DEV Community: Tendong Brain Nkengafac The latest articles on DEV Community by Tendong Brain Nkengafac (@tendong_brain). https://dev.to/tendong_brain https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F2854519%2F6cafa584-79db-4a37-a5f0-e0b72693aca9.jpeg DEV Community: Tendong Brain Nkengafac https://dev.to/tendong_brain en How to Deploy a Machine Learning Project on AWS Using ECR, ECS Fargate, and EFS. Tendong Brain Nkengafac Sat, 09 May 2026 15:39:37 +0000 https://dev.to/tendong_brain/how-to-deploy-a-machine-learning-project-on-aws-using-ecr-ecs-fargate-and-efs-kh1 https://dev.to/tendong_brain/how-to-deploy-a-machine-learning-project-on-aws-using-ecr-ecs-fargate-and-efs-kh1 <p>A step-by-step walkthrough from Docker image to a live, serverless ML application running in the cloud</p> <h2> Introduction </h2> <p>Deploying a machine learning project is often where things get humbling. You've trained a model, built a pipeline, maybe even wired up a slick dashboard, and then you stare at your terminal wondering how to get any of it onto a real server that other people can access. I've been there.</p> <p>In this article, I'll walk you through exactly how I deployed a real-time machine learning application on AWS, from pushing a Docker image to ECR, to running two live containers on ECS Fargate, to watching my dashboard update in real time. Every command here actually worked. I'll explain what each step does, why it matters, and what you should expect to see as output.</p> <p>Whether you're deploying your first ML project or looking for a reference you can actually trust, this guide is for you.</p> <h2> The Project: Real-Time Bike Rental Forecasting </h2> <p>Before we get into the AWS infrastructure, let me briefly describe what we're deploying.</p> <p>I built a <strong>Real-Time Bike Rental Forecasting Application</strong> a live machine learning system that predicts hourly bike rental demand and visualizes the results in real time. The dashboard refreshes every second, showing a live comparison of predicted vs. actual bike rental counts over a rolling time window you control.</p> <p>The application is built around three core services running simultaneously:</p> <ul> <li> <strong>Model Training Pipeline</strong> : trains a CatBoost forecasting model on historical bike rental data</li> <li> <strong>Inference Service</strong> : runs every second, simulating 1 hour of dataset time per tick, and produces predictions</li> <li> <strong>Real-Time Dashboard</strong> : a Dash web app that fetches and plots the latest predicted vs. actual counts</li> </ul> <p>The interface gives operators a simple control panel (you can adjust the display window from as little as 1 hour to 24 hours of history) and a live chart that updates continuously. When the model is tracking well, you see the green predicted line closely shadowing the pink actual line. It's a satisfying thing to watch.</p> <p><strong>Tech stack:</strong></p> <ul> <li>Kedro: ML Pipeline Orchestration</li> <li>Forecasting ModelCatBoost: Forecasting Model</li> <li>Dash (Plotly): Dashboard</li> <li>Docker: Containerization</li> <li>Amazon ECR: Image Registry</li> <li>Amazon ECS with Fargate: Container Orchestration</li> <li>Amazon EFS: Shared Storage</li> </ul> <p>The UI and inference service run as separate Docker containers. They share data through a mounted volume, the inference container writes predictions, and the dashboard reads them. On AWS, that shared volume is handled by Amazon EFS.</p> <p>Now let's deploy it.</p> <h2> Prerequisites </h2> <p>Before starting, make sure you have the following:</p> <ul> <li> <strong>AWS CLI</strong> installed and configured (<code>aws configure</code> with your credentials)</li> <li> <strong>Docker</strong> installed and running</li> <li> <strong>PowerShell</strong> (these commands use PowerShell syntax. Adapt to bash if on Linux/Mac)</li> <li>An AWS account with sufficient permissions (IAM, ECR, ECS, EC2, EFS)</li> </ul> <h2> Step 1 — Define Your Session Variables </h2> <p>Start every deployment session by setting these variables. They're referenced throughout every subsequent command, so getting them right upfront saves you a lot of pain.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="nv">$REGION</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"us-east-1"</span><span class="w"> </span><span class="nv">$ACCOUNT_ID</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">aws</span><span class="w"> </span><span class="nx">sts</span><span class="w"> </span><span class="nx">get-caller-identity</span><span class="w"> </span><span class="nt">--query</span><span class="w"> </span><span class="nx">Account</span><span class="w"> </span><span class="nt">--output</span><span class="w"> </span><span class="nx">text</span><span class="w"> </span><span class="nv">$SERVICE_NAME</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s2">"bike-rental-forecasting"</span><span class="w"> </span></code></pre> </div> <p><strong>What this does:</strong> <code>$REGION</code> sets the AWS region for all operations. <code>$ACCOUNT_ID</code> dynamically fetches your 12-digit AWS account number using the STS (Security Token Service) API, no hardcoding needed. <code>$SERVICE_NAME</code> is the name we'll use consistently for ECR repositories, images, and services.</p> <p><strong>Expected output for <code>$ACCOUNT_ID</code>:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>048908710060 </code></pre> </div> <p>A 12-digit number. If this fails, your AWS CLI isn't configured. Run <code>aws configure</code> first.</p> <h2> Step 2 — Push Your Docker Image to Amazon ECR </h2> <p>Amazon ECR (Elastic Container Registry) is AWS's managed Docker image registry. Think of it like Docker Hub, but private and tightly integrated with the rest of AWS. ECS will pull your image from here when launching containers.</p> <h3> 2.1 — Authenticate Docker with ECR </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">aws</span><span class="w"> </span><span class="nx">ecr</span><span class="w"> </span><span class="nx">get-login-password</span><span class="w"> </span><span class="nt">--region</span><span class="w"> </span><span class="nv">$REGION</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">docker</span><span class="w"> </span><span class="nx">login</span><span class="w"> </span><span class="nt">--username</span><span class="w"> </span><span class="nx">AWS</span><span class="w"> </span><span class="nt">--password-stdin</span><span class="w"> </span><span class="s2">"</span><span class="nv">$ACCOUNT_ID</span><span class="s2">.dkr.ecr.