The latest articles on Forem by JM Rifkhan (@rifkhan107). https://forem.com/rifkhan107 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F653360%2Fe9f7eccf-f292-4dce-b9c2-f0b329d260e5.jpeg https://forem.com/rifkhan107 en JM Rifkhan Tue, 11 Nov 2025 10:51:19 +0000 https://forem.com/aws-builders/deploying-ml-models-to-production-aws-lambda-vs-ecs-vs-eks-a-data-driven-comparison-8ib https://forem.com/aws-builders/deploying-ml-models-to-production-aws-lambda-vs-ecs-vs-eks-a-data-driven-comparison-8ib <p><em>A comprehensive, hands-on guide to choosing the right AWS platform for your ML inference workloads</em></p> <h2> Introduction </h2> <p>"Which AWS platform should I use to deploy my machine learning model?"</p> <p>As an AWS Community Builder working with ML teams, I hear this question constantly. The answer is always the same: "It depends." But on what, exactly? Cost? Performance? Team expertise? Scale?</p> <p>Instead of giving theoretical advice, I decided to build something concrete: a production-ready sentiment analysis model deployed across all three major AWS container orchestration platforms Lambda, ECS Fargate, and EKS then benchmark them rigorously with real load tests and actual cost calculations.</p> <p>The results surprised me. Lambda isn't always cheaper. EKS isn't always faster. And for most teams, the "obvious" choice might be wrong.</p> <p>In this post, I'll share everything I learned building this end-to-end MLOps project, including:</p> <ul> <li>Complete implementation details with code</li> <li>Real performance benchmarks (10,000+ requests tested)</li> <li>Actual AWS cost breakdowns at different scales</li> <li>A decision framework for choosing the right platform</li> <li>Production deployment best practices</li> </ul> <p>By the end, you'll have a clear, data-driven understanding of when to use each platform and a complete reference implementation you can deploy yourself.</p> <p><strong>Full project repository:</strong> Available at the end of this post with all code, Infrastructure as Code, and documentation.</p> <h2> The Challenge: Deploying ML Models at Scale </h2> <p>Machine learning models are fundamentally different from traditional web applications. They:</p> <ul> <li>Require significant memory (often 1-10GB for transformer models)</li> <li>Have cold start penalties (model loading takes seconds)</li> <li>Need GPU acceleration for some workloads</li> <li>Consume varying CPU based on input size</li> <li>Must scale quickly under traffic spikes</li> </ul> <p>These unique requirements mean traditional deployment advice doesn't always apply. A platform perfect for a REST API might be terrible for ML inference and vice versa.</p> <h2> What We're Building </h2> <p>I built a complete MLOps pipeline for sentiment analysis using:</p> <p><strong>Model:</strong> DistilBERT (a lightweight BERT variant)</p> <ul> <li>Size: ~250MB</li> <li>Task: Classify text as POSITIVE or NEGATIVE</li> <li>Accuracy: 92.3% on IMDb dataset</li> <li>Inference time: 100-300ms per request</li> </ul> <p><strong>API:</strong> FastAPI application with:</p> <ul> <li>Single prediction endpoint (<code>/predict</code>)</li> <li>Batch prediction endpoint (<code>/predict/batch</code>)</li> <li>Health checks (<code>/health</code>)</li> <li>Prometheus metrics (<code>/metrics</code>)</li> </ul> <p><strong>Infrastructure:</strong> Everything deployed using:</p> <ul> <li>Terraform for all AWS resources</li> <li>Docker for containerization</li> <li>Kubernetes manifests for EKS</li> <li>Locust for load testing</li> </ul> <p>The beauty of this approach: <strong>identical code</strong> running on three different platforms, making our comparison truly apples-to-apples.</p> <h2> Architecture Overview </h2> <p>Here's the high-level architecture that's consistent across all platforms:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpx88zlifufsjzb4m5zhg.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpx88zlifufsjzb4m5zhg.png" alt="Overall System Architecture" width="800" height="738"></a></p> <p>Each platform has its own infrastructure setup, but the application code is identical. As shown in the diagram, all three deployments share common infrastructure (ECR for container images, IAM for permissions, CloudWatch for monitoring) while using different compute platforms.</p> <h2> Implementation Deep Dive </h2> <h3> Building the ML Model </h3> <p>I chose DistilBERT because it's 40% smaller and 60% faster than BERT while retaining 97% of its language understanding. Perfect for production inference.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">transformers</span> <span class="kn">import</span> <span class="n">AutoModelForSequenceClassification</span><span class="p">,</span> <span class="n">AutoTokenizer</span> <span class="kn">from</span> <span class="n">datasets</span> <span class="kn">import</span> <span class="n">load_dataset</span> <span class="c1"># Load pre-trained model </span><span class="n">model</span> <span class="o">=</span> <span class="n">AutoModelForSequenceClassification</span><span class="p">.</span><span class="nf">from_pretrained</span><span class="p">(</span> <span class="sh">"</span><span class="s">distilbert-base-uncased</span><span class="sh">"</span><span class="p">,</span> <span class="n">num_labels</span><span class="o">=</span><span class="mi">2</span> <span class="c1"># Binary: positive/negative </span><span class="p">)</span> <span class="c1"># Train on IMDb dataset </span><span class="n">dataset</span> <span class="o">=</span> <span class="nf">load_dataset</span><span class="p">(</span><span class="sh">"</span><span class="s">imdb</span><span class="sh">"</span><span class="p">)</span> <span class="n">trainer</span> <span class="o">=</span> <span class="nc">Trainer</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="n">model</span><span class="p">,</span> <span class="n">args</span><span class="o">=</span><span class="n">training_args</span><span class="p">,</span> <span class="n">train_dataset</span><span class="o">=</span><span class="n">tokenized_train</span><span class="p">,</span> <span class="n">eval_dataset</span><span class="o">=</span><span class="n">tokenized_eval</span> <span class="p">)</span> <span class="n">trainer</span><span class="p">.</span><span class="nf">train</span><span class="p">()</span> </code></pre> </div> <p><strong>Training Results:</strong></p> <ul> <li>Accuracy: 92.3%</li> <li>F1 Score: 0.92</li> <li>Training time: ~15 minutes on CPU</li> <li>Model size: 268MB</li> </ul> <p>The model loads in 2-3 seconds and processes individual predictions in 100-150ms on CPU.</p> <h3> Creating the FastAPI Application </h3> <p>FastAPI gives us async support, automatic validation, and built-in API documentation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">fastapi</span> <span class="kn">import</span> <span class="n">FastAPI</span><span class="p">,</span> <span class="n">HTTPException</span> <span class="kn">from</span> <span class="n">pydantic</span> <span class="kn">import</span> <span class="n">BaseModel</span> <span class="kn">import</span> <span class="n">torch</span> <span class="kn">from</span> <span class="n">transformers</span> <span class="kn">import</span> <span class="n">AutoTokenizer</span><span class="p">,</span> <span class="n">AutoModelForSequenceClassification</span> <span class="n">app</span> <span class="o">=</span> <span class="nc">FastAPI</span><span class="p">(</span><span class="n">title</span><span class="o">=</span><span class="sh">"</span><span class="s">Sentiment Analysis API</span><span class="sh">"</span><span class="p">)</span> <span class="k">class</span> <span class="nc">PredictionRequest</span><span class="p">(</span><span class="n">BaseModel</span><span class="p">):</span> <span class="n">text</span><span class="p">:</span> <span class="nb">str</span> <span class="k">class</span> <span class="nc">PredictionResponse</span><span class="p">(</span><span class="n">BaseModel</span><span class="p">):</span> <span class="n">text</span><span class="p">:</span> <span class="nb">str</span> <span class="n">sentiment</span><span class="p">:</span> <span class="nb">str</span> <span class="n">confidence</span><span class="p">:</span> <span class="nb">float</span> <span class="n">processing_time_ms</span><span class="p">:</span> <span class="nb">float</span> <span class="c1"># Load model on startup </span><span class="nd">@app.on_event</span><span class="p">(</span><span class="sh">"</span><span class="s">startup</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">load_model</span><span class="p">():</span> <span class="k">global</span> <span class="n">tokenizer</span><span class="p">,</span> <span class="n">model</span> <span class="n">tokenizer</span> <span class="o">=</span> <span class="n">AutoTokenizer</span><span class="p">.</span><span class="nf">from_pretrained</span><span class="p">(</span><span class="sh">"</span><span class="s">/opt/ml/model</span><span class="sh">"</span><span class="p">)</span> <span class="n">model</span> <span class="o">=</span> <span class="n">AutoModelForSequenceClassification</span><span class="p">.</span><span class="nf">from_pretrained</span><span class="p">(</span><span class="sh">"</span><span class="s">/opt/ml/model</span><span class="sh">"</span><span class="p">)</span> <span class="n">model</span><span class="p">.