NOTE: This repo contains only the documentation for the private BoltsOps Pro repo code. Original file: https://github.com/boltopspro/ecs-asg/blob/master/README.md The docs are publish so they are available for interested customers. For access to the source code, you must be a paying BoltOps Pro subscriber. If are interested, you can contact us at firstname.lastname@example.org or https://www.boltops.com
ECS ASG Blueprint
- Setup config/settings.yml: Settings Setup
- Add blueprint to Gemfile
- Configure: configs/ecs-asg values
- Deploy blueprint
Add the blueprint to your lono project's
gem "ecs-asg", git: "email@example.com:boltopspro/ecs-asg.git"
Use the lono seed command to generate a starter config params files. Here are commands for the development and production environments:
LONO_ENV=development lono seed ecs-asg LONO_ENV=production lono seed ecs-asg
The files in
config/ecs-asg folder will look something like this:
configs/ecs-asg/ └── params ├── development.txt └── production.txt
There are 2 parameters required:
Vpc. Replace them with your values. The example starter
configs/ecs-asg/params/development.txt looks something like this:
# Required parameters: Vpc=vpc-111 # Find at vpc CloudFormation Outputs Subnets=subnet-111,subnet-222,subnet-333 # Find at vpc CloudFormation Outputs # Optional parameters: # InstanceType=m5.large # KeyName=... # SshLocation=... # EcsCluster=development # TagName=ecs-asg-development # ExistingIamInstanceProfile=... # ExistingSecurityGroups=... # EbsVolumeSize=50 # MinSize=1 # MaxSize=4 # MinInstancesInService=2 # MaxBatchSize=1
A quick way to get the VPC and subnet values is from the vpc CloudFormation Outputs. Here's an example of development.
It is recommended to run the ECS containers on the
Repeat the same process and configure params and variables files for the
production environment also.
Use the lono cfn deploy command to deploy.:
LONO_ENV=development lono cfn deploy ecs-asg --sure --no-wait LONO_ENV=production lono cfn deploy ecs-asg --sure --no-wait
If you are using One AWS Account, use these commands instead: One Account.
To access the ec2 instances for debugging we strongly recommend using SSM Session Manager. The instances in this blueprint have SSM manager installed. You can quickly setup Session Manager on your AWS account with the Session Manager Pro script.
A security group will be assigned to the ASG EC2 instances. The security group that may be created depends on how you configure the parameters. Here's how they work:
- If you would like to use a pre-created existing security group then set the
ExistingSecurityGroupsparameter. The existing security gorup will be used and no "managed" security group will be created by the CloudFormation template.
- If you would like the CloudFormation template to create and manage the security group for you. You can set the
SshLocationparameter. A security group with Port 22 will be whitelisted to that
- If the
SshLocationparameter is not set, then no managed security group will be created and the default security group will be assigned to the EC2 instances in the AutoScaling group.
The IAM permissions required for this stack are described below.
|autoscaling||Creates AutoScaling Group, Policies, Launch Configuration, Lifecycle Hook|
|cloudformation||To launch the CloudFormation stack.|
|cloudwatch||Alarm to trigger the AutoScaling Policies.|
|iam||Instance Profile associated with AutoScaling Group.|
|lambda||Lambda function for the AutoScaling Lifecycle Hook.|
|s3||Lono managed s3 bucket|
|sns||SNS Topic notification|
Back to Reference Architecture
That's it. Go back to the main boltopspro/reference-architecture