Statping Task Definition - ECS Deployment Configuration - ecs Cheatsheets

This document provides a detailed AWS Elastic Container Service (ECS) task definition for deploying Statping. It outlines the necessary configurations for running Statping as a containerized application, ensuring proper resource allocation, environment setup, and secure handling of sensitive information.

Statping ECS Task Definition Overview

The following JSON structure defines the Statping task for AWS ECS. This configuration includes essential parameters such as the container image, IAM roles, memory reservation, port mappings, environment variables, and secrets management. It also specifies volume mounts for persistent data storage using Amazon EFS.

Container Configuration Details

The containerDefinitions section details the Statping container. It specifies the Docker image (statping/statping:latest), memory reservation, and port mappings. Crucially, it defines environment variables like DB_CONN, SAMPLE_DATA, IS_DOCKER, STATPING_DIR, PORT, and SASS, which are vital for Statping's operation within the containerized environment.

Secrets Management with AWS SSM

Sensitive information, such as database credentials (hostname, username, password, and database name), is managed securely using AWS Systems Manager (SSM) Parameter Store. The secrets array within the container definition maps these sensitive parameters to environment variables accessible by the Statping application, ensuring that credentials are not hardcoded in the task definition.

Persistent Storage with EFS Volumes

To ensure data persistence for Statping, a volume named statping-data is configured using efsVolumeConfiguration. This allows Statping to store its data in a persistent manner on an Amazon Elastic File System (EFS), with the data being mounted to the /app directory within the container. This is critical for maintaining application state and configuration across container restarts.

{
  "family": "statping",
  "executionRoleArn":"arn:aws:iam::000000000000:role/ecs-exec-role",
  "taskRoleArn":"arn:aws:iam::000000000000:role/ecs-task-role",
  "containerDefinitions": [
    {
      "name": "statping",
      "image": "statping/statping:latest",
      "memoryReservation": 256,
      "portMappings":[
        {
          "protocol":"tcp",
          "containerPort":8080,
          "hostPort":0
        }
      ],
      "environment": [
        {
          "name": "DB_CONN",
          "value": "mysql"
        },
        {
          "name": "SAMPLE_DATA",
          "value": "false"
        },
        {
          "name": "IS_DOCKER",
          "value": "true"
        },
        {
          "name": "STATPING_DIR",
          "value": "/app"
        },
        {
          "name": "PORT",
          "value": "8080"
        },
        {
          "name": "SASS",
          "value": "/usr/local/bin/sassc"
        }
      ],
      "secrets": [
        {
          "valueFrom": "arn:aws:ssm:eu-west-1:000000000000:parameter/statping/prod/DATABASE_HOSTNAME",
          "name": "DB_HOST"
        },
        {
          "valueFrom": "arn:aws:ssm:eu-west-1:000000000000:parameter/statping/prod/DATABASE_USERNAME",
          "name": "DB_USER"
        },
        {
          "valueFrom": "arn:aws:ssm:eu-west-1:000000000000:parameter/statping/prod/DATABASE_NAME",
          "name": "DB_DATABASE"
        },
        {
          "valueFrom": "arn:aws:ssm:eu-west-1:000000000000:parameter/statping/prod/DATABASE_PASSWORD",
          "name": "DB_PASS"
        }
      ],
      "essential": true,
      "privileged": true,
      "mountPoints": [
        {
          "containerPath": "/app",
          "sourceVolume": "statping-data",
          "readOnly": false
        }
      ]
    }
  ],
  "volumes": [
    {
      "name": "statping-data",
      "efsVolumeConfiguration": {
         "fileSystemId": "fs-00000000",
         "rootDirectory": "/statping/data"
      }
    }
  ]
}