Chapter 1, Container and Docker Fundamentals, will provide a brief introduction to Docker and containers, and provide an overview of the various services and options available in AWS to run your Docker applications. You will set up your local environment, installing Docker, Docker Compose, and various other tools that are required to complete the examples in each chapter. Finally, you will download the sample application and learn how to test, build, and run the application locally, so that you have a good understanding of how the application works and specific tasks you need to perform to get the application up and running.
Chapter 2, Building Applications Using Docker, will describe how to build a fully automated Docker-based workflow for testing, building, packaging, and publishing your applications as production-ready Docker release images, using Docker, Docker Compose, and other tools. This will establish the foundation of a portable continuous delivery workflow that you can consistently execute across multiple machines without having to install application-specific dependencies in each local environment.Â
Chapter 3, Getting Started with AWS, will describe how to create a free AWS account and start using a variety of free-tier services that allow you to get familiar with the wide array of AWS services on offer. You will learn how to establish best practice administrative and user access patterns to your account, configuring multi-factor authentication (MFA) for enhanced security and installing the AWS command-line interface, which can be used for a wide variety of operational and automation use cases. You will also be introduced to CloudFormation, which is a management tool and service provided free by AWS that you will use throughout this book that allows you to deploy complex environments with a single click of a button, using a powerful and expressive infrastructure as code template format.
Chapter 4, Introduction to ECS, will get you up and running with the Elastic Container Service (ECS), which is the flagship service for running your Docker applications in AWS. You will learn about the architecture of ECS, create your first ECS cluster, define your container configurations using ECS task definitions, and then deploy a Docker application as an ECS service. Finally, you will be briefly introduced to the ECS command-line interface (CLI), which allows you to interact with local Docker Compose files and automatically deploy Docker Compose resources to AWS using ECS.
Chapter 5, Publishing Docker Images Using ECR, will teach you how to establish a private Docker registry using the Elastic Container Registry (ECR), authenticate to your registry using IAM credentials, and then publish Docker images to private repositories within your registry. You will also learn how to share your Docker images with other accounts and AWS services, and how to configure life cycle policies to automatically clean up orphaned images, ensuring you only pay for active and current images.
Chapter 6, Building Custom ECS Container Instances, will show you how to use a popular open source tool called Packer to build and publish custom Amazon Machine Images (AMIs) for the EC2 instances (ECS container instances) that run your container workloads in ECS clusters. You will install a set of helper scripts that enable your instances to integrate with CloudFormation and download custom provisioning actions at instance creation time, allowing you to dynamically configure the ECS cluster your instances will join, configure the CloudWatch logs groups your instances should publish logging information to, and finally, signal back to CloudFormation that provisioning has succeeded or failed.Â
Chapter 7, Creating ECS Clusters, will teach you how to build ECS clusters based upon EC2 auto-scaling groups that leverage the features of the custom AMI you created in the previous chapter. You will define your EC2 auto-scaling group, ECS cluster, and other supporting resources using CloudFormation, and configure CloudFormation Init metadata to perform custom runtime configuration and provisioning of the ECS container instances that make up your ECS cluster.
Chapter 8, Deploying Applications Using ECS, will expand the environment created in the previous chapter, adding supporting resources such as Relational Database Service (RDS) instances and AWS Application Load Balancers (ALBs) to your CloudFormation template. You will then define an ECS task definition and ECS service for the sample application, and learn how ECS can perform automated rolling deployments and updates for your applications. To orchestrate required deployment tasks such as running database migrations, you will extend CloudFormation and write your own Lambda function to create an ECS task runner custom resource, providing the powerful capability to run any provisioning action that can be executed as an ECS task.
Chapter 9, Managing Secrets, will introduce the AWS Secrets Manager, which is a fully managed service that stores secret data in an encrypted format that can be easily and securely accessed by authorized parties such as your users, AWS resources, and applications. You will interact with Secrets Manager using the AWS CLI, creating secrets for sensitive credentials such as database passwords, and then learn how to use an entrypoint script for your containers that injects secret values as internal environment variables at container startup before handing off to the main application. Finally, you will create a CloudFormation custom resource that exposes secrets to other AWS services that do not support AWS Secrets Manager, such as providing an administrative password for Relational Database Service (RDS) instances.
Chapter 10, Isolating Network Access, describes how to use the awsvpc networking mode in your ECS task definitions to isolate network access and separate ECS control plane communications from your container and application communications. This will allow you to adopt best practice security patterns such as deploying your containers on private networks, and implement solutions for providing internet access, including the AWS VPC NAT Gateway service. Â
Chapter 11, Managing the ECS Infrastructure Life Cycle, will provide you with an understanding of operational challenges when running ECS clusters, which includes taking your ECS container instances out of service, whether it be to scale in your auto-scaling groups or to replace your ECS container instances with a new Amazon machine image. You will learn how to leverage EC2 auto-scaling life cycle hooks to invoke an AWS Lambda function whenever an ECS container instance is about to be terminated, which allows you to perform graceful shutdown operations such as draining active containers to other instances in the cluster, before signaling EC2 auto-scaling to proceed with instance termination.
