I got asked to showcase a very simple website that shows something like a page and a picture, that can scale, is built on AWS and with large enterprise in mind.
I have created it on https://github.com/ledakis/simplesite-scale
- Docker container for the app itself, which runs nginx and has the content of the site baked into the container.
- Terraform for the supporting infrastructure the service will run on.
- VPC/Subnets using the official terraform module.
- DNS zone + config for my Cloudflare master zone.
- ECR for the repository the Docker is going to be hosted in.
- S3 bucket for the application access logs.
- ACM certificate for the service.
- Terraform for the service itself. This deploys:
- The ALB
- The ECS service (cluster, task definition, service)
- Scaling policy (number of connections per target from the ALB)
- IAM roles
This is a WIP. I want to enhance the scaling, maybe to use the lambda that people generally suggest.
It appears EKS+Fargate is a thing now and this sounds very, very interesting!
For v2.0 of this project, I will plan to work on the following:
- Convert the task definition to the k8s manifest and try to have terraform deploy it. This is only to be a test, as it will probably involve spinning up an EKS cluster and along with that, the cost for it. (this is just to showcase some terraforming + aws + architecture, so I try to keep costs low as I test it on a personal account)
- Change the egress to S3 (for ALB logs and docker layers) and to ECS api to go via a VPC Endpoint so that we remove the need for a NAT Gateway in the VPC. Remember: Principle of least priviledge. The traffic to AWS services should not go through the internet but via a forced path by us.
- I will move the certificate creation to the service terraform directory, so then the service can be ran many times independently of the main infrastructure bit.