</span><span class="nv">$REGION</span><span class="s2">.amazonaws.com"</span><span class="w"> </span></code></pre> </div> <p>This pipes a temporary ECR authentication token directly into the Docker login command. The token is valid for 12 hours.</p> <p><strong>Expected output:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Login Succeeded </code></pre> </div> <p>If you see an authentication error, verify your IAM user has the <code>AmazonEC2ContainerRegistryFullAccess</code> policy attached.</p> <h3> 2.2 — Create the ECR Repository (First Time Only) </h3> <p>If you haven't already created a repository for this project:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">aws</span><span class="w"> </span><span class="nx">ecr</span><span class="w"> </span><span class="nx">create-repository</span><span class="w"> </span><span class="nt">--repository-name</span><span class="w"> </span><span class="nv">$SERVICE_NAME</span><span class="w"> </span><span class="nt">--region</span><span class="w"> </span><span class="nv">$REGION</span><span class="w"> </span></code></pre> </div> <p><strong>Expected output:</strong> A JSON block describing your new repository, including the <code>repositoryUri</code> which looks like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>048908710060.dkr.ecr.us-east-1.amazonaws.com/bike-rental-forecasting </code></pre> </div> <h3> 2.3 — Build Your Docker Image </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">docker</span><span class="w"> </span><span class="nx">build</span><span class="w"> </span><span class="nt">-f</span><span class="w"> </span><span class="nx">Dockerfile.aws</span><span class="w"> </span><span class="nt">-t</span><span class="w"> </span><span class="nv">$SERVICE_NAME</span><span class="w"> </span><span class="o">.</span><span class="w"> </span></code></pre> </div> <p>We use a dedicated <code>Dockerfile.aws</code> here. It's good practice to have a separate Dockerfile for cloud deployments that strips out local dev dependencies and optimises for image size.</p> <p><strong>Expected output:</strong> A series of build steps ending in:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">Successfully built &lt;image-id&gt;</span><span class="w"> </span><span class="go">Successfully tagged bike-rental-forecasting:latest </span></code></pre> </div> <h3> 2.4 — Tag and Push the Image </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">docker</span><span class="w"> </span><span class="nx">tag</span><span class="w"> </span><span class="s2">"</span><span class="nv">${SERVICE_NAME}</span><span class="s2">:latest"</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="s2">"</span><span class="nv">$ACCOUNT_ID</span><span class="s2">.dkr.ecr.</span><span class="nv">$REGION</span><span class="s2">.amazonaws.com/</span><span class="nv">${SERVICE_NAME}</span><span class="s2">:latest"</span><span class="w"> </span><span class="n">docker</span><span class="w"> </span><span class="nx">push</span><span class="w"> </span><span class="s2">"</span><span class="nv">$ACCOUNT_ID</span><span class="s2">.dkr.ecr.</span><span class="nv">$REGION</span><span class="s2">.amazonaws.com/</span><span class="nv">${SERVICE_NAME}</span><span class="s2">:latest"</span><span class="w"> </span></code></pre> </div> <p>The tag command gives your local image the full ECR address. The push uploads it layer by layer.</p> <p><strong>Expected output:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="go">The push refers to repository [048908710060.dkr.ecr.us-east-1.amazonaws.com/bike-rental-forecasting] latest: digest: sha256:abc123... size: 1234 </span></code></pre> </div> <blockquote> <p><strong>Tip:</strong> If the push fails mid-way with a TLS timeout, don't panic — just re-run the push command. Docker is smart enough to detect already-uploaded layers and resume from where it left off. Only the remaining layers will be transferred.</p> </blockquote> <h2> Step 3 — Create the IAM Task Execution Role </h2> <p>ECS containers don't have your credentials. They need an IAM role to do things like pull images from ECR and write logs to CloudWatch. This role is called the <strong>task execution role</strong>, and it must exist before you can register any task definition.</p> <h3> 3.1 — Write the Trust Policy and Create the Role </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="nv">$trustPolicy</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="sh">@" { "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Principal": { "Service": "ecs-tasks.amazonaws.com" }, "Action": "sts:AssumeRole" }] } "@</span><span class="w"> </span><span class="p">[</span><span class="n">System.IO.File</span><span class="p">]::</span><span class="n">WriteAllText</span><span class="p">(</span><span class="w"> </span><span class="s2">"</span><span class="bp">$PWD</span><span class="s2">\ecs-trust-policy.json"</span><span class="p">,</span><span class="w"> </span><span class="nv">$trustPolicy</span><span class="p">,</span><span class="w"> </span><span class="p">[</span><span class="n">System.Text.UTF8Encoding</span><span class="p">]::</span><span class="n">new</span><span class="p">(</span><span class="bp">$false</span><span class="p">))</span><span class="w"> </span><span class="n">aws</span><span class="w"> </span><span class="nx">iam</span><span class="w"> </span><span class="nx">create-role</span><span class="w"> </span><span class="nt">--role-name</span><span class="w"> </span><span class="nx">ecsTaskExecutionRole</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--assume-role-policy-document</span><span class="w"> </span><span class="nx">file://ecs-trust-policy.json</span><span class="w"> </span></code></pre> </div> <p>The trust policy tells AWS: "ECS tasks are allowed to assume this role." We write it to a file first (without a BOM, hence the UTF8Encoding trick) because the AWS CLI reads it from disk.</p> <p><strong>Expected output:</strong> A JSON block describing the newly created role, including its ARN:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Role"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"RoleName"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ecsTaskExecutionRole"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Arn"</span><span class="p">:</span><span class="w"> </span><span class="s2">"arn:aws:iam::048908710060:role/ecsTaskExecutionRole"</span><span class="p">,</span><span class="w"> </span><span class="err">...