Skip to content

Deployment Setup

Jump to bottom
ddayto edited this page Feb 5, 2025 · 8 revisions

Deploying the Backend Service on AWS

This guide walks through deploying the backend service on AWS using IAM, ECR, ECS, and Amplify. The deployment process ensures a secure, scalable, and containerized environment for the application.

Prerequisites

Before we begin, ensure you have:

  • An AWS account with administrative access.
  • The AWS CLI installed and configured.
  • Docker installed on your local machine.
  • Your backend service containerized using Docker.

Step 1: Set Up IAM Credentials

1.1 Create an IAM User

  1. Log in to your AWS account and navigate to the AWS IAM Console.
  2. In the left sidebar, click UsersCreate User.
  3. Provide a username (e.g., backend-deploy-user).
  4. Select Access Key - Programmatic Access.

1.2 Assign IAM Policies

Attach the following policies to grant the necessary permissions:

  • AmazonEC2ContainerRegistryFullAccess – Allows full access to Amazon ECR (push, pull, delete images).
  • AmazonECS_FullAccess – Provides full permissions to create and manage ECS resources.
  • IAMFullAccess – Enables role and permission management.
  • CloudWatchLogsFullAccess – Allows access to CloudWatch for ECS logging.
  • AmazonS3ReadOnlyAccess – Grants read-only access to S3, useful if storing static assets or configuration.

1.3 Generate Access Keys

  1. In the IAM user settings, navigate to Security Credentials.
  2. Scroll to the Access Keys section and click Create Access Key.
  3. Copy both the Access Key ID and Secret Access Key. Store these securely.

Configure AWS CLI with Credentials

Run the following command and enter the IAM credentials when prompted:

aws configure

Step 2: Build and Push Docker Image to ECR

2.1 Create an ECR Repository

  1. Open the Amazon ECR Console.
  2. Click Create Repository.
  3. Enter a repository name (e.g., backend-service).
  4. Select Private Repository.
  5. Click Create and note the repository URI.

2.2 Authenticate Docker with ECR

To push Docker images to ECR, first authenticate your local Docker client:

aws ecr get-login-password --region ${AWS_REGION} | docker login --username AWS --password-stdin  ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com

Ensure you replace the following variables:

  • ${AWS_REGION} with the AWS region (e.g., us-east-2)
  • ${AWS_ACCOUNT_ID} with your AWS account ID.

2.3 Build the Docker Image

Once the Amazon ECR repository is set up, we need to build, tag, and push the Docker image. This ensures that the backend service is properly containerized and stored in AWS Elastic Container Registry (ECR) for deployment.

We will use docker buildx to build the image. This ensures compatibility with AWS Fargate, which runs on linux/amd64 architecture.

docker buildx build \
  --platform linux/amd64 \
  --provenance=false \
  -t ${ECR_REPOSITORY_NAME}:latest \
  --load .
  • --platform linux/amd64 → Ensures compatibility with AWS Fargate.
  • --provenance=false → Disables provenance metadata, reducing build time.
  • -t ${ECR_REPOSITORY_NAME}:latest → Tags the image locally as latest.
  • --load → Loads the built image into the local Docker daemon.

2.4 Tag Image for ECR

Tagging is required so the image can be correctly referenced when pushing to ECR.

docker tag ${ECR_REPOSITORY_NAME}:latest \
  ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${ECR_REPOSITORY_NAME}:latest

${ECR_REPOSITORY_NAME}:latest → The locally built image. • ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${ECR_REPOSITORY_NAME}:latest → The ECR repository where the image will be pushed.

Build Docker Image

docker buildx build \
  --platform linux/amd64 \
  --provenance=false \
  -t ${ECR_REPOSITORY_NAME}:latest \
  --load .

Tag Image With ECR URI

docker tag ${ECR_REPOSITORY_NAME}:latest \
 ${AWS_ACCOUNT_ID}.dkr.ecr.us-east-2.amazonaws.com/${ECR_REPOSITORY_NAME}:latest

Push Image to ECR

docker push ${AWS_ACCOUNT_ID}.dkr.ecr.us-east-2.amazonaws.com/${ECR_REPOSITORY_NAME}:latest

Ensure you replace the following variables:

Install AWS CLI & CDK

poetry add awscli aws-sam-cli

Install AWS CLI

brew install awscli

AWS Credentials

Navigate to:

  • IAM (Identity and Access Management)
  • In the left sidebar, click Users
  • Create a new IAM User Assign the appropriate policies to IAM User:
  • AWSLambdaFullAccess
  • AmazonAPIGatewayAdministrator
  • AmazonEC2ContainerRegistryFullAccess
  • IAMFullAccess
  • CloudWatchLogsFullAccess

Create a new access key

  • Click Security credentials
  • Scroll to Access keys
  • Select "Create access key"
  • Copy both the "Access Key ID" and "Secret Access Key" into the .env file
aws configure

Authenticate Docker with ECR

Run the following command to log in to AWS Elastic Container Registry (ECR):

aws ecr get-login-password --region ${AWS_REGION} | docker login --username AWS --password-stdin  ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com

Create Repository in ECR

aws ecr create-repository \
    --repository-name ${ECR_REPOSITORY_NAME} \
    --region ${AWS_REGION}

Build Docker Image

docker buildx build \
  --platform linux/amd64 \
  --provenance=false \
  -t ${ECR_REPOSITORY_NAME}:latest \
  --load .

Tag Image With ECR URI

docker tag ${ECR_REPOSITORY_NAME}:latest \
 ${AWS_ACCOUNT_ID}.dkr.ecr.us-east-2.amazonaws.com/${ECR_REPOSITORY_NAME}:latest

Push Image to ECR

docker push ${AWS_ACCOUNT_ID}.dkr.ecr.us-east-2.amazonaws.com/${ECR_REPOSITORY_NAME}:latest

Authenticate Docker to ECS

aws ecr get-login-password --region us-east-2 | docker login --username AWS --password-stdin 312093527157.dkr.ecr.us-east-2.amazonaws.com

Install AWS CLI

poetry add awscli aws-sam-cli

Install AWS CLI

brew install awscli

Clone this wiki locally