rds"</span>, <span class="nb">env</span><span class="o">=</span><span class="nb">env</span>, <span class="nv">props</span><span class="o">=</span>props<span class="o">)</span> rds_stack.add_dependency<span class="o">(</span>vpc_stack<span class="o">)</span> rds_stack.add_dependency<span class="o">(</span>alb_stack<span class="o">)</span> props.update<span class="o">(</span>rds_stack.output_props<span class="o">)</span> redis_stack <span class="o">=</span> RedisStack<span class="o">(</span>self, f<span class="s2">"{id}-redis"</span>, <span class="nb">env</span><span class="o">=</span><span class="nb">env</span>, <span class="nv">props</span><span class="o">=</span>props<span class="o">)</span> redis_stack.add_dependency<span class="o">(</span>vpc_stack<span class="o">)</span> redis_stack.add_dependency<span class="o">(</span>alb_stack<span class="o">)</span> </code></pre> </div> <h3> VPC_STACK </h3> <p>This code produces a VPC with 2 public and private subnets each in 2 different AZs with single NAT gateway. Using L2 construct, less than 10 lines of code produces route tables, subnets, NAT gateway, IGW, VPC. It is that simple to produce produce a valid VPC for app development with less than 10 lines of codes. </p> <p>Notice that I have added <code>CfnOutput</code> for cloudformation output for vpc id and output_props to pass around vpc resource I have created in this stack<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>class VPCStack(core.NestedStack): def __init__(self, scope: core.Construct, id: str, env, props, **kwargs) -&gt; None: super().__init__(scope, id, **kwargs) subnets = [] public_subnet = ec2.SubnetConfiguration( cidr_mask=24, name=f"{id}-public", subnet_type=ec2.SubnetType.PUBLIC ) private_subnet = ec2.SubnetConfiguration( cidr_mask=24, name=f"{id}-private", subnet_type=ec2.SubnetType.PRIVATE ) subnets.append(public_subnet) subnets.append(private_subnet) # The code that defines your stack goes here vpc = ec2.Vpc(self, f"{id}", cidr="172.0.0.0/16", enable_dns_hostnames=True, enable_dns_support=True, nat_gateways=1, nat_gateway_provider=ec2.NatProvider.gateway(), max_azs=2, subnet_configuration=subnets ) #Be aware that environment-agnostic stacks will be created with access to only 2 AZs, so to use more than 2 AZs, be sure to specify the account and region on your stack core.CfnOutput(self, "vpcid", value=vpc.vpc_id) # Prepares output attributes to be passed into other stacks # In this case, it is our VPC and subnets. self.output_props = props.copy() self.output_props['vpc'] = vpc self.output_props['public_subnets'] = vpc.public_subnets self.output_props['private_subnets'] = vpc.private_subnets @property def outputs(self): return self.output_props </code></pre> </div> <h3> ALB_stack </h3> <p><code>AutoScalingGroup</code> requires <code>KEY_PAIR_NAME</code> which you need to create on Console manually. </p> <p><a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html" rel="noopener noreferrer">Amazon EC2 key pairs and Linux instances</a></p> <p>The stack creates following resources</p> <ul> <li>EC2 instance role</li> <li>API AutoScalingGroup</li> <li>Worker AutoScalingGroup</li> <li>Security groups <ul> <li>api EC2 (public subnet) <ul> <li>allows ssh from public</li> </ul> </li> <li>worker EC2 (private subnet) <ul> <li>allows ssh from <code>API EC2</code> </li> </ul> </li> <li>redis <ul> <li>allows 6379 from EC2 security group</li> </ul> </li> <li>rds <ul> <li>allows 3306 from EC2 security group</li> </ul> </li> </ul> </li> </ul> <p>We need add security group on props to use them on RDS and Redis stack<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>class ALBStack(core.NestedStack): def __init__(self, scope: core.Construct, id: str, env, props, **kwargs) -&gt; None: super().__init__(scope, id, **kwargs) #create ec2role #get from env or create role = iam.Role(self, "ecs-sample-ec2-role", assumed_by=iam.ServicePrincipal('ec2.amazonaws.com'), ) role.add_managed_policy( iam.ManagedPolicy.from_aws_managed_policy_name("AmazonEC2ContainerRegistryPowerUser") ) asg_api = autoscaling.AutoScalingGroup( self, "ecs-sample-api-asg", vpc=props['vpc'], instance_type=ec2.InstanceType.of( ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.MICRO ), machine_image=ec2.AmazonLinuxImage(), key_name=KEY_PAIR_NAME, vpc_subnets=ec2.SubnetSelection(subnet_type=SubnetType.PUBLIC), desired_capacity=1, max_capacity=1, min_capacity=1, role=role # userdata=userdata ) asg_worker = autoscaling.AutoScalingGroup( self, "ecs-sample-worker-asg", vpc=props['vpc'], instance_type=ec2.InstanceType.of( ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.MICRO ), machine_image=ec2.AmazonLinuxImage(), key_name=f"ecs-sample-key", vpc_subnets=ec2.SubnetSelection(subnet_type=SubnetType.PRIVATE), desired_capacity=1, max_capacity=1, min_capacity=1, role=role # userdata=userdata ) # Creates a security group for our application sg_api = ec2.SecurityGroup( self, id="ecs-sample-ec2-api", vpc=props['vpc'], security_group_name="ecs-sample-ec2-api" ) sg_worker = ec2.SecurityGroup( self, id="ecs-sample-ec2-worker", vpc=props['vpc'], security_group_name="ecs-sample-ec2-worker" ) # to access this security group for SSH sg_api.add_ingress_rule( peer=ec2.Peer.ipv4(SSH_IP), connection=ec2.Port.tcp(22) ) # use ec2 api as bastion sg_worker.connections.allow_from( sg_api, ec2.Port.tcp(22), "Allow from ec2 api") asg_api.add_security_group(sg_api) asg_worker.add_security_group(sg_worker) # Creates a security group for the application load balancer sg_alb = ec2.SecurityGroup( self, id="ecs-sample-loadbalancer", vpc=props['vpc'], security_group_name="ecs-sample-loadbalancer" ) sg_api.connections.allow_from( sg_alb, ec2.Port.tcp(80), "Ingress") # Creates an application load balance lb = elbv2.ApplicationLoadBalancer( self, f"{id}-ALB", vpc=props['vpc'], security_group=sg_alb, internet_facing=True) listener = lb.add_listener("Listener", port=80) # Adds the autoscaling group's (asg_api) instance to be registered # as targets on port 8080 listener.add_targets("Target", port=80, targets=[asg_api]) # This creates a "0.0.0.0/0" rule to allow every one to access the # application listener.connections.allow_default_port_from_any_ipv4( "Open to the world" ) # create RDS sg sg_rds = ec2.SecurityGroup( self, id="ecs-sample-mysql", vpc=props['vpc'], security_group_name="ecs-sample-mysql" ) sg_api.connections.allow_from( sg_rds, ec2.Port.tcp(3306), "allow from rds to ec2 api") sg_rds.connections.allow_from( sg_api, ec2.Port.tcp(3306), "allow from ec2 api to rds") sg_worker.connections.allow_from( sg_rds, ec2.Port.tcp(3306), "allow from rds to ec2 worker") sg_rds.connections.allow_from( sg_worker, ec2.Port.tcp(3306), "allow from ec2 worker to rds") # create Redis SG sg_redis = ec2.SecurityGroup( self, id="ecs-sample-redis", vpc=props['vpc'], security_group_name="ecs-sample-redis" ) sg_api.connections.allow_from( sg_rds, ec2.Port.tcp(6379), "allow from redis to ec2 api") sg_rds.connections.allow_from( sg_api, ec2.Port.tcp(6379), "allow from ec2 api to redis") sg_worker.connections.allow_from( sg_rds, ec2.Port.tcp(6379), "allow from redis to ec2 worker") sg_rds.connections.allow_from( sg_worker, ec2.Port.tcp(6379), "allow from ec2 worker to redis") </code></pre> </div> <h3> RDS stack </h3> <ul> <li>You can either choose cluster mode or instance mode by passing <code>cluster</code> parameter on the stack argument</li> <li> <p>You cannot pass around plaintext credentials so CDK enforces you to use <code>Credential</code> This code actually produces password in <code>SecertManager</code> (These are L2 contruct that CDK enforces for best practice)</p> <p><a href="https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-rds.Credentials.html" rel="noopener noreferrer">class Credentials · AWS CDK</a><br> </p> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>class RDSStack<span class="o">(</span>core.NestedStack<span class="o">)</span>: def __init__<span class="o">(</span>self, scope: core.Construct, <span class="nb">id</span>: str, <span class="nb">env</span>, props, <span class="nv">cluster</span><span class="o">=</span>False, <span class="k">**</span>kwargs<span class="o">)</span> -&gt; None: super<span class="o">()</span>.__init__<span class="o">(</span>scope, <span class="nb">id</span>, <span class="k">**</span>kwargs<span class="o">)</span> <span class="c">#TEMP without ASG</span> <span class="c"># security_groups = [ec2.SecurityGroup(</span> <span class="c"># self,</span> <span class="c"># id="ecs-sample-mysql",</span> <span class="c"># vpc=props['vpc'],</span> <span class="c"># security_group_name="ecs-sample-mysql"</span> <span class="c"># )]</span> vpc <span class="o">=</span> props[<span class="s1">'vpc'</span><span class="o">]</span> <span class="nv">security_groups</span><span class="o">=[</span>props[<span class="s1">'sg_rds'</span><span class="o">]]</span> credential <span class="o">=</span> rds.Credentials.from_username<span class="o">(</span><span class="nv">username</span><span class="o">=</span><span class="s2">"admin"</span><span class="o">)</span> private_subnet_selections <span class="o">=</span> ec2.SubnetSelection<span class="o">(</span><span class="nv">subnet_type</span><span class="o">=</span>ec2.SubnetType.PRIVATE<span class="o">)</span> subnet_group <span class="o">=</span> rds.SubnetGroup<span class="o">(</span>self, <span class="s2">"sample-rds-subnet-group"</span>, <span class="nv">vpc</span><span class="o">=</span>vpc, <span class="nv">subnet_group_name</span><span class="o">=</span><span class="s2">"sample-rds-subnet-group"</span>, <span class="nv">vpc_subnets</span><span class="o">=</span>private_subnet_selections, <span class="nv">description</span><span class="o">=</span><span class="s2">"sample-rds-subnet-group"</span><span class="o">)</span> self.output_props <span class="o">=</span> props.copy<span class="o">()</span> <span class="k">if </span>not cluster: rds_instance <span class="o">=</span> rds.DatabaseInstance<span class="o">(</span> self, <span class="s2">"RDS-instance"</span>, <span class="nv">database_name</span><span class="o">=</span><span class="s2">"sample"</span>, <span class="nv">engine</span><span class="o">=</span>rds.DatabaseInstanceEngine.mysql<span class="o">(</span> <span class="nv">version</span><span class="o">=</span>rds.MysqlEngineVersion.VER_8_0_16 <span class="o">)</span>, <span class="nv">credentials</span><span class="o">=</span>credential, <span class="nv">instance_identifier</span><span class="o">=</span><span class="s2">"ecs-sample-db"</span>, <span class="nv">vpc</span><span class="o">=</span>vpc, <span class="nv">port</span><span class="o">=</span>3306, <span class="nv">instance_type</span><span class="o">=</span>ec2.InstanceType.of<span class="o">(</span> ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.MICRO, <span class="o">)</span>, <span class="nv">subnet_group</span><span class="o">=</span>subnet_group, <span class="nv">vpc_subnets</span><span class="o">=</span>private_subnet_selections, <span class="nv">removal_policy</span><span class="o">=</span>core.RemovalPolicy.DESTROY, <span class="nv">deletion_protection</span><span class="o">=</span>False, <span class="nv">security_groups</span><span class="o">=</span>security_groups <span class="o">)</span> core.CfnOutput<span class="o">(</span>self, <span class="s2">"RDS_instnace_endpoint"</span>, <span class="nv">value</span><span class="o">=</span>rds_instance.db_instance_endpoint_address<span class="o">)</span> self.output_props[<span class="s1">'rds'</span><span class="o">]</span> <span class="o">=</span> rds_instance <span class="k">else</span>: instance_props <span class="o">=</span> rds.InstanceProps<span class="o">(</span> <span class="nv">vpc</span><span class="o">=</span>vpc, <span class="nv">security_groups</span><span class="o">=</span>security_groups, <span class="nv">vpc_subnets</span><span class="o">=</span>private_subnet_selections <span class="o">)</span> rds_cluster <span class="o">=</span> rds.DatabaseCluster<span class="o">(</span> self, <span class="s2">"RDS-cluster"</span>, <span class="nv">cluster_identifier</span><span class="o">=</span><span class="s2">"ecs-sample-db-cluster"</span>, <span class="nv">instance_props</span><span class="o">=</span>instance_props, <span class="nv">engine</span><span class="o">=</span>rds.DatabaseClusterEngine.aurora_mysql<span class="o">(</span> <span class="nv">version</span><span class="o">=</span>rds.AuroraMysqlEngineVersion.VER_2_07_1 <span class="o">)</span>, <span class="nv">credentials</span><span class="o">=</span>credential, <span class="nv">default_database_name</span><span class="o">=</span><span class="s2">"sample"</span>, <span class="nv">instances</span><span class="o">=</span>1, <span class="nv">subnet_group</span><span class="o">=</span>subnet_group, <span class="nv">removal_policy</span><span class="o">=</span>core.RemovalPolicy.DESTROY, <span class="nv">deletion_protection</span><span class="o">=</span>False <span class="o">)</span> core.CfnOutput<span class="o">(</span>self, <span class="s2">"RDS_cluster_endpoint"</span>, <span class="nv">value</span><span class="o">=</span>rds_cluster.cluster_endpoint.hostname<span class="o">)</span> self.output_props[<span class="s1">'rds'</span><span class="o">]</span> <span class="o">=</span> rds_cluster </code></pre> </div> <h3> Redis Stack </h3> <ul> <li>It seems like Redis ReplicationGroup only supports L1 construct currently. There for I have used <code>CfnReplicationGroup</code> in order to create Elasticache for Redis. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>redis = cache.CfnReplicationGroup(self, f"{id}-replication-group", replication_group_description=f"{id}-replication group", cache_node_type="cache.t3.micro", cache_parameter_group_name=cache_parameter_group_name, security_group_ids=[sg_redis.security_group_id], cache_subnet_group_name=subnets_group.cache_subnet_group_name, engine="redis", engine_version="5.0.4", # node_group_configuration num_node_groups=1, #shard replicas_per_node_group=1 #one replica ) redis.add_depends_on(subnets_group) </code></pre> </div> <h1> Deploy </h1> <p>Let's deploy by typing two commands.</p> <h3> Bootstrap </h3> <p>This command will create a bucket for CDK to stage cloudformation files.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>cdk bootstrap <span class="c">#check cloudformation for CDKtoolkit</span> </code></pre> </div> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fou032ase1sl5w14kgbpv.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fou032ase1sl5w14kgbpv.png" alt="Alt Text"></a><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Ftn6btxnqpin4whvnd30z.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Ftn6btxnqpin4whvnd30z.png" alt="Alt Text"></a></p> <h3> Deploy </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>cdk deploy </code></pre> </div> <p>You will be able to monitor nested stacks being deployed on shell. You can also monitor detailed progress on CloudFormation console.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Ftv5zgod7ns2cktxj666b.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Ftv5zgod7ns2cktxj666b.png" alt="Alt Text"></a></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fmjj5fve7dsx6w0k34ayc.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fmjj5fve7dsx6w0k34ayc.png" alt="Alt Text"></a></p> <p>If you get any errors, go to CloudFormation stack on console to review events tab to look for reason for failure. </p> <h3> Destroy </h3> <p>once you have finished working with the sample you can easily destroy with single command.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>cdk destroy </code></pre> </div> <p>or just delete the stack in CloudFormation console.</p> <h1> Takeaway </h1> <p>I have reduced 900 lines of json code into python code with less than 500 lines of code. Even more, they are modular and easy to revise whenever necessary. AWS CDK enables you to boost your productivity on IaC. If you have been using CloudFormation, you should definitely try out AWS CDK. </p> <p>Take advantage of IDE!</p> <p>Thank you for reading!</p> <h1> References </h1> <p><a href="https://aws.amazon.com/blogs/aws/aws-cloud-development-kit-cdk-typescript-and-python-are-now-generally-available/" rel="noopener noreferrer">AWS Cloud Development Kit (CDK) - TypeScript and Python are Now Generally Available | Amazon Web Services</a></p> <p><a href="https://docs.aws.amazon.com/cdk/latest/guide/examples.html" rel="noopener noreferrer">Examples</a></p> <p><a href="https://github.com/aws-samples/aws-cdk-examples#Python" rel="noopener noreferrer">aws-samples/aws-cdk-examples</a></p> <p><a href="https://github.com/aws-samples/startup-kit-templates" rel="noopener noreferrer">aws-samples/startup-kit-templates</a></p> <p><a href="https://cdkworkshop.com/30-python/20-create-project.html" rel="noopener noreferrer">cdkworkshop.com</a></p> <p><a href="https://docs.aws.amazon.com/cdk/api/latest/" rel="noopener noreferrer">AWS CDK · AWS CDK Reference Documentation</a></p> <p><a href="https://levelup.gitconnected.com/aws-cdk-for-beginners-e6c05ad91895" rel="noopener noreferrer">AWS CDK for Beginners</a></p> <h1> Source </h1> <p>This article was originally posted on <a href="https://blog.kokospapa.com/AWS-CDK-use-your-favorite-language-to-define-cloud-infrastructure-9575fc56e7924981823d1878417c9642" rel="noopener noreferrer">here</a></p> cloudformation iac awscdk Jinwook Baek Sat, 10 Oct 2020 06:44:56 +0000 https://dev.to/kokospapa8/migrate-python-async-worker-to-asynchrounous-lambda-8k3 https://dev.to/kokospapa8/migrate-python-async-worker-to-asynchrounous-lambda-8k3 <p><a href="https://blog.kokospapa.com/Migrate-python-async-worker-to-asynchrounous-Lambda-36a0551c835b4bd1b6559b0d9450bb56" rel="noopener noreferrer">Original blog post</a></p> <h1> Intro </h1> <p>When you build a web service, there is a time that you need to implement simple async worker for background process. I am big fan of Django and whenever I need a async worker, I used <code>celery</code> or <code>rq</code> for convenience. <code>celery</code> or other async framework provides a lot of cool features but most of the time all I need is a simple background process that would not interrupt user experiences.</p> <p>Overtime, as paradigm shifts to cloud, I have been thinking lambda as new async worker solution due to deployment complexity, scaling and cost constraint. Here are pros and cons for using lambda instead of <code>celery</code> on cloud environment(non-local environment).</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F9to8z3plvgbfouf085ea.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F9to8z3plvgbfouf085ea.png" alt="Alt Text"></a></p> <h3> Advantage </h3> <ul> <li>FasS advantage <ul> <li>scaling benefit - cost, ops, etc</li> <li>Resiliency</li> <li>faster development</li> </ul> </li> <li>No need to maintain Broker (e.g elastic search redis)</li> <li>Smaller side effect on code change</li> <li>Fully-managed</li> </ul> <h3> Disadvantage </h3> <ul> <li>FasS disadvantage <ul> <li>limited state</li> </ul> </li> <li>Hard to reuse app code <ul> <li>Django ORM or settings module</li> <li>You can still use them with django package installed but inefficient</li> <li>can't reuse code from django app</li> <li>Django package is too heavy to use on lambda (still usable but too complex to setup</li> </ul> </li> <li>Latency on startup</li> <li>Json formatted Invocation parameter <ul> <li>If you need to pass binary or big size paras, need to consider S3 or other medium</li> </ul> </li> </ul> <h3> Limitation </h3> <p>Most of early stage limitation are lifted as lambda is in mature state (e.g conccurent executions, layers, etc)</p> <p><a href="https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-limits.html" rel="noopener noreferrer">AWS Lambda quotas</a></p> <ul> <li>timeout - 15min <ul> <li>If your async worker take more than 5min, you need to break up codes in to multiple lambda functions or use other distributed system such as EMR, etc.</li> </ul> </li> <li>Invocation payload <ul> <li>asynchronous - <strong>256KB</strong> </li> </ul> </li> </ul> <h3> Consideration </h3> <ul> <li>VPC, Subnet, Security Group <ul> <li>If you are accessing Resources in private VPC, you need to consider placing lambda in same subnet.</li> <li>If you are lambda needs to talk to outside world, private subnets needs NAT gateway</li> </ul> </li> <li>Maintenance</li> </ul> <h1> Setup </h1> <p>AWS recently came up with SAM(Serverless Application Model) which utilize cloudformation for easier deployment of lambda application. SAM provides functionality such as API gateway and statemachine, but we will only be using <code>AWS::Serverless::Function</code> resource for our purpose. You can consider using <code>Zappa</code> for other option.</p> <h2> Github </h2> <p>refer to this repo for details</p> <p><a href="https://github.com/kokospapa8/async-lambda-sample-app" rel="noopener noreferrer">kokospapa8/async-lambda-sample-app</a></p> <h2> Prerequisite </h2> <p>You need following AWS resource created in order to invoke asynchronous lambda.