# Elastic Container Service

1. EC2
2. Fargate : Serverless
   1. copilot CLI



## Security

* AWS WAF
* AWS Shield

## Setup

1. Create `ECR` to store docker image
   * `903306222264.dkr.ecr.ap-southeast-1.amazonaws.com/gold-web-api:develop_v5`
   * ![](./images/ecr-images.PNG)
2. Create Jenkins
   * To build container image and push to `ECR`
   * To generate `taskdefinition.json` from `config/taskdef-develop.json`
   * ![](./images/jenkins-ecr-script.PNG)
   * ![](./images/jenkins-build.PNG)
   * ![](./images/jenkins-deploy.PNG)
   * *Note* : After delete the ecs instance, seems like script still execute the `aws ecs update-service ...` instead of `aws ecs create-service ...`
3. Create `Target Group`
   * `zgd-tg-ecs-gold-web-api`
   * To map host port to container port (443)
   * Health Check interval `30s`
   * Host port is auto assigned when ECS instance started. Eg. `44212`
   * ![](./images/target-group.PNG)
4. Create `CloudWatch` log group
   * log group `ZGD-gold-web-api` for ECS instance to log
   * *Note* : If log group not created, container will not be able to start. Fail code `500`
5. Create ECS
   * Cluster : `zdg-ecs-cluster`
   * Spin-Up instance : `gold-web-api`
   * Goto `Services` -> `gold-web-api` ->` Tasks`, and select the task to view below
   * ![](./images/ECS-running.PNG)
6. Setup ALB (Application Load Balancer)
   * `zgd-alb-wan-ecs`
   * Add Listener Rules for `HTTPS:443`
   * ![](./images/alb-rule.PNG)
7. Setup Route 53
   * Add `webapi.zgold-dev.com` domain name
   * ONLY `Daryl Chew` have rights to do this for QA & Dev
   * Production need SRE team

## Troubleshoot

1. Route 53 : Hostname Creation `webapi.zgold-dev.com`

2. ALB (Load Balancer) : `zgd-alb-wan-ecs`

3. Target Group : `zgd-tg-ecs-gold-web-api`

4. ECS : `gold-web-api` 

5. Cloudwatch : `ZGD-gold-web-api`.