ECS-Cloudformation/README.md



1. Create a VPC and Two Subnets:
``` shell
aws ec2 create-vpc --cidr-block 10.0.0.0/16
```
``` shell
aws ec2 create-subnet --vpc-id <your-vpc-id> --cidr-block 10.0.1.0/24 --availability-zone <availability-zone-1>
```
``` shell
aws ec2 create-subnet --vpc-id <your-vpc-id> --cidr-block 10.0.2.0/24 --availability-zone <availability-zone-2>
```
  Replace <your-vpc-id> with the VPC ID you got in the first command, and replace <availability-zone-1> and <availability-zone-2> with your preferred availability zones.

2. Create a Network ACL (NACL) and Associate it with Subnets:
``` shell
aws ec2 create-network-acl --vpc-id <your-vpc-id>
```
``` shell
aws ec2 create-network-acl-entry --network-acl-id <your-nacl-id> --rule-number 100 --protocol tcp --rule-action allow --cidr-block 0.0.0.0/0 --port-range From=80,To=80
```
``` shell
aws ec2 create-network-acl-association --network-acl-id <your-nacl-id> --subnet-id <subnet-1-id>
```
``` shell
aws ec2 create-network-acl-association --network-acl-id <your-nacl-id> --subnet-id <subnet-2-id>
```
  Replace <your-nacl-id>, <subnet-1-id>, and <subnet-2-id> with the appropriate values.

3. Create an ECS Cluster:
``` shell
aws ecs create-cluster --cluster-name <your-cluster-name>
```
4. Create a Docker Container with NGINX:

  You will need to create a Dockerfile and build a Docker image with NGINX and your "Hello Commit" page. Once you have the image, you can push it to a container registry like Amazon ECR or Docker Hub.

5. Deploy the NGINX Container to ECS:
  Before deploying, make sure you have an ECS Task Definition and Service configured. Then, use the ECS CLI or AWS Console to create the service and deploy the container to one of your subnets.

Task Definition:
``` json
{
  "family": "nginx-task",
  "containerDefinitions": [
    {
      "name": "nginx-container",
      "image": "<your-ecr-image-uri>",
      "memory": 512,
      "cpu": 256,
      "essential": true,
      "portMappings": [
        {
          "containerPort": 80,
          "hostPort": 80
        }
      ]
    }
  ]
}
```

then, register the task definition:
``` shell
aws ecs register-task-definition --cli-input-json file://nginx-task-definition.json
```

Create an ECS Service:

Create an ECS service that uses the task definition you just registered. Replace <your-cluster-name>, <your-subnet-id>, and other placeholders with your specific values:
``` shell
aws ecs create-service --cluster <your-cluster-name> --service-name nginx-service --task-definition nginx-task --desired-count 1 --launch-type EC2 --scheduling-strategy REPLICA --network-configuration "awsvpcConfiguration={subnets=[<your-subnet-id>]}"
```
This command will create an ECS service called nginx-service running one instance of your NGINX container in one of your subnets.

Update Security Groups and Inbound Rules:


Create a New Security Group:
To create a new security group that allows incoming traffic on port 80 (HTTP) and 443 (HTTPS), use the following AWS CLI command:
``` shell
aws ec2 create-security-group --group-name my-ecs-sg --description "ECS Security Group"
```

Authorize Inbound Traffic on Port 80 and 443:
``` shell
aws ec2 authorize-security-group-ingress --group-id <your-security-group-id> --protocol tcp --port 80 --cidr 0.0.0.0/0
aws ec2 authorize-security-group-ingress --group-id <your-security-group-id> --protocol tcp --port 443 --cidr 0.0.0.0/0
```


Associate the Security Group with Your ECS Instances:
To associate the newly created security group with your ECS instances, you'll need to update the launch configuration or task definition associated with your ECS cluster. If you're using AWS Fargate, you can specify the security group in the task definition. If you're using EC2 instances for ECS, make sure to specify the security group when launching or updating the instances.

For example, when launching EC2 instances with the create-service command, you can use the --launch-type EC2 option and specify the --security-groups parameter with your security group ID:

``` shell
aws ecs create-service --cluster <your-cluster-name> --service-name nginx-service --task-definition nginx-task --desired-count 1 --launch-type EC2 --network-configuration "awsvpcConfiguration={subnets=[<your-subnet-id>],securityGroups=[<your-security-group-id>]}"
```


6. Create an RDS Instance (MySQL/PostgreSQL):

aws rds create-db-instance --db-instance-identifier my-rds-instance --db-instance-class db.t2.micro --engine mysql --master-username <username> --master-user-password <password> --allocated-storage 20

7. Configure NGINX to Query the RDS Database:
You'll need to modify your NGINX configuration to connect to the RDS instance and execute queries. This will depend on your NGINX configuration and application logic.