</p> <h3> DLQ </h3> <p>In order use <code>asynchronous lambda</code>, you need to provide DLQ in case lambda fails and retry. Click link for details. I will create SNS topic in this post.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fyun3xmo8yu0m3wius0nw.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fyun3xmo8yu0m3wius0nw.png" alt="Alt Text"></a></p> <p><a href="https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#dlq" rel="noopener noreferrer">Asynchronous invocation</a></p> <h3> SECRET </h3> <p>Let's assume that you have mysql db in public VPC or s3 and need to access them in order to process some data, you can add secrets to lambda env, but it is not a good idea to put secret in plaintext for env variable. You can use <code>aws secret manger</code> , <code>ssm parameterstore</code> or <code>vault</code> . I will use <code>ssm parameterstore</code> for this post. Refer to previous post for creating secrets.(parameter store section)</p> <p><a href="https://www.notion.so/How-to-deploy-django-app-to-ECS-Fargate-part3-13875ffa0c7e4e1da3d1c46cad0bae94" rel="noopener noreferrer">How to deploy django app to ECS Fargate part3</a></p> <p><code>arn:aws:ssm:&lt;region&gt;:&lt;account_id&gt;:parameter/SAMPLE/BUCKET</code></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fo3do07z9o149wb2i24l7.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fo3do07z9o149wb2i24l7.png" alt="Alt Text"></a></p> <h3> IAM ROLE </h3> <p>You need lambda execution role with following permission and polcies attached.</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> Policies - AWSLambdaExecute Permission - SNS – sns:Publish - kms - kms:Decrypt - ssm - ssm:GetParameters, ssm:DescribeParameters, ssm:GetParameter You need following permission if you want to place your lambda function in a designated VPC - ec2 - ec2:CreateNetworkInterface, ec2:DeleteNetworkInterface, ec2:DescribeSecurityGroups </code></pre> </div> <h2> SAM </h2> <p><a href="https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/what-is-sam.html" rel="noopener noreferrer">What is the AWS Serverless Application Model (AWS SAM)?</a></p> <h3> Install (on macOS) </h3> <p><a href="https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-install-mac.html" rel="noopener noreferrer">Installing the AWS SAM CLI on macOS</a></p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nv">$ </span>aws configure AWS Access Key ID <span class="o">[</span>None]: your_access_key_id AWS Secret Access Key <span class="o">[</span>None]: your_secret_access_key Default region name <span class="o">[</span>None]: Default output format <span class="o">[</span>None]: <span class="nv">$ </span>/bin/bash <span class="nt">-c</span> <span class="s2">"</span><span class="si">$(</span>curl <span class="nt">-fsSL</span> https://raw.githubusercontent.com/Homebrew/install/master/install.sh<span class="si">)</span><span class="s2">"</span> <span class="nv">$ </span>brew tap aws/tap <span class="nv">$ </span>brew <span class="nb">install </span>aws-sam-cli </code></pre> </div> <h3> Development </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nv">$ </span>sam init </code></pre> </div> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Ff856gvse9rpaspn55wgt.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Ff856gvse9rpaspn55wgt.png" alt="Alt Text"></a></p> <p>This code will create following structure </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> sam-app/ ├── README.md ├── events/ │ └── event.json ├── hello_world/ │ ├── __init__.py │ ├── app.py <span class="c">#Contains your AWS Lambda handler logic.</span> │ └── requirements.txt <span class="c">#Contains any Python dependencies the application requires, used for sam build</span> ├── template.yaml <span class="c">#Contains the AWS SAM template defining your application's AWS resources.</span> └── tests/ └── unit/ ├── __init__.py └── test_handler.py </code></pre> </div> <h3> template.yaml </h3> <p>Update template file if you need more info on syntax, refer to the link.</p> <p><a href="https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-resource-function.html" rel="noopener noreferrer">AWS::Serverless::Function</a></p> <ul> <li>template.yaml ``` </li> </ul> <p>AWSTemplateFormatVersion: '2010-09-09'<br> Transform: AWS::Serverless-2016-10-31<br> Description: &gt;<br> sample-app<br> Sample SAM Template for sample-app</p> <h1> More info about Globals: <a href="https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst" rel="noopener noreferrer">https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst</a> </h1> <p>Globals:<br> Function:<br> Timeout: 3</p> <p>Resources:<br> SampleAppdFunction:<br> Type: AWS::Serverless::Function # More info about Function Resource: <a href="https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction" rel="noopener noreferrer">https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction</a><br> Properties:<br> CodeUri: sample_app/<br> DeadLetterQueue:<br> Type: SNS<br> TargetArn: arn:aws:sns:::sample-dlq<br> Handler: app.lambda_handler<br> Runtime: python3.8<br> Description: sample lambda<br> EventInvokeConfig:<br> MaximumEventAgeInSeconds: 60<br> MaximumRetryAttempts: 2<br> FunctionName: SampleApp<br> Role: arn:aws:iam:::role/sample_lambda_execution_role<br> Environment:<br> Variables:<br> S3_URL: ""</p> <p>Outputs:<br> SampleAppdFunction:<br> Description: "Sample app Function ARN"<br> Value: !GetAtt SampleAppdFunction.Arn</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>- requirements.txt </code></pre> </div> <p>boto3</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>- app.py This sample app receives image_url as parameter and puts the image on s3bucket name provided on s3 bucket. (AWSLambdaExecute policy has s3 access permission) </code></pre> </div> <p>import boto3<br> import os<br> import requests</p> <p>def lambda_handler(event, context):<br> image_url = event['image_url']<br> S3_BUCKET_PARAM = os.environ['S3_BUCKET_PARAM']</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># download image = requests.get(image_url).content ssm_client = boto3.client('ssm', region_name="ap-northeast-2") response = ssm_client.get_parameter( Name=S3_BUCKET_PARAM, WithDecryption=True ) bucket_name = response['Parameter']['Value'] s3_client = boto3.client('s3', region_name="ap-northeast-2") response = s3_client.put_object( Bucket=bucket_name, Key="image.png", Body=image ) return response </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> ## Build Once your logic code is ready, you can build it using following command ```yaml sam build -t template.yaml --region &lt;region_name&gt; </code></pre> </div> <p>You can test your function with following command</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nv">$ </span>sam <span class="nb">local </span>invoke <span class="c"># if you need to provide environment variable or paramters, use following command</span> <span class="nv">$ </span>sam <span class="nb">local </span>invoke <span class="nt">-e</span> events/event.json <span class="nt">--env-vars</span> env.json </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="w"> </span><span class="err">#env.json</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"SampleAppdFunction"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"S3_BUCKET_PARAM_ARN"</span><span class="p">:</span><span class="w"> </span><span class="s2">"parameterstore_arn"</span><span class="p">,</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="err">#event.json</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"image_url"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://picsum.photos/200/300"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> Deploy </h2> <p>Once your function is tested locally, let's deploy the function to cloud. You have two options. Enter appropriate response to prompt</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nv">$ </span>sam deploy <span class="nt">--guided</span> Configuring SAM deploy <span class="o">======================</span> Looking <span class="k">for </span>samconfig.toml : Found Reading default arguments : Success Setting default arguments <span class="k">for</span> <span class="s1">'sam deploy'</span> <span class="o">=========================================</span> Stack Name <span class="o">[</span>sample-app]: y AWS Region <span class="o">[</span>ap-northeast-2]: y <span class="c">#Shows you resources changes to be deployed and require a 'Y' to initiate deploy</span> Confirm changes before deploy <span class="o">[</span>Y/n]: y <span class="c">#SAM needs permission to be able to create roles to connect to the resources in your template</span> Allow SAM CLI IAM role creation <span class="o">[</span>Y/n]: y Save arguments to samconfig.toml <span class="o">[</span>Y/n]: y </code></pre> </div> <p>output should look like this</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> Looking for resources needed for deployment: Found! Managed S3 bucket: aws-sam-cli-managed-default-samclisourcebucket-fdwl3buruuk1 A different default S3 bucket can be set in samconfig.toml Deploying with following values =============================== Stack name : sample-app Region : ap-northeast-2 Confirm changeset : True Deployment s3 bucket : aws-sam-cli-managed-default-samclisourcebucket-fdwl3buruuk1 Capabilities : ["CAPABILITY_IAM"] Parameter overrides : {} Initiating deployment ===================== Saved arguments to config file Running 'sam deploy' for future deployments will use the parameters saved above. The above parameters can be changed by modifying samconfig.toml Learn more about samconfig.toml syntax at https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-config.html Deploying with following values =============================== Stack name : sample-app Region : ap-northeast-2 Confirm changeset : True Deployment s3 bucket : aws-sam-cli-managed-default-samclisourcebucket-fdwl3buruuk1 Capabilities : ["CAPABILITY_IAM"] Parameter overrides : {} Initiating deployment ===================== Waiting for changeset to be created.. CloudFormation stack changeset ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Operation LogicalResourceId ResourceType ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ + Add SampleAppdFunctionEventInvokeConfig AWS::Lambda::EventInvokeConfig + Add SampleAppdFunction AWS::Lambda::Function ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Changeset created successfully. arn:aws:cloudformation:ap-northeast-2:982947632035:changeSet/samcli-deploy1602235720/1bb1b8a3-da32-4de9-9a14-49aaae3f066f Previewing CloudFormation changeset before deployment ====================================================== Deploy this changeset? [y/N]: y 2020-10-09 18:29:04 - Waiting for stack create/update to complete CloudFormation events from changeset ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ResourceStatus ResourceType LogicalResourceId ResourceStatusReason ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- CREATE_IN_PROGRESS AWS::Lambda::Function SampleAppdFunction - CREATE_IN_PROGRESS AWS::Lambda::Function SampleAppdFunction Resource creation Initiated CREATE_COMPLETE AWS::Lambda::Function SampleAppdFunction - CREATE_IN_PROGRESS AWS::Lambda::EventInvokeConfig SampleAppdFunctionEventInvokeConfig - CREATE_IN_PROGRESS AWS::Lambda::EventInvokeConfig SampleAppdFunctionEventInvokeConfig Resource creation Initiated CREATE_COMPLETE AWS::Lambda::EventInvokeConfig SampleAppdFunctionEventInvokeConfig - CREATE_COMPLETE AWS::CloudFormation::Stack sample-app - ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- CloudFormation outputs from deployed stack -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Outputs -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Key SampleAppdFunction Description Hello World Lambda Function ARN Value arn:aws:lambda:ap-northeast-2:982947632035:function:SampleApp -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Successfully created/updated stack - sample-app in ap-northeast-2 </code></pre> </div> <p>Check cloudformation and lambda console for successful deployment.<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fh4rcy28q0eaflxwf1s61.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fh4rcy28q0eaflxwf1s61.png" alt="Alt Text"></a><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fm6swx0h8t5f3r9v9dvzc.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fm6swx0h8t5f3r9v9dvzc.png" alt="Alt Text"></a></p> <h2> Invoke function in lambda console </h2> <p>Once Lambda is deployed, you can create test event in console.<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fbqdo1i2rbf6b8b1yoy8g.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fbqdo1i2rbf6b8b1yoy8g.png" alt="Alt Text"></a><br> You will get successful log data.<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F3qbsa46a5g8a0p47wo4c.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F3qbsa46a5g8a0p47wo4c.png" alt="Alt Text"></a></p> <h3> Invoke from python app </h3> <p>Now you need to invoke lambda function from your app code. Here are examples you can use.</p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="err">invoke_from_app.py</span><span class="w"> </span><span class="err">import</span><span class="w"> </span><span class="err">boto</span><span class="mi">3</span><span class="w"> </span><span class="err">import</span><span class="w"> </span><span class="err">json</span><span class="w"> </span><span class="err">SETTINGS</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"AWS_DEFAULT_REGION"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ap-northeast-2"</span><span class="p">,</span><span class="w"> </span><span class="nl">"ENV"</span><span class="p">:</span><span class="w"> </span><span class="s2">"prod"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="err">def</span><span class="w"> </span><span class="err">main():</span><span class="w"> </span><span class="err">lambda_client</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="err">boto</span><span class="mi">3</span><span class="err">.client('lambda',</span><span class="w"> </span><span class="err">region_name=SETTINGS</span><span class="p">[</span><span class="err">'AWS_DEFAULT_REGION'</span><span class="p">]</span><span class="err">)</span><span class="w"> </span><span class="err">payload</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"image_url"</span><span class="p">:</span><span class="w"> </span><span class="s2">"https://picsum.photos/200/300"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="err">ret</span><span class="w"> </span><span class="err">=</span><span class="w"> </span><span class="err">lambda_client.invoke(</span><span class="w"> </span><span class="err">FunctionName=</span><span class="s2">"SampleApp"</span><span class="err">,</span><span class="w"> </span><span class="err">InvocationType=</span><span class="s2">"DryRun"</span><span class="w"> </span><span class="err">if</span><span class="w"> </span><span class="err">SETTINGS</span><span class="p">[</span><span class="err">'ENV'</span><span class="p">]</span><span class="w"> </span><span class="err">==</span><span class="w"> </span><span class="s2">"test"</span><span class="w"> </span><span class="err">else</span><span class="w"> </span><span class="s2">"Event"</span><span class="err">,</span><span class="w"> </span><span class="err">Payload=json.dumps(payload)</span><span class="w"> </span><span class="err">)</span><span class="w"> </span><span class="err">print(ret)</span><span class="w"> </span><span class="err">if</span><span class="w"> </span><span class="err">__name__</span><span class="w"> </span><span class="err">==</span><span class="w"> </span><span class="nl">"__main__"</span><span class="p">:</span><span class="w"> </span><span class="err">main()</span><span class="w"> </span></code></pre> </div> <h1> Monitoring </h1> <p>Celery or rq provides native or 3rd party too for monitoring such as <code>sentry</code> . There are some options for monitoring lambda functions but SAM application also provides minimal monitoring environment. Go to lambda service and <code>application</code> menu. Select <code>Monitoring</code> tab to dashboard and cloudwatch logs. You can also configure <code>x-ray</code> for tracing.<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F0e5hcdaio3yixo6p228j.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F0e5hcdaio3yixo6p228j.png" alt="Alt Text"></a><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fc84lrxlh4gfi1ecua5m7.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fc84lrxlh4gfi1ecua5m7.png" alt="Alt Text"></a></p> <h2> CD </h2> <p>Let's talk about CD pipeline, I will use conditional trigger on github workflow and run the </p> <h3> Github workflow </h3> <p>following workflow file will build and deploy to lambda. You need to set secret key with AWS credential.<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F1ax8k81yxhib2a5x2xqc.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F1ax8k81yxhib2a5x2xqc.png" alt="Alt Text"></a></p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="na">on</span><span class="pi">:</span> <span class="na">push</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">master</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Lambda deployment</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">deploy</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Lambda deploy</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Checkout</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v2</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Configure AWS credentials</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">aws-actions/configure-aws-credentials@v1</span> <span class="na">with</span><span class="pi">:</span> <span class="na">aws-access-key-id</span><span class="pi">:</span> <span class="s">${{ secrets.AWS_ACCESS_KEY_ID }}</span> <span class="na">aws-secret-access-key</span><span class="pi">:</span> <span class="s">${{ secrets.AWS_SECRET_ACCESS_KEY }}</span> <span class="na">aws-region</span><span class="pi">:</span> <span class="s">ap-northeast-2</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build, and deploy</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"</span> <span class="s">test -d ~/.linuxbrew &amp;&amp; eval $(~/.linuxbrew/bin/brew shellenv)</span> <span class="s">test -d /home/linuxbrew/.linuxbrew &amp;&amp; eval $(/home/linuxbrew/.linuxbrew/bin/brew shellenv)</span> <span class="s">test -r ~/.bash_profile &amp;&amp; echo "eval \$($(brew --prefix)/bin/brew shellenv)" &gt;&gt;~/.bash_profile</span> <span class="s">brew --version</span> <span class="s">brew tap aws/tap</span> <span class="s">brew install aws-sam-cli</span> <span class="s">sam --version</span> <span class="s">sam build</span> <span class="s">sam deploy --stack-name sample-app --region ap-northeast-2 -t .aws-sam/build/template.yaml --capabilities CAPABILITY_IAM --no-confirm-changeset --s3-bucket aws-sam-cli-managed-default-samclisourcebucket-fdwl3buruuk1</span> </code></pre> </div> <p>If you want to implement canary or linear deployment using codedeploy, refer to the following link for more detail.</p> <p><a href="https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/automating-updates-to-serverless-apps.html" rel="noopener noreferrer">Deploying serverless applications gradually</a></p> <h1> Conclusion </h1> <p>Once lambda is deployed, I removed 20% of my app code related to RQ. I also removed broker(Elasticsearch Redis) service anymore. Moreover since I was using ECS and EKS, I can remove additional task and pod for more api tasks and pods. I am pretty happy with the result that I don't need to manage another container on production. If you have simple workers running on RQ or Celery, I recommend that you try this setup. Thank you for reading.</p> aws serverless lambda django Jinwook Baek Thu, 10 Sep 2020 05:06:43 +0000 https://dev.to/kokospapa8/how-i-prepared-for-gcp-professional-certificate-test-llf https://dev.to/kokospapa8/how-i-prepared-for-gcp-professional-certificate-test-llf <p>original blog <a href="https://blog.kokospapa.com/How-I-prepared-for-GCP-Professional-Certificate-Test-122e36c34f474c65922f0bccd9639eaa">link</a> </p> <h1> Intro </h1> <p>Cloud environment had exponential growth over the course (AWS didn't have RDS when I started) and I wanted to get a firm graps on the subject before venturing into new job. During covid-19 pandemic, I have racked up 4 <strong>professional</strong> cloud certificates(2 AWS, 2 GCP). I am proud of my achievement. Being certified is rewarding experience, but the knowledge and exprience I gained was more rewarding. If you are interested preparing and taking the test will be great first step, if you are already experienced, this will harden your knowledge in every aspect.