[BUG-25] The end to end journey of creating a service in ECS
Closed this issue · 4 comments
As part of ensuring that System Initiative is setup for production scenarios, we want to be able to deploy System Initiative using System Initiative. Some of the centralised services we run are hosted as ECS Services running in AWS. Therefore, this issue is tracking the work to ensure we add the correct assets needed to run these services in ECS. The shopping list of assets we are going to need are as follows:
ALB Resources Needed:
- Alb Listener - https://docs.aws.amazon.com/cli/latest/reference/elbv2/create-listener.html
- Alb Listener Rule - https://docs.aws.amazon.com/cli/latest/reference/elbv2/create-rule.html
- Alb Target Group - [https://docs.aws.amazon.com/cli/latest/reference/elbv2/create-target-group.html] (https://docs.aws.amazon.com/cli/latest/reference/elbv2/create-target-group.html)
- Alb - [https://docs.aws.amazon.com/cli/latest/reference/elbv2/create-load-balancer.html] (https://docs.aws.amazon.com/cli/latest/reference/elbv2/create-load-balancer.html)
ECS Resources Needed:
- ECS Task Definition - https://docs.aws.amazon.com/cli/latest/reference/ecs/register-task-definition.html
- ECS Service - https://docs.aws.amazon.com/cli/latest/reference/ecs/create-service.html
- ECS Cluster - https://docs.aws.amazon.com/cli/latest/reference/ecs/create-cluster.html
IAM Resources Needed:
- IAM Role + Role policy attachments
https://docs.aws.amazon.com/cli/latest/reference/iam/create-role.html
https://docs.aws.amazon.com/cli/latest/reference/iam/attach-role-policy.html
Cloudwatch LogGroup:
ACM:
There are largely more to add but this is a start. It doesn't look at anything VPC-esque yet!
From SyncLinear.com | COM-25
Just an update that the first part that is being added is IAM Roles :)
If any of the community members wants to get involved here - feel free to contact me on our discord server and we can talk it over :)
So we are rolling this out right now and we are starting to get closer to having this working.
There are a list of enhancements / changes needed to the asset as below - this list will largely grow as we find more things!
Fixes Needed:
- Need to be able to set desired Count in the ECS Service as a string / int - there's a hack now for the parseInt
parseInt(domain?.desiredCount!.toString() || "0"), - Same for RDS Database for BackupRetentionPeriod and AllocatedStorage
- EC2 Security Ingress need to be able to take a source ID rather than be limited to IPs
Enhancements Needed:
- RDS Instance needs password field masked in the UI
- RDS instance needs to be able to set 'auto_minor_version_upgrade'
- RDS Instance needs to be able to encrypt storage
- RDS Instance needs to be able to pass a kms_key_id for encryption
- RDS Instance needs to be able to set 'max_allocated_storage' (0 is default and means disabled)
- RDS Instance needs to be able to set 'iops'
- RDS Instance needs to be able to set 'multi_az_db' for better setup
- RDS Instance needs to be able to take a snapshot before delete - opt-in rather than out! and will need a snapshot identifier
- Task Definitions need to be able to set an env var value as masked
Releases Needed:
- Task Definition to be able to set environment variables
Ok, I can close this out! We have successfully modelled this :)