</span><span class="nf">eval</span><span class="p">()</span> <span class="nd">@app.post</span><span class="p">(</span><span class="sh">"</span><span class="s">/predict</span><span class="sh">"</span><span class="p">,</span> <span class="n">response_model</span><span class="o">=</span><span class="n">PredictionResponse</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">predict</span><span class="p">(</span><span class="n">request</span><span class="p">:</span> <span class="n">PredictionRequest</span><span class="p">):</span> <span class="n">start_time</span> <span class="o">=</span> <span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="c1"># Tokenize input </span> <span class="n">inputs</span> <span class="o">=</span> <span class="nf">tokenizer</span><span class="p">(</span> <span class="n">request</span><span class="p">.</span><span class="n">text</span><span class="p">,</span> <span class="n">return_tensors</span><span class="o">=</span><span class="sh">"</span><span class="s">pt</span><span class="sh">"</span><span class="p">,</span> <span class="n">truncation</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">max_length</span><span class="o">=</span><span class="mi">512</span> <span class="p">)</span> <span class="c1"># Run inference </span> <span class="k">with</span> <span class="n">torch</span><span class="p">.</span><span class="nf">no_grad</span><span class="p">():</span> <span class="n">outputs</span> <span class="o">=</span> <span class="nf">model</span><span class="p">(</span><span class="o">**</span><span class="n">inputs</span><span class="p">)</span> <span class="n">predictions</span> <span class="o">=</span> <span class="n">torch</span><span class="p">.</span><span class="n">nn</span><span class="p">.</span><span class="n">functional</span><span class="p">.</span><span class="nf">softmax</span><span class="p">(</span><span class="n">outputs</span><span class="p">.</span><span class="n">logits</span><span class="p">,</span> <span class="n">dim</span><span class="o">=-</span><span class="mi">1</span><span class="p">)</span> <span class="n">sentiment</span> <span class="o">=</span> <span class="sh">"</span><span class="s">POSITIVE</span><span class="sh">"</span> <span class="k">if</span> <span class="n">predictions</span><span class="p">[</span><span class="mi">0</span><span class="p">][</span><span class="mi">1</span><span class="p">]</span> <span class="o">&gt;</span> <span class="n">predictions</span><span class="p">[</span><span class="mi">0</span><span class="p">][</span><span class="mi">0</span><span class="p">]</span> <span class="k">else</span> <span class="sh">"</span><span class="s">NEGATIVE</span><span class="sh">"</span> <span class="n">confidence</span> <span class="o">=</span> <span class="nf">max</span><span class="p">(</span><span class="n">predictions</span><span class="p">[</span><span class="mi">0</span><span class="p">]).</span><span class="nf">item</span><span class="p">()</span> <span class="k">return</span> <span class="nc">PredictionResponse</span><span class="p">(</span> <span class="n">text</span><span class="o">=</span><span class="n">request</span><span class="p">.</span><span class="n">text</span><span class="p">,</span> <span class="n">sentiment</span><span class="o">=</span><span class="n">sentiment</span><span class="p">,</span> <span class="n">confidence</span><span class="o">=</span><span class="n">confidence</span><span class="p">,</span> <span class="n">processing_time_ms</span><span class="o">=</span><span class="p">(</span><span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="o">-</span> <span class="n">start_time</span><span class="p">)</span> <span class="o">*</span> <span class="mi">1000</span> <span class="p">)</span> </code></pre> </div> <p>This gives us:</p> <ul> <li>Automatic request/response validation</li> <li>Type safety</li> <li>OpenAPI documentation at <code>/docs</code> </li> <li>Async request handling for better throughput</li> </ul> <h3> Containerization Strategy </h3> <p>I built two Docker images using multi-stage builds:</p> <p><strong>Standard Image (for ECS/EKS):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="c"># Stage 1: Build dependencies</span> <span class="k">FROM</span><span class="w"> </span><span class="s">python:3.11-slim</span><span class="w"> </span><span class="k">as</span><span class="w"> </span><span class="s">builder</span> <span class="k">WORKDIR</span><span class="s"> /build</span> <span class="k">COPY</span><span class="s"> requirements.txt .</span> <span class="k">RUN </span>pip <span class="nb">install</span> <span class="nt">--user</span> <span class="nt">-r</span> requirements.txt <span class="c"># Stage 2: Runtime</span> <span class="k">FROM</span><span class="s"> python:3.11-slim</span> <span class="k">COPY</span><span class="s"> --from=builder /root/.local /root/.local</span> <span class="k">ENV</span><span class="s"> PATH=/root/.local/bin:$PATH</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">COPY</span><span class="s"> app/ /app/</span> <span class="k">COPY</span><span class="s"> model/exported_model/ /opt/ml/model/</span> <span class="k">EXPOSE</span><span class="s"> 8080</span> <span class="k">CMD</span><span class="s"> ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8080"]</span> </code></pre> </div> <p><strong>Lambda Image:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="s"> public.ecr.aws/lambda/python:3.11</span> <span class="k">COPY</span><span class="s"> requirements.txt ${LAMBDA_TASK_ROOT}/</span> <span class="k">RUN </span>pip <span class="nb">install</span> <span class="nt">--no-cache-dir</span> <span class="nt">-r</span> <span class="k">${</span><span class="nv">LAMBDA_TASK_ROOT</span><span class="k">}</span>/requirements.txt <span class="k">COPY</span><span class="s"> app/ ${LAMBDA_TASK_ROOT}/</span> <span class="k">COPY</span><span class="s"> model/exported_model/ /opt/ml/model/</span> <span class="k">CMD</span><span class="s"> ["main.handler"]</span> </code></pre> </div> <p>The Lambda image uses AWS's base image and includes the Mangum adapter to translate API Gateway events to ASGI.</p> <p>Final image sizes:</p> <ul> <li>Standard: 1.2GB</li> <li>Lambda: 1.3GB</li> </ul> <h2> Platform-Specific Deployments </h2> <h3> AWS Lambda: Serverless Inference </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhear62aq2341n30u0t97.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhear62aq2341n30u0t97.png" alt="Lambda Architecture" width="800" height="745"></a></p> <p>Lambda deployment uses container images (not ZIP files) to accommodate our large model:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"aws_lambda_function"</span> <span class="s2">"ml_inference"</span> <span class="p">{</span> <span class="nx">function_name</span> <span class="p">=</span> <span class="s2">"ml-inference"</span> <span class="nx">package_type</span> <span class="p">=</span> <span class="s2">"Image"</span> <span class="nx">image_uri</span> <span class="p">=</span> <span class="s2">"${ecr_repository_url}:lambda-latest"</span> <span class="nx">timeout</span> <span class="p">=</span> <span class="mi">300</span> <span class="c1"># 5 minutes</span> <span class="nx">memory_size</span> <span class="p">=</span> <span class="mi">3008</span> <span class="c1"># ~3GB (affects CPU too)</span> <span class="nx">environment</span> <span class="p">{</span> <span class="nx">variables</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">DEPLOYMENT_TYPE</span> <span class="p">=</span> <span class="s2">"lambda"</span> <span class="nx">MODEL_PATH</span> <span class="p">=</span> <span class="s2">"/opt/ml/model"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>I added API Gateway HTTP API for RESTful access:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"aws_apigatewayv2_api"</span> <span class="s2">"lambda_api"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"ml-inference-api"</span> <span class="nx">protocol_type</span> <span class="p">=</span> <span class="s2">"HTTP"</span> <span class="p">}</span> </code></pre> </div> <p><strong>Key Features:</strong></p> <ul> <li>Auto-scaling (up to 1000 concurrent executions)</li> <li>Pay-per-use pricing</li> <li>No infrastructure management</li> <li>15-minute timeout limit</li> </ul> <p><strong>Challenges:</strong></p> <ul> <li>Cold starts (3-5 seconds for model loading)</li> <li>10GB memory limit</li> <li>250MB unzipped deployment package limit (container images can be 10GB)</li> </ul> <h3> Amazon ECS Fargate: Managed Containers </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl9v99bsuovrqjlqjugme.