8. Expose the Service Over HTTPS with a Self-Signed Certificate:
You'll need to create a self-signed certificate and configure NGINX to serve HTTPS requests. This will depend on your NGINX configuration and application logic.
Self Signed Certificate: 
``` shell
openssl genpkey -algorithm RSA -out private-key.pem
openssl req -new -key private-key.pem -x509 -days 365 -out certificate.pem
```
first commit + bug in alb, need to replace to elb 2023-09-03 12:12:43 +00:00

first commit 2023-09-10 07:14:03 +00:00
			`1. Create a VPC and Two Subnets:`
			``` shell
			`aws ec2 create-vpc --cidr-block 10.0.0.0/16`
			```
			``` shell
			`aws ec2 create-subnet --vpc-id <your-vpc-id> --cidr-block 10.0.1.0/24 --availability-zone <availability-zone-1>`
			```
			``` shell
			`aws ec2 create-subnet --vpc-id <your-vpc-id> --cidr-block 10.0.2.0/24 --availability-zone <availability-zone-2>`
			```
			`Replace <your-vpc-id> with the VPC ID you got in the first command, and replace <availability-zone-1> and <availability-zone-2> with your preferred availability zones.`

			`2. Create a Network ACL (NACL) and Associate it with Subnets:`
			``` shell
			`aws ec2 create-network-acl --vpc-id <your-vpc-id>`
			```
			``` shell
			`aws ec2 create-network-acl-entry --network-acl-id <your-nacl-id> --rule-number 100 --protocol tcp --rule-action allow --cidr-block 0.0.0.0/0 --port-range From=80,To=80`
			```
			``` shell
			`aws ec2 create-network-acl-association --network-acl-id <your-nacl-id> --subnet-id <subnet-1-id>`
			```
			``` shell
			`aws ec2 create-network-acl-association --network-acl-id <your-nacl-id> --subnet-id <subnet-2-id>`
			```
			`Replace <your-nacl-id>, <subnet-1-id>, and <subnet-2-id> with the appropriate values.`

			`3. Create an ECS Cluster:`
			``` shell
			`aws ecs create-cluster --cluster-name <your-cluster-name>`
			```
			`4. Create a Docker Container with NGINX:`

			`You will need to create a Dockerfile and build a Docker image with NGINX and your "Hello Commit" page. Once you have the image, you can push it to a container registry like Amazon ECR or Docker Hub.`

			`5. Deploy the NGINX Container to ECS:`
			`Before deploying, make sure you have an ECS Task Definition and Service configured. Then, use the ECS CLI or AWS Console to create the service and deploy the container to one of your subnets.`

			`Task Definition:`
			``` json
			`{`
			`"family": "nginx-task",`
			`"containerDefinitions": [`
			`{`
			`"name": "nginx-container",`
			`"image": "<your-ecr-image-uri>",`
			`"memory": 512,`
			`"cpu": 256,`
			`"essential": true,`
			`"portMappings": [`
			`{`
			`"containerPort": 80,`
			`"hostPort": 80`
			`}`
			`]`
			`}`
			`]`
			`}`
			```

			`then, register the task definition:`
			``` shell
			`aws ecs register-task-definition --cli-input-json file://nginx-task-definition.json`
			```

			`Create an ECS Service:`

			`Create an ECS service that uses the task definition you just registered. Replace <your-cluster-name>, <your-subnet-id>, and other placeholders with your specific values:`
			``` shell
			`aws ecs create-service --cluster <your-cluster-name> --service-name nginx-service --task-definition nginx-task --desired-count 1 --launch-type EC2 --scheduling-strategy REPLICA --network-configuration "awsvpcConfiguration={subnets=[<your-subnet-id>]}"`
			```
			`This command will create an ECS service called nginx-service running one instance of your NGINX container in one of your subnets.`

			`Update Security Groups and Inbound Rules:`


			`Create a New Security Group:`
			`To create a new security group that allows incoming traffic on port 80 (HTTP) and 443 (HTTPS), use the following AWS CLI command:`
			``` shell
			`aws ec2 create-security-group --group-name my-ecs-sg --description "ECS Security Group"`
			```

			`Authorize Inbound Traffic on Port 80 and 443:`
			``` shell
			`aws ec2 authorize-security-group-ingress --group-id <your-security-group-id> --protocol tcp --port 80 --cidr 0.0.0.0/0`
			`aws ec2 authorize-security-group-ingress --group-id <your-security-group-id> --protocol tcp --port 443 --cidr 0.0.0.0/0`
			```


			`Associate the Security Group with Your ECS Instances:`
			`To associate the newly created security group with your ECS instances, you'll need to update the launch configuration or task definition associated with your ECS cluster. If you're using AWS Fargate, you can specify the security group in the task definition. If you're using EC2 instances for ECS, make sure to specify the security group when launching or updating the instances.`

			`For example, when launching EC2 instances with the create-service command, you can use the --launch-type EC2 option and specify the --security-groups parameter with your security group ID:`

			``` shell
			`aws ecs create-service --cluster <your-cluster-name> --service-name nginx-service --task-definition nginx-task --desired-count 1 --launch-type EC2 --network-configuration "awsvpcConfiguration={subnets=[<your-subnet-id>],securityGroups=[<your-security-group-id>]}"`
			```



			`6. Create an RDS Instance (MySQL/PostgreSQL):`

			`aws rds create-db-instance --db-instance-identifier my-rds-instance --db-instance-class db.t2.micro --engine mysql --master-username <username> --master-user-password <password> --allocated-storage 20`

			`7. Configure NGINX to Query the RDS Database:`
			`You'll need to modify your NGINX configuration to connect to the RDS instance and execute queries. This will depend on your NGINX configuration and application logic.`

			`8. Expose the Service Over HTTPS with a Self-Signed Certificate:`
			`You'll need to create a self-signed certificate and configure NGINX to serve HTTPS requests. This will depend on your NGINX configuration and application logic.`
			`Self Signed Certificate:`
			``` shell
			`openssl genpkey -algorithm RSA -out private-key.pem`
			`openssl req -new -key private-key.pem -x509 -days 365 -out certificate.pem`
			```