You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: en/identity-server/next/docs/deploy/deployment-guide.md
+89-38Lines changed: 89 additions & 38 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -179,48 +179,99 @@ The following configurations need to be done in both the WSO2 Identity Server no
179
179
180
180
??? tip "Click to see the instructions for the AWS ECS membership scheme"
181
181
182
-
1. Create a working AWS ECS Cluster. Note the following when creating a cluster.
183
-
- Select the `EC2 instance` type.
184
-
- Note the `name` and `VPC CIDR block` of the cluster, as you will require them later for configurations.
185
-
- Ensure that the `Container instance IAM role` that you assign to the ECS cluster has the following permission policy attached.
182
+
AWS ECS supports two launch types: **EC2** and **Fargate**. Choose the appropriate configuration based on your deployment preference.
183
+
184
+
??? info "EC2 Launch Type Configuration"
185
+
186
+
1. Create a working AWS ECS Cluster with EC2 launch type. Note the following when creating a cluster.
187
+
- Select the `EC2 instance` launch type.
188
+
- Note the `name` and `VPC CIDR block` of the cluster, as you will require them later for configurations.
189
+
- Ensure that the `Container instance IAM role` that you assign to the ECS cluster has the following permission policy attached.
190
+
```
191
+
{ "Version": "2012-10-17",
192
+
"Statement":
193
+
[
194
+
{
195
+
"Effect": "Allow",
196
+
"Action":
197
+
[
198
+
"ec2:DescribeAvailabilityZones",
199
+
"ec2:DescribeInstances"
200
+
],
201
+
"Resource": [ "*" ]
202
+
}
203
+
]
204
+
}
205
+
206
+
```
207
+
- Make sure that the security group of the cluster instances has an inbound rule to allow incoming traffic on the Hazelcast default port range `(5701 - 5708)`. It is advised to restrict access to instances in the same security group for this inbound rule.
208
+
209
+
2. Create a `deployment.toml` file in a preferred directory and add the following configurations.
186
210
```
187
-
{ "Version": "2012-10-17",
188
-
"Statement":
189
-
[
190
-
{
191
-
"Effect": "Allow",
192
-
"Action":
193
-
[
194
-
"ec2:DescribeAvailabilityZones",
195
-
"ec2:DescribeInstances"
196
-
],
197
-
"Resource": [ "*" ]
198
-
}
199
-
]
200
-
}
201
-
211
+
[clustering]
212
+
membership_scheme = "aws-ecs"
213
+
214
+
[clustering.properties]
215
+
region = "us-east-1"
216
+
clusterName = "ECS-IS-CLUSTER"
217
+
hostHeader = "ec2"
218
+
vpcCidrBlock = "10.0.*.*"
219
+
tagValue = "a_tag_value"
202
220
```
203
-
- Make sure that the security group of the cluster instances has an inbound rule to allow incoming traffic on the Hazelcast default port range `(5701 - 5708)`. It is advised to restrict access to instances in the same security group for this inbound rule.
204
-
205
-
2. Create a `deployment.toml` file in a preferred directory and add the following configurations.
206
-
```
207
-
[clustering]
208
-
membership_scheme = "aws-ecs"
209
-
210
-
[clustering.properties]
211
-
region = "us-east-1"
212
-
clusterName = "ECS-IS-CLUSTER"
213
-
hostHeader = "ec2"
214
-
vpcCidrBlock = "10.0.*.*"
215
-
tagValue = "a_tag_value"
216
-
```
217
-
Under the `clustering.properties` section, set the `region`, `clusterName`, `tagValue` and `vpcCidrBlock` based on the AWS ECS cluster you created in the previous step. The `tagValue` is derived from the auto-generated tag `aws:cloudformation:stack-name` in the AWS cluster. If the `aws:cloudformation:stack-name` tag is not available in the cluster or you prefer to use a custom tag, make sure to specify both the `tagKey` and `tagValue`.
