lowcostecs 0.0.126
Low-Cost ECS
A CDK construct that provides an easy and low-cost ECS on EC2 server setup without a load balancer.
Why
ECS may often seem expensive when used for personal development purposes, due to the cost of the load balancer.
The application load balancer is a great service that is easy to set up managed ACM certificates, easy scaling, and has dynamic port mappings..., but it is over-featured for running 1 ECS task.
However, to run an ECS server without a load balancer, you need to associate an Elastic IP to the host instance and install your certificate to your service every time you start up the server.
This construct aims to automate these works and make it easy to deploy resources to run a low-cost ECS server.
Try it out!
The easiest way to try the construct is to clone this repository and deploy the sample Nginx server.
Edit settings in examples/minimum.ts and deploy the cdk construct. Public hosted zone is required.
Clone and install packages
git clone https://github.com/rajyan/low-cost-ecs.git
yarn install
Edit email and domain in example.ts
https://github.com/rajyan/low-cost-ecs/blob/3d1bbf7ef4b59d0f4e9d3cd9cb90584977b71c0a/examples/minimum.ts#L1-L15
Deploy!
cdk deploy
Access the configured hostedZoneDomain and see that the sample Nginx server has been deployed.
Installation
To use this construct in your cdk stack as a library,
npm install low-cost-ecs
import { Stack, StackProps } from 'aws-cdk-lib';
import { Construct } from 'constructs';
import { LowCostECS } from 'low-cost-ecs';
class SampleStack extends Stack {
constructor(scope: Construct, id: string, props?: StackProps) {
super(scope, id, props);
const vpc = { /** Your VPC */ };
const securityGroup = { /** Your security group */ };
const serverTaskDefinition = { /** Your task definition */ };
new LowCostECS(this, 'LowCostECS', {
hostedZoneDomain: "example.com",
email: "test@example.com",
vpc: vpc,
securityGroup: securityGroup,
serverTaskDefinition: serverTaskDefinition
});
}
}
The required fields are hostedZoneDomain and email.
You can configure your server task definition and other props. Read LowCostECSProps documentation for details.
Overview
Resources generated in this stack
Route53 A record
Forwarding to host instance Elastic IP
Certificate State Machine
Install and renew certificates to EFS using certbot-dns-route53
Scheduled automated renewal every 60 days
Email notification on certbot task failure
ECS on EC2 host instance
ECS-optimized Amazon Linux 2 AMI instance auto-scaling group
Automatically associated with Elastic IP on instance initialization
ECS Service
TLS/SSL certificate installation before default container startup
Certificate EFS mounted on default container as /etc/letsencrypt
Others
VPC with only public subnets (no NAT Gateways to decrease cost)
Security groups with minimum inbounds
IAM roles with minimum privileges
Cost
All resources except Route53 HostedZone should be included in AWS Free Tier
if you are in the 12 Months Free period.
After your 12 Months Free period, setting hostInstanceSpotPrice to use spot instances is recommended.
EC2
t2.micro 750 instance hours (12 Months Free Tier)
30GB EBS volume (12 Months Free Tier)
ECS
No additional charge because using ECS on EC2
EFS
Usage is very small, it should be free
Cloud Watch
Usage is very small, and it should be included in the free tier
Enabling containerInsights will charge for custom metrics
Debugging
SSM Session Manager
SSM manager is pre-installed in the host instance (by ECS-optimized Amazon Linux 2 AMI) and AmazonSSMManagedInstanceCore is added to the host instance role to access and debug in your host instance.
aws ssm start-session --target $INSTANCE_ID
ECS Exec
Service ECS Exec is enabled, so execute commands can be used to debug your server task container.
aws ecs execute-command \
--cluster $CLUSTER_ID \
--task $TASK_ID \
--container nginx \
--command bash \
--interactive
Limitations
Because the ECS service occupies a host port, only one task can be executed at a time.
The old task must be terminated before the new task launches, and this causes downtime on release.
Also, if you make changes that require recreating the service, you may need to manually terminate the task of the old service.
For personal and professional use. You cannot resell or redistribute these repositories in their original state.
There are no reviews.