In AWS we have several ways to deploy Django (and not Django applications) with Docker. We can use ECS or EKS clusters. If we don’t have one ECS or Kubernetes cluster up and running, maybe it can be complex. Today I want to show how deploy a Django application in production mode within a EC2 host. Let’s start.
I’m getting older to provision one host by hand I prefer to use docker. The idea is create one EC2 instance (one simple Amazon Linux AMI AWS-supported image). This host don’t have docker installed. We need to install it. When we launch one instance, when we’re configuring the instance, we can specify user data to configure an instance or run a configuration script during launch.
We only need to put this shell script to set up docker
yum update -y
yum install -y docker
usermod -a -G docker ec2-user
curl -L https://github.com/docker/compose/releases/download/1.25.5/docker-compose-\`uname -s\`-\`uname -m\` | sudo tee /usr/local/bin/docker-compose > /dev/null
chmod +x /usr/local/bin/docker-compose
service docker start
chkconfig docker on
rm /etc/localtime
ln -s /usr/share/zoneinfo/Europe/Madrid /etc/localtime
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
docker swarm init
We also need to attach one IAM role to our instance. This IAM role only need to allow us the following policies:
- AmazonEC2ContainerRegistryReadOnly (because we’re going to use AWS ECR as container registry)
- CloudWatchAgentServerPolicy (because we’re going to emit our logs to Cloudwatch)
Also we need to set up a security group to allow incoming SSH connections to port 22 and HTTP connections (in our example to port 8000)
When we launch our instance we need to provide a keypair to connect via ssh. I like to put this keypair in my .ssh/config
Host xxx.eu-central-1.compute.amazonaws.com User ec2-user Identityfile ~/.ssh/keypair-xxx.pem
To deploy our application we need to follow those steps:
- Build our docker images
- Push our images to a container registry (in this case ECR)
- Deploy the application.
I’ve created a simple shell script called deploy.sh to perform all tasks:
#!/usr/bin/env bash
set -a
\[ -f deploy.env \] && . deploy.env
set +a
echo "$(tput setaf 1)Building docker images ...$(tput sgr0)"
docker build -t ec2-web -t ec2-web:latest -t $ECR/ec2-web:latest .
docker build -t ec2-nginx -t $ECR/ec2-nginx:latest .docker/nginx
echo "$(tput setaf 1)Pusing to ECR ...$(tput sgr0)"
aws ecr get-login-password --region $REGION --profile $PROFILE |
docker login --username AWS --password-stdin $ECR
docker push $ECR/ec2-web:latest
docker push $ECR/ec2-nginx:latest
CMD="docker stack deploy -c $DOCKER\_COMPOSE\_YML ec2 --with-registry-auth"
echo "$(tput setaf 1)Deploying to EC2 ($CMD)...$(tput sgr0)"
echo "$CMD"
DOCKER\_HOST="ssh://$HOST" $CMD
echo "$(tput setaf 1)Building finished $(date +'%Y%m%d.%H%M%S')$(tput sgr0)"
This script assumes that there’s a deploy.env file with our personal configuration (AWS profile, the host of the EC2, instance, The ECR and things like that)
PROFILE=xxxxxxx
DOKER\_COMPOSE\_YML=docker-compose.yml
HOST=ec2-user@xxxx.eu-central-1.compute.amazonaws.com
ECR=9999999999.dkr.ecr.eu-central-1.amazonaws.com
REGION=eu-central-1
In this example I’m using docker swarm to deploy the application. I want to play also with secrets. This dummy application don’t have any sensitive information but I’ve created one “ec2.supersecret” variable
echo "super secret text" | docker secret create ec2.supersecret -
That’s the docker-compose.yml file:
version: '3.8'
services:
web:
image: 999999999.dkr.ecr.eu-central-1.amazonaws.com/ec2-web:latest
command: /bin/bash ./docker-entrypoint.sh
environment:
DEBUG: 'False'
secrets:
- ec2.supersecret
deploy:
replicas: 1
logging:
driver: awslogs
options:
awslogs-group: /projects/ec2
awslogs-region: eu-central-1
awslogs-stream: app
volumes:
- static_volume:/src/staticfiles
nginx:
image: 99999999.dkr.ecr.eu-central-1.amazonaws.com/ec2-nginx:latest
deploy:
replicas: 1
logging:
driver: awslogs
options:
awslogs-group: /projects/ec2
awslogs-region: eu-central-1
awslogs-stream: nginx
volumes:
- static_volume:/src/staticfiles:ro
ports:
- 8000:80
depends_on:
- web
volumes:
static_volume:
secrets:
ec2.supersecret:
external: true
And that’s all. Maybe ECS or EKS are better solutions to deploy docker applications in AWS, but we also can deploy easily to one docker host in a EC2 instance that it can be ready within a couple of minutes.
Source code in my github