ECS is an AWS service for deploying containers. In this lab, we will deploy our guestbook application to ECS backed by a DynamoDB database.

To begin with, in your local Ubuntu VM checkout the course repository and change into the code directory.

git clone
cd cs430-src/05_aws_dynamodb

View the Dockerfile. We will run the application using gunicorn which is installed by pip from requirements.txt.


# Use the AWS Linux container as the base image
FROM python:alpine

# Specify your e-mail address as the maintainer of the container image

# Copy the contents of the current directory into the container directory /app
COPY . /app

# Set the working directory of the container to /app

# Install the Python packages specified by requirements.txt into the container
RUN pip install -r requirements.txt

# Set the parameters to the program
CMD exec gunicorn --bind :${PORT:-80} --workers 1 --threads 8 application:application

Make a single edit to this file before using it. In the MAINTAINER line, specify your name and PSU e-mail address for the container image that will be built.

Examine requirements.txt. We install flask and gunicorn, and also boto3 to interact with DynamoDB.


# Web framework

# AWS libraries

# Python WSGI HTTP server (connects web servers such as nginx to app)

Build the docker image locally

docker build -f Dockerfile -t aws_gb .

Publish the container image to the Docker Hub registry. Login to Docker Hub

docker login

Tag the image with your Docker Hub user ID. Run the following command, replacing <dockerhub_id> with your own (e.g. wuchangfeng):

docker tag aws_gb <dockerhub_id>/aws_gb

Push the image to Docker Hub

docker push <dockerhub_id>/aws_gb

Show that your image was uploaded to your account on Docker Hub.

Docker images are run as tasks in the ECS service. We need to create an IAM role that will grant permission to our container instance to make calls to DynamoDB on our behalf.

We will use our AWS Educate Starter Account in Vocareum for this lab. Log into the AWS management console and find the IAM service

Click on Roles in the left navigation, and then click on the Create Role button

Leave AWS Service selected and click on Elastic Container Service in the list of services. Select Elastic Container Service Task for the use case and the click the Next: Permissions button

Type "dynamodb" in the filter box and check the AmazonDynamoDBFullAccess box.

Click on the Next buttons until you get to the Review page. Name the role ecsDynamoDBTaskRole.

Click on the Create Role button and the role will be created.

We will now prepare an ECS task definition. A task definition is required to run a Docker image on ECS as a task.

Open the ECS service in the AWS management console

Select Task Definition and click the Create new Task Definition button

Select the Fargate compatibility type and click on the Next Step button. Name your task definition guestbook and select ecsDynamoDBTaskRole for the Task Role.

We won't need to run on a powerful task for this lab. Select 0.5GB for the Task Memory and 0.25 vCPU for the Task CPU.

Click on the Add container button. Use guestbook for the Container name and the image location on Docker Hub for Image (replace bgins with your Docker Hub user ID). Create a Port Mapping for port 80, then click on the Add button.

Scroll to the bottom of the page and click the Create button and View task definition when the creation process finishes. You should have a Task Definition that looks like this

Select Clusters on the left navigation and click on the Create Cluster button

Leave the cluster template set to Networking only and click on the Next step button. On the Configure cluster screen, name the cluster guestbook-cluster and click on the Create button. If you see an error about a missing service role, try again.

Once the cluster creation is complete, click on View Cluster.

Next, we will create a service in our cluster. A service gives us a way to autoscale tasks and load balance to distribute traffic among them. Select the Services tab and click Create.

Select FARGATE for the launch type and guestbook for the task definition. We will set the number of tasks to 1 for this lab, but you could add more tasks and set up a load balancer while creating the service. Use guestbook-service for the Service Name.

Click on Next Step. Select the first option for Cluster VPC and Subnets.

Uncheck the Enable service discovery checkbox in the Service discovery section right above where you see an error. This error shows up because we don't have permissions to use service discovery in our AWS Starter accounts.

Click on Next step at the bottom of the page. Click on Next step in Set Auto Scaling (optional), we won't use auto scaling for this lab. Review the service configuration and then click on Create Service. When creation is complete, click on View Service.

At this point, the Guestbook should be running in a Task. Click on the task ID in the Tasks tab in the guestbook-cluster. The task ID in the screenshot below starts with fabf00aa4.

Take a screenshot like the one shown below that shows the running task

Copy the public IP and open it in a browser window. Add an entry with the message "Hello ECS!". Open the same IP address in another browser window, and your entry should be there!

Show your Guestbook app running in a browser. Make sure that your screenshot shows the IP address for your site.

Running the service can get expensive. Select the guestbook-service in the guestbook-cluster and click on the Update button. Set the number of tasks to 0 in the first step, then click Next through remaining steps and Update Service at the end.

After a moment, your guestbook-cluster should look like

ECS charges for the most part come from running tasks, so you can keep the cluster and service definitions in place if you would like.