</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> 3.2 — Attach the Required Policies </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">aws</span><span class="w"> </span><span class="nx">iam</span><span class="w"> </span><span class="nx">attach-role-policy</span><span class="w"> </span><span class="nt">--role-name</span><span class="w"> </span><span class="nx">ecsTaskExecutionRole</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--policy-arn</span><span class="w"> </span><span class="nx">arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy</span><span class="w"> </span><span class="n">aws</span><span class="w"> </span><span class="nx">iam</span><span class="w"> </span><span class="nx">attach-role-policy</span><span class="w"> </span><span class="nt">--role-name</span><span class="w"> </span><span class="nx">ecsTaskExecutionRole</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--policy-arn</span><span class="w"> </span><span class="nx">arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly</span><span class="w"> </span></code></pre> </div> <p><code>AmazonECSTaskExecutionRolePolicy</code> covers CloudWatch Logs and Secrets Manager access. <code>AmazonEC2ContainerRegistryReadOnly</code> lets the task pull images from ECR. Both are AWS-managed policies, so they're always up to date.</p> <p><strong>Expected output:</strong> No output means success. AWS CLI returns nothing for successful <code>attach-role-policy</code> calls.</p> <blockquote> <p><strong>Note:</strong> If the role already exists from a previous deployment, you'll get an error on <code>create-role</code>. That's fine — skip creation and jump straight to the attach commands.</p> </blockquote> <h2> Step 4 — Create the ECS Cluster </h2> <p>The cluster is the logical grouping that holds all your services and tasks. With Fargate, there are no EC2 instances to manage, the cluster is purely an organizational boundary.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">aws</span><span class="w"> </span><span class="nx">ecs</span><span class="w"> </span><span class="nx">create-cluster</span><span class="w"> </span><span class="nt">--cluster-name</span><span class="w"> </span><span class="nx">bike-rental-cluster</span><span class="w"> </span><span class="nt">--region</span><span class="w"> </span><span class="nv">$REGION</span><span class="w"> </span></code></pre> </div> <p><strong>Expected output:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"cluster"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"clusterName"</span><span class="p">:</span><span class="w"> </span><span class="s2">"bike-rental-cluster"</span><span class="p">,</span><span class="w"> </span><span class="nl">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ACTIVE"</span><span class="p">,</span><span class="w"> </span><span class="nl">"registeredContainerInstancesCount"</span><span class="p">:</span><span class="w"> </span><span class="mi">0</span><span class="p">,</span><span class="w"> </span><span class="nl">"runningTasksCount"</span><span class="p">:</span><span class="w"> </span><span class="mi">0</span><span class="p">,</span><span class="w"> </span><span class="err">...</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><code>registeredContainerInstancesCount: 0</code> is expected with Fargate, there are no managed EC2 instances. Fargate provisions compute on-demand when tasks launch.</p> <h2> Step 5 — Configure Networking (VPC, Subnet, Security Group) </h2> <p>ECS Fargate tasks run inside your VPC. We need to identify the right subnet for them to launch in, and create a security group that controls what traffic can reach them.</p> <h3> 5.1 — Get the Default VPC and Subnet </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="nv">$VPC_ID</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">aws</span><span class="w"> </span><span class="nx">ec2</span><span class="w"> </span><span class="nx">describe-vpcs</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--filters</span><span class="w"> </span><span class="s2">"Name=isDefault,Values=true"</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--query</span><span class="w"> </span><span class="s2">"Vpcs[0].VpcId"</span><span class="w"> </span><span class="nt">--output</span><span class="w"> </span><span class="nx">text</span><span class="w"> </span><span class="nt">--region</span><span class="w"> </span><span class="nv">$REGION</span><span class="w"> </span><span class="nv">$SUBNET_ID</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">aws</span><span class="w"> </span><span class="nx">ec2</span><span class="w"> </span><span class="nx">describe-subnets</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--filters</span><span class="w"> </span><span class="s2">"Name=vpc-id,Values=</span><span class="nv">$VPC_ID</span><span class="s2">"</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--query</span><span class="w"> </span><span class="s2">"Subnets[0].SubnetId"</span><span class="w"> </span><span class="nt">--output</span><span class="w"> </span><span class="nx">text</span><span class="w"> </span><span class="nt">--region</span><span class="w"> </span><span class="nv">$REGION</span><span class="w"> </span></code></pre> </div> <p><strong>Expected output:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>vpc-0ebc1234dar56786a subnet-0328456779xbvhet0 </code></pre> </div> <p>We use the default VPC here for simplicity. In a production setup, you'd use a custom VPC with private subnets and a load balancer in front.