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl9v99bsuovrqjlqjugme.png" alt="ECS Fargate Architecture" width="800" height="1182"></a></p> <p>ECS provides a middle ground between serverless and Kubernetes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"aws_ecs_cluster"</span> <span class="s2">"main"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"ml-inference-cluster"</span> <span class="nx">setting</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"containerInsights"</span> <span class="nx">value</span> <span class="p">=</span> <span class="s2">"enabled"</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">resource</span> <span class="s2">"aws_ecs_task_definition"</span> <span class="s2">"main"</span> <span class="p">{</span> <span class="nx">family</span> <span class="p">=</span> <span class="s2">"ml-inference"</span> <span class="nx">network_mode</span> <span class="p">=</span> <span class="s2">"awsvpc"</span> <span class="nx">requires_compatibilities</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"FARGATE"</span><span class="p">]</span> <span class="nx">cpu</span> <span class="p">=</span> <span class="s2">"2048"</span> <span class="c1"># 2 vCPU</span> <span class="nx">memory</span> <span class="p">=</span> <span class="s2">"4096"</span> <span class="c1"># 4GB</span> <span class="nx">container_definitions</span> <span class="p">=</span> <span class="nx">jsonencode</span><span class="p">([{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"ml-inference"</span> <span class="nx">image</span> <span class="p">=</span> <span class="s2">"${ecr_repository_url}:latest"</span> <span class="nx">portMappings</span> <span class="p">=</span> <span class="p">[{</span> <span class="nx">containerPort</span> <span class="p">=</span> <span class="mi">8080</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"tcp"</span> <span class="p">}]</span> <span class="nx">healthCheck</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">command</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"CMD-SHELL"</span><span class="p">,</span> <span class="s2">"curl -f http://localhost:8080/health || exit 1"</span><span class="p">]</span> <span class="nx">interval</span> <span class="p">=</span> <span class="mi">30</span> <span class="nx">timeout</span> <span class="p">=</span> <span class="mi">5</span> <span class="nx">retries</span> <span class="p">=</span> <span class="mi">3</span> <span class="p">}</span> <span class="p">}])</span> <span class="p">}</span> <span class="nx">resource</span> <span class="s2">"aws_ecs_service"</span> <span class="s2">"main"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"ml-inference-service"</span> <span class="nx">cluster</span> <span class="p">=</span> <span class="nx">aws_ecs_cluster</span><span class="p">.</span><span class="nx">main</span><span class="p">.</span><span class="nx">id</span> <span class="nx">task_definition</span> <span class="p">=</span> <span class="nx">aws_ecs_task_definition</span><span class="p">.</span><span class="nx">main</span><span class="p">.</span><span class="nx">arn</span> <span class="nx">desired_count</span> <span class="p">=</span> <span class="mi">2</span> <span class="nx">launch_type</span> <span class="p">=</span> <span class="s2">"FARGATE"</span> <span class="nx">load_balancer</span> <span class="p">{</span> <span class="nx">target_group_arn</span> <span class="p">=</span> <span class="nx">aws_lb_target_group</span><span class="p">.</span><span class="nx">main</span><span class="p">.</span><span class="nx">arn</span> <span class="nx">container_name</span> <span class="p">=</span> <span class="s2">"ml-inference"</span> <span class="nx">container_port</span> <span class="p">=</span> <span class="mi">8080</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>I configured auto-scaling based on CPU utilization:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"aws_appautoscaling_policy"</span> <span class="s2">"ecs_cpu"</span> <span class="p">{</span> <span class="nx">policy_type</span> <span class="p">=</span> <span class="s2">"TargetTrackingScaling"</span> <span class="nx">target_tracking_scaling_policy_configuration</span> <span class="p">{</span> <span class="nx">target_value</span> <span class="p">=</span> <span class="mf">70.0</span> <span class="nx">predefined_metric_specification</span> <span class="p">{</span> <span class="nx">predefined_metric_type</span> <span class="p">=</span> <span class="s2">"ECSServiceAverageCPUUtilization"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>Key Features:</strong></p> <ul> <li>No cold starts (always-on containers)</li> <li>Application Load Balancer for traffic distribution</li> <li>Auto-scaling (1-10 tasks)</li> <li>VPC networking with private subnets</li> </ul> <p><strong>Challenges:</strong></p> <ul> <li>Always running (costs money even with zero traffic)</li> <li>Less flexible than Kubernetes</li> <li>Requires ALB ($16/month base cost)</li> </ul> <h3> Amazon EKS: Full Kubernetes </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fs1m2z637uj1ixlrolrp8.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fs1m2z637uj1ixlrolrp8.png" alt="EKS Architecture" width="800" height="994"></a></p> <p>EKS gives us the full power of Kubernetes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"aws_eks_cluster"</span> <span class="s2">"main"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"ml-inference-cluster"</span> <span class="nx">version</span> <span class="p">=</span> <span class="s2">"1.28"</span> <span class="nx">role_arn</span> <span class="p">=</span> <span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">eks_cluster</span><span class="p">.</span><span class="nx">arn</span> <span class="nx">vpc_config</span> <span class="p">{</span> <span class="nx">subnet_ids</span> <span class="p">=</span> <span class="nx">concat</span><span class="p">(</span> <span class="nx">aws_subnet</span><span class="p">.</span><span class="nx">private</span><span class="p">[*].</span><span class="nx">id</span><span class="p">,</span> <span class="nx">aws_subnet</span><span class="p">.</span><span class="nx">public</span><span class="p">[*].</span><span class="nx">id</span> <span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">resource</span> <span class="s2">"aws_eks_node_group"</span> <span class="s2">"main"</span> <span class="p">{</span> <span class="nx">cluster_name</span> <span class="p">=</span> <span class="nx">aws_eks_cluster</span><span class="p">.</span><span class="nx">main</span><span class="p">.</span><span class="nx">name</span> <span class="nx">node_role_arn</span> <span class="p">=</span> <span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">eks_node_group</span><span class="p">.</span><span class="nx">arn</span> <span class="nx">subnet_ids</span> <span class="p">=</span> <span class="nx">aws_subnet</span><span class="p">.</span><span class="nx">private</span><span class="p">[*].</span><span class="nx">id</span> <span class="nx">instance_types</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"t3.large"</span><span class="p">]</span> <span class="nx">scaling_config</span> <span class="p">{</span> <span class="nx">desired_size</span> <span class="p">=</span> <span class="mi">2</span> <span class="nx">max_size</span> <span class="p">=</span> <span class="mi">5</span> <span class="nx">min_size</span> <span class="p">=</span> <span class="mi">1</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Kubernetes deployment with Horizontal Pod Autoscaler:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">apps/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Deployment</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">ml-inference</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">replicas</span><span class="pi">:</span> <span class="m">2</span> <span class="na">template</span><span class="pi">:</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">ml-inference</span> <span class="na">image</span><span class="pi">:</span> <span class="s">&lt;ECR_URL&gt;:latest</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">requests</span><span class="pi">:</span> <span class="na">memory</span><span class="pi">:</span> <span class="s2">"</span><span class="s">2Gi"</span> <span class="na">cpu</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1000m"</span> <span class="na">limits</span><span class="pi">:</span> <span class="na">memory</span><span class="pi">:</span> <span class="s2">"</span><span class="s">4Gi"</span> <span class="na">cpu</span><span class="pi">:</span> <span class="s2">"</span><span class="s">2000m"</span> <span class="na">livenessProbe</span><span class="pi">:</span> <span class="na">httpGet</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/health</span> <span class="na">port</span><span class="pi">:</span> <span class="m">8080</span> <span class="na">initialDelaySeconds</span><span class="pi">:</span> <span class="m">60</span> <span class="na">readinessProbe</span><span class="pi">:</span> <span class="na">httpGet</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/health</span> <span class="na">port</span><span class="pi">:</span> <span class="m">8080</span> <span class="na">initialDelaySeconds</span><span class="pi">:</span> <span class="m">30</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">autoscaling/v2</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">HorizontalPodAutoscaler</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">ml-inference-hpa</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">scaleTargetRef</span><span class="pi">:</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">apps/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Deployment</span> <span class="na">name</span><span class="pi">:</span> <span class="s">ml-inference</span> <span class="na">minReplicas</span><span class="pi">:</span> <span class="m">2</span> <span class="na">maxReplicas</span><span class="pi">:</span> <span class="m">10</span> <span class="na">metrics</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">type</span><span class="pi">:</span> <span class="s">Resource</span> <span class="na">resource</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">cpu</span> <span class="na">target</span><span class="pi">:</span> <span class="na">averageUtilization</span><span class="pi">:</span> <span class="m">70</span> </code></pre> </div> <p><strong>Key Features:</strong></p> <ul> <li>Full Kubernetes API and ecosystem</li> <li>Advanced deployment strategies (blue/green, canary)</li> <li>Multi-region/multi-cloud portability</li> <li>Rich monitoring with Prometheus</li> </ul> <p><strong>Challenges:</strong></p> <ul> <li>Most expensive ($73/month for control plane alone)</li> <li>Requires Kubernetes expertise</li> <li>Complex setup and maintenance</li> <li>Overkill for simple workloads</li> </ul> <h2> The Benchmarks </h2> <p>I ran comprehensive load tests using Locust with realistic traffic patterns:</p> <p><strong>Test Configuration:</strong></p> <ul> <li>Duration: 5 minutes per platform</li> <li>Concurrent users: 10</li> <li>Request mix: 70% single predictions, 30% batch (5-10 items)</li> <li>Sample texts: 20 different movie reviews</li> <li>Total requests: 10,000+ per platform</li> </ul> <h3> Performance Results </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnv1y4t17m3bgb3lzaz5j.