Deploy to AWS ECS/Fargate

部署到AWS ECS/Fargate

Why ECS/Fargate?

为什么选择ECS/Fargate？

Serverless container orchestration
No cluster management
Auto-scaling built-in
Deep AWS integration
Pay-per-use pricing
Production-grade reliability

无服务器容器编排
无需集群管理
内置自动扩缩容
深度集成AWS生态
按使用量付费定价
生产级可靠性

Quick Start

快速开始

bash

undefined

bash

undefined

Install AWS CLI

aws --version

Configure credentials (use OIDC in production)

aws configure

Login to ECR

aws ecr get-login-password --region us-east-1 |
docker login --username AWS --password-stdin <account-id>.dkr.ecr.us-east-1.amazonaws.com

undefined

aws ecr get-login-password --region us-east-1 |
docker login --username AWS --password-stdin <account-id>.dkr.ecr.us-east-1.amazonaws.com

undefined

ECR Setup

ECR配置

Create Repository

创建仓库

bash

undefined

bash

undefined

Create ECR repository

aws ecr create-repository --repository-name myapp

Build and tag image

docker build -t myapp:latest . docker tag myapp:latest <account-id>.dkr.ecr.us-east-1.amazonaws.com/myapp:latest

Push to ECR

docker push <account-id>.dkr.ecr.us-east-1.amazonaws.com/myapp:latest

undefined

docker push <account-id>.dkr.ecr.us-east-1.amazonaws.com/myapp:latest

undefined

Task Definition

任务定义

Basic task-definition.json

基础task-definition.json

json

{
  "family": "myapp-task",
  "networkMode": "awsvpc",
  "requiresCompatibilities": ["FARGATE"],
  "cpu": "256",
  "memory": "512",
  "executionRoleArn": "arn:aws:iam::<account-id>:role/ecsTaskExecutionRole",
  "containerDefinitions": [
    {
      "name": "myapp",
      "image": "<account-id>.dkr.ecr.us-east-1.amazonaws.com/myapp:latest",
      "portMappings": [
        {
          "containerPort": 8080,
          "protocol": "tcp"
        }
      ],
      "environment": [
        {"name": "NODE_ENV", "value": "production"}
      ],
      "secrets": [
        {
          "name": "DATABASE_URL",
          "valueFrom": "arn:aws:secretsmanager:us-east-1:<account-id>:secret:db-url"
        }
      ],
      "logConfiguration": {
        "logDriver": "awslogs",
        "options": {
          "awslogs-group": "/ecs/myapp",
          "awslogs-region": "us-east-1",
          "awslogs-stream-prefix": "ecs"
        }
      }
    }
  ]
}

json

{
  "family": "myapp-task",
  "networkMode": "awsvpc",
  "requiresCompatibilities": ["FARGATE"],
  "cpu": "256",
  "memory": "512",
  "executionRoleArn": "arn:aws:iam::<account-id>:role/ecsTaskExecutionRole",
  "containerDefinitions": [
    {
      "name": "myapp",
      "image": "<account-id>.dkr.ecr.us-east-1.amazonaws.com/myapp:latest",
      "portMappings": [
        {
          "containerPort": 8080,
          "protocol": "tcp"
        }
      ],
      "environment": [
        {"name": "NODE_ENV", "value": "production"}
      ],
      "secrets": [
        {
          "name": "DATABASE_URL",
          "valueFrom": "arn:aws:secretsmanager:us-east-1:<account-id>:secret:db-url"
        }
      ],
      "logConfiguration": {
        "logDriver": "awslogs",
        "options": {
          "awslogs-group": "/ecs/myapp",
          "awslogs-region": "us-east-1",
          "awslogs-stream-prefix": "ecs"
        }
      }
    }
  ]
}

Register Task Definition

注册任务定义

bash

aws ecs register-task-definition --cli-input-json file://task-definition.json

bash

aws ecs register-task-definition --cli-input-json file://task-definition.json

Service Creation

创建服务

bash

undefined

bash

undefined

Create ECS cluster

aws ecs create-cluster --cluster-name myapp-cluster

Create service with ALB

aws ecs create-service
--cluster myapp-cluster
--service-name myapp-service
--task-definition myapp-task
--desired-count 2
--launch-type FARGATE
--network-configuration "awsvpcConfiguration={subnets=[subnet-xxx],securityGroups=[sg-xxx],assignPublicIp=ENABLED}"
--load-balancers "targetGroupArn=arn:aws:elasticloadbalancing:...,containerName=myapp,containerPort=8080"

undefined

aws ecs create-service
--cluster myapp-cluster
--service-name myapp-service
--task-definition myapp-task
--desired-count 2
--launch-type FARGATE
--network-configuration "awsvpcConfiguration={subnets=[subnet-xxx],securityGroups=[sg-xxx],assignPublicIp=ENABLED}"
--load-balancers "targetGroupArn=arn:aws:elasticloadbalancing:...,containerName=myapp,containerPort=8080"

undefined

Deployment Workflow

部署流程

1. Build and Push

1. 构建并推送

bash

undefined

bash

undefined

Build new version

docker build -t myapp:${VERSION} .

