Deployment with Amazon ECS
The Docker Compose CLI is fully integrated with Amazon Elastic Container Service (ECS). It allows to create / manage the task definitions, tasks, services using Compose YAML configuration files. Docker Compose CLI relies on CloudFormation to manage AWS Resources.
Docker allows to define the platform in declarative way. Switching between local and ECS environments is as easy as switching Docker Context (any addtional AWS configurations exists in the Docker Compose YAML file).
Setting up the WebSight CMS CE environment in AWS presented in this tutorial is not in the AWS Free Tier. If you run the instance according to this guide, the costs will incur (~3$/day).
After finishing Creating and developing WebSight CMS project guide you should already have:
- Docker installed and running on your local machine.
- Java 17 (e.g. AdoptOpenJDK 17) and Maven installed on your local machine.
To complete this tutorial, you will additionally need:
Step 1: AWS configuration
- Registering a new domain with
- Request a public certificate using
AWS Certificate Manager.
- Validate domain ownership for the created public certificate.
- Create two private image repositories:
- Set the CMS image
- Set the Nginx image
- Set the CMS image
Step 2: Project configuration
In this step, we will start from the project generated in the Setup guide and update Docker and Maven configuration files.
For simplicity, we set remote environment configuration in the same repository as the project.
environment/remote/mongo_password.txtfiles and fill them with random password (both should be single-line documents).
cmsservice definition to:
cms: image: <CMS_ECR_IMAGE_URI> deploy: resources: limits: cpus: '0.5' memory: 2048M ports: - target: 8080 published: 8080 x-aws-protocol: http environment: - WS_ADMIN_USERNAME=wsadmin - MONGODB_HOST=mongo - MONGODB_PORT=27017 - MONGODB_USERNAME=mongoadmin volumes: - cms_logs:/websight/logs - site_repository:/websight/docroot secrets: - source: admin_password target: admin.password - source: mongo_password target: mongo.password depends_on: - mongo
mongoservice definition to:
nginxservice definition to:
x-aws-cloudformationsection with Load Balancer configuration:
x-aws-cloudformation: Resources: Cms8080TargetGroup: Properties: HealthCheckProtocol: HTTP HealthCheckPort: 8080 HealthCheckPath: /system/health Matcher: HttpCode: 200 Nginx80TargetGroup: Properties: HealthCheckProtocol: HTTP HealthCheckPort: 80 HealthCheckPath: /health Matcher: HttpCode: 200 Cms8080Listener: Properties: Certificates: - CertificateArn: "<CERTIFICATE_ARN>" Protocol: HTTPS Port: 8443 Nginx80Listener: Properties: Certificates: - CertificateArn: "<CERTIFICATE_ARN>" Protocol: HTTPS Port: 443
CERTIFICATE_ARN- replace with ARN of the certificate generated in AWS Configuration step.
- Create Docker ECS context named
docker context create ecs ws-ecs
distribution/src/main/docker/nginx/default.confNginx config with additional health endpoint:
To find more information about using Docker Compose with AWS Elastic Container Service, please read Deploying Docker containers on ECS.
io.fabric8:docker-maven-pluginplugin configuration in
- Add the following
buildxextension to cms and nginx images
- Add the following
- Add the following
<docker.skip.push>true</docker.skip.push>property to the main
Alternatively, you can check the above configuration in WebSight Starter Distribution POM (where Maven profiles are used).
Step 3: Build and deployment
- Log in to ECR.
- In the project root run
mvn clean install -D docker.cms-project.name=<CMS_ECR_IMAGE_URI> -D docker.nginx.name=<NGINX_ECR_IMAGE_URI> -D docker.skip.push=false.
- Switch Docker context to ECS
docker context use ws-ecs.
docker compose --project-name "websight-in-aws" up. It may take a couple of minutes to finish.
- Route your domain to Application Load Balancer (that was created by the Docker Compose in the previous step) by creating a new Hosted Zone.
Step 4: Verification
- Check ECS Console and see if all cluster services are running.
- Open WebSight CMS CE admin panel on
<your-domain>:8443. Use the
wsadminas login and content of
To stop incurring AWS costs, follow these steps:
docker compose --project-name "websight-in-aws" down. It may take a couple of minutes.
- Delete EFS file systems for
- Delete Route53 Hosted Zone created in Deployment step.
- Delete certificate created in AWS Configuration step.
- Delete ECR repositories created in AWS Configuration step.
AWS best practices
This section descirbes best practices for deploying WebSight CE DXP to AWS ECS.
Logs and monitoring
It is always worth configuring logs and observing basic metrics for your instance.
Thanks to the Docker Compose integration with AWS ECS, the AWS CloudWatch Logs service is automatically configured for your containers.
Additionally, you can monitor basic metrics thanks to the CloudWatch metrics for the Fargate launch type.
Use Docker secrets for storing any sensitive data (like passwords, tokens, etc.). Docker Compose integration with AWS ECS creates a new secret in the AWS Secrets Manager for each secred defined in the compose configuration file. See the examples below.
Custom CMS admin credentials
WebSight CE CMS enables configuring a custom admin username and password. The default values for admin user username/password are
You can configure a custom username with
WS_ADMIN_USERNAME environment variable.
To configure a custom password use
admin.password secret. You will need secret files available at deploy time next to the compose file:
Custom MongoDB password
By default, ECS Tasks configured by the Docker Compose integration have public IP assigned. Therefore, you should consider securing MongoDB, which by default starts with no username/password configured. Read more about securing MongoDB containers here.