</p> <h3> 5.2 — Create a Security Group and Open Required Ports </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="nv">$SG_ID</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">aws</span><span class="w"> </span><span class="nx">ec2</span><span class="w"> </span><span class="nx">create-security-group</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--group-name</span><span class="w"> </span><span class="nx">bike-rental-sg</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--description</span><span class="w"> </span><span class="s2">"Bike Rental App Security Group"</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--vpc-id</span><span class="w"> </span><span class="nv">$VPC_ID</span><span class="w"> </span><span class="nt">--query</span><span class="w"> </span><span class="s2">"GroupId"</span><span class="w"> </span><span class="nt">--output</span><span class="w"> </span><span class="nx">text</span><span class="w"> </span><span class="nt">--region</span><span class="w"> </span><span class="nv">$REGION</span><span class="w"> </span></code></pre> </div> <p><strong>Expected output:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sg-1abc026def476580a </code></pre> </div> <p>Now open the two ports we need:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="c"># Port 8050 — Dash dashboard (HTTP traffic from the internet)</span><span class="w"> </span><span class="n">aws</span><span class="w"> </span><span class="nx">ec2</span><span class="w"> </span><span class="nx">authorize-security-group-ingress</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--group-id</span><span class="w"> </span><span class="nv">$SG_ID</span><span class="w"> </span><span class="nt">--protocol</span><span class="w"> </span><span class="nx">tcp</span><span class="w"> </span><span class="nt">--port</span><span class="w"> </span><span class="nx">8050</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--cidr</span><span class="w"> </span><span class="nx">0.0.0.0/0</span><span class="w"> </span><span class="nt">--region</span><span class="w"> </span><span class="nv">$REGION</span><span class="w"> </span><span class="c"># Port 2049 — NFS/EFS (shared storage between containers)</span><span class="w"> </span><span class="n">aws</span><span class="w"> </span><span class="nx">ec2</span><span class="w"> </span><span class="nx">authorize-security-group-ingress</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--group-id</span><span class="w"> </span><span class="nv">$SG_ID</span><span class="w"> </span><span class="nt">--protocol</span><span class="w"> </span><span class="nx">tcp</span><span class="w"> </span><span class="nt">--port</span><span class="w"> </span><span class="nx">2049</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--cidr</span><span class="w"> </span><span class="nx">0.0.0.0/0</span><span class="w"> </span><span class="nt">--region</span><span class="w"> </span><span class="nv">$REGION</span><span class="w"> </span></code></pre> </div> <p>Port 8050 is where Dash serves the dashboard. Port 2049 is the NFS protocol port that EFS uses. Both rules accept traffic from anywhere (<code>0.0.0.0/0</code>). You can restrict this by IP range for a more secure setup.</p> <p><strong>Expected output for each:</strong> A JSON block confirming the rule was added, showing the protocol, port range, and IP range.</p> <h2> Step 6 — Register Task Definitions </h2> <p>A task definition is ECS's equivalent of a <code>docker-compose.yml</code>. It describes what image to run, how much CPU and memory to allocate, what command to execute, and what ports to expose. We need two: one for the dashboard and one for the inference service.</p> <h3> 6.1 — UI / Dashboard Task Definition </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="nv">$taskDef</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="sh">@" { "family": "bike-rental-task", "networkMode": "awsvpc", "requiresCompatibilities": ["FARGATE"], "cpu": "256", "memory": "512", "executionRoleArn": "arn:aws:iam::</span><span class="nv">${ACCOUNT_ID}</span><span class="sh">:role/ecsTaskExecutionRole", "containerDefinitions": [{ "name": "bike-rental-app", "image": "</span><span class="nv">${ACCOUNT_ID}</span><span class="sh">.dkr.ecr.</span><span class="nv">${REGION}</span><span class="sh">.amazonaws.com/</span><span class="nv">${SERVICE_NAME}</span><span class="sh">:latest", "command": ["python", "entrypoints/app_ui.py"], "portMappings": [{"containerPort": 8050, "protocol": "tcp"}], "environment": [{"name": "PORT", "value": "8050"}] }] } "@</span><span class="w"> </span><span class="p">[</span><span class="n">System.IO.File</span><span class="p">]::</span><span class="n">WriteAllText</span><span class="p">(</span><span class="w"> </span><span class="s2">"</span><span class="bp">$PWD</span><span class="s2">\task-def.json"</span><span class="p">,</span><span class="w"> </span><span class="nv">$taskDef</span><span class="p">,</span><span class="w"> </span><span class="p">[</span><span class="n">System.Text.UTF8Encoding</span><span class="p">]::</span><span class="n">new</span><span class="p">(</span><span class="bp">$false</span><span class="p">))</span><span class="w"> </span><span class="n">aws</span><span class="w"> </span><span class="nx">ecs</span><span class="w"> </span><span class="nx">register-task-definition</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--cli-input-json</span><span class="w"> </span><span class="nx">file://task-def.json</span><span class="w"> </span><span class="nt">--region</span><span class="w"> </span><span class="nv">$REGION</span><span class="w"> </span></code></pre> </div> <p>A few things worth noting:</p> <ul> <li> <code>"cpu": "256"</code> means 0.25 vCPU. <code>"memory": "512"</code> means 512 MB. These are the smallest Fargate allocations, enough for a lightweight dashboard.</li> <li> <code>networkMode: awsvpc</code> gives each task its own elastic network interface (ENI) with its own IP required for Fargate.</li> <li>The <code>command</code> overrides the Dockerfile's default CMD, so we can reuse one image for both services.</li> </ul> <p><strong>Expected output:</strong> A large JSON block containing <code>taskDefinitionArn</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>arn:aws:ecs:us-east-1:038304770010:task-definition/bike-rental-task:1 </code></pre> </div> <p>The <code>:1</code> at the end is the revision number. Every time you register a new version of the same task definition, this increments.</p> <h3> 6.2 — Inference Task Definition </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="nv">$inferenceTaskDef</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="sh">@" { "family": "bike-rental-inference-task", "networkMode": "awsvpc", "requiresCompatibilities": ["FARGATE"], "cpu": "256", "memory": "512", "executionRoleArn": "arn:aws:iam::</span><span class="nv">${ACCOUNT_ID}</span><span class="sh">:role/ecsTaskExecutionRole", "containerDefinitions": [{ "name": "bike-rental-inference", "image": "</span><span class="nv">${ACCOUNT_ID}</span><span class="sh">.dkr.ecr.