AWS setup for containerized public apps with ALB and EC2

Containerization has become a popular choice for deploying applications as it provides a consistent and efficient way to package, ship, and run software. While Amazon Web Services (AWS) provides robust container orchestration offerings such as Elastic Container Service (ECS) and Elastic Kubernetes Service (EKS), they can be complex and require infrastructure expertise. When you need to move quickly and have less infrastructure experience, setting up a simple infrastructure on AWS using an EC2 instance and an Application Load Balancer (ALB) for containerized applications can be a great option.

🙌 This article will provide step-by-step guidance on how to set up a simple infrastructure on AWS using Docker on an EC2 instance and an ALB. We will also cover securing the infrastructure with SSL certificates using the AWS Certificate Manager (ACM) and Route53 for DNS management.

Prerequisites

Before we begin, make sure you have the following:

• Basic knowledge of AWS services: EC2, Route53 and ACM
• An AWS account with appropriate permissions to create and manage resources.
• An SSH client installed on your local machine to connect to the EC2 instance.
• A domain name registered with Route53.
• An app that is already setup with Dockerfile and docker-compose.yml files.

Step 1: Create an EC2 instance

To create an EC2 instance, follow these steps:

1. Open the Amazon EC2 console.
2. Choose Launch Instance.
3. Choose an Amazon Machine Image (AMI) that supports Docker, such as Amazon Linux 2.
4. Choose an instance type that suits your needs.
5. Configure your instance details, including VPC and subnet. Make sure the (public) subnet you select has access to the internet (i.e. it should be connected to an internet gateway).
6. Add storage as per your requirements.
7. Configure your security group. Make sure you allow SSH access from your local IP and HTTP (port 80) traffic from your ALB. (We will be configuring the ALB for SSL termination).
8. You can also attach an Elastic IP to your instance for easier SSH access in the future, when you might for eg. resize the instance and you want to continue to use the same IP to SSH in.
9. Review and launch your instance.
10. Connect to your instance using SSH.

Step 2: Install Docker and Docker-compose

Once you have connected to your EC2 instance, follow these steps to install Docker and Docker-compose:

1. Update the package manager with the command:
   sudo yum update -y
2. Install Docker with the command:
   sudo amazon-linux-extras install docker
3. Start the Docker service with the command:
   sudo service docker start
4. Add your user to the Docker group with the command:
   sudo usermod -a -G docker ec2-user
5. Install Docker-compose with the command:
   sudo yum install docker-compose -y
6. Test that Docker and Docker-compose are installed correctly by running the command:
   docker --version and docker-compose --version

Step 3: Build and deploy your application

This is a sample Dockerfile that exposes port 80.

FROM python:3.8-slim-buster

WORKDIR /app

COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

COPY . .

EXPOSE 80

This is a sample of a docker-compose.yml file that deploys two containers and maps port 80 of the “app” container to port 80 of the EC2 instance.

version: '3'

services:

  app:
    image: your-image-name
    ports:
      - "80:80"
    command: python manage.py runserver 0.0.0.0:80
  
  worker:
    image: your-image-name
    command: celery -A your_project worker -l info

To deploy your application, follow these steps:

1. Verify that your Dockerfile and docker-compose.yml files defines your application services and configurations. Make sure your public-facing service is exposed to port 80.
2. Use Docker-compose to build and deploy your application with the command:
   docker-compose up --build
3. Verify that your application is running by visiting your EC2 instance’s public IP address in a web browser. At this point it should only be available via HTTP.

Step 4: Connect your app to the internet

To connect your app to the internet, follow these steps:

1. Create a Target Group for your ALB that targets port 80 on your EC2 instance.
2. Create an SSL certificate in ACM for your domain name.
3. Create an Application Load Balancer (ALB) in your VPC that forwards HTTPS traffic to your Target Group. Use the SSL certificate you created in ACM for HTTPS.
4. Create a DNS record in Route53 for your domain name that points to the ALB’s DNS name. Choose the Alias option when creating the record.
5. Verify that your application is running by visiting your domain name in a web browser. At this point it should be available via HTTPS.

💡 Pro Tip: Add your domain name to the "Allowed Hosts" list of your application. Many tend to forget this part and spend hours trying to figure out what went wrong.

💡 Pro Tip: Add the private IP address of the ALB to the "Allowed Hosts" list of your application. The ALB is configured by default to do Health Checks by sending GET requests to root "/" of your application.

Mission accomplished!

By following the steps outlined in this article, you should now have a simple infrastructure on AWS that is running containerized applications and secured with SSL certificates. This infrastructure can be easily scaled up or down by adding or removing instances and updating the Target Group settings in your ALB.