Beginner's AWS Guide: Containers and Infrastructure as Code (Part 8)

#aws #programming #cloud #devops

Objective:

This section explores containerisation and Infrastructure as Code (IaC) in AWS. We delve into Docker containers and how they solve deployment challenges, along with AWS ECS. We also examine the IaC service CloudFormation as a means for automating and managing cloud infrastructure through code rather than manual configuration!

Key IT Terminology: Containerisation 📦

Containerisation is like filling an isolated box with everything an application needs to run — instructions, tools, and supplies.

Once sealed, this box can be:

Shipped to any environment (local, test, production).
Duplicated to make identical containers.
Opened/ran anywhere with consistent behaviour — eliminating the “it only works on my machine” problem!

Image sourced from: https://www.xenonstack.com/insights/containerization

Key IT Terminology: Docker 🐳

Docker is a popular containerisation platform as it helps us package an app and everything it needs to run on any system — not just the one it was built on.

When packaging an app with Docker, we typically include:

The application code
Dependencies (supporting libraries, frameworks, packages)
A runtime version (e.g. Node.js, Python, Java)
System files, like environment variables and config files (setup blueprints)
A minimal OS layer, e.g. Linux or Windows (not the full OS, just what is needed)

Docker Hierarchy: Containers are built in layers

Dockerfile – A script with step-by-step instructions on what to put inside our box (our packing list).
Docker Image – A snapshot built from the Dockerfile (the sealed box). We can store images in registries like DockerHub or Amazon ECR to reuse them later.
Container – A running instance of that image (the opened box in action). We can run many containers from the same image!

ECS: Elastic Container Service 📦

Amazon ECS is a container orchestration service which helps us to deploy, manage, and scale Docker containers across AWS infrastructure.

We can run containers on two types of infrastructure:

EC2 launch type – We manage the server instances.
Fargate launch type – AWS manages the servers (serverless approach!).

Example: ECS Task Definition (EC2 launch type)

{
  "family": "simple-web-app",
  "containerDefinitions": [
    {
      "name": "web",
      "image": "nginx:latest",           // Docker image for the container
      "cpu": 256,                        // CPU units
      "memory": 512,                     // Memory in MB
      "portMappings": [                  // Port mapping for network configuration
        {
          "containerPort": 80,           // Port inside the container
          "hostPort": 80                 // Port on the ECS host
        }
      ],
      "environment": [                   // Environment variables
        {
          "name": "ENV",
          "value": "production"
        }
      ],
      "essential": true              // Marks this container as essential for the task
    }
  ],
  "requiresCompatibilities": ["EC2"],    // Compatible with EC2 launch type
  "cpu": "256",                          // Total CPU for the task
  "memory": "512",                       // Total memory for the task
  "taskRoleArn": "arn:aws:iam::123456789012:role/myTaskRole"
}

💡 EKS (Elastic Kubernetes Service) is another AWS orchestration tool — more advanced and Kubernetes-based.

CloudFormation: Infrastructure as Code (IaC) 🏗️

CloudFormation lets us write templates that define our desired AWS infrastructure using code rather than clicking through the AWS Console.

Templates are written in JSON or YAML (YAML is preferred), and can describe entire AWS environments, including EC2 instances, VPCs, databases, security groups, and their relationships.

CloudFormation Advantages:

CloudFormation Hierarchy

💡 One template can lead to many different stacks depending on the input parameters and conditions we set in our JSON/YAML file!

CloudFormation: Template Components Overview

IaC Example: S3 Bucket


AWSTemplateFormatVersion: '2024-09-09'
Description: Simple S3 bucket for storing application data

Parameters:
  BucketName:
    Type: String
    Description: The name of the S3 bucket to create
    Default: my-simple-app-bucket

Resources:
  MyS3Bucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Ref BucketName
      VersioningConfiguration:
        Status: Enabled
      PublicAccessBlockConfiguration:
        BlockPublicAcls: true
        BlockPublicPolicy: true
        IgnorePublicAcls: true
        RestrictPublicBuckets: true

Outputs:
  S3BucketName:
    Description: Name of the created S3 bucket
    Value: !Ref MyS3Bucket

  S3BucketArn:
    Description: ARN of the created S3 bucket
    Value: !GetAtt MyS3Bucket.Arn

🎯 TL;DR

Docker packages our app and everything it needs into portable containers.
ECS orchestrates and manages our Docker containers across AWS infrastructure.
CloudFormation templates define our infrastructure as code for consistency and repeatability, while stacks are running instances of our templates.

✨ This is part of a mini-series where I delve into everything cloud-related. Check out my other posts for further learning! ✨