</p> <h1> Where to start </h1> <p>If you do not know where to start, I recommend you to start with coursera. You can get first week free and google provides 50% off on first month. (refer to last section for the link)</p> <h2> Coursera </h2> <p><a href="https://www.coursera.org/professional-certificates/cloud-engineering-gcp">Cloud Engineering with Google Cloud</a></p> <p><a href="https://www.coursera.org/professional-certificates/gcp-cloud-architect">Cloud Architecture with Google Cloud</a></p> <p><a href="https://www.coursera.org/professional-certificates/gcp-data-engineering">Data Engineering with Google Cloud</a></p> <h2> Qwiklab </h2> <p>Getting hands on is essential you make your knowledge tangible by actually working on the product. Google offers 30 day free subscriptions. I think the quest badge they offer is great example of gamification done right way. Learnig through qwiklab was really fun process for me. You can synthesize your knowledge as you get hands on with what you have learned through texts and slides.</p> <h3> Badges </h3> <p><a href="https://www.qwiklabs.com/public_profiles/7a8119ef-acf9-4590-aa98-87f67ceef467">Jinwook B. | Qwiklabs</a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--kee6tsiQ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/b9vwrzb6nmh61vncx04s.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--kee6tsiQ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/b9vwrzb6nmh61vncx04s.png" alt="Alt Text"></a></p> <p>If you don't have much time you should at least go through following quests.</p> <ul> <li> <p>For Cloud Architect</p> <p><a href="https://www.qwiklabs.com/quests/124">Cloud Architecture: Design, Implement, and Manage | Qwiklabs</a></p> </li> <li> <p>For Data Engineering</p> <p><a href="https://www.qwiklabs.com/quests/25">Data Engineering | Qwiklabs</a></p> </li> </ul> <h1> Practice exams </h1> <p>Once you have firm knowledge it's time for practice exams. I used following courses and it helped me get a good sense how test questions will be formed and what kind of answers will be presented. They don't cover all the topics, but you can definately figure out what you are missing.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--0GtdOhMA--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/8tw770lgj6a87l0qfgf4.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--0GtdOhMA--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/8tw770lgj6a87l0qfgf4.png" alt="Alt Text"></a></p> <h1> Dig deeper into each subject </h1> <p>By this time you are already an expert on several topics and can dive deeper into each topics. You know what you are looking for. These resource will help you get there.</p> <p><a href="https://github.com/gregsramblings/google-cloud-4-words">gregsramblings/google-cloud-4-words</a></p> <p><a href="https://cloud.google.com/docs/compare/aws#service_comparisons">Google Cloud for AWS Professionals</a></p> <p><a href="https://github.com/sathishvj/awesome-gcp-certifications">sathishvj/awesome-gcp-certifications</a></p> <h1> Taking exam </h1> <p>I won't go into details on how to schedule and make payment. Due to COVID-19, Google offers remote proctored exam for almost all the tests. It was really convenient for me to just take exam at my home. Of course it might better for some people if your house is not as quiet or secure place for taking exam.</p> <p>Couple things I want to note </p> <ul> <li>You can change your test time as long as it's 24 hours prior to the exam time. (they will charge you if you change time within 24hours</li> <li>Prepare for goverment photo ID (in English) - passport is gauranteed</li> <li>Have a good internet connection, it took me 30 min to start exam because my wifi was choppy. I had to go through ethernet and hotspot to get stable connection. It was exhausting process and by the time I start the test, I was already beat.</li> <li>Solve easier ones first. 120 min is enough time for 50 questions. Skip or mark for later if you are any doubt or don't under stand and comeback later.</li> <li>I will add more if I can think about</li> </ul> <h1> Topics you should know </h1> <h2> Architect </h2> <ul> <li>Case study <ul> <li>20% of the exam was Scenario-based - Case Studies (<a href="https://cloud.google.com/certification/guides/cloud-architect/casestudy-mountkirkgames-rev2">Mountkirk</a>, <a href="https://cloud.google.com/certification/guides/cloud-architect/casestudy-dress4win-rev2">Dress4Win</a> and <a href="https://cloud.google.com/certification/guides/cloud-architect/casestudy-terramearth-rev2">TerramEarth</a>). They cover this on the official website and also on coursera</li> </ul> </li> <li>Administratives <ul> <li>IAM <ul> <li>role</li> <li>policy, effective policy</li> <li>hierarchy</li> <li>binding</li> <li>service account</li> </ul> </li> <li>Billing</li> <li>Audit log</li> <li>free quota</li> </ul> </li> <li>Compute <ul> <li>difference between GCE, GKE, App engine, cloud Function</li> <li>app engine runtime for standard and flexible</li> <li>Basic Kubernetes concept <ul> <li>pod, services, ingress, etc</li> </ul> </li> </ul> </li> <li>Storage <ul> <li>persistent disks</li> <li>filestore</li> </ul> </li> <li>Stackdriver</li> <li>Network <ul> <li>VPC, subnet, firewall</li> <li>Cloud DNS, VPN, Router</li> <li>Difference between Dedicated, partner interconnect</li> <li>Types of Loadbalancers</li> <li>Direct Peering vs Carrier Peering</li> </ul> </li> <li>Deployment</li> <li>Database type by scale insurance, distribution, replica consistency, multi-primary, transacrtions, joins and complex queries, latency, serverless <ul> <li>Storage transfer services vs transfer appliance vs gsutil</li> </ul> </li> <li> <p>Know which resources are global, regional, zonal services</p> <p><a href="https://cloud.google.com/compute/docs/regions-zones/global-regional-zonal-resources#globalresources">Global, regional, and zonal resources | Compute Engine Documentation</a></p> </li> <li> <p>ETC</p> <ul> <li>SRE <ul> <li>SLI, SLO, SLA</li> </ul> </li> <li>Opex, capex, TCO</li> </ul> </li> </ul> <h2> Data Engineer </h2> <ul> <li>Dataflow <ul> <li> <code>pardo</code>, <code>transform</code>, <code>pCollection</code>, <code>pipeline</code> </li> <li>Windowing <ul> <li>session, fixed, sliding, global</li> </ul> </li> <li>deduplication</li> </ul> </li> <li>Bigquery <ul> <li>BQML</li> <li>Billing</li> <li>Permission</li> <li>query optimization</li> <li>Responsive, predictive cache</li> <li>Partition</li> </ul> </li> <li>Dataproc <ul> <li>cluster resize, modification</li> <li>HDFS vs Cloudstorage</li> <li>storage connectors</li> </ul> </li> <li>Dataprep <ul> <li>recipe</li> </ul> </li> <li>ML Engine</li> <li> <p>Storage</p> <p>Must know storage limit, processing limit and NoOP or unmanaged service</p> <ul> <li>datastore</li> <li>cloud spanner <ul> <li>key design</li> </ul> </li> <li>cloud sql</li> <li>bigtable <ul> <li>bigtable key design</li> <li>performance optimization</li> </ul> </li> <li>bigquery</li> </ul> </li> <li> <p>Basic ML knowledge</p> <ul> <li>Overfitting/underfitting</li> <li>False positive, False Negative</li> <li>Regression, Classification, Clustering</li> <li>Supervised, unsupervised learning</li> <li>Recall, Precision, Accuracy</li> <li>Regularization</li> <li>AUC</li> </ul> </li> <li><p>AutoML</p></li> <li><p>AppEngine</p></li> <li><p>Cloud Composer</p></li> <li> <p>pubsub</p> <ul> <li>retention</li> <li>push,pull</li> </ul> </li> </ul> <h1> Offer for Coursera and Qwiklab </h1> <p><a href="https://inthecloud.withgoogle.com/training-discount/register.html?utm_source=google&amp;utm_medium=website&amp;utm_campaign=FY20-Q1-global-trainingandenablement-operational-other-training_discount&amp;utm_content=cgc-training">Google Cloud Training</a></p> <h1> Final Word </h1> <ul> <li>Don't just memorize to get correct answer, do enjoy the process of research. Knowledge is power. If you have questions and curious about something dig deeper into the product and make it yours.</li> <li>Qwiklab rules!</li> <li>Good luck!</li> </ul> googlecloud certificate Jinwook Baek Mon, 27 Jul 2020 13:18:01 +0000 https://dev.to/kokospapa8/gunicorn-performance-analysis-on-aws-ec2-28jl https://dev.to/kokospapa8/gunicorn-performance-analysis-on-aws-ec2-28jl <h1> Introduction </h1> <p>There are several production level self-hosted options for running django app server behind nginx web sever using wsgi protocol, such as <code>uWsgi</code>, <code>mod_wsgi</code> and <code>gunicorn</code>. I have been using gunicorn for many projects for mayn years. Since then I have never doubted the performance and configuration details but recently I wanted to test the actual performance for gunicorn associated with worker count and find out optimal configuration for ECS fargate. In contrast to on-prem servers where I can grasp on actual number of physical cores, AWS only allow me to configure number of logical cores(via vCPU). I will illustrate how I have tested the performance using <code>gunicorn</code>, <code>django</code> and <code>locust</code>.</p> <p><a href="https://flask.palletsprojects.com/en/master/deploying/wsgi-standalone/" rel="noopener noreferrer">Standalone WSGI Containers - Flask Documentation (1.1.x)</a></p> <h2> Gunicorn </h2> <blockquote> <p>Gunicorn is Python WSGI HTTP Server for UNIX.<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>gunicorn django-sample.wsgi:application <span class="nt">-w</span> <span class="k">${</span><span class="nv">WORKER_COUNT</span><span class="k">}</span> <span class="nt">--threads</span> <span class="k">${</span><span class="nv">THREAD_COUNT</span><span class="k">}</span> <span class="nt">-b</span> 0.0.0.0:8000 </code></pre> </div> <p>You generally use following command to run the applicaiton. According to the <a href="https://docs.gunicorn.org/en/stable/design.html#how-many-workers" rel="noopener noreferrer">design document</a>, they recommend <code>(2 x $num_cores) + 1</code> as the number of workers to start off with. The formula is based on the assumption that for a given core, one worker will be reading or writing from the socket while the other worker is processing a request.</p> <p><a href="https://docs.gunicorn.org/en/stable/" rel="noopener noreferrer">Gunicorn - WSGI server - Gunicorn 20.0.4 documentation</a></p> <h2> EC2 vCPU </h2> <p>I need to determine the number of cpu cores for the server. In traditional linux server, you can determine number of core using following commands.</p> <p>According to AWS, not all vCPUs are made the same. For T2 instances, 1 vCPU = 1 physical core. For all others, 1 vCPU = 1 logical core.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span><span class="nb">cat</span> /proc/cpuinfo -&gt; cpu_cores </code></pre> </div> <p><a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html" rel="noopener noreferrer">Optimizing CPU options</a></p> <blockquote> <p>The number of vCPUs for the instance is the number of CPU cores multiplied by the threads per core. To specify a custom number of vCPUs, you must specify a valid number of CPU cores and threads per core for the instance type.<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>vCPU <span class="o">=</span> Physical core <span class="k">*</span> threads </code></pre> </div> <p>According to this blog post there were <strong>34%</strong> drop in multi-threaded performance on logical cores. ****</p> <p><a href="https://www.credera.com/blog/technology-solutions/whats-in-a-vcpu-state-of-amazon-ec2-in-2018" rel="noopener noreferrer">What's in a vCPU: State of Amazon EC2 in 2018 - Credera</a></p> <p>You can configure threads per core during instance launch.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F1wssfc7qlwyn47c0hcx8.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F1wssfc7qlwyn47c0hcx8.png" alt="CPU option"></a></p> <h1> Methodology </h1> <h3> Architecture </h3> <p><a href="https://github.com/kokospapa8/gunicorn-perf-sample" rel="noopener noreferrer">Github Repo</a></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F0shwakg8i0pypriojeqf.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F0shwakg8i0pypriojeqf.png" alt="Alt Text"></a></p> <p>Test will run on 3 tier web architecture. Django application will run behind the nginx through gunicorn. Django app will be querying Mysql DB in private subnet. </p> <h3> Instances used </h3> <ul> <li>t3.micro - 1 CPU <ul> <li>cpuinfo</li> </ul> </li> <li>t3.micro - 2 vCPU (1 cpu * 2 threads) <ul> <li>cpuinfo</li> </ul> </li> <li>t3.xlarge - 2 cpu <ul> <li>cpuinfo</li> </ul> </li> <li>t3.xlarge - 4 vCPU (2 cpu * 2 threads)</li> <li>t3.2xlarge - 4 cpu <ul> <li>cpuinfo</li> </ul> </li> </ul> <h3> Locust </h3> <p><a href="https://locust.io/" rel="noopener noreferrer">Locust - A modern load testing framework</a></p> <p>I will use locust to test and analyze the performance under load. Following Locust file will spawn multiple users concurrently with simple SQL query.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">random</span> <span class="kn">import</span> <span class="n">randint</span> <span class="kn">from</span> <span class="n">locust</span> <span class="kn">import</span> <span class="n">User</span><span class="p">,</span> <span class="n">TaskSet</span><span class="p">,</span> <span class="n">between</span><span class="p">,</span> <span class="n">task</span><span class="p">,</span> <span class="n">HttpUser</span> <span class="k">class</span> <span class="nc">ReadPosts</span><span class="p">(</span><span class="n">TaskSet</span><span class="p">):</span> <span class="nd">@task</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span> <span class="k">def</span> <span class="nf">read_posts</span><span class="p">(</span><span class="n">self</span><span class="p">):</span> <span class="n">response</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">client</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">api/v1/posts/</span><span class="sh">"</span><span class="p">,</span> <span class="n">name</span><span class="o">=</span><span class="sh">"</span><span class="s">list posts</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Response status code:</span><span class="sh">"</span><span class="p">,</span> <span class="n">response</span><span class="p">.</span><span class="n">status_code</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Response content:</span><span class="sh">"</span><span class="p">,</span> <span class="n">response</span><span class="p">.</span><span class="n">text</span><span class="p">)</span> <span class="k">class</span> <span class="nc">WebsiteUser</span><span class="p">(</span><span class="n">HttpUser</span><span class="p">):</span> <span class="n">tasks</span> <span class="o">=</span> <span class="p">[</span><span class="n">ReadPosts</span><span class="p">]</span> <span class="n">wait_time</span> <span class="o">=</span> <span class="nf">between</span><span class="p">(</span><span class="mf">1.0</span><span class="p">,</span> <span class="mf">2.0</span><span class="p">)</span> </code></pre> </div> <h3> Additional setup </h3> <ul> <li>Tested django app with <code>DEBUG = False</code> </li> <li>Latency is not considered since test was executed within VPC</li> <li>Used <code>serverless</code> aurora RDS to avoid bottleneck on DB I/O</li> </ul> <h3> Test procedure </h3> <ul> <li>Used <code>htop</code> to record CPU usage of each core and mem usage</li> <li>Incremented number of concurrent users by 100 to determine the load to see two thresholds</li> </ul> <div class="ltag_asciinema"> </div> <h1> Result </h1> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fy2bqg5ojrbnu2y22mfcq.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fy2bqg5ojrbnu2y22mfcq.png" alt="Alt Text"></a></p> <p>Full results:<br> <a href="https://docs.google.com/spreadsheets/d/1kdw5yOsglHc2r-h_7zNPHM-zAzMWKNZDdCzAx6l920c/edit?usp=drivesdk" rel="noopener noreferrer">Gunicorn performance test result</a></p> <h3> Observations </h3> <ul> <li>Single worker cannot fully utilize cpus</li> <li>Recommended number of workers (2*core +1) generally perform well as expected.</li> <li>There are not much performance difference in physical or logical core. <ul> <li>Single threads seem to have slightly better performance</li> <li>Therefore, it is efficient to use multiple threads if you consider price and memory usage is not the issue <ul> <li>t3.micro 1 core 2 threads - $0.0104 per Hour</li> <li>t3.large 2 cores 1 thread - $0.0832 per Hour</li> </ul> </li> </ul> </li> </ul> <h3> Questions </h3> <ul> <li>What would be the efficient cpu usage cap? 60% - 90%?</li> <li>Any other metrics I should have count into experiments?</li> </ul> <h1> ECS fargate performance </h1> <p>Since I gained general idea how gunicorn performed on ec2 instances. I took it further to test how gunicorn performs on ECS fargate setup with regarding vCPUs allocated. Please refer to the github for task definitions I have used.</p> <p><a href="https://github.com/kokospapa8/gunicorn-perf-sample/tree/master/app/config/ecs" rel="noopener noreferrer">ecs-task-definition</a></p> <p>Since I cannot manage instance in faragte setup, I needed to assign cpu units for each tasks to comare with ec2. It was impossible to run <code>htop</code> on fargate since I have no access to the instances. ECS provide <code>container insight</code> but they are not as accurate nor real-time as I would run htop inside the instances. I only recorded Fail rate according to concurrent user count. </p> <p>I didn't assign cpu unit for each task, since two tasks in previous test shared cpu resources in single machine.</p> <p><a href="https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#container_definitions" rel="noopener noreferrer">Task definition parameters</a></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fm9r6f5xcjlm4oj5pq4oc.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fm9r6f5xcjlm4oj5pq4oc.png" alt="Alt Text"></a></p> <h2> Results </h2> <p>Results does not seem to be as consistent as ec2 cores. It seems like more worker counts result better performance proportionally.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fiac5ttdf8d9ssgd48jsq.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fiac5ttdf8d9ssgd48jsq.png" alt="Alt Text"></a></p> <h1> After thoughts </h1> <p>I was not entirely satisfied with the result since I was not able to isolate all variables. </p> <ul> <li>Performance probably will depend on app behavior (mem</li> <li>long running i/o app will probably will have different results</li> <li>Test result would have been more accurate with CPU reousrce config on docker-compose file (<a href="https://docs.docker.com/compose/compose-file/#resources" rel="noopener noreferrer">https://docs.docker.com/compose/compose-file/#resources</a>)</li> </ul> <h1> Next Todo </h1> <ul> <li>ASGI benchmark on different vCPU options</li> <li>Use Asyncworker + <code>threads</code> options</li> </ul> <h1> Reference </h1> <p><a href="https://www.python.org/dev/peps/pep-3333/" rel="noopener noreferrer">PEP 3333 -- Python Web Server Gateway Interface v1.0.1</a></p> <p><a href="https://blog.kgriffs.com/2012/12/18/uwsgi-vs-gunicorn-vs-node-benchmarks.html" rel="noopener noreferrer">uWSGI vs. Gunicorn, or How to Make Python Go Faster than Node</a></p> <p><a href="https://www.appdynamics.com/blog/engineering/a-performance-analysis-of-python-wsgi-servers-part-2/" rel="noopener noreferrer">A Performance Analysis of Python WSGI Servers: Part 2 | Blog | AppDynamics</a></p> <p><a href="https://medium.com/building-the-system/gunicorn-3-means-of-concurrency-efbb547674b7" rel="noopener noreferrer">Better performance by optimizing Gunicorn config</a></p> <p><a href="https://arunrocks.com/a-guide-to-asgi-in-django-30-and-its-performance/" rel="noopener noreferrer">A Guide to ASGI in Django 3.0 and its Performance</a></p> <p><a href="https://docs.locust.io/en/stable/quickstart.html" rel="noopener noreferrer">Quick start - Locust 1.1.1 documentation</a></p> <p><a href="https://arunrocks.com/a-guide-to-asgi-in-django-30-and-its-performance/" rel="noopener noreferrer">A Guide to ASGI in Django 3.0 and its Performance</a></p> <p><a href="https://www.credera.com/blog/technology-solutions/whats-in-a-vcpu-state-of-amazon-ec2-in-2018" rel="noopener noreferrer">What's in a vCPU: State of Amazon EC2 in 2018 - Credera</a></p> <p><a href="https://aws.amazon.com/blogs/containers/how-amazon-ecs-manages-cpu-and-memory-resources/" rel="noopener noreferrer">How Amazon ECS manages CPU and memory resources | Amazon Web Services</a></p> aws locust python gunicorn Jinwook Baek Fri, 03 Jul 2020 12:40:54 +0000 https://dev.to/kokospapa8/how-to-deploy-django-app-to-ecs-fargate-part3-3i7p https://dev.to/kokospapa8/how-to-deploy-django-app-to-ecs-fargate-part3-3i7p <blockquote> <p>This post was originally published on notion. Click <a href="https://www.notion.so/kokospapa/How-to-deploy-django-app-to-ECS-Fargate-part3-13875ffa0c7e4e1da3d1c46cad0bae94">here</a> if you prefer to read in notion page which has better readability.</p> </blockquote> <h1> Introduction </h1> <p>This blog post illustrate development cycle using django app container. I assume readers are already somewhat familar with docker and docker-compose. Although I used django for app development, it is language-agnostic since the post is about containerized application deployment.