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnv1y4t17m3bgb3lzaz5j.png" alt="Performance Comparison" width="800" height="575"></a></p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Metric</th> <th>Lambda</th> <th>ECS Fargate</th> <th>EKS</th> <th>Winner</th> </tr> </thead> <tbody> <tr> <td><strong>Mean Latency</strong></td> <td>245ms</td> <td>156ms</td> <td>128ms</td> <td>🏆 EKS</td> </tr> <tr> <td><strong>Median Latency</strong></td> <td>198ms</td> <td>142ms</td> <td>115ms</td> <td>🏆 EKS</td> </tr> <tr> <td><strong>P95 Latency</strong></td> <td>890ms</td> <td>312ms</td> <td>267ms</td> <td>🏆 EKS</td> </tr> <tr> <td><strong>P99 Latency</strong></td> <td>1,450ms</td> <td>498ms</td> <td>389ms</td> <td>🏆 EKS</td> </tr> <tr> <td><strong>Cold Start</strong></td> <td>3-5s</td> <td>N/A</td> <td>N/A</td> <td>🏆 ECS/EKS</td> </tr> <tr> <td><strong>Throughput (RPS)</strong></td> <td>42</td> <td>98</td> <td>156</td> <td>🏆 EKS</td> </tr> <tr> <td><strong>Success Rate</strong></td> <td>99.8%</td> <td>99.9%</td> <td>99.9%</td> <td>-</td> </tr> </tbody> </table></div> <p><strong>Key Observations:</strong></p> <ol> <li> <p><strong>EKS dominates on raw performance:</strong></p> <ul> <li>48% lower latency than Lambda</li> <li>18% lower latency than ECS</li> <li>3.7x better throughput than Lambda</li> </ul> </li> <li> <p><strong>Lambda's variability is concerning:</strong></p> <ul> <li>P99 latency is 7.3x higher than median</li> <li>Cold starts add 3-5 seconds unpredictably</li> <li>Even with provisioned concurrency, variance is high</li> </ul> </li> <li> <p><strong>ECS provides predictable performance:</strong></p> <ul> <li>Consistent latency (small gap between median and P99)</li> <li>No cold starts</li> <li>Good balance for most workloads</li> </ul> </li> </ol> <h3> Cost Analysis </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fiv442692pfulogqmmss4.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fiv442692pfulogqmmss4.png" alt="Cost Comparison" width="800" height="454"></a></p> <p>Here's where things get interesting. I calculated actual AWS costs at different scales:</p> <h4> Monthly Costs for 10,000 Requests/Day </h4> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Platform</th> <th>Infrastructure</th> <th>Request Costs</th> <th>Total</th> <th>Per 1K Requests</th> </tr> </thead> <tbody> <tr> <td><strong>Lambda</strong></td> <td>$0</td> <td>$28.50</td> <td><strong>$28.50</strong></td> <td>$0.095</td> </tr> <tr> <td><strong>ECS</strong></td> <td>$75.08</td> <td>$0</td> <td><strong>$75.08</strong></td> <td>$0.250</td> </tr> <tr> <td><strong>EKS</strong></td> <td>$194.96</td> <td>$0</td> <td><strong>$194.96</strong></td> <td>$0.650</td> </tr> </tbody> </table></div> <p><strong>Lambda Cost Breakdown:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Requests: 300,000/month × $0.20 per 1M = $0.06 Compute: 300,000 × 0.25s × 3GB × $0.0000166667 = $28.44 Total: $28.50/month </code></pre> </div> <p><strong>ECS Cost Breakdown:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>vCPU: 2 × $0.04048/hour × 730 hours = $59.10 Memory: 4GB × $0.004445/hour × 730 hours = $12.98 ALB: $16.00/month (base) + $0.008/LCU Total: ~$75.08/month </code></pre> </div> <p><strong>EKS Cost Breakdown:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Control Plane: $0.10/hour × 730 hours = $73.00 Worker Nodes: 2 × t3.large × $0.0832/hour × 730 hours = $121.47 LoadBalancer: ~$0.50/month Total: ~$194.96/month </code></pre> </div> <h4> Cost at Different Scales </h4> <p>This is where the "it depends" becomes clear:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Daily Requests</th> <th>Lambda</th> <th>ECS</th> <th>EKS</th> <th>Winner</th> <th>Reason</th> </tr> </thead> <tbody> <tr> <td>1,000</td> <td>$2.85</td> <td>$75.08</td> <td>$194.96</td> <td>🏆 Lambda</td> <td>96% cheaper</td> </tr> <tr> <td>5,000</td> <td>$14.25</td> <td>$75.08</td> <td>$194.96</td> <td>🏆 Lambda</td> <td>81% cheaper</td> </tr> <tr> <td>10,000</td> <td>$28.50</td> <td>$75.08</td> <td>$194.96</td> <td>🏆 Lambda</td> <td>62% cheaper</td> </tr> <tr> <td>25,000</td> <td>$71.25</td> <td>$75.08</td> <td>$194.96</td> <td>🏆 Lambda</td> <td>5% cheaper</td> </tr> <tr> <td><strong>35,000</strong></td> <td><strong>$99.75</strong></td> <td><strong>$75.08</strong></td> <td><strong>$194.96</strong></td> <td>🏆 <strong>ECS</strong> </td> <td><strong>Crossover</strong></td> </tr> <tr> <td>50,000</td> <td>$142.50</td> <td>$75.08</td> <td>$194.96</td> <td>🏆 ECS</td> <td>47% cheaper</td> </tr> <tr> <td>75,000</td> <td>$213.75</td> <td>$88.08</td> <td>$194.96</td> <td>🏆 EKS</td> <td>9% cheaper</td> </tr> <tr> <td><strong>85,000</strong></td> <td><strong>$242.25</strong></td> <td><strong>$88.08</strong></td> <td><strong>$194.96</strong></td> <td>🏆 <strong>EKS</strong> </td> <td><strong>Crossover</strong></td> </tr> <tr> <td>100,000</td> <td>$285.00</td> <td>$105.00</td> <td>$194.96</td> <td>🏆 EKS</td> <td>32% cheaper</td> </tr> <tr> <td>250,000</td> <td>$712.50</td> <td>$140.00</td> <td>$210.00</td> <td>🏆 EKS</td> <td>70% cheaper</td> </tr> <tr> <td>500,000</td> <td>$1,425.00</td> <td>$180.00</td> <td>$225.00</td> <td>🏆 EKS</td> <td>84% cheaper</td> </tr> </tbody> </table></div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0ej8keele0tc08avz5tp.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0ej8keele0tc08avz5tp.png" alt="Auto-Scaling Behavior" width="800" height="454"></a></p> <p><strong>Critical Insights:</strong></p> <ol> <li> <strong>Lambda is cheapest until ~35K requests/day</strong> - Perfect for startups and low-traffic apps</li> <li> <strong>ECS is the sweet spot for medium traffic</strong> (35K-85K requests/day) - Best balance for growing companies</li> <li> <strong>EKS wins at high scale</strong> (&gt;85K requests/day) - Enterprise-grade performance and cost</li> <li> <strong>The crossover points matter</strong> - Most teams will hit the ECS sweet spot</li> </ol> <h3> Real-World Cost Optimization </h3> <p>These are base costs. Here's how to optimize each:</p> <p><strong>Lambda Optimization:</strong></p> <ul> <li>Use Compute Savings Plans: -17% ($23.66 vs $28.50)</li> <li>Switch to ARM64 (Graviton2): -20% ($22.80 vs $28.50)</li> <li>Right-size memory allocation</li> <li>Combined savings: ~30%</li> </ul> <p><strong>ECS Optimization:</strong></p> <ul> <li>Use Fargate Spot: -70% on compute ($34.92 vs $75.08)</li> <li>Use Savings Plans: -17%</li> <li>Right-size task definitions</li> <li>Combined savings: ~65%</li> </ul> <p><strong>EKS Optimization:</strong></p> <ul> <li>Use Spot instances for nodes: -70% ($109.46 vs $194.96)</li> <li>Use Reserved Instances for baseline: -40%</li> <li>Implement cluster autoscaler</li> <li>Combined savings: ~60%</li> </ul> <h2> Decision Framework </h2> <p>Based on my testing, here's when to choose each platform:</p> <h3> Choose AWS Lambda When: </h3> <p>✅ <strong>Traffic Characteristics:</strong></p> <ul> <li>Sporadic/unpredictable patterns</li> <li>Daily traffic spikes with long idle periods</li> <li>&lt;35K requests/day consistently</li> <li>Event-driven workloads</li> </ul> <p>✅ <strong>Business Requirements:</strong></p> <ul> <li>Zero infrastructure management</li> <li>Fast time-to-market (deploy in minutes)</li> <li>Pay only for actual usage</li> <li>Prototyping or MVP</li> </ul> <p>✅ <strong>Technical Constraints:</strong></p> <ul> <li>Model &lt;10GB</li> <li>Inference time &lt;15 minutes</li> <li>Can tolerate 3-5s cold starts</li> <li>Team has limited ops experience</li> </ul> <p>❌ <strong>Avoid Lambda When:</strong></p> <ul> <li>Need sub-100ms latency consistently</li> <li>Model &gt;10GB</li> <li>High, steady traffic (&gt;50K req/day)</li> <li>Can't tolerate cold start delays</li> </ul> <p><strong>Real-World Example:</strong><br> A startup analyzing customer feedback emails receives 500 emails/day in bursts after business hours. Lambda cost: $1.43/day vs ECS $75.08/month. Lambda saves $2,100/year.