Prerequisites
-
Setup Amazon ECS account, see Setting Up with Amazon ECS
-
Create the Service Linked Role AWSServiceRoleForECSCreate, see Service-Linked Role for Amazon ECS
-
Create an ECS Task Execution Role, see Amazon ECS Task Execution IAM Role
-
Install ECS CLI (Optional), see Installing the Amazon ECS CLI
-
Configure the ECS CLI tool (Optional), see Configuring the Amazon ECS CLI
Note: You can also run the Amazon ECS first-run wizard to setup Fargate
Create an ECS Fargate Cluster
Create an ECS Fargate Cluster with Amazon ECS first-run wizard
-
Login to AWS Account
-
Follow AWS documentation instructions for creating a cluster, see Creating a Cluster
Login to AWS Account
Follow AWS documentation instructions for creating a cluster, see Creating a Cluster
Create a file named task-execution-assume-role.json with the following contents:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "ecs-tasks.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
Create the task execution role:
aws iam --region us-east-1 create-role --role-name ecsTaskExecutionRole --assume-role-policy-document file://task-execution-assume-role.json
Attach the task execution role policy:
aws iam --region us-east-1 attach-role-policy --role-name ecsTaskExecutionRole --policy-arn "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
Create a marketplace task role policy by creating the file task-marketplace-role.json with the following contents:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "ecs-tasks.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
Create the task marketplace role:
aws iam --region us-east-1 create-role --role-name ecsTaskMarketPlaceRole --assume-role-policy-document file://task-marketplace-role.json
Attach the task marketplace metering role policy:
aws iam --region us-east-1 attach-role-policy --role-name ecsTaskMarketPlaceRole --policy-arn "arn:aws:iam::aws:policy/AWSMarketplaceMeteringRegisterUsage"
Create a task-definition template file and deploy to the cluster
An example task-defintion template
{
"ipcMode": null,
"executionRoleArn": "arn:aws:iam::<account_id>:role/ecsTaskExecutionRole",
"containerDefinitions": [
{
"dnsSearchDomains": [],
"logConfiguration": {
"logDriver": "awslogs",
"secretOptions": null,
"options": {
"awslogs-create-group": true,
"awslogs-group": "marketplace",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "grafana"
}
},
"entryPoint": [],
"portMappings": [
{
"hostPort": 3000,
"protocol": "tcp",
"containerPort": 3000
}
],
"command": [],
"linuxParameters": {
"capabilities": {
"add": null,
"drop": null
},
"sharedMemorySize": null,
"tmpfs": null,
"devices": [],
"maxSwap": null,
"swappiness": null,
"initProcessEnabled": null
},
"cpu": 0,
"environment": [
{
"name": "GF_LOG_FILTERS",
"value": "rendering:debug"
},
{
"name": "GF_LOG_LEVEL",
"value": "info"
},
{
"name": "GF_RENDERING_CALLBACK_URL",
"value": "http://localhost:3000/"
},
{
"name": "GF_RENDERING_SERVER_URL",
"value": "http://localhost:8081/render"
},
{
"name": "GF_SECURITY_ADMIN_PASSWORD",
"value": "<Please be sure to assign a password of some kind here>"
},
{
"name": "GF_SERVER_PROTOCOL",
"value": "http"
},
{
"name": "GF_SERVER_ROOT_URL",
"value": "http://localhost:3000"
}
],
"resourceRequirements": null,
"ulimits": null,
"dnsServers": [],
"mountPoints": [],
"workingDirectory": null,
"secrets": null,
"dockerSecurityOptions": [],
"memory": null,
"memoryReservation": null,
"volumesFrom": [],
"stopTimeout": null,
"image": "117940112483.dkr.ecr.us-east-1.amazonaws.com/bd42ef94-1d89-4d80-a046-79e31bbaa9ec/cg-3966198582/grafana:6.5.2-latest",
"startTimeout": null,
"firelensConfiguration": null,
"dependsOn": null,
"disableNetworking": null,
"interactive": null,
"healthCheck": null,
"essential": true,
"links": [],
"hostname": null,
"extraHosts": [],
"pseudoTerminal": false,
"user": null,
"readonlyRootFilesystem": false,
"dockerLabels": {
},
"systemControls": null,
"privileged": false,
"name": "grafana"
},
{
"dnsSearchDomains": [],
"logConfiguration": {
"logDriver": "awslogs",
"secretOptions": null,
"options": {
"awslogs-create-group": true,
"awslogs-group": "marketplace",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "grafana"
}
},
"entryPoint": [],
"portMappings": [],
"command": [],
"linuxParameters": {
"capabilities": {
"add": null,
"drop": null
},
"sharedMemorySize": null,
"tmpfs": null,
"devices": [],
"maxSwap": null,
"swappiness": null,
"initProcessEnabled": null
},
"cpu": 0,
"environment": [],
"resourceRequirements": null,
"ulimits": null,
