GitLocker: The Coding Marketplace

Description:

lowcostecs 0.0.126

Low-Cost ECS
A CDK construct that provides an easy and low-cost ECS on EC2 server setup without a load balancer.
Why
ECS may often seem expensive when used for personal development purposes, due to the cost of the load balancer.
The application load balancer is a great service that is easy to set up managed ACM certificates, easy scaling, and has dynamic port mappings..., but it is over-featured for running 1 ECS task.
However, to run an ECS server without a load balancer, you need to associate an Elastic IP to the host instance and install your certificate to your service every time you start up the server.
This construct aims to automate these works and make it easy to deploy resources to run a low-cost ECS server.
Try it out!
The easiest way to try the construct is to clone this repository and deploy the sample Nginx server.
Edit settings in examples/minimum.ts and deploy the cdk construct. Public hosted zone is required.

Clone and install packages

git clone https://github.com/rajyan/low-cost-ecs.git
yarn install

Edit email and domain in example.ts
https://github.com/rajyan/low-cost-ecs/blob/3d1bbf7ef4b59d0f4e9d3cd9cb90584977b71c0a/examples/minimum.ts#L1-L15
Deploy!

cdk deploy

Access the configured hostedZoneDomain and see that the sample Nginx server has been deployed.
Installation
To use this construct in your cdk stack as a library,
npm install low-cost-ecs

import { Stack, StackProps } from 'aws-cdk-lib';
import { Construct } from 'constructs';
import { LowCostECS } from 'low-cost-ecs';

class SampleStack extends Stack {
constructor(scope: Construct, id: string, props?: StackProps) {
super(scope, id, props);

const vpc = { /** Your VPC */ };
const securityGroup = { /** Your security group */ };
const serverTaskDefinition = { /** Your task definition */ };

new LowCostECS(this, 'LowCostECS', {
hostedZoneDomain: "example.com",
email: "test@example.com",
vpc: vpc,
securityGroup: securityGroup,
serverTaskDefinition: serverTaskDefinition
});
}
}

The required fields are hostedZoneDomain and email.
You can configure your server task definition and other props. Read LowCostECSProps documentation for details.
Overview
Resources generated in this stack

Route53 A record

Forwarding to host instance Elastic IP

Certificate State Machine

Install and renew certificates to EFS using certbot-dns-route53
Scheduled automated renewal every 60 days
Email notification on certbot task failure

ECS on EC2 host instance

ECS-optimized Amazon Linux 2 AMI instance auto-scaling group
Automatically associated with Elastic IP on instance initialization

ECS Service

TLS/SSL certificate installation before default container startup
Certificate EFS mounted on default container as /etc/letsencrypt

Others

VPC with only public subnets (no NAT Gateways to decrease cost)
Security groups with minimum inbounds
IAM roles with minimum privileges

Cost
All resources except Route53 HostedZone should be included in AWS Free Tier
if you are in the 12 Months Free period.
After your 12 Months Free period, setting hostInstanceSpotPrice to use spot instances is recommended.

EC2

t2.micro 750 instance hours (12 Months Free Tier)
30GB EBS volume (12 Months Free Tier)

ECS

No additional charge because using ECS on EC2

EFS

Usage is very small, it should be free

Cloud Watch

Usage is very small, and it should be included in the free tier
Enabling containerInsights will charge for custom metrics

Debugging

SSM Session Manager

SSM manager is pre-installed in the host instance (by ECS-optimized Amazon Linux 2 AMI) and AmazonSSMManagedInstanceCore is added to the host instance role to access and debug in your host instance.
aws ssm start-session --target $INSTANCE_ID

ECS Exec

Service ECS Exec is enabled, so execute commands can be used to debug your server task container.
aws ecs execute-command \
--cluster $CLUSTER_ID \
--task $TASK_ID \
--container nginx \
--command bash \
--interactive

Limitations
Because the ECS service occupies a host port, only one task can be executed at a time.
The old task must be terminated before the new task launches, and this causes downtime on release.
Also, if you make changes that require recreating the service, you may need to manually terminate the task of the old service.