221
+
Under the `clustering.properties` section, set the `region`, `clusterName`, `tagValue` and `vpcCidrBlock` based on the AWS ECS cluster you created in the previous step. The `tagValue` is derived from the auto-generated tag `aws:cloudformation:stack-name` in the AWS cluster. If the `aws:cloudformation:stack-name` tag is not available in the cluster or you prefer to use a custom tag, make sure to specify both the `tagKey` and `tagValue`.
222
+
223
+
!!! note
224
+
As only the `host` network mode is supported for EC2 launch type, the `hostHeader` value should be set to `"ec2"` in the `clustering.properties` section.
225
+
226
+
!!! note
227
+
Once all the configurations are complete, build a docker image including the configurations. You can use this Docker image to create a `Task Definition`, and make sure to set the network mode to `host` in the definition. Then run a new `Service` or a `Task` on the `AWS ECS cluster` you created.
228
+
229
+
??? info "Fargate Launch Type Configuration"
230
+
231
+
1. Create a working AWS ECS Cluster with Fargate launch type. Note the following when creating a cluster.
232
+
- Select the `Fargate` launch type.
233
+
- Note the `name` and `VPC CIDR block` of the cluster, as you will require them later for configurations.
234
+
- Ensure that the `Task execution role` has the following permissions:
235
+
```
236
+
{ "Version": "2012-10-17",
237
+
"Statement":
238
+
[
239
+
{
240
+
"Effect": "Allow",
241
+
"Action":
242
+
[
243
+
"ecs:ListTasks",
244
+
"ecs:DescribeTasks",
245
+
"ec2:DescribeNetworkInterfaces"
246
+
],
247
+
"Resource": [ "*" ]
248
+
}
249
+
]
250
+
}
251
+
252
+
```
253
+
- Make sure that the security group of the cluster instances has an inbound rule to allow incoming traffic on the Hazelcast default port range `(5701 - 5708)`. It is advised to restrict access to instances in the same security group for this inbound rule.
254
+
255
+
2. Create a `deployment.toml` file in a preferred directory and add the following configurations.
256
+
```
257
+
[clustering]
258
+
membership_scheme = "aws-ecs"
259
+
260
+
[clustering.properties]
261
+
region = "us-east-1"
262
+
clusterName = "ECS-IS-CLUSTER-FARGATE"
263
+
hostHeader = "ecs"
264
+
vpcCidrBlock = "10.0.*.*"
265
+
tagKey = "a_tag_key"
266
+
tagValue = "a_tag_value"
267
+
```
268
+
Under the `clustering.properties` section, set the `region`, `clusterName`, `tagKey`, `tagValue` and `vpcCidrBlock` based on the AWS ECS cluster you created in the previous step. Make sure to specify both the `tagKey` and `tagValue` as Fargate tasks do not have the `aws:cloudformation:stack-name` tag by default.
218
269
219
-
!!! note
220
-
As only the `host` network mode is supported, the `hostHeader` value should be set to `"ec2"` in the `clustering.properties` section.
270
+
!!! note
271
+
For Fargate launch type, the `hostHeader` value should be set to `"ecs"` in the `clustering.properties` section as Fargate uses `awsvpc` network mode.
221
272
222
-
!!! note
223
-
Once all the configurations are complete, build a docker image including the configurations. You can use this Docker image to create a `Task Definition`, and make sure to set the network mode to `host` in the definition. Then run a new `Service` or a `Task` on the `AWS ECS cluster` you created.
273
+
!!! note
274
+
Once all the configurations are complete, build a docker image including the configurations. You can use this Docker image to create a `Task Definition` for Fargate. The network mode will be automatically set to `awsvpc` for Fargate tasks. Then run a new `Service` on the `AWS ECS cluster` you created.
224
275
225
276
??? tip "Click to see the instructions for the AWS EC2 membership scheme"
0 commit comments