Deploy on ECS aws với Laravel9

VD deploy image app006laravel9
Xem sơ đồ
source github

============================================
Docker 
- Tạo image app006laravel9 
docker build -t app006laravel9:latest .
- Chạy container từ image
docker run -d -p 80:80 app006laravel9:latest

============================================
ECR
* Tạo 01 ECR repository ecr-app006laravel9 chứa image app006laravel9
đẩy images repository ecr-app006laravel9 lên theo hướng dẫn của Push commands
docker tag app006laravel9:latest 556266730771.dkr.ecr.ap-southeast-1.amazonaws.com/ecr-app006laravel9:latest
docker push 556266730771.dkr.ecr.ap-southeast-1.amazonaws.com/ecr-app006laravel9:latest

============================================
VPC
* Tạo 01 VPC
vpc-app006laravel9 (Ipv4: 10.0.0.0/16; Ipv6:  No...)

* Tạo 04 Subnet (chia VPC để xứ lý các dịch vụ public và private)
+ vpc-app006laravel9-sn-public-01 (IPv4: 10.0.1.0/24; zone: 1a)
+ vpc-app006laravel9-sn-public-02 (IPv4: 10.0.2.0/24; zone: 1b)
+ vpc-app006laravel9-sn-private-01 (IPv4: 10.0.3.0/24; zone: 1a)
+ vpc-app006laravel9-sn-private-02 (IPv4: 10.0.4.0/24; zone: 1b)

* Tạo 01 internet gateways (để internet acess vô VPC)
vpc-app006laravel9-igw (Attach to VPC vpc-app006laravel9)

* Tạo 02 route table (để tạo rule truy cập VPC)
+ vpc-app006laravel9-rtb-public
   / Routes/ edit routes:  add route: Des: 0.0.0.0/0; target: vpc-app006laravel9-igw)
   / subnet asociations / edit/ select: vpc-app006laravel9-sn-public-01, vpc-app006laravel9-sn-public-02
+ vpc-app006laravel9-rtb-private (subnet asociations / edit/ select: vpc-app006laravel9-sn-private-01, vpc-app006laravel9-sn-private-02)

* Tạo 01 NAT gateaway: (để VPC access to internet)
- vpc-app006laravel9-ngw (subnet: vpc-app006laravel9-sn-public-01; elastice IP allocation ID: create new EIP)
=> cần:  edit route table vpc-app006laravel9-rtb-private
- edit: routes/ edit routes/ add new route: des: 0.0.0.0/0; target: gõ nat- => chọn: vpc-app006laravel9-ngw

============================================
ALB
* Tạo 01 load balancer (để cải thiện hiệu suất cũng như độ tin cậy của các trang web, mọi request từ internet vào ECS instances đều thông qua ALB, truy cập app006laravel9 thông qua domain name/ IP public của ALB)
- vpc-app006laravel9-alb (scheme:internet-facing, vpc: vpc-app006laravel9, zones: vpc-app006laravel9-sn-public-01, vpc-app006laravel9-sn-public-02)
- tạo 01 security group: vpc-app006laravel9-alb-sg (HTTP, source; 0.0.0.0/0; ::/0) 
- tạo 01 target group: vpc-app006laravel9-alb-tgg (target type: IP, protocal: http; port: 80) -> lả một logical group để xử lý thông tin load balancer truyền vào VPC (nằm giữa VPC và load balancer)
+ health check: /404.html (create file 404.html)

============================================
ECS
* Tạo 01 cluster
- vpc-app006laravel9-cluster (fargate): 
- create VPC: DON'T tick// to select vpc-app006laravel9
- tick chọn: enable Container insights

* Tạo 01 task difinitions (chứa các container)
- vpc-app006laravel9-task (fargate): 
- task role:
+ (để access orther services), trong trường hợp này không sử dụng service khác nên để null
+ hoặc tùy chọn IAM role mà tasks sử dụng để truy cập AWS services.
- task execution IAM role: chọn Create new role (ecsTaskExecutionRole)
- task memory: 1G
- task CPU: 0.5vCPU
- add containers từ repository ecr-app006laravel9 (Port mappings of container in docker: 80)
+ Container name: app006laravel9-container