Tag and push

docker tag myapp:${VERSION} ${ECR_REPO}:${VERSION} docker tag myapp:${VERSION} ${ECR_REPO}:latest docker push ${ECR_REPO}:${VERSION} docker push ${ECR_REPO}:latest

undefined

docker tag myapp:${VERSION} ${ECR_REPO}:${VERSION} docker tag myapp:${VERSION} ${ECR_REPO}:latest docker push ${ECR_REPO}:${VERSION} docker push ${ECR_REPO}:latest

undefined

2. Update Task Definition

2. 更新任务定义

bash

undefined

bash

undefined

Register new task definition

aws ecs register-task-definition --cli-input-json file://task-definition.json

undefined

aws ecs register-task-definition --cli-input-json file://task-definition.json

undefined

3. Update Service

3. 更新服务

bash

undefined

bash

undefined

Force new deployment

aws ecs update-service
--cluster myapp-cluster
--service myapp-service
--force-new-deployment

undefined

aws ecs update-service
--cluster myapp-cluster
--service myapp-service
--force-new-deployment

undefined

Best Practices

最佳实践

Use Secrets Manager: Store sensitive data in AWS Secrets Manager, reference in task definition
Health Checks: Configure ALB health checks for reliability
Auto-scaling: Set up target tracking based on CPU/memory
Logging: Always use CloudWatch Logs for centralized logging
Tags: Tag all resources for cost tracking and organization
IAM Roles: Use task roles for least-privilege access to AWS services
CI/CD: Integrate with GitHub Actions using OIDC (no long-lived credentials)

使用Secrets Manager：将敏感数据存储在AWS Secrets Manager中，在任务定义中引用
健康检查：配置ALB健康检查以提升可靠性
自动扩缩容：基于CPU/内存设置目标追踪扩缩容
日志管理：始终使用CloudWatch Logs进行集中式日志管理
资源标签：为所有资源添加标签，以便成本追踪和资源组织
IAM角色：使用任务角色实现对AWS服务的最小权限访问
CI/CD集成：通过OIDC与GitHub Actions集成（无需长期凭证）

Common Commands

常用命令

bash

undefined

bash

undefined

List services

aws ecs list-services --cluster myapp-cluster

Describe service

aws ecs describe-services --cluster myapp-cluster --services myapp-service

View logs (requires CloudWatch)

aws logs tail /ecs/myapp --follow

Scale service

aws ecs update-service --cluster myapp-cluster --service myapp-service --desired-count 4

Stop all tasks (for maintenance)

aws ecs update-service --cluster myapp-cluster --service myapp-service --desired-count 0

undefined

aws ecs update-service --cluster myapp-cluster --service myapp-service --desired-count 0

undefined

deploy-aws-ecs

Original

Translation

Deploy to AWS ECS/Fargate

部署到AWS ECS/Fargate

Why ECS/Fargate?

为什么选择ECS/Fargate？

Quick Start

快速开始

Install AWS CLI

Install AWS CLI

Configure credentials (use OIDC in production)

Configure credentials (use OIDC in production)

Login to ECR

Login to ECR

ECR Setup

ECR配置

Create Repository

创建仓库

Create ECR repository

Create ECR repository

Build and tag image

Build and tag image

Push to ECR

Push to ECR

Task Definition

任务定义

Basic task-definition.json

基础task-definition.json

Register Task Definition

注册任务定义

Service Creation

创建服务

Create ECS cluster

Create ECS cluster

Create service with ALB

Create service with ALB

Deployment Workflow

部署流程

1. Build and Push

1. 构建并推送

Build new version

Build new version

Tag and push

Tag and push

2. Update Task Definition

2. 更新任务定义

Register new task definition

Register new task definition

3. Update Service

3. 更新服务

Force new deployment

Force new deployment

Best Practices

最佳实践

Common Commands

常用命令

List services

List services

Describe service

Describe service

View logs (requires CloudWatch)

View logs (requires CloudWatch)

Scale service

Scale service

Stop all tasks (for maintenance)

Stop all tasks (for maintenance)

Resources

相关资源