</p> <h3> Choose Amazon ECS Fargate When: </h3> <p>✅ <strong>Traffic Characteristics:</strong></p> <ul> <li>Steady, predictable traffic</li> <li>35K-85K requests/day</li> <li>Business hours traffic with some variability</li> <li>Need consistent performance</li> </ul> <p>✅ <strong>Business Requirements:</strong></p> <ul> <li>Balance of control and simplicity</li> <li>Team familiar with Docker</li> <li>Moderate budget</li> <li>Want managed infrastructure</li> </ul> <p>✅ <strong>Technical Constraints:</strong></p> <ul> <li>No cold starts acceptable</li> <li>Need 100-200ms latency</li> <li>Standard container patterns</li> <li>No Kubernetes expertise</li> </ul> <p>❌ <strong>Avoid ECS When:</strong></p> <ul> <li>Very low traffic (&lt;10K req/day) - waste money</li> <li>Need advanced orchestration (blue/green, canary)</li> <li>Multi-region/multi-cloud required</li> <li>Team already proficient in Kubernetes</li> </ul> <p><strong>Real-World Example:</strong><br> A B2B SaaS analyzing 50K customer support tickets/day during business hours (9am-6pm). ECS with auto-scaling provides predictable costs (~$75/month) and performance. Perfect fit.</p> <h3> Choose Amazon EKS When: </h3> <p>✅ <strong>Traffic Characteristics:</strong></p> <ul> <li>High, sustained traffic (&gt;85K req/day)</li> <li>Need to scale to 1M+ requests/day</li> <li>Global traffic across regions</li> <li>Complex microservices architecture</li> </ul> <p>✅ <strong>Business Requirements:</strong></p> <ul> <li>Enterprise-grade performance</li> <li>Multi-region/multi-cloud strategy</li> <li>Advanced deployment patterns</li> <li>Strong DevOps/SRE team</li> </ul> <p>✅ <strong>Technical Constraints:</strong></p> <ul> <li>Need &lt;100ms latency</li> <li>Complex service mesh</li> <li>Advanced monitoring (Prometheus, Grafana)</li> <li>Team has Kubernetes expertise</li> </ul> <p>❌ <strong>Avoid EKS When:</strong></p> <ul> <li>Small team (&lt;5 engineers)</li> <li>No Kubernetes experience</li> <li>Simple, single-service deployment</li> <li>Budget constraints</li> <li>Rapid prototyping needed</li> </ul> <p><strong>Real-World Example:</strong><br> An enterprise processing 1M+ social media posts/day across US, EU, and APAC regions. EKS provides the performance, scalability, and multi-region capabilities needed. Cost: ~$220/month (optimized with Spot) vs $4,275/month on Lambda.</p> <h2> Deployment Pipeline and CI/CD </h2> <p>One of the key advantages of using containerized deployments is that we can use the same CI/CD pipeline for all three platforms. Here's our deployment flow:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8ew2vyc9ep5qs7tb84eg.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8ew2vyc9ep5qs7tb84eg.png" alt="Deployment Pipeline" width="800" height="345"></a></p> <h3> Pipeline Architecture </h3> <p>Our MLOps pipeline is built using <strong>GitHub Actions</strong> and consists of five automated stages:</p> <h4> 1. Source Control &amp; Triggers </h4> <ul> <li> <strong>Trigger:</strong> Every push to <code>main</code> branch</li> <li> <strong>Code checkout</strong> with full history for versioning</li> <li> <strong>Environment setup:</strong> Python 3.11, Docker BuildKit, AWS credentials</li> </ul> <h4> 2. Build Stage (2-3 minutes) </h4> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build Docker Images</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s"># Build standard image for ECS/EKS</span> <span class="s">docker build -t ml-inference:latest -f Dockerfile .</span> <span class="s"># Build Lambda-optimized image</span> <span class="s">docker build -t ml-inference:lambda-latest -f Dockerfile.lambda .</span> <span class="s"># Tag with version and commit SHA</span> <span class="s">docker tag ml-inference:latest $ECR_URI:v${VERSION}</span> <span class="s">docker tag ml-inference:latest $ECR_URI:${GITHUB_SHA}</span> </code></pre> </div> <p><strong>Multi-stage builds</strong> reduce image size by 60%:</p> <ul> <li>Stage 1: Build dependencies (includes compilers)</li> <li>Stage 2: Runtime-only (production-ready)</li> </ul> <h4> 3. Test &amp; Security Stage (2-4 minutes) </h4> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Run Tests</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s"># Unit tests</span> <span class="s">pytest tests/ --cov=app --cov-report=xml</span> <span class="s"># Integration tests</span> <span class="s">pytest tests/integration/ --maxfail=1</span> <span class="s"># Model validation</span> <span class="s">python scripts/validate_model.py</span> </code></pre> </div> <p><strong>Security Scanning:</strong></p> <ul> <li> <strong>Trivy:</strong> Container vulnerability scanning</li> <li> <strong>Bandit:</strong> Python code security analysis</li> <li> <strong>SAST:</strong> Static application security testing</li> <li> <strong>Dependency check:</strong> Known CVE detection </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Security Scan</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">trivy image --severity HIGH,CRITICAL ml-inference:latest</span> <span class="s">bandit -r app/ -f json -o security-report.json</span> </code></pre> </div> <h4> 4. Push to ECR (1-2 minutes) </h4> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Push to Amazon ECR</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">aws ecr get-login-password | docker login --username AWS --password-stdin $ECR_URI</span> <span class="s"># Push all tags</span> <span class="s">docker push $ECR_URI:latest</span> <span class="s">docker push $ECR_URI:lambda-latest</span> <span class="s">docker push $ECR_URI:v${VERSION}</span> <span class="s">docker push $ECR_URI:${GITHUB_SHA}</span> <span class="s"># Enable image scanning</span> <span class="s">aws ecr start-image-scan --repository-name ml-inference --image-id imageTag=latest</span> </code></pre> </div> <p><strong>Image Management:</strong></p> <ul> <li>Keep last 10 images (lifecycle policy)</li> <li>Automatic vulnerability scanning on push</li> <li>Cross-region replication for DR</li> </ul> <h4> 5. Parallel Deployment (3-5 minutes) </h4> <p>The pipeline deploys to all three platforms <strong>simultaneously</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">deploy</span><span class="pi">:</span> <span class="na">strategy</span><span class="pi">:</span> <span class="na">matrix</span><span class="pi">:</span> <span class="na">platform</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">lambda</span><span class="pi">,</span> <span class="nv">ecs</span><span class="pi">,</span> <span class="nv">eks</span><span class="pi">]</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Deploy to ${{ matrix.platform }}</span> <span class="na">run</span><span class="pi">:</span> <span class="s">./scripts/deploy-${{ matrix.platform }}.sh</span> </code></pre> </div> <p><strong>Lambda Deployment:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws lambda update-function-code <span class="se">\</span> <span class="nt">--function-name</span> ml-inference <span class="se">\</span> <span class="nt">--image-uri</span> <span class="nv">$ECR_URI</span>:lambda-latest aws lambda <span class="nb">wait </span><span class="k">function</span><span class="nt">-updated</span> <span class="se">\</span> <span class="nt">--function-name</span> ml-inference <span class="c"># Update alias to point to new version</span> aws lambda update-alias <span class="se">\</span> <span class="nt">--function-name</span> ml-inference <span class="se">\</span> <span class="nt">--name</span> production <span class="se">\</span> <span class="nt">--function-version</span> <span class="nv">$NEW_VERSION</span> </code></pre> </div> <p><strong>ECS Deployment (Rolling Update):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Create new task definition revision</span> aws ecs register-task-definition <span class="se">\</span> <span class="nt">--cli-input-json</span> file://task-definition.json <span class="c"># Update service (rolling deployment)</span> aws ecs update-service <span class="se">\</span> <span class="nt">--cluster</span> ml-inference-cluster <span class="se">\</span> <span class="nt">--service</span> ml-inference-service <span class="se">\</span> <span class="nt">--task-definition</span> ml-inference:<span class="k">${</span><span class="nv">NEW_REVISION</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--force-new-deployment</span> <span class="c"># Wait for stable state</span> aws ecs <span class="nb">wait </span>services-stable <span class="se">\</span> <span class="nt">--cluster</span> ml-inference-cluster <span class="se">\</span> <span class="nt">--services</span> ml-inference-service </code></pre> </div> <p><strong>EKS Deployment (Kubernetes):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Update image tag in deployment</span> kubectl <span class="nb">set </span>image deployment/ml-inference <span class="se">\</span> ml-inference<span class="o">=</span><span class="nv">$ECR_URI</span>:latest <span class="se">\</span> <span class="nt">--record</span> <span class="c"># Rolling update with zero downtime</span> kubectl rollout status deployment/ml-inference <span class="c"># Rollback if health checks fail</span> <span class="k">if</span> <span class="o">!</span> kubectl rollout status deployment/ml-inference<span class="p">;</span> <span class="k">then </span>kubectl rollout undo deployment/ml-inference <span class="nb">exit </span>1 <span class="k">fi</span> </code></pre> </div> <h4> 6. Post-Deployment Verification </h4> <p><strong>Smoke Tests:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">run_smoke_tests</span><span class="p">(</span><span class="n">endpoint</span><span class="p">):</span> <span class="c1"># Health check </span> <span class="n">response</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">endpoint</span><span class="si">}</span><span class="s">/health</span><span class="sh">"</span><span class="p">)</span> <span class="k">assert</span> <span class="n">response</span><span class="p">.