Deploy with ECS Fargate
Overview
This deployment guide demonstrates how to deploy wasmCloud using Amazon's Elastic Container Service (ECS) Fargate service.
To follow this guide, you will need an Amazon Web Services account.
Install tools
This guide uses the Terraform CLI and a local installation of the wasmCloud Shell (wash) CLI
Install Terraform CLI
On macOS, you can use Homebrew to install the Terraform CLI:
brew install hashicorp/tap/terraform
On Windows, you can use Chocolatey to install the Terraform CLI:
choco install terraform
For installation on Linux distributions, see the documentation for Terraform CLI installation.
Install wash
Once wasmCloud is deployed to ECS Fargate, you can use the wasmCloud Shell (wash) CLI to manage wasmCloud applications. If you do not have wash installed locally, follow the instructions below.
On macOS, you can use Homebrew to install wash:
brew install wasmcloud/wasmcloud/wash
On Ubuntu and Debian Linux, you can use apt to install wash:
curl -s https://packagecloud.io/install/repositories/wasmcloud/core/script.deb.sh | sudo bash
sudo apt install wash
On Windows, you can use Chocolatey to install wash:
choco install wash
We support other package managers and the option to install from source. If you'd like to use a different installation method, see the Installation page.
Verify that wash is installed by running:
wash --version
Instance requirements
Below are the required elements of a wasmCloud deployment on ECS Fargate:
- 1x NATS instance
- Public Load Balancer exposing port 4222 (
washaccess) - Ephemeral Volume for Jetstream
- Public Load Balancer exposing port 4222 (
- 1x wasmCloud wadm instance
- 1x wasmCloud worker instance
- Autoscaling based on CPU usage
- Capacity: 1 min, 1 max (configurable)
- 1x wasmCloud ingress instance
- Public Load Balancer exposing port 80 (
httpaccess)
- Public Load Balancer exposing port 80 (
Deploy wasmCloud with Terraform
Download the Terraform files from the deploy/ecs-fargate directory in the wasmCloud community contributions repository.
git clone https://github.com/wasmcloud/wasmcloud-contrib.git
cd deploy/ecs-fargate
Create a file named terraform.tvfars with the following content:
aws_region = "us-east-2"
# If using aws cli profile (SSO), set it here
aws_profile = "enterprise-dev"
# CIDRs for wash access ( default none )
nats_allowed_cidrs = ["XX.XX.XX.XX/XX"]
# CIDRs for http access ( default 0.0.0/0 )
wasmcloud_allowed_cidrs = ["XX.XX.XX.XX/XX"]
Replace the X's in the nats_allowed_cidrs and wasmcloud_allowed_cidrs fields with your local CIDR block to allow connection with your local wash via NATS (as well as HTTP access).
The permissiveness of allowed CIDRs is an important security consideration and should be evaluated carefully to minimize vulnerability.
Apply the Terraform configuration:
terraform init
terraform apply
Manage wasmCloud with wash
Create an environment variable connecting your local wash CLI to your deployed wasmCloud host:
export WASMCLOUD_CTL_HOST="$(terraform output -raw nats_lb)"
Test wash connectivity:
wash get inventory
Deploy and access applications
Once wash is set up, deploy a sample application from the wasmcloud-on-ecs-fargate directory:
wash app deploy ./hello-world-wadm.yaml
To access the application, create an environment variable connecting your local wash CLI to the wasmCloud endpoint:
export WASMCLOUD_LB="$(terraform output -raw wasmcloud_public_lb)"
Test the application:
curl -i http://$WASMCLOUD_LB