</span><span class="nv">${REGION}</span><span class="sh">.amazonaws.com/</span><span class="nv">${SERVICE_NAME}</span><span class="sh">:latest", "command": ["python", "entrypoints/inference.py"] }] } "@</span><span class="w"> </span><span class="p">[</span><span class="n">System.IO.File</span><span class="p">]::</span><span class="n">WriteAllText</span><span class="p">(</span><span class="w"> </span><span class="s2">"</span><span class="bp">$PWD</span><span class="s2">\inference-task-def.json"</span><span class="p">,</span><span class="w"> </span><span class="nv">$inferenceTaskDef</span><span class="p">,</span><span class="w"> </span><span class="p">[</span><span class="n">System.Text.UTF8Encoding</span><span class="p">]::</span><span class="n">new</span><span class="p">(</span><span class="bp">$false</span><span class="p">))</span><span class="w"> </span><span class="n">aws</span><span class="w"> </span><span class="nx">ecs</span><span class="w"> </span><span class="nx">register-task-definition</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--cli-input-json</span><span class="w"> </span><span class="nx">file://inference-task-def.json</span><span class="w"> </span><span class="nt">--region</span><span class="w"> </span><span class="nv">$REGION</span><span class="w"> </span></code></pre> </div> <p>Notice this task has no <code>portMappings</code>.The inference container doesn't serve HTTP traffic. It just runs the pipeline and writes results to the shared volume. The only difference from the UI task is the <code>command</code>.</p> <p><strong>Expected output:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>arn:aws:ecs:us-east-1:038304770010:task-definition/bike-rental-inference-task:1 </code></pre> </div> <h2> Step 7 — Set Up EFS Shared Storage </h2> <p>Both containers need to share data, the inference service writes predictions, and the dashboard reads them. In Docker locally, this is a named volume. On AWS, we use <strong>Amazon EFS (Elastic File System)</strong> — a managed, serverless NFS file system that multiple containers can mount simultaneously.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="nv">$EFS_ID</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">aws</span><span class="w"> </span><span class="nx">efs</span><span class="w"> </span><span class="nx">create-file-system</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--performance-mode</span><span class="w"> </span><span class="nx">generalPurpose</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--query</span><span class="w"> </span><span class="s2">"FileSystemId"</span><span class="w"> </span><span class="nt">--output</span><span class="w"> </span><span class="nx">text</span><span class="w"> </span><span class="nt">--region</span><span class="w"> </span><span class="nv">$REGION</span><span class="w"> </span></code></pre> </div> <p><strong>Expected output:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>fs-0abc1234def56789a </code></pre> </div> <p>Then create a mount target. This is the network endpoint that makes EFS accessible from within your subnet:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">aws</span><span class="w"> </span><span class="nx">efs</span><span class="w"> </span><span class="nx">create-mount-target</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--file-system-id</span><span class="w"> </span><span class="nv">$EFS_ID</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--subnet-id</span><span class="w"> </span><span class="nv">$SUBNET_ID</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--security-groups</span><span class="w"> </span><span class="nv">$SG_ID</span><span class="w"> </span><span class="nt">--region</span><span class="w"> </span><span class="nv">$REGION</span><span class="w"> </span></code></pre> </div> <p><strong>Expected output:</strong> A JSON block describing the mount target, including its IP address within the subnet. Wait a minute or two for the state to transition from <code>creating</code> to <code>available</code> before proceeding.</p> <blockquote> <p><strong>Why EFS?</strong> Unlike S3, EFS behaves like a traditional file system containers can open, write, and read files using normal file I/O. No special SDK needed. For ML pipelines that exchange files between services, this is the simplest approach on AWS.</p> </blockquote> <p>To use EFS in your task definitions, add a <code>volumes</code> block and <code>mountPoints</code> to each container definition. Here's the pattern to add to your task JSON:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="nl">"volumes"</span><span class="p">:</span><span class="w"> </span><span class="p">[{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"shared-data"</span><span class="p">,</span><span class="w"> </span><span class="nl">"efsVolumeConfiguration"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"fileSystemId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"&lt;YOUR_EFS_ID&gt;"</span><span class="p">,</span><span class="w"> </span><span class="nl">"rootDirectory"</span><span class="p">:</span><span class="w"> </span><span class="s2">"/"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}]</span><span class="err">,</span><span class="w"> </span><span class="nl">"containerDefinitions"</span><span class="p">:</span><span class="w"> </span><span class="p">[{</span><span class="w"> </span><span class="err">...</span><span class="w"> </span><span class="nl">"mountPoints"</span><span class="p">:</span><span class="w"> </span><span class="p">[{</span><span class="w"> </span><span class="nl">"sourceVolume"</span><span class="p">:</span><span class="w"> </span><span class="s2">"shared-data"</span><span class="p">,</span><span class="w"> </span><span class="nl">"containerPath"</span><span class="p">:</span><span class="w"> </span><span class="s2">"/app/data"</span><span class="p">,</span><span class="w"> </span><span class="nl">"readOnly"</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w"> </span><span class="p">}]</span><span class="w"> </span><span class="p">}]</span><span class="w"> </span></code></pre> </div> <h2> Step 8 — Create and Deploy ECS Services </h2> <p>An ECS service is what keeps your task running. If a task crashes, the service restarts it automatically. It also handles scaling, load balancer integration, and rolling deployments.