</p> <p>Walkthough is devided into three parts consisting three different environemt respectively. First part, describes the architecture of the app(api and async worker) and how they are deployed on <code>local</code> enviroment. Second part is how to deploy the docker containers on cloud using single ec2 instance with on <code>staging</code> environment. Third part, illustrate how to convert traditional ec2 deployment into ECS using fargate with github actions on <code>prod</code> environment.</p> <p><code>local</code> - run docker containers on desktop/laptop with sqlite and redis server using docker-compose</p> <p><code>stating</code> - run docker containers on single ec2 instance with mysql RDS and ElasticCache</p> <p><code>prod</code> - convert stagning setup to ECS Fargate</p> <p>You can check out previous part here.<br> </p> <div class="ltag__link"> <a href="/kokospapa8" class="ltag__link__link"> <div class="ltag__link__pic"> <img src="https://res.cloudinary.com/practicaldev/image/fetch/s--VW75tZgW--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://res.cloudinary.com/practicaldev/image/fetch/s--B1QWRgg7--/c_fill%2Cf_auto%2Cfl_progressive%2Ch_150%2Cq_auto%2Cw_150/https://dev-to-uploads.s3.amazonaws.com/uploads/user/profile_image/367659/1067d331-541f-4ec9-b7dc-c49540b89ff9.jpg" alt="kokospapa8 image"> </div> </a> <a href="/kokospapa8/how-to-deploy-django-app-to-ecs-fargate-part1-2ga" class="ltag__link__link"> <div class="ltag__link__content"> <h2>How to deploy django app to ECS Fargate Part1</h2> <h3>Jinwook Baek ・ Jul 3 ・ 4 min read</h3> <div class="ltag__link__taglist"> <span class="ltag__link__tag">#aws</span> <span class="ltag__link__tag">#docker</span> <span class="ltag__link__tag">#tutorial</span> <span class="ltag__link__tag">#webdev</span> </div> </div> </a> </div> <br> <div class="ltag__link"> <a href="/kokospapa8" class="ltag__link__link"> <div class="ltag__link__pic"> <img src="https://res.cloudinary.com/practicaldev/image/fetch/s--VW75tZgW--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://res.cloudinary.com/practicaldev/image/fetch/s--B1QWRgg7--/c_fill%2Cf_auto%2Cfl_progressive%2Ch_150%2Cq_auto%2Cw_150/https://dev-to-uploads.s3.amazonaws.com/uploads/user/profile_image/367659/1067d331-541f-4ec9-b7dc-c49540b89ff9.jpg" alt="kokospapa8 image"> </div> </a> <a href="/kokospapa8/how-to-deploy-django-app-to-ecs-fargate-part2-io1" class="ltag__link__link"> <div class="ltag__link__content"> <h2>How to deploy django app to ECS Fargate Part2</h2> <h3>Jinwook Baek ・ Jul 3 ・ 10 min read</h3> <div class="ltag__link__taglist"> <span class="ltag__link__tag">#aws</span> <span class="ltag__link__tag">#docker</span> <span class="ltag__link__tag">#tutorial</span> <span class="ltag__link__tag">#webdev</span> </div> </div> </a> </div> <h1> ECS fargate primer </h1> <p><iframe width="710" height="399" src="https://www.youtube.com/embed/eq4wL2MiNqo"> </iframe> </p> <p>ECS provides container management service that makes it easy to run, stop, and manage Docker containers on a cluster. However you still have to manage container instances with container agent running on instances. With AWS Fargate, you no longer have to provision, configure, or scale clusters of virtual machines to run containers. It's a good idea to have some understanding on following components of ECS.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--4T4MARil--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/jdcrsy0e3w30s64jxq28.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--4T4MARil--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/jdcrsy0e3w30s64jxq28.png" alt="ecs"></a></p> <h2> Components </h2> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--1skBtiLU--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/pjilmbjc4qe1jq8vti1d.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--1skBtiLU--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/pjilmbjc4qe1jq8vti1d.png" alt="ecs components"></a></p> <h3> Cluster </h3> <p>Logical grouping of resources that tasks and services are running on. When using the Fargate launch type with tasks within your cluster, ECS manages your cluster resources.</p> <h3> Service </h3> <p>This enables you to run and maintain a specified number of instances of a task definition simultaneously in an Amazon ECS cluster. You need service to run them behind </p> <h3> Task definition </h3> <p>json file that describes one or more containers. Task definition is not cluster dependent. You can understand it functions similar as docker-compose file.</p> <h3> Task </h3> <p>instantiation of a task definition within a cluster. Each task that uses the Fargate launch type has its own isolation boundary and does not share the underlying kernel, CPU resources, memory resources, or elastic network interface with another task.</p> <p><strong>Task Scheduler</strong></p> <p>is responsible for placing tasks within your cluster. There are several different scheduling options available. Fargate currently only support REPLICA which places and maintains the desired number of tasks across your cluster. By default, the service scheduler spreads tasks across Availability Zones. You can use task placement strategies and constraints to customize task placement decisions.</p> <p><a href="https://docs.aws.amazon.com/AmazonECS/latest/developerguide/AWS_Fargate.html">Amazon ECS on AWS Fargate</a></p> <h3> Fargate tasks </h3> <ul> <li>Fargate task definitions require that you specify CPU and memory at the task level.</li> <li>Fargate task definitions only support the awslogs log driver for the log configuration. This configures your Fargate tasks to send log information to Amazon CloudWatch Logs.</li> <li>Put multiple containers in the same task definition if: <ul> <li>Containers share a common lifecycle.</li> <li>Containers are required to be run on the same underlying host.</li> <li>You want your containers to share resources.</li> <li>Your containers share data volumes.</li> </ul> </li> </ul> <h1> Walkthrough </h1> <p>We will use the VPC , RDB and Redis we created from part2, refer to the previous post or CF template for the setup.</p> <h3> Container networking is different in fargate </h3> <p>Let's review how container is structued in part 2. Nginx container and app container communictes through 8000 port through birdge network. And worker container will work. </p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--zKDAz3Sl--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/d09nendzkebbtnges0g9.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--zKDAz3Sl--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/d09nendzkebbtnges0g9.png" alt="before"></a></p> <p>We will configure our task definition like this.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--3Zq8hv1g--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/1nqu46rj14hbkexajx4m.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--3Zq8hv1g--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/1nqu46rj14hbkexajx4m.png" alt="afger"></a></p> <p>If you are running these two components as two processes on a single EC2 instance, the web tier application process could communicate with the API process on the same machine by using the local loopback interface. The local loopback interface has a special IP address of 127.0.0.1 and hostname of localhost.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--069MLVvG--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/z09ct6mpcfukjisqeqek.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--069MLVvG--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/z09ct6mpcfukjisqeqek.png" alt="awsvpn"></a></p> <p>By making a networking request to this local interface, it bypasses the network interface hardware and instead the operating system just routes network calls from one process to the other directly. This gives the web tier a fast and efficient way to fetch information from the API tier with almost no networking latency.</p> <p>We will update nginx image with new conf with above restriction</p> <ul> <li>new nginx conf </li> </ul> <div class="highlight"><pre class="highlight python"><code><span class="c1"># portal </span><span class="n">server</span> <span class="p">{</span> <span class="n">listen</span> <span class="mi">80</span><span class="p">;</span> <span class="c1"># all requests proxies to app </span> <span class="n">location</span> <span class="o">/</span> <span class="p">{</span> <span class="n">proxy_pass</span> <span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="mf">127.0</span><span class="p">.</span><span class="mf">0.1</span><span class="p">:</span><span class="mi">8000</span><span class="p">;</span> <span class="n">proxy_set_header</span> <span class="n">X</span><span class="o">-</span><span class="n">Real</span><span class="o">-</span><span class="n">IP</span> <span class="err">$</span><span class="n">remote_addr</span><span class="p">;</span> <span class="n">proxy_set_header</span> <span class="n">X</span><span class="o">-</span><span class="n">Forwarded</span><span class="o">-</span><span class="n">For</span> <span class="err">$</span><span class="n">proxy_add_x_forwarded_for</span><span class="p">;</span> <span class="n">proxy_set_header</span> <span class="n">Host</span> <span class="err">$</span><span class="n">host</span><span class="p">;</span> <span class="n">proxy_redirect</span> <span class="n">off</span><span class="p">;</span> <span class="p">}</span> <span class="c1"># domain localhost </span> <span class="n">server_name</span> <span class="o">*</span><span class="p">;</span> <span class="p">}</span> </code></pre></div> <p>This sends a local network request, which goes directly from one container to the other over the local loopback interface without traversing the network. This deployment strategy allows for fast and efficient communication between two tightly coupled containers. </p> <p>We will build new nginx image with this new conf and push the new image to ecr repository to include in the task definition.<br> </p> <div class="highlight"><pre class="highlight shell"><code><span class="c"># make sure you have &lt;aws_account_id&gt;.dkr.ecr.us-east-1.amazonaws.com/nginx ECR created</span> <span class="nv">$ </span>docker build <span class="nt">-f</span> config/app/Docker_nginx <span class="nt">-t</span> &lt;aws_account_id&gt;.dkr.ecr.us-east-1.amazonaws.com/nginx:latest <span class="nb">.</span> <span class="nv">$ </span>docker push &lt;aws_account_id&gt;.dkr.ecr.us-east-1.amazonaws.com/nginx:latest </code></pre></div> <h3> Create ECS execution role </h3> <p>create <code>sampleECSTaskExecutionRole</code> with following policies and trust relationships</p> <p>Policies</p> <ul> <li>AmazonECSTaskExecutionRolePolicy</li> <li> <p>You need to attach following policies for environment variable setup on task (explained in later step)</p> <ul> <li>AWS Managed Policy AmazonSSMReadOnlyAccess <ul> <li>you might want tighter restriction on resources for actual development</li> </ul> </li> <li> <p>Inline policy for decryption<br> </p> <pre class="highlight shell"><code><span class="o">{</span> <span class="s2">"Version"</span>: <span class="s2">"2012-10-17"</span>, <span class="s2">"Statement"</span>: <span class="o">[</span> <span class="o">{</span> <span class="s2">"Sid"</span>: <span class="s2">"VisualEditor0"</span>, <span class="s2">"Effect"</span>: <span class="s2">"Allow"</span>, <span class="s2">"Action"</span>: <span class="o">[</span> <span class="s2">"kms:Decrypt"</span> <span class="o">]</span>, <span class="s2">"Resource"</span>: <span class="s2">"*"</span> <span class="o">}</span> <span class="o">]</span> <span class="o">}</span> </code></pre> </li> </ul> </li> <li><p>make sure to add trust entities for <code>ecs-tasks.amazonaws.com</code></p></li> </ul> <h3> Create Security Group for ecs cluster </h3> <p>Let's create secrity group for ecs cluster named - <code>ecs-sg</code>. I recommend copy <code>ecs-sample-ec2</code> from previous post which consists inbound rule </p> <ul> <li>allow 80 port to public</li> <li>allow 80 to <code>ecs-sample-lb</code> security group</li> <li>allow 6379 to <code>ecs-sample-redis</code> security group</li> <li>allow 3306 to <code>ecs-sample-mysql</code> security group</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--ql2TIASe--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/nqqyhhks7et8asq1ials.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--ql2TIASe--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/nqqyhhks7et8asq1ials.png" alt="ecs-sg"></a></p> <p>You also need to allow </p> <p><code>ecs-sample-redis</code> and <code>ecs-sample-mysql</code> to allow traffic for each port from <code>ecs-sg</code></p> <h2> Loadbalancer </h2> <p>Let's craete a new loadbalancer which will be used for the service who manages connection between lb and tasks.</p> <ul> <li>Select ALB</li> <li>name - <code>ecs-fargate</code> </li> <li>select VPC created from previous post</li> <li>listener and target group will be managed by service so you can create empty listener and target group. we will delete them on following step.</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--eWhnQ_yv--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/00p16t86znum60ihp7zg.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--eWhnQ_yv--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/00p16t86znum60ihp7zg.png" alt="alb conf1"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--JZ_2g2cb--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/goq6n5v9h45gsrseelrf.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--JZ_2g2cb--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/goq6n5v9h45gsrseelrf.png" alt="alb conf2"></a></p> <ul> <li>delete listener and target group you created from previous alb creation</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--vekjDNIn--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/2nk3avedkrhykl0vflce.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--vekjDNIn--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/2nk3avedkrhykl0vflce.png" alt="target group"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--lKumCIEU--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/nhg8fwrom3d8wwaxgxj4.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--lKumCIEU--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/nhg8fwrom3d8wwaxgxj4.png" alt="target group delete"></a></p> <p>you can also use cli to create ALB instead of using console. This way, you don't need to create empty listener and target group whic will be deleted later<br> </p> <div class="highlight"><pre class="highlight shell"><code><span class="nv">$ </span>aws elbv2 create-load-balancer <span class="nt">--name</span> &lt;ecs-fargte&gt; <span class="se">\</span> <span class="nt">--subnets</span> &lt;subnet-12345678&gt; &lt;subnet-23456789&gt; <span class="nt">--security-groups</span> &lt;ecs-sg&gt; </code></pre></div> <p>Take a note on DNS name of this load balancer for later use. <br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--Kip03pAw--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/0yoopl2z4pi1e7whr2ty.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Kip03pAw--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/0yoopl2z4pi1e7whr2ty.png" alt="Alt dns"></a></p> <h2> Create Cluster </h2> <p>We will create empty cluster first. Goto <a href="https://us-east-2.console.aws.amazon.com/ecs/home?region=us-east-2#/clusters">ECS menu</a> on console. (make sure you are in correct region) Create first cluster template</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--w5Zw1qQn--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/v55omyi0ma15gx0pvrem.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--w5Zw1qQn--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/v55omyi0ma15gx0pvrem.png" alt="cluster create1"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--frxEKxVU--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/egd8s0g5v1dtkgmqj4bc.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--frxEKxVU--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/egd8s0g5v1dtkgmqj4bc.png" alt="cluster create2"></a></p> <p>Cluster is created <br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--iGle8E5K--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/r4mjpocip0vommu7j04g.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--iGle8E5K--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/r4mjpocip0vommu7j04g.png" alt="cluster creation"></a></p> <p>Alternatively you can create cluster with following command<br> </p> <div class="highlight"><pre class="highlight shell"><code>aws ecs create-cluster <span class="nt">--cluster-name</span> ecs-sample </code></pre></div> <h2> Create task definition </h2> <h3> Parameter store </h3> <p>Part of problem using fargate is that you cannot pass environment variable as we used to because we do not have ec2 access. Therefore we will be using parameter store to inject environment variables to tasks when they start.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--YigUPMaS--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/borlrnuinb00tirahly9.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--YigUPMaS--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/borlrnuinb00tirahly9.png" alt="parameter store"></a></p> <p>Click to AWS Systems Manager on console menu.</p> <p>Click Paramter Store on left menu. <a href="https://us-east-2.console.aws.amazon.com/systems-manager/parameters?region=us-east-2">link</a>(make sure you are on correct region)</p> <p>click <code>createk parameter</code></p> <p>Fill in the input as following screenshot.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--cncmKIcS--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/48yksuao8vb8rvc6jrnu.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--cncmKIcS--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/48yksuao8vb8rvc6jrnu.png" alt="paramstore1"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--mBf6okBx--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/ercgql277x1sk7gcyyvv.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--mBf6okBx--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/ercgql277x1sk7gcyyvv.png" alt="pramstore2"></a></p> <p>You will create value for following environment varibales</p> <ul> <li>SECRET_KEY</li> <li>REDIS_HOST</li> <li>DB_PASSWORD</li> <li>DB_HOST</li> </ul> <p>Alternatively you can use cli to create secure strings<br> </p> <div class="highlight"><pre class="highlight shell"><code><span class="nv">$ </span>aws ssm put-parameter <span class="nt">--name</span> <span class="s2">"/ecs-sample/prod/&lt;ENV_NAME&gt;"</span> <span class="nt">--type</span> <span class="s2">"SecureString"</span> <span class="nt">--value</span> <span class="s2">"&lt;value&gt;"</span> <span class="nt">--description</span> <span class="s2">"&lt;ENV_NAME&gt;"</span> <span class="nt">--region</span> <span class="s2">"&lt;region&gt;"</span> <span class="o">&gt;</span> <span class="o">{</span> <span class="s2">"Version"</span>: 1, <span class="s2">"Tier"</span>: <span class="s2">"Standard"</span> <span class="o">}</span> </code></pre></div> <p>results <br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--kSgt3BZx--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/8y74ku3prpvwrccpimvs.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--kSgt3BZx--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/8y74ku3prpvwrccpimvs.png" alt="paramstore result"></a></p> <h3> Task definition </h3> <p>As I mentioned earlier taks definition works smilar to docker-compose. Just like staging evn, we will have two task definitions and nginx container + api container and worker container</p> <p>Using task definition template, you can fill in following configurations<br> </p> <div class="highlight"><pre class="highlight shell"><code><span class="nv">$ </span>aws ecs register-task-definition <span class="nt">--generate-cli-skeleton</span> </code></pre></div> <ul> <li> <p>sample-task-definition</p> <p>Parameters</p> <ul> <li>Task family – the name of the task, and each family can have multiple revisions.</li> <li>IAM task role – specifies the permissions that containers in the task should have.</li> <li>Network mode – determines how the networking is configured for your containers. (fargate only supports awsvpn currently)</li> <li>Container definitions – specify which image to use, how much CPU and memory the container are allocated, and many more options.