8 - Create task definitions
[]
Task definitions can be created from the left navigation pane. Before you start, you may want to check the following information that you will need to specify in the task definition.
Task definition for HCMS
Infrastructure
Select EC2
In the network mode, select "Default"
Input from other resources
In your CloudFormation stack for the storage resources, check the
SatelliteRoleIn the ECR, go to the
latestHCMS image and find its URI
Console output from the server preparation
On the server preparation step, you should have saved the following output:
SATELLITE_SERVER: RMI URL of the censhare ServerSATELLITE_ID: satellite group id, generated by thehcmstool; in this examples,sampleportal1:default1SATELLITE_KEY: PEM-encoded RSA private key, generated by thehcmstool, saved assampleportal1:default1.pemNote Copy-paste entire contents of the.pemfile, and not only the key itself. For the key, you may use AWS Secrets and then selectvalueFrominstead ofvaluewhen entering the key-value pair in the environment variable section, but ... Warning in that case, you will have to set up correct policies for the task to be able to access the secrets!
Port
Apart from this, you will need to specify the container port in the Container section. Please set it to 8080.
Memory limit
3GB
Task execution tole
For HCMS, you need to select "Create a new task execution role". It will be created automatically upon saving the task definition version. ### Monitoring It is strongly recommended to activate AWS CloudWatch monitoring. Its configuration is out of scope for this guide.
Task definition for HCMS Client
Infrastructure
Select EC2 in the Launch type
In the network mode, select "Default"
Environment variables
As you may remember, the HCMS CSK Docker container needs to be supplied with some environment variables to finalize the application configuration.
This includes SATELLITE_SERVER, SATELLITE_ID, SATELLITE_KEY, mentioned above, as well as CONFIGand SESSION_SECRET, explained below.
CONFIGvariable
This needs to be in JSON format, preferrably reduced to one string. Below is an example, please consult this chapter for single properties and their meaning and this article if you forgot where to get them from:
{
"portal-hcms": {
"portalId": "<PortalId>"
},
"portal": {
"id": "<PortalId>",
"portalDomain": "<Domain>",
"securityDomain": "<SecurityDomain>",
"hcms": {
"jwt": {
"hmacSecret": "<HCMS-secret>"
},
"url": "https://<Domain>/hcms/v1.0",
"urlPathPrefix": ""
},
"mailConfig": {
"port": 587,
"sender": "<smtp-sender-email>",
"server": "<smtp-server>",
"username": "<smtp-user>",
"password": "<smtp-password>"
}
}
} SESSION_SECRET variable
This needs to be a random string, used as an encryption key for the session. You can generate it using Terminal or any other tool. It can also be stored in AWS Secrets instead of the task definition and referred to using valueFrom and the secret ARN in the value field.
Warning in that case, you will have to set up correct policies for the task to be able to access the secrets!
Input from other resources
In the ECR, go to the latest HCMS CSK image and find its URI.
Port
Apart from this, you will need to specify the container port in the Container section. Please set it to 3000.
Memory limit
700 MB
Task execution role
For HCMS CSK, you need to select the role you created in the CloudFormation template together with the storage resources. You can find the exact name of this role in the CloudFormation stack, as an output for the SatelliteRole.
Monitoring
It is strongly recommended to activate AWS CloudWatch monitoring. Its configuration is out of scope for this guide.