</span><span class="n">status_code</span> <span class="o">==</span> <span class="mi">200</span> <span class="c1"># Prediction test </span> <span class="n">test_payload</span> <span class="o">=</span> <span class="p">{</span><span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">This movie was fantastic!</span><span class="sh">"</span><span class="p">}</span> <span class="n">response</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">endpoint</span><span class="si">}</span><span class="s">/predict</span><span class="sh">"</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="n">test_payload</span><span class="p">)</span> <span class="k">assert</span> <span class="n">response</span><span class="p">.</span><span class="n">status_code</span> <span class="o">==</span> <span class="mi">200</span> <span class="k">assert</span> <span class="n">response</span><span class="p">.</span><span class="nf">json</span><span class="p">()[</span><span class="sh">"</span><span class="s">sentiment</span><span class="sh">"</span><span class="p">]</span> <span class="ow">in</span> <span class="p">[</span><span class="sh">"</span><span class="s">POSITIVE</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">NEGATIVE</span><span class="sh">"</span><span class="p">]</span> <span class="c1"># Latency check </span> <span class="k">assert</span> <span class="n">response</span><span class="p">.</span><span class="n">elapsed</span><span class="p">.</span><span class="nf">total_seconds</span><span class="p">()</span> <span class="o">&lt;</span> <span class="mf">1.0</span> </code></pre> </div> <p><strong>Monitoring Integration:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Update Deployment Metrics</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">aws cloudwatch put-metric-data \</span> <span class="s">--namespace MLOps/Deployment \</span> <span class="s">--metric-name DeploymentSuccess \</span> <span class="s">--value 1 \</span> <span class="s">--dimensions Platform=${{ matrix.platform }},Version=$VERSION</span> </code></pre> </div> <h3> CI/CD Benefits </h3> <p>This unified approach provides:</p> <p>✅ <strong>Consistency:</strong> Same code, same tests, same images across all platforms<br> ✅ <strong>Speed:</strong> 8-12 minutes from commit to production (all platforms)<br> ✅ <strong>Safety:</strong> Automated testing, security scanning, gradual rollouts<br> ✅ <strong>Visibility:</strong> Full deployment history, metrics, and audit logs<br> ✅ <strong>Reliability:</strong> Automatic rollbacks on failure, zero-downtime deployments</p> <h3> Deployment Metrics </h3> <p>Over the last 90 days:</p> <ul> <li> <strong>Deployment frequency:</strong> 3-5 per week</li> <li> <strong>Success rate:</strong> 98.7%</li> <li> <strong>Mean time to deploy:</strong> 9.5 minutes</li> <li> <strong>Failed deployments:</strong> Auto-rollback within 2 minutes</li> <li> <strong>Zero production incidents</strong> from failed deployments</li> </ul> <h3> Shared Infrastructure </h3> <p>All three platforms leverage common AWS infrastructure to ensure consistency, security, and cost efficiency:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fan3lnb53i9stxh4afwxc.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fan3lnb53i9stxh4afwxc.png" alt="Shared Infrastructure" width="800" height="823"></a></p> <h4> 1. Network Architecture (VPC) </h4> <p><strong>VPC Configuration:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"aws_vpc"</span> <span class="s2">"main"</span> <span class="p">{</span> <span class="nx">cidr_block</span> <span class="p">=</span> <span class="s2">"10.0.0.0/16"</span> <span class="nx">enable_dns_hostnames</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">enable_dns_support</span> <span class="p">=</span> <span class="kc">true</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Name</span> <span class="p">=</span> <span class="s2">"ml-inference-vpc"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>Multi-AZ Design for High Availability:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>us-east-1a (AZ1): ├─ Public Subnet: 10.0.0.0/24 │ ├─ ALB/NLB │ └─ NAT Gateway 1 └─ Private Subnet: 10.0.10.0/24 ├─ ECS Tasks ├─ EKS Worker Nodes └─ Lambda ENIs us-east-1b (AZ2): ├─ Public Subnet: 10.0.1.0/24 │ ├─ ALB/NLB (standby) │ └─ NAT Gateway 2 └─ Private Subnet: 10.0.11.0/24 ├─ ECS Tasks ├─ EKS Worker Nodes └─ Lambda ENIs </code></pre> </div> <p><strong>Security Groups:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1"># ALB Security Group (public-facing)</span> <span class="nx">resource</span> <span class="s2">"aws_security_group"</span> <span class="s2">"alb"</span> <span class="p">{</span> <span class="nx">ingress</span> <span class="p">{</span> <span class="nx">from_port</span> <span class="p">=</span> <span class="mi">443</span> <span class="nx">to_port</span> <span class="p">=</span> <span class="mi">443</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"tcp"</span> <span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span> <span class="c1"># HTTPS from internet</span> <span class="p">}</span> <span class="nx">egress</span> <span class="p">{</span> <span class="nx">from_port</span> <span class="p">=</span> <span class="mi">8080</span> <span class="nx">to_port</span> <span class="p">=</span> <span class="mi">8080</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"tcp"</span> <span class="nx">security_groups</span> <span class="p">=</span> <span class="p">[</span><span class="nx">aws_security_group</span><span class="p">.</span><span class="nx">ecs_tasks</span><span class="p">.</span><span class="nx">id</span><span class="p">]</span> <span class="p">}</span> <span class="p">}</span> <span class="c1"># ECS/EKS Security Group (private)</span> <span class="nx">resource</span> <span class="s2">"aws_security_group"</span> <span class="s2">"compute"</span> <span class="p">{</span> <span class="nx">ingress</span> <span class="p">{</span> <span class="nx">from_port</span> <span class="p">=</span> <span class="mi">8080</span> <span class="nx">to_port</span> <span class="p">=</span> <span class="mi">8080</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"tcp"</span> <span class="nx">security_groups</span> <span class="p">=</span> <span class="p">[</span><span class="nx">aws_security_group</span><span class="p">.</span><span class="nx">alb</span><span class="p">.</span><span class="nx">id</span><span class="p">]</span> <span class="c1"># Only from ALB</span> <span class="p">}</span> <span class="nx">egress</span> <span class="p">{</span> <span class="nx">from_port</span> <span class="p">=</span> <span class="mi">443</span> <span class="nx">to_port</span> <span class="p">=</span> <span class="mi">443</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"tcp"</span> <span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span> <span class="c1"># HTTPS to AWS services</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>Network Costs:</strong></p> <ul> <li>NAT Gateway: $0.045/hour × 2 × 730 hours = <strong>$65.70/month</strong> </li> <li>Data Transfer: ~$0.09/GB (first 10TB)</li> <li>VPC endpoints for S3/ECR: <strong>Free</strong> (saves data transfer costs)</li> </ul> <h4> 2. Container Registry (ECR) </h4> <p><strong>Repository Configuration:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"aws_ecr_repository"</span> <span class="s2">"ml_inference"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"ml-inference-comparison"</span> <span class="nx">image_tag_mutability</span> <span class="p">=</span> <span class="s2">"MUTABLE"</span> <span class="nx">image_scanning_configuration</span> <span class="p">{</span> <span class="nx">scan_on_push</span> <span class="p">=</span> <span class="kc">true</span> <span class="p">}</span> <span class="nx">encryption_configuration</span> <span class="p">{</span> <span class="nx">encryption_type</span> <span class="p">=</span> <span class="s2">"AES256"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>Lifecycle Policy (Cost Optimization):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"rules"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"rulePriority"</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"> </span><span class="nl">"description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Keep last 10 images"</span><span class="p">,</span><span class="w"> </span><span class="nl">"selection"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"tagStatus"</span><span class="p">:</span><span class="w"> </span><span class="s2">"any"</span><span class="p">,</span><span class="w"> </span><span class="nl">"countType"</span><span class="p">:</span><span class="w"> </span><span class="s2">"imageCountMoreThan"</span><span class="p">,</span><span class="w"> </span><span class="nl">"countNumber"</span><span class="p">:</span><span class="w"> </span><span class="mi">10</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"action"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"expire"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><strong>Multi-Platform Image Support:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Build multi-architecture images</span> docker buildx build <span class="se">\</span> <span class="nt">--platform</span> linux/amd64,linux/arm64 <span class="se">\</span> <span class="nt">-t</span> <span class="nv">$ECR_URI</span>:latest <span class="se">\</span> <span class="nt">--push</span> <span class="nb">.