</li> </ul> <p>refer to following link for each parameters</p> <p><a href="https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html">Task definition parameters</a><br> </p> <pre class="highlight shell"><code><span class="o">{</span> <span class="s2">"family"</span>: <span class="s2">""</span>, <span class="s2">"taskRoleArn"</span>: <span class="s2">""</span>, <span class="s2">"executionRoleArn"</span>: <span class="s2">""</span>, <span class="s2">"networkMode"</span>: <span class="s2">"awsvpc"</span>, <span class="s2">"containerDefinitions"</span>: <span class="o">[</span> <span class="o">{</span> <span class="s2">"name"</span>: <span class="s2">""</span>, <span class="s2">"image"</span>: <span class="s2">""</span>, <span class="s2">"repositoryCredentials"</span>: <span class="o">{</span> <span class="s2">"credentialsParameter"</span>: <span class="s2">""</span> <span class="o">}</span>, <span class="s2">"cpu"</span>: 0, <span class="s2">"memory"</span>: 0, <span class="s2">"memoryReservation"</span>: 0, <span class="s2">"links"</span>: <span class="o">[</span> <span class="s2">""</span> <span class="o">]</span>, <span class="s2">"portMappings"</span>: <span class="o">[</span> <span class="o">{</span> <span class="s2">"containerPort"</span>: 0, <span class="s2">"hostPort"</span>: 0, <span class="s2">"protocol"</span>: <span class="s2">"tcp"</span> <span class="o">}</span> <span class="o">]</span>, <span class="s2">"essential"</span>: <span class="nb">true</span>, <span class="s2">"entryPoint"</span>: <span class="o">[</span> <span class="s2">""</span> <span class="o">]</span>, <span class="s2">"command"</span>: <span class="o">[</span> <span class="s2">""</span> <span class="o">]</span>, <span class="s2">"environment"</span>: <span class="o">[</span> <span class="o">{</span> <span class="s2">"name"</span>: <span class="s2">""</span>, <span class="s2">"value"</span>: <span class="s2">""</span> <span class="o">}</span> <span class="o">]</span>, <span class="s2">"environmentFiles"</span>: <span class="o">[</span> <span class="o">{</span> <span class="s2">"value"</span>: <span class="s2">""</span>, <span class="s2">"type"</span>: <span class="s2">"s3"</span> <span class="o">}</span> <span class="o">]</span>, <span class="s2">"mountPoints"</span>: <span class="o">[</span> <span class="o">{</span> <span class="s2">"sourceVolume"</span>: <span class="s2">""</span>, <span class="s2">"containerPath"</span>: <span class="s2">""</span>, <span class="s2">"readOnly"</span>: <span class="nb">true</span> <span class="o">}</span> <span class="o">]</span>, <span class="s2">"volumesFrom"</span>: <span class="o">[</span> <span class="o">{</span> <span class="s2">"sourceContainer"</span>: <span class="s2">""</span>, <span class="s2">"readOnly"</span>: <span class="nb">true</span> <span class="o">}</span> <span class="o">]</span>, <span class="s2">"linuxParameters"</span>: <span class="o">{</span> <span class="s2">"capabilities"</span>: <span class="o">{</span> <span class="s2">"add"</span>: <span class="o">[</span> <span class="s2">""</span> <span class="o">]</span>, <span class="s2">"drop"</span>: <span class="o">[</span> <span class="s2">""</span> <span class="o">]</span> <span class="o">}</span>, <span class="s2">"devices"</span>: <span class="o">[</span> <span class="o">{</span> <span class="s2">"hostPath"</span>: <span class="s2">""</span>, <span class="s2">"containerPath"</span>: <span class="s2">""</span>, <span class="s2">"permissions"</span>: <span class="o">[</span> <span class="s2">"read"</span> <span class="o">]</span> <span class="o">}</span> <span class="o">]</span>, <span class="s2">"initProcessEnabled"</span>: <span class="nb">true</span>, <span class="s2">"sharedMemorySize"</span>: 0, <span class="s2">"tmpfs"</span>: <span class="o">[</span> <span class="o">{</span> <span class="s2">"containerPath"</span>: <span class="s2">""</span>, <span class="s2">"size"</span>: 0, <span class="s2">"mountOptions"</span>: <span class="o">[</span> <span class="s2">""</span> <span class="o">]</span> <span class="o">}</span> <span class="o">]</span>, <span class="s2">"maxSwap"</span>: 0, <span class="s2">"swappiness"</span>: 0 <span class="o">}</span>, <span class="s2">"secrets"</span>: <span class="o">[</span> <span class="o">{</span> <span class="s2">"name"</span>: <span class="s2">""</span>, <span class="s2">"valueFrom"</span>: <span class="s2">""</span> <span class="o">}</span> <span class="o">]</span>, <span class="s2">"dependsOn"</span>: <span class="o">[</span> <span class="o">{</span> <span class="s2">"containerName"</span>: <span class="s2">""</span>, <span class="s2">"condition"</span>: <span class="s2">"HEALTHY"</span> <span class="o">}</span> <span class="o">]</span>, <span class="s2">"startTimeout"</span>: 0, <span class="s2">"stopTimeout"</span>: 0, <span class="s2">"hostname"</span>: <span class="s2">""</span>, <span class="s2">"user"</span>: <span class="s2">""</span>, <span class="s2">"workingDirectory"</span>: <span class="s2">""</span>, <span class="s2">"disableNetworking"</span>: <span class="nb">true</span>, <span class="s2">"privileged"</span>: <span class="nb">true</span>, <span class="s2">"readonlyRootFilesystem"</span>: <span class="nb">true</span>, <span class="s2">"dnsServers"</span>: <span class="o">[</span> <span class="s2">""</span> <span class="o">]</span>, <span class="s2">"dnsSearchDomains"</span>: <span class="o">[</span> <span class="s2">""</span> <span class="o">]</span>, <span class="s2">"extraHosts"</span>: <span class="o">[</span> <span class="o">{</span> <span class="s2">"hostname"</span>: <span class="s2">""</span>, <span class="s2">"ipAddress"</span>: <span class="s2">""</span> <span class="o">}</span> <span class="o">]</span>, <span class="s2">"dockerSecurityOptions"</span>: <span class="o">[</span> <span class="s2">""</span> <span class="o">]</span>, <span class="s2">"interactive"</span>: <span class="nb">true</span>, <span class="s2">"pseudoTerminal"</span>: <span class="nb">true</span>, <span class="s2">"dockerLabels"</span>: <span class="o">{</span> <span class="s2">"KeyName"</span>: <span class="s2">""</span> <span class="o">}</span>, <span class="s2">"ulimits"</span>: <span class="o">[</span> <span class="o">{</span> <span class="s2">"name"</span>: <span class="s2">"msgqueue"</span>, <span class="s2">"softLimit"</span>: 0, <span class="s2">"hardLimit"</span>: 0 <span class="o">}</span> <span class="o">]</span>, <span class="s2">"logConfiguration"</span>: <span class="o">{</span> <span class="s2">"logDriver"</span>: <span class="s2">"awslogs"</span>, <span class="s2">"options"</span>: <span class="o">{</span> <span class="s2">"KeyName"</span>: <span class="s2">""</span> <span class="o">}</span>, <span class="s2">"secretOptions"</span>: <span class="o">[</span> <span class="o">{</span> <span class="s2">"name"</span>: <span class="s2">""</span>, <span class="s2">"valueFrom"</span>: <span class="s2">""</span> <span class="o">}</span> <span class="o">]</span> <span class="o">}</span>, <span class="s2">"healthCheck"</span>: <span class="o">{</span> <span class="s2">"command"</span>: <span class="o">[</span> <span class="s2">""</span> <span class="o">]</span>, <span class="s2">"interval"</span>: 0, <span class="s2">"timeout"</span>: 0, <span class="s2">"retries"</span>: 0, <span class="s2">"startPeriod"</span>: 0 <span class="o">}</span>, <span class="s2">"systemControls"</span>: <span class="o">[</span> <span class="o">{</span> <span class="s2">"namespace"</span>: <span class="s2">""</span>, <span class="s2">"value"</span>: <span class="s2">""</span> <span class="o">}</span> <span class="o">]</span>, <span class="s2">"resourceRequirements"</span>: <span class="o">[</span> <span class="o">{</span> <span class="s2">"value"</span>: <span class="s2">""</span>, <span class="s2">"type"</span>: <span class="s2">"GPU"</span> <span class="o">}</span> <span class="o">]</span>, <span class="s2">"firelensConfiguration"</span>: <span class="o">{</span> <span class="s2">"type"</span>: <span class="s2">"fluentd"</span>, <span class="s2">"options"</span>: <span class="o">{</span> <span class="s2">"KeyName"</span>: <span class="s2">""</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">]</span>, <span class="s2">"volumes"</span>: <span class="o">[</span> <span class="o">{</span> <span class="s2">"name"</span>: <span class="s2">""</span>, <span class="s2">"host"</span>: <span class="o">{</span> <span class="s2">"sourcePath"</span>: <span class="s2">""</span> <span class="o">}</span>, <span class="s2">"dockerVolumeConfiguration"</span>: <span class="o">{</span> <span class="s2">"scope"</span>: <span class="s2">"task"</span>, <span class="s2">"autoprovision"</span>: <span class="nb">true</span>, <span class="s2">"driver"</span>: <span class="s2">""</span>, <span class="s2">"driverOpts"</span>: <span class="o">{</span> <span class="s2">"KeyName"</span>: <span class="s2">""</span> <span class="o">}</span>, <span class="s2">"labels"</span>: <span class="o">{</span> <span class="s2">"KeyName"</span>: <span class="s2">""</span> <span class="o">}</span> <span class="o">}</span>, <span class="s2">"efsVolumeConfiguration"</span>: <span class="o">{</span> <span class="s2">"fileSystemId"</span>: <span class="s2">""</span>, <span class="s2">"rootDirectory"</span>: <span class="s2">""</span>, <span class="s2">"transitEncryption"</span>: <span class="s2">"ENABLED"</span>, <span class="s2">"transitEncryptionPort"</span>: 0, <span class="s2">"authorizationConfig"</span>: <span class="o">{</span> <span class="s2">"accessPointId"</span>: <span class="s2">""</span>, <span class="s2">"iam"</span>: <span class="s2">"ENABLED"</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">]</span>, <span class="s2">"placementConstraints"</span>: <span class="o">[</span> <span class="o">{</span> <span class="s2">"type"</span>: <span class="s2">"memberOf"</span>, <span class="s2">"expression"</span>: <span class="s2">""</span> <span class="o">}</span> <span class="o">]</span>, <span class="s2">"requiresCompatibilities"</span>: <span class="o">[</span> <span class="s2">"EC2"</span> <span class="o">]</span>, <span class="s2">"cpu"</span>: <span class="s2">""</span>, <span class="s2">"memory"</span>: <span class="s2">""</span>, <span class="s2">"tags"</span>: <span class="o">[</span> <span class="o">{</span> <span class="s2">"key"</span>: <span class="s2">""</span>, <span class="s2">"value"</span>: <span class="s2">""</span> <span class="o">}</span> <span class="o">]</span>, <span class="s2">"pidMode"</span>: <span class="s2">"task"</span>, <span class="s2">"ipcMode"</span>: <span class="s2">"none"</span>, <span class="s2">"proxyConfiguration"</span>: <span class="o">{</span> <span class="s2">"type"</span>: <span class="s2">"APPMESH"</span>, <span class="s2">"containerName"</span>: <span class="s2">""</span>, <span class="s2">"properties"</span>: <span class="o">[</span> <span class="o">{</span> <span class="s2">"name"</span>: <span class="s2">""</span>, <span class="s2">"value"</span>: <span class="s2">""</span> <span class="o">}</span> <span class="o">]</span> <span class="o">}</span>, <span class="s2">"inferenceAccelerators"</span>: <span class="o">[</span> <span class="o">{</span> <span class="s2">"deviceName"</span>: <span class="s2">""</span>, <span class="s2">"deviceType"</span>: <span class="s2">""</span> <span class="o">}</span> <span class="o">]</span> <span class="o">}</span> </code></pre> </li> </ul> <p>Let's create task definitions<br> </p> <div class="highlight"><pre class="highlight shell"><code><span class="nv">$ </span>aws ecs register-task-definition <span class="se">\</span> <span class="nt">--cli-input-json</span> file://&lt;path_to_json_file&gt;/task-definition-api.json <span class="nv">$ </span>aws ecs register-task-definition <span class="se">\</span> <span class="nt">--cli-input-json</span> file://&lt;path_to_json_file&gt;/task-definition-worker.json </code></pre></div> <p>you will be able to see 2 task definitions registered in your ECS service. Inspect configuration for each task definitions.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--4ZVfztHK--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/5t6jcvth8cfo53za57xv.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--4ZVfztHK--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/5t6jcvth8cfo53za57xv.png" alt="task-def results"></a></p> <h2> Create services </h2> <p>Now you are ready to create ECS service which will fire up the tasks. Go to cluster and press create button on the services tab.</p> <h3> API task </h3> <ul> <li><p>1) configure service<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--gmB1VHPi--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/lf2oy4x5al2p23emxrlt.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--gmB1VHPi--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/lf2oy4x5al2p23emxrlt.png" alt="Alt Text"></a></p></li> <li> <p>2) configure network</p> <p>Network</p> <ul> <li>we will select VPC from part 2 and select security group we created previously <code>ecs-sg</code> </li> <li>Choose public subnet for the <code>ecs-sample-api</code> task</li> </ul> </li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--ozEp2sjw--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/x14wp1tvex043kwj5z6d.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--ozEp2sjw--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/x14wp1tvex043kwj5z6d.png" alt="Alt Text"></a></p> <div class="highlight"><pre class="highlight plaintext"><code>Load Balancer - select `Application Load Balancer` for Load blancer type* - Production listener port : 80 - select `ecs-fargate` load balancer we have created in this post - once you select the load balance you will be able to choose `container to load blaance`. Service automatically detect ports opened. Choose `nginx:80:80`. Click add to load balancer - You will be able to configure the health check path. Update to `/api/healthcheck`/ </code></pre></div> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--6Vu1QQbC--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/nrzg26pr654rmxppjqty.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--6Vu1QQbC--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/nrzg26pr654rmxppjqty.png" alt="Alt Text"></a><br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--eaYwnlUf--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/gxyq60godok639phfxq8.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--eaYwnlUf--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/gxyq60godok639phfxq8.png" alt="Alt Text"></a></p> <div class="highlight"><pre class="highlight plaintext"><code>Service discovery - click service discovery - update namespace as you like, I used `api` - update serive discovery name `ecs-sample-api` </code></pre></div> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--I-DmgFDF--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/k58djbvuhomxvt2ut5a6.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--I-DmgFDF--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/k58djbvuhomxvt2ut5a6.png" alt="Alt Text"></a></p> <ul> <li>3) set auto scaling(optional) <ul> <li>we will skip this part</li> </ul> </li> <li>4) Review</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s---2j47UJv--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/nk0812fabmnernxqeiu2.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s---2j47UJv--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/nk0812fabmnernxqeiu2.png" alt="Alt Text"></a><br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--8d4yIxuJ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/p1bnugh3w17xmgj3o98h.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--8d4yIxuJ--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/p1bnugh3w17xmgj3o98h.png" alt="Alt Text"></a><br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--XCtdjHvK--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/635ovr6bkwny1h39l0l0.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--XCtdjHvK--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/635ovr6bkwny1h39l0l0.png" alt="Alt Text"></a></p> <h3> Worker task </h3> <p>For <code>worker</code> task, reapeat above step except</p> <ul> <li>choose private subnet</li> <li>no load balancer</li> <li>no service discovery</li> </ul> <h3> Service </h3> <p>Once everything is set let's deploy new service and wait for all service status to turn to green.</p> <p>Go back to service you created and go to tasks tab, if you see all service running you will see following screenshot, however if you don't see any tasks running search tasks with stopped status and inspect logs(you might need to update task definition to configure logs) for any misconfigurations.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--khY9l1ZG--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/02n8odgnsen3hxul0jhm.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--khY9l1ZG--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/02n8odgnsen3hxul0jhm.png" alt="Alt Text"></a><br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--umGdowBp--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/4qgjgxrqh22llauj7eyl.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--umGdowBp--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/4qgjgxrqh22llauj7eyl.png" alt="Alt Text"></a></p> <p>Let's check elb and route 53 to make sure everythign work.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--VKTdYHK---/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/jrvfwa02jogpsxwpr2nr.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--VKTdYHK---/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/jrvfwa02jogpsxwpr2nr.png" alt="Alt Text"></a><br> Service discovery and healthcheck seems to work fine.</p> <p>To access the nginx from browser, type in DNS name of the load balancer to see if everything is working as we expected.</p> <h1> Continuous Deployment </h1> <p>Once everything is deployed, there is a problem if I need to update a source image. I need to repeat all steps above include</p> <ul> <li>Build new docker image</li> <li>Push docker image to ECR</li> <li>Create new task definition with new docker image</li> <li>Update service to run new task definition revision</li> </ul> <h2> Github action </h2> <p>We can automate this step with github action. </p> <p><a href="https://github.com/features/actions">Features * GitHub Actions</a></p> <p>Take a look at following file in the repo <code>.github/workflows/ecs_api.yml</code></p> <ul> <li> <p>workflow file<br> </p> <pre class="highlight json"><code><span class="err">on:</span><span class="w"> </span><span class="err">push:</span><span class="w"> </span><span class="err">branches:</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="err">master</span><span class="w"> </span><span class="err">name:</span><span class="w"> </span><span class="err">Deploy</span><span class="w"> </span><span class="err">Hangfive</span><span class="w"> </span><span class="err">app</span><span class="w"> </span><span class="err">to</span><span class="w"> </span><span class="err">Amazon</span><span class="w"> </span><span class="err">ECS</span><span class="w"> </span><span class="err">jobs:</span><span class="w"> </span><span class="err">deploy:</span><span class="w"> </span><span class="err">name:</span><span class="w"> </span><span class="err">Deploy</span><span class="w"> </span><span class="err">runs-on:</span><span class="w"> </span><span class="err">ubuntu-latest</span><span class="w"> </span><span class="err">steps:</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="err">name:</span><span class="w"> </span><span class="err">Checkout</span><span class="w"> </span><span class="err">uses:</span><span class="w"> </span><span class="err">actions/checkout@v</span><span class="mi">2</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="err">name:</span><span class="w"> </span><span class="err">Configure</span><span class="w"> </span><span class="err">AWS</span><span class="w"> </span><span class="err">credentials</span><span class="w"> </span><span class="err">uses:</span><span class="w"> </span><span class="err">aws-actions/configure-aws-credentials@v</span><span class="mi">1</span><span class="w"> </span><span class="err">with:</span><span class="w"> </span><span class="err">aws-access-key-id:</span><span class="w"> </span><span class="err">$</span><span class="p">{{</span><span class="w"> </span><span class="err">secrets.AWS_ACCESS_KEY_ID</span><span class="w"> </span><span class="p">}}</span><span class="w"> </span><span class="err">aws-secret-access-key:</span><span class="w"> </span><span class="err">$</span><span class="p">{{</span><span class="w"> </span><span class="err">secrets.AWS_SECRET_ACCESS_KEY</span><span class="w"> </span><span class="p">}}</span><span class="w"> </span><span class="err">aws-region:</span><span class="w"> </span><span class="err">us-east</span><span class="mi">-1</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="err">name:</span><span class="w"> </span><span class="err">Login</span><span class="w"> </span><span class="err">to</span><span class="w"> </span><span class="err">Amazon</span><span class="w"> </span><span class="err">ECR</span><span class="w"> </span><span class="err">id:</span><span class="w"> </span><span class="err">login-ecr</span><span class="w"> </span><span class="err">uses:</span><span class="w"> </span><span class="err">aws-actions/amazon-ecr-login@v</span><span class="mi">1</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="err">name:</span><span class="w"> </span><span class="err">Build,</span><span class="w"> </span><span class="err">tag,</span><span class="w"> </span><span class="err">and</span><span class="w"> </span><span class="err">push</span><span class="w"> </span><span class="err">image</span><span class="w"> </span><span class="err">to</span><span class="w"> </span><span class="err">Amazon</span><span class="w"> </span><span class="err">ECR</span><span class="w"> </span><span class="err">id:</span><span class="w"> </span><span class="err">build-image</span><span class="w"> </span><span class="err">env:</span><span class="w"> </span><span class="err">ECR_REGISTRY:</span><span class="w"> </span><span class="mi">982947632035</span><span class="err">.dkr.ecr.us-east</span><span class="mi">-1</span><span class="err">.amazonaws.com</span><span class="w"> </span><span class="err">ECR_REPOSITORY:</span><span class="w"> </span><span class="err">hangfive</span><span class="w"> </span><span class="err">IMAGE_TAG:</span><span class="w"> </span><span class="err">$</span><span class="p">{{</span><span class="w"> </span><span class="err">github.sha</span><span class="w"> </span><span class="p">}}</span><span class="w"> </span><span class="err">run:</span><span class="w"> </span><span class="err">|</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="err">Build</span><span class="w"> </span><span class="err">a</span><span class="w"> </span><span class="err">docker</span><span class="w"> </span><span class="err">container</span><span class="w"> </span><span class="err">and</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="err">push</span><span class="w"> </span><span class="err">it</span><span class="w"> </span><span class="err">to</span><span class="w"> </span><span class="err">ECR</span><span class="w"> </span><span class="err">so</span><span class="w"> </span><span class="err">that</span><span class="w"> </span><span class="err">it</span><span class="w"> </span><span class="err">can</span><span class="w"> </span><span class="err">#</span><span class="w"> </span><span class="err">be</span><span class="w"> </span><span class="err">deployed</span><span class="w"> </span><span class="err">to</span><span class="w"> </span><span class="err">ECS.