* Tạo 01 services (chạy các container)
- vpc-app006laravel9-service
- task definition: vpc-app006laravel9-task
- cluster: vpc-app006laravel9-cluster
- number of task: 2
- deployment type: rolling update
- cluster VPC: vpc-app006laravel9
- subnets: vpc-app006laravel9-sn-private-01, vpc-app006laravel9-sn-private-02
- security groups: vpc-app006laravel9-service-sg chọn edit: need config to received traffic from security group of ALB: vpc-app006laravel9-alb-sg (type: ALL TCP, custom: vpc-app006laravel9-alb-sg)
- Load balancing: 
+ select: Application load balener
+ load balencer name: vpc-app006laravel9-alb
+ container name : port : click Add to load balancer
+ production listener port: 80:HTTP
+ target group name:  vpc-app006laravel9-alb-tgg
- enable service discovery intergration: untick
- service auto scaling: do not adjust the service disired
============================================
Laravel echo server

============================================
Secrets Manager for ENV

============================================
SNS for sending Mail

============================================
ElastiCache for using Redis

============================================
RDS
- Tạo DB
+ select Standard create; template: Free tier
+ DB instance identifier: vpc-app006laravel9-rds
+ Master username: postgres
+ Password: xxxx
+ Templates: Free tier;
+ Connectivity: Vpc: vpc-app006laravel9
+ Public access: No
+ VPC security group: Create new: vpc-app006laravel9-db-sg (type: PostgreSQL, source: custom; security group of vpc-app006laravel9-service: vpc-app006laravel9-service-sg)
+ Avaiability zone: 1a
+ Turn on Performance Insight: tick chọn
+ Database options
/ initial database name: vpc_app006laravel9_db
+ Backup: untick
=> Create database

============================================
CICD
* Tạo 01 CodePipeline app006laravel9-codepipeline
- select: new service role
- role name: app006laravel9-codepipeline-service-role
- tick chọn: allow aws codepipeline create service role...
- source: github/bitbucket/codecommit... / select repository, branch app006laravel9
- change detechtion options: select github webhooks
- build provider: aws Codebuild
- region: region same with vpc-app006laravel9
- project name: Click Project name
=> Popup to create CodeBuild project: app006laravel9-codebuild
- environment images: select Managed images
- operating system: ubuntu
- runtime: standard
- image: aws/codebuild/standard 1.0
- image version: always use the latest...
- privileged: select Enable this flag, if you want build docker images
- service role: select new service role: app006laravel9-codebuild-service-role
-> need to provide permisstion to app006laravel9-codebuild-service-role: AmazonEC2ContainerRegistyPowerUser (gõ "ec2con to search)
- buildspec: select Use a buildspec file buildspec.yml -> have artifacts: files: imagedefinitions.json
- cloudWatch: select cloudwatch logs
* Add deploy state:
- Deploy provider: select: Amazon ECS
- cluster name: vpc-app006laravel9-cluster
- service name: vpc-app006laravel9-service
- image definitions files: imagedefinitions.json

============================================
Add Testing

============================================

Route53 (to register domain name for ELB)

* Create domain: app006laravel9-domain.com, there are 2 ways:
- register on Route53: 
- already had a domain: (will add a custom domain to Route53)
* Create hosted zone: app006laravel9-hosted-zone (it is server DNS)
- Domain name: app006laravel9-domain.com (already had a domain in easy-domain.com)
-> will have: name server in hosted zone of AWS -> will edit name server for app006laravel9-domain.com in easy-domain.com
- create a record set: using vpc-app006laravel9-alb
=> have service ECS: vpc-app006laravel9-service to use vpc-app006laravel9-alb
=> have public IP of task in ECS cluster: aa.bb.cc.dd
=> access Public IP to check task working
+ type: A-IPv4 address || CName - canonical name
+ Alias: Yes
+ Alias target: select  vpc-app006laravel9-alb
=> Can access domain app006laravel9-domain.com
============================================
ACM (to create a certificate for domain)
* Create Aws certificate manager (to add SSL to ELB)
+ for domain: app006laravel9-domain.com
+ select provision certificate
+ select request a public certificate
+ add domain name: app006laravel9-domain.com
-> add another name to this certificate: *.app006laravel9-domain.com
+ select validation method:  DNS validation
- Validation: Click: Create a record in Route 53
* Edit EBL vpc-app006laravel9-alb: Listeners/ Add listener
+ Protocol:port: Select: HTTPS: 443
+ Security policy: select ELBSecurityPolicy-2016-08
+ Default SSL certificate: From ACM (recommended) - Select certificate of domain app006laravel9-domain.com
+ Default action(s): add action: forward to: vpc-app006laravel9-alb-tgg
* Edit security group: vpc-app006laravel9-alb-sg
+ Edit inbound rules: add: Type: Https; source: anywhere (0.0.0.0/0; ::/0)
=> Can access domain https://app006laravel9-domain.com

Tham khảo: https://www.youtube.com/watch?v=aa3gGwJpCro