Deploy with ECS Fargate
Overview
This deployment guide demonstrates how to deploy wasmCloud using Amazon's Elastic Container Service (ECS) Fargate service.
To follow this guide, you will need an Amazon Web Services account.
Install tools
This guide uses the Terraform CLI and a local installation of the wasmCloud Shell (wash) CLI
Install Terraform CLI
On macOS, you can use Homebrew to install the Terraform CLI:
brew install hashicorp/tap/terraformOn Windows, you can use Chocolatey to install the Terraform CLI:
choco install terraformNote that we recommend using Windows Subsystem for Linux (WSL) to run wash on Windows, and you may wish to use the Linux instructions instead.
For installation on Linux distributions, see the documentation for Terraform CLI installation.
Install wash
Once wasmCloud is deployed to ECS Fargate, you can use the wasmCloud Shell (wash) CLI to manage wasmCloud applications. If you do not have wash installed locally, follow the instructions below.
On macOS, you can use Homebrew to install wash:
brew install wasmcloud/wasmcloud/washOn Ubuntu and Debian Linux, you can use apt to install wash:
curl -s https://packagecloud.io/install/repositories/wasmcloud/core/script.deb.sh | sudo bashsudo apt install washWe recommend using Windows Subsystem for Linux (WSL) to run wash on Windows.
You can find more information about Windows installs—as well as other package managers and the option to install from source—on the installation page.
Verify that wash is installed by running:
wash --versionInstance requirements
Below are the required elements of a wasmCloud deployment on ECS Fargate:
- 1x NATS instance
- Public Load Balancer exposing port 4222 (
washaccess) - Ephemeral Volume for Jetstream
- Public Load Balancer exposing port 4222 (
- 1x wasmCloud wadm instance
- 1x wasmCloud worker instance
- Autoscaling based on CPU usage
- Capacity: 1 min, 1 max (configurable)
- 1x wasmCloud ingress instance
- Public Load Balancer exposing port 80 (
httpaccess)
- Public Load Balancer exposing port 80 (
Deploy wasmCloud with Terraform
Download the Terraform files from the deploy/ecs-fargate directory in the wasmCloud community contributions repository.
git clone https://github.com/wasmcloud/contrib.gitcd deploy/ecs-fargateCreate a file named terraform.tvfars with the following content:
aws_region = "us-east-2"
# If using aws cli profile (SSO), set it here
aws_profile = "enterprise-dev"
# CIDRs for wash access ( default none )
nats_allowed_cidrs = ["XX.XX.XX.XX/XX"]
# CIDRs for http access ( default 0.0.0/0 )
wasmcloud_allowed_cidrs = ["XX.XX.XX.XX/XX"]Replace the X's in the nats_allowed_cidrs and wasmcloud_allowed_cidrs fields with your local CIDR block to allow connection with your local wash via NATS (as well as HTTP access).
The permissiveness of allowed CIDRs is an important security consideration and should be evaluated carefully to minimize vulnerability.
Apply the Terraform configuration:
terraform initterraform applyManage wasmCloud with wash
Create an environment variable connecting your local wash CLI to your deployed wasmCloud host:
export WASMCLOUD_CTL_HOST="$(terraform output -raw nats_lb)"Test wash connectivity:
wash get inventoryDeploy and access applications
Once wash is set up, deploy a sample application from the wasmcloud-on-ecs-fargate directory:
wash app deploy ./hello-world-wadm.yamlTo access the application, create an environment variable connecting your local wash CLI to the wasmCloud endpoint:
export WASMCLOUD_LB="$(terraform output -raw wasmcloud_public_lb)"Test the application:
curl -i http://$WASMCLOUD_LB