"dnsServers": [],
"mountPoints": [],
"workingDirectory": null,
"secrets": null,
"dockerSecurityOptions": [],
"memory": null,
"memoryReservation": null,
"volumesFrom": [],
"stopTimeout": null,
"image": "117940112483.dkr.ecr.us-east-1.amazonaws.com/bd42ef94-1d89-4d80-a046-79e31bbaa9ec/cg-3966198582/grafana-image-renderer:6.5.2-latest",
"startTimeout": null,
"firelensConfiguration": null,
"dependsOn": null,
"disableNetworking": null,
"interactive": null,
"healthCheck": null,
"essential": true,
"links": [],
"hostname": null,
"extraHosts": [],
"pseudoTerminal": false,
"user": null,
"readonlyRootFilesystem": false,
"dockerLabels": null,
"systemControls": null,
"privileged": false,
"name": "renderer"
}
],
"memory": "512",
"taskRoleArn": "arn:aws:iam::<account_id>:role/ecsTaskMarketPlaceRole",
"family": "grafana-task-definition",
"pidMode": null,
"requiresCompatibilities": [
"EC2",
"FARGATE"
],
"networkMode": "awsvpc",
"cpu": "256",
"inferenceAccelerators": [],
"proxyConfiguration": null,
"volumes": [],
"tags": []
}
Create an ECS Fargate Cluster with Amazon ECS CLI (Optional)
-
Install and configure the ECS CLI using the instructions described here, Using the Amazon ECS Command Line Interface
-
Install and configure the AWS CLI using the instructions described here, AWS Command Line Interface
Configure the Amazon ECS CLI (Optional)
To create an Amazon ECS CLI configuration
-
Create a cluster configuration, which defines the AWS region to use, resource creation prefixes, and the cluster name to use with the Amazon ECS CLI:
ecs-cli configure --clustertutorial--default-launch-type FARGATE --config-nametutorial--regionus-east-1 -
Create a CLI profile using your access key and secret key:
ecs-cli configure profile --access-keyAWS_ACCESS_KEY_ID--secret-keyAWS_SECRET_ACCESS_KEY--profile-nametutorial-profile
Create a Cluster and Configure the Security Group (Optional)
-
Create an Amazon ECS cluster with the ecs-cli up command.
ecs-cli up --cluster-configtutorial--ecs-profiletutorial-profileThis command may take a few minutes to complete as your resources are created. The output of this command contains the VPC and subnet IDs that are created. Take note of these IDs as they are used later.
-
Using the AWS CLI, retrieve the default security group ID for the VPC
aws ec2 describe-security-groups --filters Name=vpc-id,Values=VPC_ID--regionus-east-1 -
Using AWS CLI, add a security group rule to allow inbound access on port 3000:
aws ec2 authorize-security-group-ingress --group-idsecurity_group_id--protocol tcp --port 3000 --cidr 0.0.0.0/0 --regionus-east-1
Create a Docker Compose and ECS Parameters File (Optional)
-
Create a compose file docker-compose.yml
Note: Please be sure to assign a password of some kind
version: '3.0' services: grafana: image: 117940112483.dkr.ecr.us-east-1.amazonaws.com/bd42ef94-1d89-4d80-a046-79e31bbaa9ec/cg-3966198582/grafana:6.5.2-latest ports: - 3000:3000 environment: - GF_SERVER_PROTOCOL=http - GF_SERVER_ROOT_URL=http://localhost:3000 - GF_SECURITY_ADMIN_PASSWORD=<Please be sure to assign a password of some kind here>- GF_RENDERING_SERVER_URL=http://localhost:8081/render - GF_RENDERING_CALLBACK_URL=http://localhost:3000/ - GF_LOG_FILTERS=rendering:debug - GF_LOG_LEVEL=info logging: driver: awslogs options: awslogs-create-group: true awslogs-group: marketplace awslogs-region:us-east-1awslogs-stream-prefix: grafana renderer: image: 117940112483.dkr.ecr.us-east-1.amazonaws.com/bd42ef94-1d89-4d80-a046-79e31bbaa9ec/cg-3966198582/grafana-image-renderer:6.5.2-latest expose: - 8081 logging: driver: awslogs options: awslogs-create-group: true awslogs-group: marketplace awslogs-region:us-east-1awslogs-stream-prefix: grafana -
Create an ECS parameters file ecs-params.yml
version: 1 task_definition: task_role_arn:"arn:aws:iam::<account_id>:role/ecsTaskMarketPlaceRole"task_execution_role: ecsTaskExecutionRole ecs_network_mode: awsvpc task_size: mem_limit: 0.5GB cpu_limit: 256 services: grafana: essential: true renderer: essential: true run_params: network_configuration: awsvpc_configuration: subnets: -"subnet ID 1"security_groups: -"security group ID"assign_public_ip: ENABLED -
Run the command to deploy to the cluster
ecs-cli compose --project-nametutorialservice up --create-log-groups --cluster-configtutorial--ecs-profiletutorial-profile
Access Grafana
Connect to the grafana server with username admin and password you created earlier in the docker-compose file. The port you connect to should be 3000 at the assigned public address of the server.