Chapter 12, ECS Auto Scaling, will describe how ECS clusters manage resources such as CPU, memory, and network ports, and how this affects the capacity of your clusters. If you want to be able to dynamically auto-scale your clusters, you need to dynamically monitor ECS cluster capacity, and scale out or scale in the cluster at capacity thresholds that ensure you will meet the service level expectations of your organization or use case. You will be implement a solution that calculates ECS cluster capacity whenever an ECS container instance state change event is generated via the AWS CloudWatch Events service, publishes capacity metrics to CloudWatch, and dynamically scales your cluster up or down using CloudWatch alarms. With a dynamic cluster capacity solution in place, you will then be able to configure the AWS application auto-scaling service to dynamically adjust the number of instances of service based upon appropriate metrics, such as CPU utilization or active connections, without needing to concern yourself with the effect on underlying cluster capacity.
Chapter 13, Continuously Delivering ECS Applications, will establish a continuous delivery pipeline using the AWS CodePipeline service that integrates with GitHub to detect changes to your application source code and infrastructure deployment scripts, use the AWS CodeBuild service to run unit tests, build application artifacts and publish a Docker image using the sample application Docker workflow, and continuously deploy your application changes to AWS using the CloudFormation templates you have used so far in this book.
This will automatically deploy into an AWS development environment that you test, and then create a change set and manual approval action for deployment into production, providing you with a rapid and repeatable path to production for all of your applications new features and bug fixes.
Chapter 14, Fargate and ECS Service Discovery, will introduce AWS Fargate, which provides a solution that fully manages both the ECS service control plane and ECS clusters that you traditionally have to manage using the regular ECS service. You will deploy the AWS X-Ray daemon as an ECS service using Fargate, and configure ECS service discovery to dynamically publish your service endpoints using DNS and Route 53. This will allow you to add support for X-Ray tracing to your sample application, which can be used to trace incoming HTTP requests to your application and monitor AWS service calls, database calls, and other types of calls that are made to service each incoming request.
Chapter 15, Elastic Beanstalk, will provide an overview of the popular Platform-as-a-Service (PaaS) offering, which includes support for Docker applications. You will learn how to create an Elastic Beanstalk multi-container Docker application, establish an environment that consists of a managed EC2 instance, an RDS database instance, and an Application Load Balancer (ALB), and then extend the environment using various techniques to support the requirements of your Docker applications, such as volume mounts and running single-shot tasks per application deployment.
Chapter 16, Docker Swarm in AWS, will focus on how to run Docker Swarm clusters in AWS, using the Docker for AWS blueprint provided for Docker Swarm community edition. This blueprint provides you with a CloudFormation template that establishes a pre-configured Docker Swarm cluster in AWS within minutes, and features integrations with key AWS services such as the Elastic Load Balancing (ELB), Elastic File System (EFS) and Elastic Block Store (EBS) services. You will define a stack using Docker Compose, which configures a multi-service environment expressed in the familiar Docker Compose specification format, and learn how to configure key Docker Swarm resources such as services, volumes, and Docker secrets. You will learn how to create shared Docker volumes that are backed by EFS, relocatable Docker volumes backed by EBS that Docker Swarm will automatically reattach to new containers redeployed after a node failure, and publish an external service endpoint for your application using an ELB that is automatically created and managed for you by Docker Swarm. Â
Chapter 17, Elastic Kubernetes Service, introduces the newest container management platform offering from AWS, which is based on the popular open source Kubernetes platform. You will first set up Kubernetes in your local Docker Desktop environment, which includes native support for Kubernetes with the Docker 18.06 CE release, and learn how to create a complete environment for your Docker applications using a number of Kubernetes resources, including pods, deployments, services, secrets, persistent volumes, and jobs. You will then establish an EKS cluster in AWS, create an EC2 auto-scaling group that connects worker nodes to your cluster, and ensure your local Kubernetes client can authenticate and connect to the EKS control plane, after which you will deploy the Kubernetes dashboard to provide a comprehensive management interface for your cluster. Finally, you will define a default storage class that uses the Elastic Block Store (EBS) service for persistent volumes and then deploy your Docker applications to AWS, leveraging the same Kubernetes definitions you created earlier for your local environment, providing you with a powerful solution to quickly deploy Docker applications locally for development purposes, and then deploy straight to production using EKS.