Extracting data from SAP in a plug-and-play way with Amazon AppFlow
04 December 2024 - 6 min. read
Mehmed Dourmouch
DevOps Engineer
sudo curl -Lo /usr/local/bin/ecs-cli https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-darwin-amd64-latestfor downloading it inside your bin folder.
chmod +x /usr/local/bin/ecs-clito give executable permission.After that, to verify that the CLI works properly, run
ecs-cli --version
ecs-cli configure --cluster test --default-launch-type FARGATE --config-name test --region eu-west-1This command defines a cluster named "test" with default lunch type "FARGATE" in the Ireland region.Now you just have to deploy it. In case your account contains a VPC that you want to use, you’ll need to specify it in the deploy command:
ecs-cli up --cluster-config test --vpc YOUR_VPC_ID --subnets YOUR_SUBNET_ID_1, YOUR_SUBNET_ID_2Keep in mind that if you specify a custom VPC ID you have to specify also the subnets ids where you want to deploy your service; to let ECS CLI create and configure the VPC for you, simply run:
ecs-cli up --cluster-config testThis command will create an empty ECS Cluster, and if you have not specified the VPC before, a CloudFormation stack with the VPC resources.Another thing that we need to create is the security group for your ECS service. You can create it using the AWS CLI running these commands:
aws ec2 create-security-group --description test --group-name testSecurityGroup --vpc-id YOUR_VPC_ID
aws ec2 authorize-security-group-ingress --group-id SECURITY_GROUP_ID_CREATED --protocol tcp --port 80 --cidr 0.0.0.0/0 --region eu-west-1These commands create a security group associated with the passed VPC ID and authorize ingress rules from the Internet. Take note of the ID and the security group name specified here because you will use them in the next step.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": "ecs-tasks.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }Then run the following command:
aws iam --region eu-west-1 create-role --role-name ecsTaskExecutionRole --assume-role-policy-document file://assume-role_policy.jsonAfter the role is created, run the following to attach the AWS managed policy for ECS Tasks that allow ECS containers to create AWS CloudWatch Log Group.
aws iam --region eu-west-1 attach-role-policy --role-name ecsTaskExecutionRole --policy-arn arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
version: '3' services: web: image: nginx ports: - "80:80"It simply defines a web service with the NGINX image and exposes the 80 port. What you have to do now is to add the logging property as per AWS logging’s best practices to manage all container logs in AWS CloudWatch, and create the ECS CLI configuration file. To add the logging property simply modify the docker-compose file as described below:
version: '3' services: web: image: nginx ports: - "80:80" logging: driver: awslogs options: awslogs-group: tutorial awslogs-region: eu-west-1 awslogs-stream-prefix: webThe logging properties contain the driver property "awslogs", that tells ECS to log on AWS CloudWatch service. The options section defines the name of the CloudWatch log group that is automatically created from AWS, the AWS region, and the stream prefix.Now that you have modified the docker-compose file, you have to create a new file called "ecs-params.yml" that contains the configurations of your ECS Cluster and ECS Service. In this file, you can specify:The networking configuration with your vpc and subnets.The Permission configuration with the role that you created in the second step.Task configuration: properties like CPU and RAM limits for deploying the service.For our example, let’s just define the basic configuration parameters:
version: 1 task_definition: task_execution_role: YOUR_ECS_TASK_EXECUTION_ROLE_NAME ecs_network_mode: awsvpc task_size: mem_limit: 0.5GB cpu_limit: 256 run_params: network_configuration: awsvpc_configuration: subnets: - "YOUR SUBNET ID 1" - "YOUR SUBNET ID 2" security_groups: - "YOUR SECURITY GROUP ID" assign_public_ip: ENABLEDIn the "task_execution_role" property, just enter the name of the role that you have defined in the second step.In the "subnets" and "security_groups" properties, enter the public subnet and the security group you’ve defined in step one.
ecs-cli compose --project-name test service up --create-log-groups --cluster-config testYour application is now deployed and ready to be used!As a bonus note: check the service status using this command:
ecs-cli compose --project-name test service ps --cluster-config testThat’s all for today! In this article, we explained how to deploy a docker-compose application inside the AWS environment with a focus on the new ECS CLI provided by Amazon, see you soon in 14 days with the next article :)#Proud2beCloud