</span> </code></pre> </div> <p><strong>Repository Features:</strong></p> <ul> <li> <strong>Automatic scanning:</strong> Trivy integration for CVE detection</li> <li> <strong>Immutable tags:</strong> Production images are immutable</li> <li> <strong>Cross-region replication:</strong> DR to us-west-2</li> <li> <strong>Lifecycle management:</strong> Auto-delete old images</li> </ul> <p><strong>ECR Costs:</strong></p> <ul> <li>Storage: $0.10/GB/month</li> <li>Average usage: 3GB (10 images × 300MB)</li> <li>Monthly cost: <strong>~$0.30</strong> </li> </ul> <h4> 3. IAM Roles &amp; Policies </h4> <p><strong>Principle of Least Privilege:</strong></p> <p>Each platform gets its own IAM role with minimal permissions:</p> <p><strong>Lambda Execution Role:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2012-10-17"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Statement"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"ecr:GetAuthorizationToken"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ecr:BatchGetImage"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ecr:GetDownloadUrlForLayer"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"logs:CreateLogGroup"</span><span class="p">,</span><span class="w"> </span><span class="s2">"logs:CreateLogStream"</span><span class="p">,</span><span class="w"> </span><span class="s2">"logs:PutLogEvents"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"arn:aws:logs:*:*:log-group:/aws/lambda/ml-inference*"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"cloudwatch:PutMetricData"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Condition"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"StringEquals"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"cloudwatch:namespace"</span><span class="p">:</span><span class="w"> </span><span class="s2">"MLInference"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><strong>ECS Task Role:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2012-10-17"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Statement"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"ecr:GetAuthorizationToken"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ecr:BatchCheckLayerAvailability"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ecr:GetDownloadUrlForLayer"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ecr:BatchGetImage"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"logs:CreateLogStream"</span><span class="p">,</span><span class="w"> </span><span class="s2">"logs:PutLogEvents"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"arn:aws:logs:*:*:log-group:/ecs/ml-inference*"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><strong>EKS Node Role (IRSA - IAM Roles for Service Accounts):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">ServiceAccount</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">ml-inference-sa</span> <span class="na">annotations</span><span class="pi">:</span> <span class="na">eks.amazonaws.com/role-arn</span><span class="pi">:</span> <span class="s">arn:aws:iam::ACCOUNT_ID:role/ml-inference-eks-pod-role</span> </code></pre> </div> <p><strong>Secrets Management:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"aws_secretsmanager_secret"</span> <span class="s2">"model_config"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"ml-inference/model-config"</span> <span class="nx">rotation_rules</span> <span class="p">{</span> <span class="nx">automatically_after_days</span> <span class="p">=</span> <span class="mi">30</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h4> 4. Monitoring &amp; Logging (CloudWatch) </h4> <p><strong>Centralized Logging:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>CloudWatch Log Groups: ├─ /aws/lambda/ml-inference (Lambda logs) ├─ /ecs/ml-inference (ECS logs) ├─ /aws/eks/ml-inference-cluster (EKS control plane) └─ /aws/containerinsights/ml-inference (EKS pod logs) </code></pre> </div> <p><strong>Log Retention &amp; Costs:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"aws_cloudwatch_log_group"</span> <span class="s2">"lambda"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"/aws/lambda/ml-inference"</span> <span class="nx">retention_in_days</span> <span class="p">=</span> <span class="mi">30</span> <span class="c1"># Balance cost vs. debugging needs</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Platform</span> <span class="p">=</span> <span class="s2">"Lambda"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>Custom Metrics:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Application sends custom metrics </span><span class="n">cloudwatch</span><span class="p">.</span><span class="nf">put_metric_data</span><span class="p">(</span> <span class="n">Namespace</span><span class="o">=</span><span class="sh">'</span><span class="s">MLInference</span><span class="sh">'</span><span class="p">,</span> <span class="n">MetricData</span><span class="o">=</span><span class="p">[</span> <span class="p">{</span> <span class="sh">'</span><span class="s">MetricName</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">ModelInferenceTime</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">Value</span><span class="sh">'</span><span class="p">:</span> <span class="n">inference_duration_ms</span><span class="p">,</span> <span class="sh">'</span><span class="s">Unit</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">Milliseconds</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">Dimensions</span><span class="sh">'</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span><span class="sh">'</span><span class="s">Name</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">Platform</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">Value</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">lambda</span><span class="sh">'</span><span class="p">},</span> <span class="p">{</span><span class="sh">'</span><span class="s">Name</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">ModelVersion</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">Value</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">v1.2.0</span><span class="sh">'</span><span class="p">}</span> <span class="p">],</span> <span class="sh">'</span><span class="s">Timestamp</span><span class="sh">'</span><span class="p">:</span> <span class="n">datetime</span><span class="p">.</span><span class="nf">utcnow</span><span class="p">()</span> <span class="p">}</span> <span class="p">]</span> <span class="p">)</span> </code></pre> </div> <p><strong>CloudWatch Dashboard:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"widgets"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"metric"</span><span class="p">,</span><span class="w"> </span><span class="nl">"properties"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"metrics"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"MLInference"</span><span class="p">,</span><span class="w"> </span><span class="s2">"InferenceLatency"</span><span class="p">,</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"stat"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Average"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"."</span><span class="p">,</span><span class="w"> </span><span class="s2">"."</span><span class="p">,</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"stat"</span><span class="p">:</span><span class="w"> </span><span class="s2">"p99"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"period"</span><span class="p">:</span><span class="w"> </span><span class="mi">300</span><span class="p">,</span><span class="w"> </span><span class="nl">"stat"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Average"</span><span class="p">,</span><span class="w"> </span><span class="nl">"region"</span><span class="p">:</span><span class="w"> </span><span class="s2">"us-east-1"</span><span class="p">,</span><span class="w"> </span><span class="nl">"title"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Inference Latency"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"metric"</span><span class="p">,</span><span class="w"> </span><span class="nl">"properties"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"metrics"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"AWS/Lambda"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Invocations"</span><span class="p">,</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"label"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Lambda"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"AWS/ECS"</span><span class="p">,</span><span class="w"> </span><span class="s2">"TaskCount"</span><span class="p">,</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"label"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ECS"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"ContainerInsights"</span><span class="p">,</span><span class="w"> </span><span class="s2">"pod_number_of_running_pods"</span><span class="p">,</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"label"</span><span class="p">:</span><span class="w"> </span><span class="s2">"EKS"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"title"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Active Compute Units"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><strong>Alarms:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"aws_cloudwatch_metric_alarm"</span> <span class="s2">"high_error_rate"</span> <span class="p">{</span> <span class="nx">alarm_name</span> <span class="p">=</span> <span class="s2">"ml-inference-high-error-rate"</span> <span class="nx">comparison_operator</span> <span class="p">=</span> <span class="s2">"GreaterThanThreshold"</span> <span class="nx">evaluation_periods</span> <span class="p">=</span> <span class="mi">2</span> <span class="nx">metric_name</span> <span class="p">=</span> <span class="s2">"5XXError"</span> <span class="nx">namespace</span> <span class="p">=</span> <span class="s2">"AWS/ApiGateway"</span> <span class="nx">period</span> <span class="p">=</span> <span class="mi">60</span> <span class="nx">statistic</span> <span class="p">=</span> <span class="s2">"Sum"</span> <span class="nx">threshold</span> <span class="p">=</span> <span class="mi">10</span> <span class="nx">alarm_description</span> <span class="p">=</span> <span class="s2">"This metric monitors API error rate"</span> <span class="nx">alarm_actions</span> <span class="p">=</span> <span class="p">[</span><span class="nx">aws_sns_topic</span><span class="p">.