AWS ECS Fargate installation
This page provides step-by-step instructions to deploy and run Containerized Masking on AWS ECS Fargate.
Installation steps
-
Upload masking images to ECR
-
Download the Containerized Masking images and upload them to AWS Elastic Container Registry (ECR).
-
To obtain the images, follow the details at Containerized masking installation.
-
Retrieve the uploaded image details from the ECR repositories to verify the images are uploaded.
-
-
Create an ECS task definition
-
Log in to AWS and navigate to ECS service -> Task definitions -> Create new task definition -> Create new task definition with JSON.
- Use the following JSON template, updating the image and tags as required:Copy
{
"taskDefinitionArn": "arn:aws:ecs:us-west-2:324155656331:task-definition/delphix-masking-def:44",
"containerDefinitions": [
{
"name": "database",
"image": "324155656331.dkr.ecr.us-west-2.amazonaws.com/masking:delphix-masking-database-20.0.0",
"cpu": 0,
"portMappings": [
{
"name": "database-5432-tcp",
"containerPort": 5432,
"hostPort": 5432,
"protocol": "tcp"
}
],
"essential": true,
"environment": [],
"environmentFiles": [],
"mountPoints": [
{
"sourceVolume": "masking-persistent-storage",
"containerPath": "/var/delphix/postgresql",
"readOnly": false
}
],
"volumesFrom": [],
"ulimits": [],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-create-group": "true",
"awslogs-group": "/ecs/delphix-masking-def",
"awslogs-region": "us-west-2",
"awslogs-stream-prefix": "ecs"
},
"secretOptions": []
},
"systemControls": []
},
{
"name": "app",
"image": "324155656331.dkr.ecr.us-west-2.amazonaws.com/masking:delphix-masking-app-20.0.0",
"cpu": 0,
"portMappings": [
{
"name": "app-8284-tcp",
"containerPort": 8284,
"hostPort": 8284,
"protocol": "tcp"
}
],
"essential": true,
"environment": [],
"environmentFiles": [],
"mountPoints": [
{
"sourceVolume": "app-persistent-storage",
"containerPath": "/var/delphix/masking",
"readOnly": false
}
],
"volumesFrom": [],
"dependsOn": [
{
"containerName": "database",
"condition": "START"
},
{
"containerName": "proxy",
"condition": "START"
}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-create-group": "true",
"awslogs-group": "/ecs/delphix-masking-def",
"awslogs-region": "us-west-2",
"awslogs-stream-prefix": "ecs"
},
"secretOptions": []
},
"systemControls": []
},
{
"name": "proxy",
"image": "324155656331.dkr.ecr.us-west-2.amazonaws.com/masking:delphix-masking-proxy-20.0.0",
"cpu": 0,
"portMappings": [
{
"name": "proxy-8080-tcp",
"containerPort": 8080,
"hostPort": 8080,
"protocol": "tcp",
"appProtocol": "http"
}
],
"essential": true,
"environment": [],
"environmentFiles": [],
"mountPoints": [],
"volumesFrom": [],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-create-group": "true",
"awslogs-group": "/ecs/delphix-masking-def",
"awslogs-region": "us-west-2",
"awslogs-stream-prefix": "ecs"
},
"secretOptions": []
},
"systemControls": []
}
],
"family": "delphix-masking-def",
"taskRoleArn": "arn:aws:iam::324155656331:role/ECSTaskExecutionRole",
"executionRoleArn": "arn:aws:iam::324155656331:role/ECSTaskExecutionRole",
"networkMode": "awsvpc",
"revision": 44,
"volumes": [
{
"name": "masking-persistent-storage",
"host": {}
},
{
"name": "app-persistent-storage",
"host": {}
}
],
"status": "ACTIVE",
"requiresAttributes": [
{
"name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
},
{
"name": "ecs.capability.execution-role-awslogs"
},
{
"name": "com.amazonaws.ecs.capability.ecr-auth"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
},
{
"name": "ecs.capability.increased-task-cpu-limit"
},
{
"name": "com.amazonaws.ecs.capability.task-iam-role"
},
{
"name": "ecs.capability.container-ordering"
},
{
"name": "ecs.capability.execution-role-ecr-pull"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
},
{
"name": "ecs.capability.task-eni"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.29"
}
],
"placementConstraints": [],
"compatibilities": [
"EC2",
"FARGATE"
],
"requiresCompatibilities": [
"FARGATE"
],
"cpu": "8192",
"memory": "16384",
"runtimePlatform": {
"cpuArchitecture": "X86_64",
"operatingSystemFamily": "LINUX"
},
"registeredAt": "2024-03-18T09:03:13.637Z",
"registeredBy": "arn:aws:sts::324155656331:assumed-role/one-login-devops-sandbox-unilog-masking_containerization-dev/anil.kumar@delphix.com",
"tags": [
{
"key": "dlpx:Owner",
"value": "anil.kumar@delphix.com"
},
{
"key": "dlpx:Project",
"value": "Masking"
},
{
"key": "Name",
"value": "task-def"
},
{
"key": "dlpx:Expiration",
"value": "never"
}
] - Create an ECS cluster
-
Navigate to ECS service -> Clusters-> Create Cluster.
-
Provide the required details and create the cluster.
-
- Deploy the service
Select the newly created cluster, navigate to the Services tab, and click Create.
Select the task definition from Step 2 and fill in the required deployment settings.
-
Access the masking UI
-
Once deployed, access the Masking UI using http://<ip/host>:8080/masking.
-
Additional Notes
-
Ensure you have the necessary AWS permissions to use ECS Fargate.
-
To use EFS, create two access points—one for the MDS container and another for the App container with the following similar configurations:
-
Access point for MDS container
-
Root directory Path: /var/delphix/postgresql
-
POSIX User:
-
User Id: 65436
-
Group Id: 50
-
Secondary group IDs: 999
-
-
Root directory creation permissions:
-
Owner User ID: 999
-
Owner Group Id: 999
-
Permissions: 0777
-
-
-
Access point for App container
-
Root directory Path: /var/delphix/masking
-
POSIX User:
-
User Id: 65436
-
Group Id: 50
-
Secondary group IDs: 999
-
-
Root directory creation permissions:
-
Owner User ID: 999
-
Owner Group Id: 999
-
Permissions: 0777
-
-
-
-
For more details on containerized masking volumes, network configuration, and other related settings, refer to the Containerized masking installation Guide.
-
For further details, refer to AWS ECS Documentation.
-
