How to run docker container on AWS Beanstalk
-
Build
docker build -t web_app .
-
Run
docker container run --detach -p 80:80 web_app
-
Test http://localhost/
-
Debug
docker container ps docker container attach --sig-proxy=false CONTAINER_ID docker container exec -i -t CONTAINER_ID /bin/bash
-
Kill
docker container kill CONTAINER_ID
-
Create ECR repository
aws cloudformation create-stack --stack-name web-app-repo --template-body file://ecr.yaml aws cloudformation describe-stacks --stack-name web-app-repo ... "Outputs": [ { "Description": "ECR ARN", "OutputKey": "RepositoryArn", "OutputValue": "arn:aws:ecr:eu-west-1:123456789012:repository/web-app-repo" } ], ...
-
Login to ECR
$(aws ecr get-login --no-include-email --region eu-west-1)
-
Tag containers
docker tag web_app:latest 123456789012.dkr.ecr.eu-west-1.amazonaws.com/web-app-repo:latest docker tag web_app:latest 123456789012.dkr.ecr.eu-west-1.amazonaws.com/web-app-repo:1.0
-
Push containers to ECR
docker push
-
List local and ECR images
docker images docker images 123456789012.dkr.ecr.eu-west-1.amazonaws.com/web-app-repo
-
VPC and subnets for hosting application infrastructure.
aws cloudformation create-stack --stack-name web-app-vpc --template-body file://vpc-1nat.yaml # NOTE: If you want dedicated NAT-GW for each AZ, use vpc.yaml -template
-
S3 bucket for Beanstalk application bundle.
If you don't already have s3logs-ACCOUNTID-REGION -bucket for storing S3 access logs, you must create one before creating bucket for application bundle. When S3 logging bucket is ready, create a bucket for Beanstalk application bundle.aws cloudformation create-stack --stack-name s3logs --template-body file://s3logs.yaml aws cloudformation create-stack --stack-name web-app-s3 --template-body file://s3bucket.yaml \ --parameters ParameterKey=bucketname,ParameterValue=web-app-123456789012
zip -r web-app.zip Dockerrun.aws.json .ebextensions
aws s3 cp web-app.zip s3://web-app-123456789012/web-app.zip
NOTE1: Remember to edit Dockerrun.aws.json to point your container image and tag in your ECR -repo. See https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_docker_v2config.html
NOTE2: .ebextensions is where you put all custom configuration you want to have on docker hosts run by Beanstalk. This can be extra software installed on EC2 or Beanstalk configuration options etc. See https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/ebextensions.html
Create Elastic Beanstalk application and releated resources using Cloudformation. Note that template parameters are supplied in separate JSON -file rather than cmd-line parameters.
Please review content of beanstalk-param.json
before creating the stack.
aws --profile=kallu cloudformation create-stack --stack-name web-app-eb \
--template-body file://beanstalk.yaml \
--parameter file://beanstalk-param.json \
--capabilities CAPABILITY_IAM
If everything went as planned you should have application listening at EnvironmentURL
found from stack outputs.
aws cloudformation describe-stacks --stack-name web-app-eb
...
"Outputs": [
...
{
"Description": "Environment URL",
"ExportName": "web-app-eb-EnvironmentURL",
"OutputKey": "EnvironmentURL",
"OutputValue": "awseb-AWSEB-17TEWBQ2Y0G57-540870288.eu-west-1.elb.amazonaws.com"
},
...
],
...
Sometimes it could be useful for debugging purposes to have shell access to docker hosts and/or containers.
As you have AWS Systems Manager agent installed on Beanstalk Docker hosts from .ebextensions/ssm-agent.config
you can open an interactive shell session from AWS console navigating to AWS Systems Manager > Session Manager > Start a session. There you will have a list of all instances with SSM agent. Clicking “Start session” -button will open you an interactive shell in your browser window.
You can open a session also from cmd-line with AWS CLI. First be sure you have a recent version of cli and if necessary update it. You also need to install session manager plugin to make this work. When ready, you can open a shell session with
aws ssm start-session --target i-0deadbeef12345678
Note that
-
You didn’t create any user accounts (or ssh keys) on host. Access is controlled in AWS IAM policies.
-
EC2 instance had no SSH ports open in it’s security group.
-
It will work as long as you can HTTPS to AWS API endpoints (i.e. internet).
This is left for reader to implement :-)
-
There is placeholder for mounting EFS on EC2 at
.ebextensions/ef-mount.config
-
To mount host volumes on containers you must define volume(s)
"volumes": [ { "name": "app", "host": { "sourcePath": "/var/app/current/dist" } } ]
-
And mount point in
containerDefinition
"mountPoints": [ { "sourceVolume": "app", "containerPath": "/var/www/html", "readOnly": true } ]
-
Or you can simply mount all volumes from another container with
volumesFrom
-
See https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_docker_v2config.html