</span><span class="w"> </span><span class="err">docker</span><span class="w"> </span><span class="err">build</span><span class="w"> </span><span class="err">-f</span><span class="w"> </span><span class="err">config/app/Dockerfile_app</span><span class="w"> </span><span class="err">-t</span><span class="w"> </span><span class="err">$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG</span><span class="w"> </span><span class="err">.</span><span class="w"> </span><span class="err">docker</span><span class="w"> </span><span class="err">push</span><span class="w"> </span><span class="err">$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG</span><span class="w"> </span><span class="err">echo</span><span class="w"> </span><span class="s2">"::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="err">name:</span><span class="w"> </span><span class="err">Fill</span><span class="w"> </span><span class="err">in</span><span class="w"> </span><span class="err">the</span><span class="w"> </span><span class="err">new</span><span class="w"> </span><span class="err">image</span><span class="w"> </span><span class="err">ID</span><span class="w"> </span><span class="err">in</span><span class="w"> </span><span class="err">the</span><span class="w"> </span><span class="err">Amazon</span><span class="w"> </span><span class="err">ECS</span><span class="w"> </span><span class="err">task</span><span class="w"> </span><span class="err">definition</span><span class="w"> </span><span class="err">id:</span><span class="w"> </span><span class="err">task-def</span><span class="w"> </span><span class="err">uses:</span><span class="w"> </span><span class="err">aws-actions/amazon-ecs-render-task-definition@v</span><span class="mi">1</span><span class="w"> </span><span class="err">with:</span><span class="w"> </span><span class="err">task-definition:</span><span class="w"> </span><span class="err">config/ecs/task-definition.json</span><span class="w"> </span><span class="err">container-name:</span><span class="w"> </span><span class="err">app</span><span class="w"> </span><span class="err">image:</span><span class="w"> </span><span class="err">$</span><span class="p">{{</span><span class="w"> </span><span class="err">steps.build-image.outputs.image</span><span class="w"> </span><span class="p">}}</span><span class="w"> </span><span class="err">-</span><span class="w"> </span><span class="err">name:</span><span class="w"> </span><span class="err">Deploy</span><span class="w"> </span><span class="err">Amazon</span><span class="w"> </span><span class="err">ECS</span><span class="w"> </span><span class="err">task</span><span class="w"> </span><span class="err">definition</span><span class="w"> </span><span class="err">uses:</span><span class="w"> </span><span class="err">aws-actions/amazon-ecs-deploy-task-definition@v</span><span class="mi">1</span><span class="w"> </span><span class="err">with:</span><span class="w"> </span><span class="err">task-definition:</span><span class="w"> </span><span class="err">$</span><span class="p">{{</span><span class="w"> </span><span class="err">steps.task-def.outputs.task-definition</span><span class="w"> </span><span class="p">}}</span><span class="w"> </span><span class="err">service:</span><span class="w"> </span><span class="err">hangfive-prod-ecs-fargate</span><span class="w"> </span><span class="err">cluster:</span><span class="w"> </span><span class="err">hangfive-prod</span><span class="w"> </span><span class="err">wait-for-service-stability:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span></code></pre> </li> <li> <p>This yaml file describes following actions</p> <ul> <li> <p>triggers on every master branch push</p> <p><a href="https://help.github.com/en/actions/reference/events-that-trigger-workflows">Events that trigger workflows</a></p> </li> <li><p>checkout the source</p></li> <li> <p>AWS CLI config ( secret from github)</p> <ul> <li>AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY of user with appropriate permission</li> </ul> <p><a href="https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets">Creating and storing encrypted secrets</a></p> </li> <li><p>log into ECR</p></li> <li><p>build docker image and tag with different hash everytime (for immutability)</p></li> <li><p>update task definition then deploy new task definition</p></li> </ul> <p>Click <code>actions</code> tab on your repository for the progress.<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--l2ZV0uPI--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/vr4tta8v09hbjf51i0gh.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--l2ZV0uPI--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/vr4tta8v09hbjf51i0gh.png" alt="Alt Text"></a></p> </li> </ul> <h2> Teardown </h2> <ul> <li>List of aws resources you need to delete <ul> <li>EC2 instances, ALB, target group, autoscaling</li> <li>ECS Services, cluster, task definitions</li> <li>ECR</li> <li>SSM parameter store</li> <li>Route 53 hosted zone</li> <li>RDS <ul> <li>subnet group, cluster paramter group</li> </ul> </li> <li>Elastic Cache <ul> <li>subnet group, parmater group</li> </ul> </li> <li>VPC <ul> <li>security group, ncl, subnets, IGW, NAT gateway, EIP</li> </ul> </li> </ul> </li> </ul> <h2> Future todos </h2> <ul> <li>Logging / Monitoring setup with cloudwatch</li> <li>CI - pytest integration with github action before merge</li> </ul> <h1> Reference </h1> <p><a href="https://aws.amazon.com/ko/blogs/compute/task-networking-in-aws-fargate/">Task Networking in AWS Fargate | Amazon Web Services</a></p> <p><a href="https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html">Task Networking with the awsvpc Network Mode</a></p> <p><a href="https://docs.docker.com/network/bridge/">Use bridge networks</a></p> <p><a href="https://www.44bits.io/ko/post/getting-started-with-ecs-fargate">AWS ECS의 매니지드 컨테이너 AWS 파게이트(AWS Fargate) 시작하기</a></p> <p><a href="https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ECS_AWSCLI_Fargate.html">Tutorial: Creating a Cluster with a Fargate Task Using the AWS CLI</a></p> <p><a href="https://aws.amazon.com/premiumsupport/knowledge-center/ecs-data-security-container-task/?nc1=h_ls">Pass Secrets or Sensitive Data Securely to Containers in Amazon ECS Tasks</a></p> <p><a href="https://docs.aws.amazon.com/cli/latest/reference/ssm/put-parameter.html">put-parameter - AWS CLI 1.18.89 Command Reference</a></p> <p><a href="https://github.com/marketplace/actions/amazon-ecs-deploy-task-definition-action-for-github-actions">Amazon ECS "Deploy Task Definition" Action for GitHub Actions - GitHub Marketplace</a></p> <p><a href="https://aws.amazon.com/premiumsupport/knowledge-center/ecs-data-security-container-task/?nc1=h_ls">Pass Secrets or Sensitive Data Securely to Containers in Amazon ECS Tasks</a></p> <p><a href="https://github.community/t/trigger-workflow-only-on-pull-request-merge/17359">Trigger workflow only on pull request MERGE</a></p> aws docker tutorial webdev Jinwook Baek Fri, 03 Jul 2020 12:00:25 +0000 https://dev.to/kokospapa8/how-to-deploy-django-app-to-ecs-fargate-part2-io1 https://dev.to/kokospapa8/how-to-deploy-django-app-to-ecs-fargate-part2-io1 <blockquote> <p>This post was originally published on notion. Click <a href="https://www.notion.so/kokospapa/How-to-deploy-django-app-to-ECS-Fargate-part2-93a372ebd8b941cea99d03de8ca98863">here</a> if you prefer to read in notion page which has better readability.</p> </blockquote> <h1> Introduction </h1> <p>This blog post illustrate development cycle using django app container. I assume readers are already somewhat familar with docker and docker-compose. Although I used django for app development, it is language-agnostic since the post is about containerized application deployment.</p> <p>Walkthough is devided into three parts consisting three different environemt respectively. First part, describes the architecture of the app(api and async worker) and how they are deployed on <code>local</code> enviroment. Second part is how to deploy the docker containers on cloud using single ec2 instance with on <code>staging</code> environment. Third part, illustrate how to convert traditional ec2 deployment into ECS using fargate with github actions on <code>prod</code> environment.</p> <p><code>local</code> - run docker containers on desktop/laptop with sqlite and redis server using docker-compose</p> <p><code>stating</code> - run docker containers on single ec2 instance with mysql RDS and ElasticCache</p> <p><code>prod</code> - convert stagning setup to ECS Fargate</p> <p>For part1, click here.<br> </p> <div class="ltag__link"> <a href="/kokospapa8" class="ltag__link__link"> <div class="ltag__link__pic"> <img src="https://res.cloudinary.com/practicaldev/image/fetch/s--VW75tZgW--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://res.cloudinary.com/practicaldev/image/fetch/s--B1QWRgg7--/c_fill%2Cf_auto%2Cfl_progressive%2Ch_150%2Cq_auto%2Cw_150/https://dev-to-uploads.s3.amazonaws.com/uploads/user/profile_image/367659/1067d331-541f-4ec9-b7dc-c49540b89ff9.jpg" alt="kokospapa8 image"> </div> </a> <a href="/kokospapa8/how-to-deploy-django-app-to-ecs-fargate-part1-2ga" class="ltag__link__link"> <div class="ltag__link__content"> <h2>How to deploy django app to ECS Fargate Part1</h2> <h3>Jinwook Baek ・ Jul 3 ・ 4 min read</h3> <div class="ltag__link__taglist"> <span class="ltag__link__tag">#aws</span> <span class="ltag__link__tag">#docker</span> <span class="ltag__link__tag">#tutorial</span> <span class="ltag__link__tag">#webdev</span> </div> </div> </a> </div> <p>You can skip to part3 if you are already familiar with AWS architectures.<br> </p> <div class="ltag__link"> <a href="/kokospapa8" class="ltag__link__link"> <div class="ltag__link__pic"> <img src="https://res.cloudinary.com/practicaldev/image/fetch/s--VW75tZgW--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://res.cloudinary.com/practicaldev/image/fetch/s--B1QWRgg7--/c_fill%2Cf_auto%2Cfl_progressive%2Ch_150%2Cq_auto%2Cw_150/https://dev-to-uploads.s3.amazonaws.com/uploads/user/profile_image/367659/1067d331-541f-4ec9-b7dc-c49540b89ff9.jpg" alt="kokospapa8 image"> </div> </a> <a href="/kokospapa8/how-to-deploy-django-app-to-ecs-fargate-part3-3i7p" class="ltag__link__link"> <div class="ltag__link__content"> <h2>How to deploy django app to ECS Fargate part3</h2> <h3>Jinwook Baek ・ Jul 3 ・ 12 min read</h3> <div class="ltag__link__taglist"> <span class="ltag__link__tag">#aws</span> <span class="ltag__link__tag">#docker</span> <span class="ltag__link__tag">#tutorial</span> <span class="ltag__link__tag">#webdev</span> </div> </div> </a> </div> <h1> Staging Infra Setup </h1> <p>Before going straight to ECS deployment, we will setup up a <code>staging</code> env to test the application using ec2 compute instance and other AWS cloud services. If you are familar with AWS infra and confident with ecs setup, you can skip this part. However I will be using same vpc, redis and mysql for <code>production</code> env so it would be worth while to take a look at the setup. (you should use different vpc, redis and mysql for your actual <code>production</code> deployment)</p> <p>The <code>staging</code> cloud architecture will consist following AWS services.</p> <ul> <li>VPC with public and private subnet</li> <li>EC2 instance (in public subnet)</li> <li>ALB in front of ec2 instance</li> <li>RDS mysql (in private subnet)</li> <li>ElasticCache - Redis (private subnet)</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--rF7jPD4c--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/v942mc1r16rjzd6kpbp8.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--rF7jPD4c--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/v942mc1r16rjzd6kpbp8.png" alt="staging infra"></a></p> <p>Refer to the cloudformation for detailed configurations.</p> <p><a href="https://github.com/kokospapa8/ecs-fargate-sample-app/blob/master/config/cloudformation/cf-ecs-sample.json">kokospapa8/ecs-fargate-sample-app</a></p> <ul> <li> <p>Preview</p> <ul> <li> <p>Network - VPC<br> </p> <pre class="highlight json"><code><span class="nl">"VpcEcsSample"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"AWS::EC2::VPC"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Properties"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"CidrBlock"</span><span class="p">:</span><span class="w"> </span><span class="s2">"172.10.0.0/16"</span><span class="p">,</span><span class="w"> </span><span class="nl">"InstanceTenancy"</span><span class="p">:</span><span class="w"> </span><span class="s2">"default"</span><span class="p">,</span><span class="w"> </span><span class="nl">"EnableDnsSupport"</span><span class="p">:</span><span class="w"> </span><span class="s2">"true"</span><span class="p">,</span><span class="w"> </span><span class="nl">"EnableDnsHostnames"</span><span class="p">:</span><span class="w"> </span><span class="s2">"true"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Tags"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Key"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Name"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ecs-sample"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="err">,</span><span class="w"> </span><span class="nl">"EcsSamplePrivate1"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"AWS::EC2::Subnet"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Properties"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"CidrBlock"</span><span class="p">:</span><span class="w"> </span><span class="s2">"172.10.11.0/24"</span><span class="p">,</span><span class="w"> </span><span class="nl">"AvailabilityZone"</span><span class="p">:</span><span class="w"> </span><span class="s2">"us-west-2a"</span><span class="p">,</span><span class="w"> </span><span class="nl">"VpcId"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Ref"</span><span class="p">:</span><span class="w"> </span><span class="s2">"VpcEcsSample"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"Tags"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Key"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Name"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ecs-sample-private 1"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"DependsOn"</span><span class="p">:</span><span class="w"> </span><span class="s2">"VpcEcsSample"</span><span class="w"> </span><span class="p">}</span><span class="err">,</span><span class="w"> </span><span class="nl">"EcsSamplePublic1"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"AWS::EC2::Subnet"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Properties"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"CidrBlock"</span><span class="p">:</span><span class="w"> </span><span class="s2">"172.10.1.0/24"</span><span class="p">,</span><span class="w"> </span><span class="nl">"AvailabilityZone"</span><span class="p">:</span><span class="w"> </span><span class="s2">"us-west-2a"</span><span class="p">,</span><span class="w"> </span><span class="nl">"VpcId"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Ref"</span><span class="p">:</span><span class="w"> </span><span class="s2">"VpcEcsSample"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"Tags"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Key"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Name"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ecs-sample-public 1"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"DependsOn"</span><span class="p">:</span><span class="w"> </span><span class="s2">"VpcEcsSample"</span><span class="w"> </span><span class="p">}</span><span class="err">,</span><span class="w"> </span><span class="nl">"IgwEcsSample"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"AWS::EC2::InternetGateway"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Properties"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Tags"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Key"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Name"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ecs-sample IGW"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"DependsOn"</span><span class="p">:</span><span class="w"> </span><span class="s2">"VpcEcsSample"</span><span class="w"> </span><span class="p">}</span><span class="err">,</span><span class="w"> </span><span class="nl">"NATGateway"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"AWS::EC2::NatGateway"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Properties"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"AllocationId"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Fn::GetAtt"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"EipNat"</span><span class="p">,</span><span class="w"> </span><span class="s2">"AllocationId"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"SubnetId"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Ref"</span><span class="p">:</span><span class="w"> </span><span class="s2">"EcsSamplePublic1"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"DependsOn"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"EcsSamplePublic1"</span><span class="p">,</span><span class="w"> </span><span class="s2">"EipNat"</span><span class="p">,</span><span class="w"> </span><span class="s2">"IgwEcsSample"</span><span class="p">,</span><span class="w"> </span><span class="s2">"GatewayAttachment"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="err">,</span><span class="w"> </span></code></pre> </li> <li> <p>RDS<br> </p> <pre class="highlight json"><code><span class="nl">"RDSCluster"</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"AWS::RDS::DBCluster"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Properties"</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"MasterUsername"</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Ref"</span><span class="p">:</span><span class="w"> </span><span class="s2">"DBUsername"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"MasterUserPassword"</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Ref"</span><span class="p">:</span><span class="w"> </span><span class="s2">"DBPassword"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"DBClusterIdentifier"</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="s2">"ecs-sample"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Engine"</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="s2">"aurora"</span><span class="p">,</span><span class="w"> </span><span class="nl">"EngineVersion"</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="s2">"5.6.10a"</span><span class="p">,</span><span class="w"> </span><span class="nl">"EngineMode"</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="s2">"serverless"</span><span class="p">,</span><span class="w"> </span><span class="nl">"ScalingConfiguration"</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"AutoPause"</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"MinCapacity"</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="mi">4</span><span class="p">,</span><span class="w"> </span><span class="nl">"MaxCapacity"</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="mi">8</span><span class="p">,</span><span class="w"> </span><span class="nl">"SecondsUntilAutoPause"</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="mi">1000</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="err">,</span><span class="w"> </span></code></pre> </li> <li> <p>Redis<br> </p> <pre class="highlight json"><code><span class="err">cacheecssample</span><span class="mi">001</span><span class="s2">": { "</span><span class="err">Type</span><span class="s2">": "</span><span class="err">AWS::ElastiCache::CacheCluster</span><span class="s2">", "</span><span class="err">Properties</span><span class="s2">": { "</span><span class="err">AutoMinorVersionUpgrade</span><span class="s2">": "</span><span class="kc">true</span><span class="s2">", "</span><span class="err">AZMode</span><span class="s2">": "</span><span class="err">single-az</span><span class="s2">", "</span><span class="err">CacheNodeType</span><span class="s2">": "</span><span class="err">cache.t</span><span class="mi">2</span><span class="err">.micro</span><span class="s2">", "</span><span class="err">Engine</span><span class="s2">": "</span><span class="err">redis</span><span class="s2">", "</span><span class="err">EngineVersion</span><span class="s2">": "</span><span class="mf">5.0</span><span class="err">.