</p> <h3> 8.1 — Create the UI Service </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">aws</span><span class="w"> </span><span class="nx">ecs</span><span class="w"> </span><span class="nx">create-service</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--cluster</span><span class="w"> </span><span class="nx">bike-rental-cluster</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--service-name</span><span class="w"> </span><span class="nx">bike-rental-service</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--task-definition</span><span class="w"> </span><span class="nx">bike-rental-task</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--desired-count</span><span class="w"> </span><span class="nx">1</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--launch-type</span><span class="w"> </span><span class="nx">FARGATE</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--network-configuration</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="s2">"awsvpcConfiguration={subnets=[</span><span class="nv">$SUBNET_ID</span><span class="s2">],securityGroups=[</span><span class="nv">$SG_ID</span><span class="s2">],assignPublicIp=ENABLED}"</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--region</span><span class="w"> </span><span class="nv">$REGION</span><span class="w"> </span></code></pre> </div> <p><code>--desired-count 1</code> tells ECS to keep exactly one task running at all times. <code>assignPublicIp=ENABLED</code> gives the task a public IP so we can reach the dashboard from a browser.</p> <p><strong>Expected output:</strong> A large JSON block with <code>"status": "ACTIVE"</code> and <code>"runningCount": 0</code>. The count starts at 0 and increments as the task pulls the image and starts — usually takes 30–90 seconds.</p> <h3> 8.2 — Create the Inference Service </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">aws</span><span class="w"> </span><span class="nx">ecs</span><span class="w"> </span><span class="nx">create-service</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--cluster</span><span class="w"> </span><span class="nx">bike-rental-cluster</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--service-name</span><span class="w"> </span><span class="nx">bike-rental-inference</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--task-definition</span><span class="w"> </span><span class="nx">bike-rental-inference-task</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--desired-count</span><span class="w"> </span><span class="nx">1</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--launch-type</span><span class="w"> </span><span class="nx">FARGATE</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--network-configuration</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="s2">"awsvpcConfiguration={subnets=[</span><span class="nv">$SUBNET_ID</span><span class="s2">],securityGroups=[</span><span class="nv">$SG_ID</span><span class="s2">],assignPublicIp=ENABLED}"</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--region</span><span class="w"> </span><span class="nv">$REGION</span><span class="w"> </span></code></pre> </div> <p><strong>Expected output:</strong> Same structure as above with <code>"serviceName": "bike-rental-inference"</code>.</p> <h3> 8.3 — Force a Re-Deploy After Updates </h3> <p>Whenever you push a new image or update the task definition, trigger a forced re-deployment:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">aws</span><span class="w"> </span><span class="nx">ecs</span><span class="w"> </span><span class="nx">update-service</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--cluster</span><span class="w"> </span><span class="nx">bike-rental-cluster</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--service</span><span class="w"> </span><span class="nx">bike-rental-service</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--task-definition</span><span class="w"> </span><span class="nx">bike-rental-task</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--force-new-deployment</span><span class="w"> </span><span class="nt">--region</span><span class="w"> </span><span class="nv">$REGION</span><span class="w"> </span><span class="n">aws</span><span class="w"> </span><span class="nx">ecs</span><span class="w"> </span><span class="nx">update-service</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--cluster</span><span class="w"> </span><span class="nx">bike-rental-cluster</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--service</span><span class="w"> </span><span class="nx">bike-rental-inference</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--task-definition</span><span class="w"> </span><span class="nx">bike-rental-inference-task</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--force-new-deployment</span><span class="w"> </span><span class="nt">--region</span><span class="w"> </span><span class="nv">$REGION</span><span class="w"> </span></code></pre> </div> <p>ECS will launch new tasks with the updated image, wait for them to become healthy, then stop the old ones, zero-downtime rolling deployment by default.</p> <h2> Step 9 — Get the Public IP of Your Running Task </h2> <p>Once the services are running, you need the public IP to access the dashboard.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="nv">$TASKS</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">aws</span><span class="w"> </span><span class="nx">ecs</span><span class="w"> </span><span class="nx">list-tasks</span><span class="w"> </span><span class="nt">--cluster</span><span class="w"> </span><span class="nx">bike-rental-cluster</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--query</span><span class="w"> </span><span class="s2">"taskArns"</span><span class="w"> </span><span class="nt">--output</span><span class="w"> </span><span class="nx">text</span><span class="w"> </span><span class="nt">--region</span><span class="w"> </span><span class="nv">$REGION</span><span class="w"> </span><span class="kr">foreach</span><span class="w"> </span><span class="p">(</span><span class="nv">$TASK</span><span class="w"> </span><span class="kr">in</span><span class="w"> </span><span class="nv">$TASKS</span><span class="o">.