Deploy with ECS Fargate
Overview
This deployment guide demonstrates how to deploy wasmCloud using Amazon's Elastic Container Service (ECS) Fargate service.
To follow this guide, you will need an Amazon Web Services account.
Install tools
This guide uses the Terraform CLI and a local installation of the wasmCloud Shell (wash
) CLI
Install Terraform CLI
On macOS, you can use Homebrew to install the Terraform CLI:
brew install hashicorp/tap/terraform
On Windows, you can use Chocolatey to install the Terraform CLI:
choco install terraform
Note that we recommend using Windows Subsystem for Linux (WSL) to run wash
on Windows, and you may wish to use the Linux instructions instead.
For installation on Linux distributions, see the documentation for Terraform CLI installation.
Install wash
Once wasmCloud is deployed to ECS Fargate, you can use the wasmCloud Shell (wash
) CLI to manage wasmCloud applications. If you do not have wash
installed locally, follow the instructions below.
On macOS, you can use Homebrew to install wash
:
brew install wasmcloud/wasmcloud/wash
On Ubuntu and Debian Linux, you can use apt
to install wash
:
curl -s https://packagecloud.io/install/repositories/wasmcloud/core/script.deb.sh | sudo bash
sudo apt install wash
We recommend using Windows Subsystem for Linux (WSL) to run wash
on Windows.
You can find more information about Windows installs—as well as other package managers and the option to install from source—on the installation page.
Verify that wash
is installed by running:
wash --version
Instance requirements
Below are the required elements of a wasmCloud deployment on ECS Fargate:
- 1x NATS instance
- Public Load Balancer exposing port 4222 (
wash
access) - Ephemeral Volume for Jetstream
- Public Load Balancer exposing port 4222 (
- 1x wasmCloud wadm instance
- 1x wasmCloud worker instance
- Autoscaling based on CPU usage
- Capacity: 1 min, 1 max (configurable)
- 1x wasmCloud ingress instance
- Public Load Balancer exposing port 80 (
http
access)
- Public Load Balancer exposing port 80 (
Deploy wasmCloud with Terraform
Download the Terraform files from the deploy/ecs-fargate
directory in the wasmCloud community contributions repository.
git clone https://github.com/wasmcloud/wasmcloud-contrib.git
cd deploy/ecs-fargate
Create a file named terraform.tvfars
with the following content:
aws_region = "us-east-2"
# If using aws cli profile (SSO), set it here
aws_profile = "enterprise-dev"
# CIDRs for wash access ( default none )
nats_allowed_cidrs = ["XX.XX.XX.XX/XX"]
# CIDRs for http access ( default 0.0.0/0 )
wasmcloud_allowed_cidrs = ["XX.XX.XX.XX/XX"]
Replace the X's in the nats_allowed_cidrs
and wasmcloud_allowed_cidrs
fields with your local CIDR block to allow connection with your local wash
via NATS (as well as HTTP access).
The permissiveness of allowed CIDRs is an important security consideration and should be evaluated carefully to minimize vulnerability.
Apply the Terraform configuration:
terraform init
terraform apply
Manage wasmCloud with wash
Create an environment variable connecting your local wash
CLI to your deployed wasmCloud host:
export WASMCLOUD_CTL_HOST="$(terraform output -raw nats_lb)"
Test wash
connectivity:
wash get inventory
Deploy and access applications
Once wash
is set up, deploy a sample application from the wasmcloud-on-ecs-fargate
directory:
wash app deploy ./hello-world-wadm.yaml
To access the application, create an environment variable connecting your local wash
CLI to the wasmCloud endpoint:
export WASMCLOUD_LB="$(terraform output -raw wasmcloud_public_lb)"
Test the application:
curl -i http://$WASMCLOUD_LB