Skip to main content
Version: 1.x

Deploy with ECS Fargate

Overview

This deployment guide demonstrates how to deploy wasmCloud using Amazon's Elastic Container Service (ECS) Fargate service.

To follow this guide, you will need an Amazon Web Services account.

Install tools

This guide uses the Terraform CLI and a local installation of the wasmCloud Shell (wash) CLI

Install Terraform CLI

On macOS, you can use Homebrew to install the Terraform CLI:

shell
brew install hashicorp/tap/terraform

On Windows, you can use Chocolatey to install the Terraform CLI:

shell
choco install terraform

Note that we recommend using Windows Subsystem for Linux (WSL) to run wash on Windows, and you may wish to use the Linux instructions instead.

For installation on Linux distributions, see the documentation for Terraform CLI installation.

Install wash

Once wasmCloud is deployed to ECS Fargate, you can use the wasmCloud Shell (wash) CLI to manage wasmCloud applications. If you do not have wash installed locally, follow the instructions below.

On macOS, you can use Homebrew to install wash:

shell
brew install wasmcloud/wasmcloud/wash

On Ubuntu and Debian Linux, you can use apt to install wash:

shell
curl -s https://packagecloud.io/install/repositories/wasmcloud/core/script.deb.sh | sudo bash
shell
sudo apt install wash

We recommend using Windows Subsystem for Linux (WSL) to run wash on Windows.

You can find more information about Windows installs—as well as other package managers and the option to install from source—on the installation page.

Verify that wash is installed by running:

shell
wash --version

Instance requirements

Below are the required elements of a wasmCloud deployment on ECS Fargate:

  • 1x NATS instance
    • Public Load Balancer exposing port 4222 (wash access)
    • Ephemeral Volume for Jetstream
  • 1x wasmCloud wadm instance
  • 1x wasmCloud worker instance
    • Autoscaling based on CPU usage
    • Capacity: 1 min, 1 max (configurable)
  • 1x wasmCloud ingress instance
    • Public Load Balancer exposing port 80 (http access)

Deploy wasmCloud with Terraform

Download the Terraform files from the deploy/ecs-fargate directory in the wasmCloud community contributions repository.

shell
git clone https://github.com/wasmcloud/wasmcloud-contrib.git
shell
cd deploy/ecs-fargate

Create a file named terraform.tvfars with the following content:

hcl
aws_region              = "us-east-2"

# If using aws cli profile (SSO), set it here
aws_profile             = "enterprise-dev"

# CIDRs for wash access ( default none )
nats_allowed_cidrs      = ["XX.XX.XX.XX/XX"]

# CIDRs for http access ( default 0.0.0/0 )
wasmcloud_allowed_cidrs = ["XX.XX.XX.XX/XX"]

Replace the X's in the nats_allowed_cidrs and wasmcloud_allowed_cidrs fields with your local CIDR block to allow connection with your local wash via NATS (as well as HTTP access).

Security note

The permissiveness of allowed CIDRs is an important security consideration and should be evaluated carefully to minimize vulnerability.

Apply the Terraform configuration:

shell
terraform init
shell
terraform apply

Manage wasmCloud with wash

Create an environment variable connecting your local wash CLI to your deployed wasmCloud host:

shell
export WASMCLOUD_CTL_HOST="$(terraform output -raw nats_lb)"

Test wash connectivity:

shell
wash get inventory

Deploy and access applications

Once wash is set up, deploy a sample application from the wasmcloud-on-ecs-fargate directory:

shell
wash app deploy ./hello-world-wadm.yaml

To access the application, create an environment variable connecting your local wash CLI to the wasmCloud endpoint:

shell
export WASMCLOUD_LB="$(terraform output -raw wasmcloud_public_lb)"

Test the application:

shell
curl -i http://$WASMCLOUD_LB