</span><span class="nf">Split</span><span class="p">())</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nv">$ENI</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">aws</span><span class="w"> </span><span class="nx">ecs</span><span class="w"> </span><span class="nx">describe-tasks</span><span class="w"> </span><span class="nt">--cluster</span><span class="w"> </span><span class="nx">bike-rental-cluster</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--tasks</span><span class="w"> </span><span class="nv">$TASK</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--query</span><span class="w"> </span><span class="s2">"tasks[0].attachments[0].details[?name=='networkInterfaceId'].value"</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--output</span><span class="w"> </span><span class="nx">text</span><span class="w"> </span><span class="nt">--region</span><span class="w"> </span><span class="nv">$REGION</span><span class="w"> </span><span class="nv">$IP</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">aws</span><span class="w"> </span><span class="nx">ec2</span><span class="w"> </span><span class="nx">describe-network-interfaces</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--network-interface-ids</span><span class="w"> </span><span class="nv">$ENI</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--query</span><span class="w"> </span><span class="s2">"NetworkInterfaces[0].Association.PublicIp"</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--output</span><span class="w"> </span><span class="nx">text</span><span class="w"> </span><span class="nt">--region</span><span class="w"> </span><span class="nv">$REGION</span><span class="w"> </span><span class="nv">$CONTAINER</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">aws</span><span class="w"> </span><span class="nx">ecs</span><span class="w"> </span><span class="nx">describe-tasks</span><span class="w"> </span><span class="nt">--cluster</span><span class="w"> </span><span class="nx">bike-rental-cluster</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--tasks</span><span class="w"> </span><span class="nv">$TASK</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--query</span><span class="w"> </span><span class="s2">"tasks[0].containers[0].name"</span><span class="w"> </span><span class="nt">--output</span><span class="w"> </span><span class="nx">text</span><span class="w"> </span><span class="nt">--region</span><span class="w"> </span><span class="nv">$REGION</span><span class="w"> </span><span class="n">echo</span><span class="w"> </span><span class="s2">"Container: </span><span class="nv">$CONTAINER</span><span class="s2"> -&gt; http://</span><span class="nv">${IP}</span><span class="s2">:8050"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>This script loops over all running tasks, finds their network interface, resolves the public IP, and prints a clickable URL.</p> <p><strong>Expected output:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="gp">Container: bike-rental-app -&gt;</span><span class="w"> </span>http://54.123.45.68:8050 <span class="gp">Container: bike-rental-inference -&gt;</span><span class="w"> </span>http://54.123.45.69:8050 </code></pre> </div> <p>Open the UI container's URL in your browser and you should see the live dashboard — predictions updating every second, the chart scrolling in real time.</p> <h2> Step 10 — Monitoring and Debugging </h2> <p>Once deployed, here are the commands you'll reach for most often.</p> <p><strong>Check overall service health:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">aws</span><span class="w"> </span><span class="nx">ecs</span><span class="w"> </span><span class="nx">describe-services</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--cluster</span><span class="w"> </span><span class="nx">bike-rental-cluster</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--services</span><span class="w"> </span><span class="nx">bike-rental-service</span><span class="w"> </span><span class="nx">bike-rental-inference</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--region</span><span class="w"> </span><span class="nv">$REGION</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--query</span><span class="w"> </span><span class="s2">"services[*].{Name:serviceName,Running:runningCount,Pending:pendingCount,Status:status}"</span><span class="w"> </span></code></pre> </div> <p><strong>Expected output:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"bike-rental-service"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Running"</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="nl">"Pending"</span><span class="p">:</span><span class="w"> </span><span class="mi">0</span><span class="p">,</span><span class="w"> </span><span class="nl">"Status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ACTIVE"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"bike-rental-inference"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Running"</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="nl">"Pending"</span><span class="p">:</span><span class="w"> </span><span class="mi">0</span><span class="p">,</span><span class="w"> </span><span class="nl">"Status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ACTIVE"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span></code></pre> </div> <p><code>Running: 1</code> for both means everything is healthy.</p> <p><strong>Check recent service events (where errors appear):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">aws</span><span class="w"> </span><span class="nx">ecs</span><span class="w"> </span><span class="nx">describe-services</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--cluster</span><span class="w"> </span><span class="nx">bike-rental-cluster</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--services</span><span class="w"> </span><span class="nx">bike-rental-service</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--region</span><span class="w"> </span><span class="nv">$REGION</span><span class="w"> </span><span class="nt">--query</span><span class="w"> </span><span class="s2">"services[0].events"</span><span class="w"> </span></code></pre> </div> <p>This is the first place to look when a deployment fails. ECS logs events like image pull failures, task launch errors, and health check failures here in chronological order.</p> <p><strong>List all running tasks:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">aws</span><span class="w"> </span><span class="nx">ecs</span><span class="w"> </span><span class="nx">list-tasks</span><span class="w"> </span><span class="nt">--cluster</span><span class="w"> </span><span class="nx">bike-rental-cluster</span><span class="w"> </span><span class="nt">--region</span><span class="w"> </span><span class="nv">$REGION</span><span class="w"> </span></code></pre> </div> <p><strong>Verify security group rules are correct:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">aws</span><span class="w"> </span><span class="nx">ec2</span><span class="w"> </span><span class="nx">describe-security-groups</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--group-ids</span><span class="w"> </span><span class="nv">$SG_ID</span><span class="w"> </span><span class="nt">--region</span><span class="w"> </span><span class="nv">$REGION</span><span class="w"> </span><span class="se">` </span><span class="w"> </span><span class="nt">--query</span><span class="w"> </span><span class="s2">"SecurityGroups[0].IpPermissions"</span><span class="w"> </span></code></pre> </div> <p>If your dashboard is unreachable, a missing or misconfigured security group rule is the most common culprit. Check that port 8050 is open with <code>0.0.0.0/0</code> CIDR.