Summary:

Environment consists of one Nginx container and Django containers. Nginx is used as reverse proxy to pass on traffic to Django.

Quick summary:

  • Create Docker containers
  • Django applications load environment files (.env) from S3
  • Test locally with docker compose
  • Initialize Elastic Beanstalk (EB) environment
  • Create Dockerrun.aws.json for EB
  • Write file on "leader instance", and the file can be mounted to Docker container so that Django's management commands (migrate, collectstatic) can be run on leader only (Your text to link here...)
  • Upload containers to ECS
  • Configure IAM role permissions so that accessing ECM is possible
  • Configure the ELB created by EB, if necessary, to listen required ports
  • Configure Security Groups to allow traffic for required ports
  • Debugging https://www.reddit.com/r/aws/comments/5lxjwg/elasticbeanstalk_multidocker_ecs_task_failure/

Create ECR repositories

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/docker-basics.html

Notes:

  • IAM User must have permissions to create repositories (among other things)

IAM users and roles

ECR access and EB deployments

  • The user whose access keys are used to push images to ECR must have the access to do so
  • The role that is used as instance role of EB application must have access to at least pull repositories from ECR.
  • AWS access key is configured to the EB applications environment variables, and this key is used to fetch web application specific .env files for each container on start up
  • Finally, the .env file contains AWS access key for the specific application providing whatever limited permissions that the application might need (S3 access etc)

Todo

  • Should SSL termination be done in in ELB (or ALB) rather than CloudFront?