HCMS AWS ECS Installation

HowTo install HCMS in AWS ECS

AWS ECS (Elastic Container Service)

• Make sure you have AWS command-line tools installed and properly configured: https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html
• Create ECR repository for the Headless CMS docker image: https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-create.html

• Authenticate local login to the ECR:

  BASH

   #note: the command is also auto-generated by the AWS ECR console, in the previous step - you can just copy&paste 
   aws ecr get-login-password --region eu-central-1 | docker login --username AWS --password-stdin  <accoundId>.dkr.ecr.<region>.amazonaws.com/<reponame>:latest

• Build the docker image just for any other docker-based installation.

• Tag the Headless CMS docker image with correct name of the new repository and push it to ECR:

  BASH

   docker tag docker.censhare.com/censhare/satellite-hcms:2.0  <ecr-uri>:2.0
   docker push <ecr-uri>:2.0
   docker tag docker.censhare.com/censhare/satellite-hcms:latest  <ecr-uri>:latest
   docker push <ecr-uri>:latest

• Create ECS cluster (unless it already exist): https://docs.aws.amazon.com/AmazonECS/latest/developerguide/create_cluster.html
  • EC2 Linux with at least two On-Demand EC2 instances is recommended, but Farscape or EC2 Linux Spot instances are also viable options, but EC2 Windows is not.
• Create a task definition with single container:
  • Image is the full ECR image name of the pushed image, including the version (<ecr-uri>:latest).
  • Memory Limits should contain one HARD LIMIT with value 2560.
  • Port mappings must contain single tcp port mapping with 0 as a Host port and 8080 as a Container port.
  • Container must be marked as Essential.
  • Three environment variables must be defined: SATELLITE_SERVER, SATELLITE_ID and SATELLITE_KEY

    • Note that AWS management console does not correctly support multiline values (neither directly nor in "JSON" mode) like the PEM value of SATELLITE_KEY.
      As a workaround, replace all newlines by spaces the copy the result to the input field:

      BASH

        tr '\r\n' ' ' sample-01:default1.pem

- **Resource limits** have to contain **NOFILE** entry with soft and hard limit value **16384** (see "Limit of open file descriptors" section of ![docker image reference documentation](files/docker.md))<br/>

• Ensure that EC2 Application Load Balancer is created and properly configured.
  • It is recommended to provide one https listener, and one http listener with rules to automatically redirect traffic to https.
• Create a service with this new task:
  • Service type is REPLICA
  • Number of tasks is recommended to be at least 2.
  • Load balancer should be Application Load Balancer from previous step.
    • This option provides automatic management of http access to Headless CMS, with monitoring and failure recovery. Other options are not recommended.
    • Add container to this balancer, with
      • new target group
      • HTTP target protocol
      • path pattern derived from configured url prefix of the HCMS configuration group (use /* if there is no prefix configured)
      • health check path /hcms/v1.0/entity/ (/<prefix>/hcms/v1.0/entity/ if there is some url path prefix configured)