</p> <h2> Architecture Summary </h2> <p>Here's a bird's-eye view of what we built:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6su86i0u8xy4gb1bidev.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6su86i0u8xy4gb1bidev.png" alt=" "></a></p> <h2> Key Takeaways </h2> <p>Deploying an ML application on AWS doesn't require Kubernetes or a platform team. With ECR, ECS Fargate, and EFS, you get:</p> <ul> <li> <strong>Managed container orchestration</strong> : no EC2 instances to patch or maintain</li> <li> <strong>Serverless scaling</strong> : Fargate provisions compute on-demand</li> <li> <strong>Shared persistent storage</strong> : EFS lets multiple containers share a file system like they're on the same machine</li> <li> <strong>Fast iteration</strong> : push a new image, run <code>update-service --force-new-deployment</code>, done</li> </ul> <p>The full deployment from a working Docker image to a live public URL took me less than an hour following this sequence. The trickiest parts were the IAM role setup (easy to get wrong, hard to debug) and remembering that ECS events — not CloudWatch Logs — is where deployment errors show up first.</p> <p>I hope this guide saves you some of the trial and error I went through. If you have questions or run into something unexpected, drop a comment below.</p> <p><em>All commands were tested and verified during an actual deployment. Account IDs in examples are illustrative.</em></p> <p>Find Attached the Link to the deployed application: <a href="https://drive.google.com/file/d/1tQp4gdg3AauQ8eNbeLZFdivRdCnvMRB9/view?usp=sharing" rel="noopener noreferrer">https://drive.google.com/file/d/1tQp4gdg3AauQ8eNbeLZFdivRdCnvMRB9/view?usp=sharing</a></p> ai python machinelearning aws Learning AI Evaluation on AWS Without the Complexity Tendong Brain Nkengafac Sat, 09 May 2026 13:51:02 +0000 https://dev.to/tendong_brain/-17gj https://dev.to/tendong_brain/-17gj <div class="ltag__link--embedded"> <div class="crayons-story "> <a href="https://dev.to/tidding/how-i-evaluated-an-ai-model-on-aws-without-writing-a-single-line-of-training-code-20o9" class="crayons-story__hidden-navigation-link">How I Evaluated an AI Model on AWS Without Writing a Single Line of Training Code</a> <div class="crayons-story__body crayons-story__body-full_post"> <div class="crayons-story__top"> <div class="crayons-story__meta"> <div class="crayons-story__author-pic"> <a href="/tidding" class="crayons-avatar crayons-avatar--l "> <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1451266%2F0e52ea0e-d12c-4765-9838-4ddcc1b65f4e.png" alt="tidding profile" class="crayons-avatar__image" width="400" height="400"> </a> </div> <div> <div> <a href="/tidding" class="crayons-story__secondary fw-medium m:hidden"> Tidding Ramsey </a> <div class="profile-preview-card relative mb-4 s:mb-0 fw-medium hidden m:inline-block"> Tidding Ramsey <div id="story-author-preview-content-3640484" class="profile-preview-card__content crayons-dropdown branded-7 p-4 pt-0"> <div class="gap-4 grid"> <div class="-mt-4"> <a href="/tidding" class="flex"> <span class="crayons-avatar crayons-avatar--xl mr-2 shrink-0"> <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1451266%2F0e52ea0e-d12c-4765-9838-4ddcc1b65f4e.png" class="crayons-avatar__image" alt="" width="400" height="400"> </span> <span class="crayons-link crayons-subtitle-2 mt-5">Tidding Ramsey</span> </a> </div> <div class="print-hidden"> Follow </div> <div class="author-preview-metadata-container"></div> </div> </div> </div> </div> <a href="https://dev.to/tidding/how-i-evaluated-an-ai-model-on-aws-without-writing-a-single-line-of-training-code-20o9" class="crayons-story__tertiary fs-xs"><time>May 9</time><span class="time-ago-indicator-initial-placeholder"></span></a> </div> </div> </div> <div class="crayons-story__indention"> <h2 class="crayons-story__title crayons-story__title-full_post"> <a href="https://dev.to/tidding/how-i-evaluated-an-ai-model-on-aws-without-writing-a-single-line-of-training-code-20o9" id="article-link-3640484"> How I Evaluated an AI Model on AWS Without Writing a Single Line of Training Code </a> </h2> <div class="crayons-story__tags"> <a class="crayons-tag crayons-tag--monochrome " href="/t/ai"><span class="crayons-tag__prefix">#</span>ai</a> <a class="crayons-tag crayons-tag--monochrome " href="/t/aws"><span class="crayons-tag__prefix">#</span>aws</a> <a class="crayons-tag crayons-tag--monochrome " href="/t/machinelearning"><span class="crayons-tag__prefix">#</span>machinelearning</a> <a class="crayons-tag crayons-tag--monochrome " href="/t/cloudcomputing"><span class="crayons-tag__prefix">#</span>cloudcomputing</a> </div> <div class="crayons-story__bottom"> <div class="crayons-story__details"> <a href="https://dev.to/tidding/how-i-evaluated-an-ai-model-on-aws-without-writing-a-single-line-of-training-code-20o9" class="crayons-btn crayons-btn--s crayons-btn--ghost crayons-btn--icon-left"> <div class="multiple_reactions_aggregate"> <span class="multiple_reactions_icons_container"> <span class="crayons_icon_container"> <img src="https://assets.dev.to/assets/fire-f60e7a582391810302117f987b22a8ef04a2fe0df7e3258a5f49332df1cec71e.svg" width="24" height="24"> </span> <span class="crayons_icon_container"> <img src="https://assets.dev.to/assets/sparkle-heart-5f9bee3767e18deb1bb725290cb151c25234768a0e9a2bd39370c382d02920cf.svg" width="24" height="24"> </span> </span> <span class="aggregate_reactions_counter">4<span class="hidden s:inline"> reactions</span></span> </div> </a> <a href="https://dev.to/tidding/how-i-evaluated-an-ai-model-on-aws-without-writing-a-single-line-of-training-code-20o9#comments" class="crayons-btn crayons-btn--s crayons-btn--ghost crayons-btn--icon-left flex items-center"> Comments 1<span class="hidden s:inline"> comment</span> </a> </div> <div class="crayons-story__save"> <small class="crayons-story__tertiary fs-xs mr-2"> 6 min read </small> <span class="bm-initial"> </span> <span class="bm-success"> </span> </div> </div> </div> </div> </div> </div> ai aws machinelearning nocode