</span><span class="mi">6</span><span class="s2">", "</span><span class="err">NumCacheNodes</span><span class="s2">": "</span><span class="mi">1</span><span class="s2">", "</span><span class="err">PreferredAvailabilityZone</span><span class="s2">": "</span><span class="err">us-west</span><span class="mi">-1</span><span class="err">b</span><span class="s2">", "</span><span class="err">PreferredMaintenanceWindow</span><span class="s2">": "</span><span class="err">thu:</span><span class="mi">02</span><span class="err">:</span><span class="mi">30</span><span class="err">-thu:</span><span class="mi">03</span><span class="err">:</span><span class="mi">30</span><span class="s2">", "</span><span class="err">CacheSubnetGroupName</span><span class="s2">": { "</span><span class="err">Ref</span><span class="s2">": "</span><span class="err">cachesubnetecssampleredissubnetgroup</span><span class="s2">" }, "</span><span class="err">VpcSecurityGroupIds</span><span class="s2">": [ { "</span><span class="err">Fn::GetAtt</span><span class="s2">": [ "</span><span class="err">sgecssampleredis</span><span class="s2">", "</span><span class="err">GroupId</span><span class="s2">" ] } ] } }, </span></code></pre> </li> </ul> </li> </ul> <p>This template is preconfigured to <code>us-west-2</code> region.</p> <h2> Migrate docker images to ECR </h2> <p>Before setting up the infrastructure I will move docker images to <code>elastic container registry</code>. If you want to still use docker hub or other private docker image repository, you can skip this part</p> <ul> <li> <p>ecr setup</p> <p><a href="https://docs.aws.amazon.com/AmazonECR/latest/userguide/getting-started-cli.html">Getting started with Amazon ECR using the AWS CLI</a></p> <p>log into ecr<br> </p> <pre class="highlight python"><code><span class="err">$</span> <span class="nb">eval</span> <span class="err">$</span><span class="p">(</span><span class="n">aws</span> <span class="n">ecr</span> <span class="n">get</span><span class="o">-</span><span class="n">login</span><span class="o">-</span><span class="n">password</span> <span class="o">--</span><span class="n">region</span> <span class="n">us</span><span class="o">-</span><span class="n">east</span><span class="o">-</span><span class="mi">2</span> <span class="o">--</span><span class="n">no</span><span class="o">-</span><span class="n">include</span><span class="o">-</span><span class="n">email</span><span class="p">)</span> <span class="o">&gt;</span> <span class="n">Login</span> <span class="n">Succeeded</span> </code></pre> <p>Create repository with cli<br> </p> <pre class="highlight python"><code><span class="err">$</span> <span class="n">aws</span> <span class="n">ecr</span> <span class="n">create</span><span class="o">-</span><span class="n">repository</span> <span class="o">--</span><span class="n">repository</span><span class="o">-</span><span class="n">name</span> <span class="n">ecs</span><span class="o">-</span><span class="n">sample</span><span class="o">-</span><span class="n">nginx</span> <span class="o">--</span><span class="n">region</span> <span class="n">us</span><span class="o">-</span><span class="n">east</span><span class="o">-</span><span class="mi">2</span> <span class="err">$</span> <span class="n">aws</span> <span class="n">ecr</span> <span class="n">create</span><span class="o">-</span><span class="n">repository</span> <span class="o">--</span><span class="n">repository</span><span class="o">-</span><span class="n">name</span> <span class="n">ecs</span><span class="o">-</span><span class="n">sample</span><span class="o">-</span><span class="n">api</span> <span class="o">--</span><span class="n">region</span> <span class="n">us</span><span class="o">-</span><span class="n">east</span><span class="o">-</span><span class="mi">2</span> <span class="err">$</span> <span class="n">aws</span> <span class="n">ecr</span> <span class="n">create</span><span class="o">-</span><span class="n">repository</span> <span class="o">--</span><span class="n">repository</span><span class="o">-</span><span class="n">name</span> <span class="n">ecs</span><span class="o">-</span><span class="n">sample</span><span class="o">-</span><span class="n">worker</span> <span class="o">--</span><span class="n">region</span> <span class="n">us</span><span class="o">-</span><span class="n">east</span><span class="o">-</span><span class="mi">2</span> </code></pre> <p>or create repository on the console </p> </li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--d4besbwX--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/2y5uz0ojxspz7zipbm67.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--d4besbwX--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/2y5uz0ojxspz7zipbm67.png" alt="ecr creation"></a></p> <div class="highlight"><pre class="highlight plaintext"><code>Build docker image if you have not build the image from previoud post </code></pre></div> <div class="highlight"><pre class="highlight plaintext"><code>```bash $ docker build -f config/app/Docker_base -t ecs-fargate-sample_base:latest . $ docker build -f config/app/Docker_app -t ecs-fargate-sample_app:latest . $ docker build -f config/app/Docker_worker -f ecs-fargate-sample_app:latest . ``` </code></pre></div> <div class="highlight"><pre class="highlight plaintext"><code>Tag and push images </code></pre></div> <div class="highlight"><pre class="highlight plaintext"><code>```bash $ docker tag ecs-fargate-sample_app:base &lt;aws_account_id&gt;.dkr.ecr.us-east-1.amazonaws.com/ecs-sample-api:base $ docker push &lt;aws_account_id&gt;.dkr.ecr.us-east-1.amazonaws.com/ecs-sample-api:base $ docker tag ecs-fargate-sample_app:latest &lt;aws_account_id&gt;.dkr.ecr.us-east-1.amazonaws.com/ecs-sample-api:latest $ docker push &lt;aws_account_id&gt;.dkr.ecr.us-east-1.amazonaws.com/ecs-sample-api:latest $ docker tag ecs-fargate-sample_worker:base &lt;aws_account_id&gt;.dkr.ecr.us-east-1.amazonaws.com/ecs-sample-worker:latest $ docker push &lt;aws_account_id&gt;.dkr.ecr.us-east-1.amazonaws.com/ecs-sample-worker:latest ``` </code></pre></div> <div class="highlight"><pre class="highlight plaintext"><code>Check the console for the images </code></pre></div> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--h242inld--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/uu5yul3ky21gtebmlqe8.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--h242inld--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/uu5yul3ky21gtebmlqe8.png" alt="ecr image pushed"></a></p> <h2> IAM role </h2> <p>You need access to ECR from your ec2 instances, instead of embedding AWS accesskey in the instance I will attach an iam role.</p> <ul> <li> <p>ecs-sample-ec2_role (optional)</p> <ul> <li>I will give permission to read from ECR</li> </ul> <p><a href="https://docs.aws.amazon.com/AmazonECR/latest/userguide/ecr_managed_policies.html">Amazon ECR Managed Policies</a></p> </li> </ul> <h2> Network </h2> <h3> VPC </h3> <p>I have created VPC with CIDR 172.10.0.0/16. refer to the images attached for reference. For production I advise you to make more subnets in multi-AZ for better availability. For the sake of the post, I have just used two available zones (serverless mysql needs at least two AZs)</p> <ul> <li><strong>Public subnet</strong></li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--pst36p8---/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/fksef5dwu7ew8pl33wku.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--pst36p8---/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/fksef5dwu7ew8pl33wku.png" alt="public subnet"></a></p> <div class="highlight"><pre class="highlight plaintext"><code>CIDR - 172.10.1.0/24, 172.10.2.0/24 Components - ec2 instance for `api` - NAT GATEWAY for `worker` instance </code></pre></div> <ul> <li><strong>Private subnet</strong></li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--2ZtnpCnl--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/xfqz8mnsue76ctsxqc6a.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--2ZtnpCnl--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/xfqz8mnsue76ctsxqc6a.png" alt="private subnet"></a></p> <div class="highlight"><pre class="highlight plaintext"><code>CIDR - 172.10.11.0/24, 172.10.12.0/24 Components - mysql - elastic cache - ec2 instance for `worker` </code></pre></div> <h3> Security group </h3> <p>I have added minial security measure for the sake of the post. This is just sample you should not use this for production. </p> <ul> <li> <p>Setup</p> <p><strong>ecs-sample-VPC</strong></p> <ul> <li>Opened all ports to public (not safe)</li> </ul> <p><strong>ecs-sample-loadbalancer</strong></p> <ul> <li>80 and 443 to public</li> <li>80 with ec2-api instance</li> </ul> <p><strong>ecs-sample-mysql</strong></p> <ul> <li>3306 with ec2</li> </ul> <p><strong>ecs-sample-ec2-api</strong> and <strong>ecs-sample-ec2-worker</strong> (they should be different but I just used single sg for both ec2, should block 80 access for particular ec2 instance)</p> <ul> <li>3306 mysql</li> <li>6379 redis,</li> <li>80 for ALB and public ip access</li> <li>22 for ssh</li> </ul> <p><strong>ecs-sample-redis</strong></p> <ul> <li>6379 with ec2 ### ALB</li> </ul> </li> </ul> <p>Created Alb with simple setup attached to public subnet. We don't have instance yet so just created target group with no instance attached yet. </p> <ul> <li>configuration <ul> <li>name: ecs-sanple-lb</li> <li>Listener: port 80</li> <li>Security group: ecs-sample-lb</li> <li>VPC and subnet - public subnet created above</li> </ul> </li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--LvimxiHY--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/wjkor7dbv8a4sdfyvp2z.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--LvimxiHY--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/wjkor7dbv8a4sdfyvp2z.png" alt="alb config 1"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--_5D5lG0q--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/b6xt3xedwhntkuwezben.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--_5D5lG0q--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/b6xt3xedwhntkuwezben.png" alt="alb result 1"></a></p> <h2> Database </h2> <h3> RDS - Mysql </h3> <p>I will use serverless mysql instead of traditional mysql instance to minimize cost. (serverless mysql only support mysql engine version up to 5.6)</p> <ul> <li>configuration <ul> <li>database - <code>sample</code> </li> <li>username - <code>admin</code> </li> <li>network - VPC and private subnet created above</li> </ul> </li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--DZ_JCIhT--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/y8uqfzejh18n9novasxh.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--DZ_JCIhT--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/y8uqfzejh18n9novasxh.png" alt="mysql db"></a></p> <p>Take a note on your mysql endpoint and password, will be using it later for env variable setup.</p> <h3> Elasticcache - Redis </h3> <p>Take a note on your primary endpoint, will be using it later for env variable setup.</p> <h2> Compute instances </h2> <p>We will start two ec2 instances. One for api in public subnet and another for worker in private sunet.</p> <h3> EC2 instance - API </h3> <ul> <li>configurations <ul> <li>AMI : Ubuntu image 20.04 LTS</li> <li>Network: public subnet</li> <li>auto-assign ip : enabled</li> </ul> </li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s---AMQEUwN--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/j27obf0rlo0d6kuc62ut.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s---AMQEUwN--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/j27obf0rlo0d6kuc62ut.png" alt="ec2 conf1"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--vxdHRdpx--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/h8ihw4gb3hxgztwmkfrc.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--vxdHRdpx--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/h8ihw4gb3hxgztwmkfrc.png" alt="ec2 conf2"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--1jx7u9Uy--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/vpu3ljoka1u6ojsfwpad.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--1jx7u9Uy--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/vpu3ljoka1u6ojsfwpad.png" alt="ec2 conf3"></a></p> <h3> Ec2 instance - worker </h3> <p>This instance is basically same with <code>api</code> instance but it needs to in private subnet. I advise making AMI from <code>api</code> instance and fire up on private instance. Since there will be no public ip attached, you need to tunnel through <code>api</code> or <code>bastion</code> instance to connect the instance with private ip. (You can use <a href="https://www.notion.so/kokospapa/How-to-deploy-django-app-to-ECS-Fargate-part2-93a372ebd8b941cea99d03de8ca98863#f8064c59d13c42b78a576173a979c34b">following method</a> to connect directly since we have NAT gateway deployed)</p> <h1> Deployment </h1> <p>Once the instance is up and running, we are ready to deploy docker containers.</p> <p>Let's ssh into to ec2 instance.<br> </p> <div class="highlight"><pre class="highlight shell"><code>ssh <span class="nt">-i</span> <span class="s2">"/path/to/keyfile/"</span> ubuntu@&lt;public_ip&gt; </code></pre></div> <h3> Docker setup </h3> <p>Next, you need to install docker engine and docker-compose. refer to following <a href="https://docs.docker.com/engine/install/ubuntu/">link</a></p> <ul> <li> <p>install steps</p> <p><a href="https://docs.docker.com/engine/install/ubuntu/">Install Docker Engine on Ubuntu</a></p> <p><a href="https://docs.docker.com/compose/install/">Install Docker Compose</a></p> <p><a href="https://docs.docker.com/engine/install/linux-postinstall/">Post-installation steps for Linux</a><br> </p> <pre class="highlight shell"><code><span class="c"># docker engine</span> <span class="nv">$ </span><span class="nb">sudo </span>apt-get update <span class="nv">$ </span><span class="nb">sudo </span>apt-get <span class="nb">install</span> <span class="se">\</span> apt-transport-https <span class="se">\</span> ca-certificates <span class="se">\</span> curl <span class="se">\</span> gnupg-agent <span class="se">\</span> software-properties-common <span class="nv">$ </span>curl <span class="nt">-fsSL</span> https://download.docker.com/linux/ubuntu/gpg | <span class="nb">sudo </span>apt-key add - <span class="nv">$ </span><span class="nb">sudo </span>add-apt-repository <span class="se">\</span> <span class="s2">"deb [arch=amd64] https://download.docker.com/linux/ubuntu </span><span class="se">\</span><span class="s2"> </span><span class="si">$(</span>lsb_release <span class="nt">-cs</span><span class="si">)</span><span class="s2"> </span><span class="se">\</span><span class="s2"> stable"</span> <span class="nv">$ </span><span class="nb">sudo </span>apt-get update <span class="nv">$ </span><span class="nb">sudo </span>apt-get <span class="nb">install </span>docker-ce docker-ce-cli containerd.io <span class="c"># docker-compose</span> <span class="nv">$ </span><span class="nb">sudo </span>curl <span class="nt">-L</span> <span class="se">\ </span> <span class="s2">"https://github.com/docker/compose/releases/download/1.26.0/docker-compose-</span><span class="si">$(</span><span class="nb">uname</span> <span class="nt">-s</span><span class="si">)</span><span class="s2">-</span><span class="si">$(</span><span class="nb">uname</span> <span class="nt">-m</span><span class="si">)</span><span class="s2">"</span> <span class="se">\ </span> <span class="nt">-o</span> /usr/local/bin/docker-compose </code></pre> </li> </ul> <h3> Environment variables </h3> <p>You need to set couple env for staging since we are using redis and mysql.</p> <p>Please take a closer look at <code>settings/staging.py</code> for <code>DB_USER</code> and <code>DB_NAME</code>. If they are different, update the file accordingly.<br> </p> <div class="highlight"><pre class="highlight shell"><code><span class="nb">export </span><span class="nv">SECRET_KEY</span><span class="o">=</span><span class="s2">""</span> <span class="nb">export </span><span class="nv">DB_HOST</span><span class="o">=</span><span class="s2">""</span> <span class="nb">export </span><span class="nv">DB_PASSWORD</span><span class="o">=</span><span class="s2">""</span> <span class="nb">export </span><span class="nv">REDIS_HOST</span><span class="o">=</span><span class="s2">""</span> </code></pre></div> <h3> Run containers </h3> <p>Check out sources from git and run the docker-compose<br> </p> <div class="highlight"><pre class="highlight shell"><code><span class="nv">$ </span>git clone https://github.com/kokospapa8/ecs-fargate-sample-app.git <span class="nv">$ </span><span class="nb">cd </span>ecs-fargate-sample-app <span class="nv">$ </span>docker-compose <span class="nt">-f</span> docker-compose-staging-api.yml up <span class="nt">--build</span> <span class="c"># add -d option for detach mode I explicitly left it out to see access logs</span> <span class="c"># if you get error running docker-compose or docker, you probably don't have previlige to run docker as user, </span> <span class="c"># refer to https://docs.docker.com/engine/install/linux-postinstall/</span> <span class="c"># instead of building the whole images you can pull the image from ECR - https://docs.docker.com/compose/reference/pull/</span> <span class="c"># in order to pull the image from repository make sure you add images filed to each docker-compose file - https://docs.docker.com/compose/compose-file/#image</span> <span class="c"># </span> <span class="nv">$ </span>docker-compose <span class="nt">-f</span> docker-compose-staging-api.yml pull <span class="nv">$ </span>docker-compose <span class="nt">-f</span> docker-compose-staging-api.yml up </code></pre></div> <p>Once docker containers are up and running and no error shown, access public ip of your app instance.</p> <p><a href="https://asciinema.org/a/tNnXTRKWU6u0572aS3GSNNo00"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--u-KTCtid--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://asciinema.org/a/tNnXTRKWU6u0572aS3GSNNo00.svg" alt="asciicast"></a></p> <h3> Attach instace behind ALB </h3> <p>Attach your instance to ALB's target group then you will start seeing ALB's health check on the log.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--827Gn2P2--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/qacmn2ijjtxz6yl2eva6.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--827Gn2P2--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/qacmn2ijjtxz6yl2eva6.png" alt="target group"></a></p> <h3> For worker instance </h3> <p>Follow same step as previous step on docker setup or create another AMI image from api instance and start the instance in private subnet.<br> </p> <div class="highlight"><pre class="highlight shell"><code><span class="nv">$ </span>git clone https://github.com/kokospapa8/ecs-fargate-sample-app.git <span class="nv">$ </span><span class="nb">cd </span>ecs-fargate-sample-app <span class="nv">$ </span>docker-compose <span class="nt">-f</span> docker-compose-staging-worker.yml up <span class="nt">--build</span> </code></pre></div> <h1> Caveats </h1> <p>Everything checked out; in order to use this setup in production level, there are couple problems we need to address. </p> <ul> <li>Scaling services</li> <li>Updating sources for further development</li> </ul> <h2> Scaling services </h2> <p>We can create launch config and attach it to autoscaling group for automatic scaling. </p> <p><a href="https://docs.aws.amazon.com/autoscaling/plans/userguide/what-is-aws-auto-scaling.html">What Is AWS Auto Scaling?</a></p> <p>We need to prepare couple things for this to work</p> <ul> <li>Each instances must have environment variable injected on startup. There are couple ways to do this</li> <li>Pull new source</li> <li>Run docker-compose on start</li> </ul> <p>There are various way to accomplish this, you can search for other methods</p> <p><a href="https://stackoverflow.com/questions/49594391/aws-ec2-run-script-program-at-startup">Aws Ec2 run script program at startup</a></p> <h2> Updating sources for further development </h2> <ul> <li>Configuration changes - environment</li> <li>pulling new src from git</li> </ul> <h3> Brute force </h3> <p>Login into each instance and update the source and build image manualy</p> <ul> <li>ssh into each ec2 instance </li> </ul> <div class="highlight"><pre class="highlight shell"><code><span class="o">&gt;</span> ssh <span class="nt">-i</span> <span class="s2">"/path/to/keyfile/"</span> ubuntu@&lt;public_ip&gt; <span class="nv">$ </span>git pull <span class="nv">$ </span>docker-compose <span class="nt">-f</span> docker-compose-staging-api.yml up <span class="nt">--build</span> </code></pre></div> <p>Obviously this is not a great idea if you have multiple instances of ec2 running. Also ip address change if instances are running behind autoscaling group.</p> <h3> Fabric </h3> <p>You can use <code>fabric</code> to alleviate such painful process. It's library designed to execute shell commands remotely over SSH. </p> <p><a href="http://www.fabfile.org/">Fabric</a></p> <p>I have provided sample fab file for accessing ec2 instances in public subnets.<br> </p> <div class="highlight"><pre class="highlight python"><code><span class="k">def</span> <span class="nf">_get_ec2_instances</span><span class="p">():</span> <span class="n">instances</span> <span class="o">=</span> <span class="p">[]</span> <span class="n">connection</span> <span class="o">=</span> <span class="n">connect_to_region</span><span class="p">(</span> <span class="n">region_name</span> <span class="o">=</span> <span class="s">"ap-northeast-2"</span><span class="p">,</span> <span class="c1">#TODO beta env </span> <span class="n">aws_access_key_id</span><span class="o">=</span><span class="n">os</span><span class="p">.</span><span class="n">getenv</span><span class="p">(</span><span class="s">"AWS_ACCESS_KEY_ID"</span><span class="p">),</span> <span class="n">aws_secret_access_key</span><span class="o">=</span><span class="n">os</span><span class="p">.</span><span class="n">getenv</span><span class="p">(</span><span class="s">"AWS_SECRET_ACCESS_KEY"</span><span class="p">)</span> <span class="p">)</span> <span class="k">try</span><span class="p">:</span> <span class="n">reservations</span> <span class="o">=</span> <span class="n">connection</span><span class="p">.</span><span class="n">get_all_reservations</span><span class="p">(</span><span class="n">filters</span><span class="o">=</span> <span class="p">{</span><span class="s">'tag:Name'</span><span class="p">:</span><span class="s">'ecs-sample-api'</span><span class="p">,</span><span class="s">'tag:env'</span><span class="p">:</span><span class="s">'staging'</span><span class="p">})</span> <span class="k">for</span> <span class="n">r</span> <span class="ow">in</span> <span class="n">reservations</span><span class="p">:</span> <span class="k">for</span> <span class="n">instance</span> <span class="ow">in</span> <span class="n">r</span><span class="p">.</span><span class="n">instances</span><span class="p">:</span> <span class="n">instances</span><span class="p">.</span><span class="n">append</span><span class="p">(</span><span class="n">instance</span><span class="p">)</span> <span class="k">except</span> <span class="n">boto</span><span class="p">.</span><span class="n">exception</span><span class="p">.</span><span class="n">EC2ResponseError</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="k">print</span><span class="p">(</span><span class="n">e</span><span class="p">)</span> <span class="k">return</span> <span class="n">instances</span><span class="o">=</span><span class="nb">filter</span><span class="p">(</span><span class="bp">None</span><span class="p">,</span> <span class="n">instances</span><span class="p">)</span> <span class="k">return</span> <span class="n">instances</span> </code></pre></div> <p><a href="https://github.com/kokospapa8/ecs-fargate-sample-app/blob/master/fabfile.py">kokospapa8/ecs-fargate-sample-app</a></p> <p>When you run fabfile, it uses boto library to traverse ec2 instance with tag named as <code>ecs-sample-api</code>. Therefore you need to add <code>ecs-sample-api</code> for Name tag for each ec2 instances.<br> </p> <div class="highlight"><pre class="highlight shell"><code><span class="c"># you need to install fab and boto library</span> <span class="nv">$ </span>pip <span class="nb">install </span>fabric, boto <span class="c">#edit fabfile.py </span> <span class="c"># SSH_KEY= "PATH/TO/YOUR/SSH_KEY"</span> <span class="c"># set env for AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY with ec2 describe policies</span> <span class="nv">$ </span>fab <span class="nt">--list</span> <span class="nv">$ </span>fab gitpull <span class="nv">$ </span>fab docker-restart </code></pre></div> <h1> Wrap up </h1> <p>We are done for staging environment setup. We now have a docker containers running on cloud evironment. However there are couple concerns I woud like to address.</p> <ul> <li>Accessing each instances manually to update the source is not secure job</li> <li>I would like to address immutability to container deployment.</li> <li>I would like to fully utilize my compute node for containers.</li> </ul> <p>Let's move to part3<br> </p> <div class="ltag__link"> <a href="/kokospapa8" class="ltag__link__link"> <div class="ltag__link__pic"> <img src="https://res.cloudinary.com/practicaldev/image/fetch/s--VW75tZgW--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://res.cloudinary.com/practicaldev/image/fetch/s--B1QWRgg7--/c_fill%2Cf_auto%2Cfl_progressive%2Ch_150%2Cq_auto%2Cw_150/https://dev-to-uploads.s3.amazonaws.com/uploads/user/profile_image/367659/1067d331-541f-4ec9-b7dc-c49540b89ff9.jpg" alt="kokospapa8 image"> </div> </a> <a href="/kokospapa8/how-to-deploy-django-app-to-ecs-fargate-part3-3i7p" class="ltag__link__link"> <div class="ltag__link__content"> <h2>How to deploy django app to ECS Fargate part3</h2> <h3>Jinwook Baek ・ Jul 3 ・ 12 min read</h3> <div class="ltag__link__taglist"> <span class="ltag__link__tag">#aws</span> <span class="ltag__link__tag">#docker</span> <span class="ltag__link__tag">#tutorial</span> <span class="ltag__link__tag">#webdev</span> </div> </div> </a> </div> <h1> Reference </h1> <p><a href="https://www.concurrencylabs.com/blog/choose-your-aws-region-wisely/">Save yourself a lot of pain (and money) by choosing your AWS Region wisely</a></p> <p><a href="https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Scenario2.html">VPC with public and private subnets (NAT)</a></p> <p><a href="http://www.fabfile.org/">Fabric</a></p> <p><a href="https://aws.amazon.com/ko/blogs/security/securely-connect-to-linux-instances-running-in-a-private-amazon-vpc/">Securely Connect to Linux Instances Running in a Private Amazon VPC | Amazon Web Services</a></p> <p><a href="https://docs.aws.amazon.com/autoscaling/ec2/userguide/what-is-amazon-ec2-auto-scaling.html">What Is Amazon EC2 Auto Scaling?</a></p> aws docker tutorial webdev Jinwook Baek Fri, 03 Jul 2020 06:43:22 +0000 https://dev.to/kokospapa8/how-to-deploy-django-app-to-ecs-fargate-part1-2ga https://dev.to/kokospapa8/how-to-deploy-django-app-to-ecs-fargate-part1-2ga <blockquote> <p>This post was originally published on notion. Click <a href="https://www.notion.so/kokospapa/How-to-deploy-django-app-to-ECS-Fargate-Part1-a1e99c19b2a3423585e67f0b1ad81cbd">here</a> if you prefer to read in notion page which has better readability.</p> </blockquote> <h1> Introduction </h1> <p>This blog post illustrate development cycle using django app container. I assume readers are already somewhat familar with docker and docker-compose. Although I used django for app development, it is language-agnostic since the post is about containerized application deployment.</p> <p>Walkthough is devided into three parts consisting three different environemt respectively. First part, describes the architecture of the app(api and async worker) and how they are deployed on <code>local</code> enviroment. Second part is how to deploy the docker containers on cloud using single ec2 instance with on <code>staging</code> environment. Third part, illustrate how to convert traditional ec2 deployment into ECS using fargate with github actions on <code>prod</code> environment.</p> <p>You can skip to next part if you are already familiar with docker and AWS architectures.<br> </p> <div class="ltag__link"> <a href="/kokospapa8" class="ltag__link__link"> <div class="ltag__link__pic"> <img src="https://res.cloudinary.com/practicaldev/image/fetch/s--VW75tZgW--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://res.cloudinary.com/practicaldev/image/fetch/s--B1QWRgg7--/c_fill%2Cf_auto%2Cfl_progressive%2Ch_150%2Cq_auto%2Cw_150/https://dev-to-uploads.s3.amazonaws.com/uploads/user/profile_image/367659/1067d331-541f-4ec9-b7dc-c49540b89ff9.jpg" alt="kokospapa8 image"> </div> </a> <a href="/kokospapa8/how-to-deploy-django-app-to-ecs-fargate-part2-io1" class="ltag__link__link"> <div class="ltag__link__content"> <h2>How to deploy django app to ECS Fargate Part2</h2> <h3>Jinwook Baek ・ Jul 3 ・ 10 min read</h3> <div class="ltag__link__taglist"> <span class="ltag__link__tag">#aws</span> <span class="ltag__link__tag">#docker</span> <span class="ltag__link__tag">#tutorial</span> <span class="ltag__link__tag">#webdev</span> </div> </div> </a> </div> <h1> Setup </h1> <p>First we need to prepare application which is development ready.</p> <p>This application consist 3 docker containers</p> <ul> <li> <code>nginx</code> - web server</li> <li> <code>app</code> - Api server</li> <li> <code>worker</code>- Async worker</li> </ul> <p><code>app</code> and <code>worker</code> share same base images, main difference is that <code>app</code> serves http request behind <code>nginx</code> web server using gunicorn and wsgi. Throughout this walkthough <code>nginx</code> and <code>app</code> container will share a common lifecycle. </p> <p><code>worker</code> runs asyncronously using redis queue as broker using <a href="https://github.com/rq/django-rq">Django-RQ</a>.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--5J_CUrM6--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/k5fxgkowa3dmsl4t2pe7.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--5J_CUrM6--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/k5fxgkowa3dmsl4t2pe7.png" alt="local docker diagram"></a></p> <h2> Download source </h2> <p>You can download the app source code here.</p> <p><a href="https://github.com/kokospapa8/ecs-fargate-sample-app">github: kokospapa8/ecs-fargate-sample-app</a></p> <h2> Docker Containers </h2> <h3> APP </h3> <p>Base app image</p> <p>Since <code>app</code> and <code>worker</code> both use same base image and pip takes quite some time to build image, I have uploaded base image in the dockerhub repo.</p> <p><a href="https://hub.docker.com/r/kokospapa8/django-sample/tags">Docker Hub</a><br> </p> <div class="highlight"><pre class="highlight docker"><code><span class="c"># Creating image based on official python3 image</span> <span class="k">FROM</span><span class="s"> python:3.6</span> <span class="c"># Your contacts, so people blame you afterwards</span> <span class="k">MAINTAINER</span><span class="s"> Jinwook Baek &lt;kokos.papa8@gmail.com&gt;</span> <span class="c"># Sets dumping log messages directly to stream instead of buffering</span> <span class="k">ENV</span><span class="s"> PYTHONUNBUFFERED 1</span> <span class="c"># Creating and putting configurations</span> <span class="k">RUN </span><span class="nb">mkdir</span> /config <span class="k">ADD</span><span class="s"> config/app /config/</span> <span class="c"># Installing all python dependencies</span> <span class="k">RUN </span>pip <span class="nb">install</span> <span class="nt">-r</span> /config/requirements.txt </code></pre></div> <p><strong>APP</strong><br> </p> <div class="highlight"><pre class="highlight docker"><code><span class="k">FROM</span><span class="s"> kokospapa8/django-sample:base</span> <span class="c"># Installing all python dependencies</span> <span class="k">RUN </span>pip <span class="nb">install</span> <span class="nt">-r</span> /config/requirements.txt <span class="c"># Open port 8000 to outside world</span> <span class="k">EXPOSE</span><span class="s"> 8000</span> <span class="c"># When container starts, this script will be executed.</span> <span class="c"># Note that it is NOT executed during building</span> <span class="k">CMD</span><span class="s"> ["sh", "/config/django_app.sh"]</span> <span class="c"># Creating and putting application inside container</span> <span class="c"># and setting it to working directory (meaning it is going to be default)</span> <span class="k">RUN </span><span class="nb">mkdir</span> /ecs-sample <span class="k">WORKDIR</span><span class="s"> /ecs-sample</span> <span class="k">ADD</span><span class="s"> ecs-sample /ecs-sample/</span> </code></pre></div> <p><strong>Worker</strong><br> </p> <div class="highlight"><pre class="highlight docker"><code><span class="k">FROM</span><span class="s"> kokospapa8/django-sample:base</span> <span class="c"># Installing all python dependencies</span> <span class="k">RUN </span>pip <span class="nb">install</span> <span class="nt">-r</span> /config/requirements.txt <span class="c"># When container starts, this script will be executed.</span> <span class="c"># Note that it is NOT executed during building</span> <span class="k">CMD</span><span class="s"> ["sh", "/config/django_worker.sh"]</span> <span class="c"># Creating and putting application inside container</span> <span class="c"># and setting it to working directory (meaning it is going to be default)</span> <span class="k">RUN </span><span class="nb">mkdir</span> /ecs-sample <span class="k">WORKDIR</span><span class="s"> /ecs-sample</span> <span class="k">ADD</span><span class="s"> ecs-sample /ecs-sample/</span> </code></pre></div> <h3> Nginx config </h3> <div class="highlight"><pre class="highlight plaintext"><code># app_local.conf server { listen 80; # all requests proxies to app location / { proxy_pass http://app:8000; } # domain localhost server_name localhost; } </code></pre></div> <h3> Enviroment </h3> <p>As you can see from the <a href="https://github.com/kokospapa8/ecs-fargate-sample-app/blob/master/ecs-sample/settings/secrets.py">source code</a> you need to set some sensitive data into env<br> </p> <div class="highlight"><pre class="highlight python"><code><span class="c1"># settings/secrets.py </span><span class="n">SECRET_KEY</span> <span class="o">=</span> <span class="n">get_env_variable</span><span class="p">(</span><span class="s">"SECRET_KEY"</span><span class="p">)</span> <span class="p">......</span> <span class="n">REDIS_HOST</span> <span class="o">=</span> <span class="n">get_env_variable</span><span class="p">(</span><span class="s">"REDIS_HOST"</span><span class="p">)</span> <span class="o">----</span> <span class="c1"># export SECRET_KEY = '' #only SECRET_KEY is needed to be set for local dev </span></code></pre></div> <h3> Docker compose </h3> <p>docker-compose-local.yml</p> <p>Just for local environment, we are using sqlite and <code>redis</code> docker container to mimic cloud enviroment. We will be using RDS-mysql and ElasticCache-redis on <code>staging</code> and <code>production</code> environment.<br> </p> <div class="highlight"><pre class="highlight yaml"><code><span class="c1"># File structure version</span> <span class="na">version</span><span class="pi">:</span> <span class="s1">'</span><span class="s">3'</span> <span class="na">services</span><span class="pi">:</span> <span class="c1"># Our django application</span> <span class="c1"># Build from remote dockerfile</span> <span class="c1"># Connect local app folder with image folder, so changes will be pushed to image instantly</span> <span class="c1"># Open port 8000</span> <span class="na">app</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="na">context</span><span class="pi">:</span> <span class="s">.</span> <span class="na">dockerfile</span><span class="pi">:</span> <span class="s">config/app/Dockerfile_app</span> <span class="na">hostname</span><span class="pi">:</span> <span class="s">app</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./ecs-sample:/ecs-sample</span> <span class="na">expose</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8000"</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">SECRET_KEY</span> <span class="pi">-</span> <span class="s">ENV=dev</span> <span class="pi">-</span> <span class="s">DJANGO_SETTINGS_MODULE=settings.local</span> <span class="pi">-</span> <span class="s">REDIS_HOST=redis</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">redis</span> <span class="pi">-</span> <span class="s">worker</span> <span class="na">worker</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="na">context</span><span class="pi">:</span> <span class="s">.</span> <span class="na">dockerfile</span><span class="pi">:</span> <span class="s">config/app/Dockerfile_worker</span> <span class="na">hostname</span><span class="pi">:</span> <span class="s">worker</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./ecs-sample:/ecs-sample</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">SECRET_KEY</span> <span class="pi">-</span> <span class="s">ENV=dev</span> <span class="pi">-</span> <span class="s">DJANGO_SETTINGS_MODULE=settings.local</span> <span class="pi">-</span> <span class="s">REDIS_HOST=redis</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">redis</span> <span class="na">redis</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">redis:5.0.5</span> <span class="na">expose</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">6379"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">always</span> <span class="na">nginx</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">nginx</span> <span class="na">hostname</span><span class="pi">:</span> <span class="s">nginx</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./config/nginx/app_local.conf:/etc/nginx/conf.d/app_local.conf</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">app</span> </code></pre></div> <p>Let's run the containers<br> </p> <div class="highlight"><pre class="highlight shell"><code><span class="nv">$ </span>docker-compose <span class="nt">-f</span> docker-compose-local.yml up <span class="nt">--build</span> </code></pre></div> <p><a href="https://asciinema.org/a/Wv7ogrpWRNVNRF9f6NdtPOW7G"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--kJw-MpLr--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://asciinema.org/a/Wv7ogrpWRNVNRF9f6NdtPOW7G.svg" alt="asciicast"></a></p> <h3> Check result </h3> <p>Type in following url to see if you are getting correct response.</p> <ul> <li><a href="http://localhost/api/healthcheck/">http://localhost/api/healthcheck/</a></li> <li><a href="http://localhost/api/v1/posts/">http://localhost/api/v1/posts/</a></li> <li><a href="http://localhost/admin/posts/">http://localhost/admin/posts/</a></li> <li> <a href="http://localhost/django-rq/">http://localhost/django-rq/</a> - to check async worker </li> </ul> <h1> Moving on </h1> <div class="ltag__link"> <a href="/kokospapa8" class="ltag__link__link"> <div class="ltag__link__pic"> <img src="https://res.cloudinary.com/practicaldev/image/fetch/s--VW75tZgW--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://res.cloudinary.com/practicaldev/image/fetch/s--B1QWRgg7--/c_fill%2Cf_auto%2Cfl_progressive%2Ch_150%2Cq_auto%2Cw_150/https://dev-to-uploads.s3.amazonaws.com/uploads/user/profile_image/367659/1067d331-541f-4ec9-b7dc-c49540b89ff9.jpg" alt="kokospapa8 image"> </div> </a> <a href="/kokospapa8/how-to-deploy-django-app-to-ecs-fargate-part2-io1" class="ltag__link__link"> <div class="ltag__link__content"> <h2>How to deploy django app to ECS Fargate Part2</h2> <h3>Jinwook Baek ・ Jul 3 ・ 10 min read</h3> <div class="ltag__link__taglist"> <span class="ltag__link__tag">#aws</span> <span class="ltag__link__tag">#docker</span> <span class="ltag__link__tag">#tutorial</span> <span class="ltag__link__tag">#webdev</span> </div> </div> </a> </div> <h1> Reference </h1> <p><a href="https://docs.docker.com/compose/">Overview of Docker Compose</a></p> <p><a href="https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu-16-04">How To Set Up Django with Postgres, Nginx, and Gunicorn on Ubuntu 16.04 | DigitalOcean</a></p> <p><a href="https://docs.docker.com/engine/reference/builder/">Dockerfile reference</a></p> <p><a href="https://testdriven.io/blog/dockerizing-django-with-postgres-gunicorn-and-nginx/">Dockerizing Django with Postgres, Gunicorn, and Nginx</a></p> aws docker tutorial webdev