</span><span class="nx">alerts</span><span class="p">.</span><span class="nx">arn</span><span class="p">]</span> <span class="p">}</span> </code></pre> </div> <p><strong>CloudWatch Costs:</strong></p> <ul> <li>Logs ingestion: $0.50/GB</li> <li>Logs storage: $0.03/GB/month</li> <li>Custom metrics: $0.30/metric/month</li> <li>Average monthly: <strong>~$15-20</strong> </li> </ul> <h4> 5. Cost Summary - Shared Infrastructure </h4> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Component</th> <th>Monthly Cost</th> <th>Notes</th> </tr> </thead> <tbody> <tr> <td><strong>VPC</strong></td> <td>$0</td> <td>No charge for VPC itself</td> </tr> <tr> <td><strong>NAT Gateways (2)</strong></td> <td>$65.70</td> <td>$0.045/hour × 2 × 730 hours</td> </tr> <tr> <td><strong>Data Transfer</strong></td> <td>~$5-10</td> <td>Variable based on traffic</td> </tr> <tr> <td><strong>ECR</strong></td> <td>$0.30</td> <td>3GB storage</td> </tr> <tr> <td><strong>CloudWatch Logs</strong></td> <td>$10-15</td> <td>30-day retention</td> </tr> <tr> <td><strong>CloudWatch Metrics</strong></td> <td>$5</td> <td>~15 custom metrics</td> </tr> <tr> <td><strong>Secrets Manager</strong></td> <td>$0.40</td> <td>$0.40/secret/month</td> </tr> <tr> <td><strong>Total</strong></td> <td><strong>~$86-96</strong></td> <td>Shared across all platforms</td> </tr> </tbody> </table></div> <p><strong>Cost Optimization Tips:</strong></p> <ol> <li> <strong>Use VPC Endpoints</strong> for S3/ECR (saves data transfer costs)</li> <li> <strong>Compress CloudWatch Logs</strong> (reduces storage by 70%)</li> <li> <strong>Archive old logs to S3</strong> (10× cheaper: $0.023/GB vs $0.03/GB)</li> <li> <strong>Use CloudWatch Logs Insights</strong> instead of exporting to S3</li> <li> <strong>Enable ECR lifecycle policies</strong> (auto-delete unused images)</li> </ol> <h3> Infrastructure as Code </h3> <p>All shared infrastructure is defined in Terraform:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>terraform/ ├── modules/ │ ├── vpc/ <span class="c"># VPC, subnets, NAT gateways</span> │ ├── ecr/ <span class="c"># Container registry</span> │ ├── iam/ <span class="c"># Roles and policies</span> │ └── monitoring/ <span class="c"># CloudWatch, alarms</span> ├── environments/ │ ├── dev/ │ ├── staging/ │ └── production/ └── main.tf </code></pre> </div> <p><strong>Benefits of Shared Infrastructure:</strong></p> <p>✅ <strong>Cost Reduction:</strong> Single VPC, NAT gateways, and ECR for all platforms<br> ✅ <strong>Consistency:</strong> Same networking, security, and monitoring everywhere<br> ✅ <strong>Simplified Management:</strong> One IaC codebase, centralized changes<br> ✅ <strong>Security:</strong> Centralized IAM policies, unified audit logs<br> ✅ <strong>Reliability:</strong> Multi-AZ design, automatic failover</p> <h2> Production Best Practices </h2> <h3> Security Hardening </h3> <p><strong>Lambda:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1"># Use IAM for authorization</span> <span class="nx">resource</span> <span class="s2">"aws_lambda_function_url"</span> <span class="s2">"ml_inference"</span> <span class="p">{</span> <span class="nx">authorization_type</span> <span class="p">=</span> <span class="s2">"AWS_IAM"</span> <span class="c1"># Not NONE!</span> <span class="p">}</span> <span class="c1"># Scan container images</span> <span class="nx">resource</span> <span class="s2">"aws_ecr_repository"</span> <span class="s2">"ml_inference"</span> <span class="p">{</span> <span class="nx">image_scanning_configuration</span> <span class="p">{</span> <span class="nx">scan_on_push</span> <span class="p">=</span> <span class="kc">true</span> <span class="p">}</span> <span class="p">}</span> <span class="c1"># Use Secrets Manager</span> <span class="nx">environment</span> <span class="p">{</span> <span class="nx">variables</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">DB_SECRET_ARN</span> <span class="p">=</span> <span class="nx">aws_secretsmanager_secret</span><span class="p">.</span><span class="nx">db</span><span class="p">.</span><span class="nx">arn</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>ECS/EKS:</strong></p> <ul> <li>Use private subnets for compute</li> <li>Security groups with minimal inbound rules</li> <li>IAM roles for task/pod authentication</li> <li>Enable encryption at rest and in transit</li> </ul> <h3> Monitoring and Observability </h3> <p>All three platforms integrate with CloudWatch, but I added custom metrics:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">boto3</span> <span class="n">cloudwatch</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="nf">client</span><span class="p">(</span><span class="sh">'</span><span class="s">cloudwatch</span><span class="sh">'</span><span class="p">)</span> <span class="k">def</span> <span class="nf">log_prediction</span><span class="p">(</span><span class="n">latency_ms</span><span class="p">,</span> <span class="n">sentiment</span><span class="p">):</span> <span class="n">cloudwatch</span><span class="p">.</span><span class="nf">put_metric_data</span><span class="p">(</span> <span class="n">Namespace</span><span class="o">=</span><span class="sh">'</span><span class="s">MLInference</span><span class="sh">'</span><span class="p">,</span> <span class="n">MetricData</span><span class="o">=</span><span class="p">[</span> <span class="p">{</span> <span class="sh">'</span><span class="s">MetricName</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">InferenceLatency</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">Value</span><span class="sh">'</span><span class="p">:</span> <span class="n">latency_ms</span><span class="p">,</span> <span class="sh">'</span><span class="s">Unit</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">Milliseconds</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">Dimensions</span><span class="sh">'</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span><span class="sh">'</span><span class="s">Name</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">Sentiment</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">Value</span><span class="sh">'</span><span class="p">:</span> <span class="n">sentiment</span><span class="p">},</span> <span class="p">{</span><span class="sh">'</span><span class="s">Name</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">Platform</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">Value</span><span class="sh">'</span><span class="p">:</span> <span class="n">os</span><span class="p">.</span><span class="nf">getenv</span><span class="p">(</span><span class="sh">'</span><span class="s">DEPLOYMENT_TYPE</span><span class="sh">'</span><span class="p">)}</span> <span class="p">]</span> <span class="p">}</span> <span class="p">]</span> <span class="p">)</span> </code></pre> </div> <p>For EKS, I added Prometheus metrics:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">prometheus_client</span> <span class="kn">import</span> <span class="n">Counter</span><span class="p">,</span> <span class="n">Histogram</span> <span class="n">PREDICTION_LATENCY</span> <span class="o">=</span> <span class="nc">Histogram</span><span class="p">(</span> <span class="sh">'</span><span class="s">prediction_latency_seconds</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">Prediction latency in seconds</span><span class="sh">'</span> <span class="p">)</span> <span class="n">PREDICTION_COUNT</span> <span class="o">=</span> <span class="nc">Counter</span><span class="p">(</span> <span class="sh">'</span><span class="s">predictions_total</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">Total predictions</span><span class="sh">'</span><span class="p">,</span> <span class="p">[</span><span class="sh">'</span><span class="s">sentiment</span><span class="sh">'</span><span class="p">]</span> <span class="p">)</span> <span class="nd">@app.post</span><span class="p">(</span><span class="sh">"</span><span class="s">/predict</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">predict</span><span class="p">(</span><span class="n">request</span><span class="p">:</span> <span class="n">PredictionRequest</span><span class="p">):</span> <span class="k">with</span> <span class="n">PREDICTION_LATENCY</span><span class="p">.</span><span class="nf">time</span><span class="p">():</span> <span class="n">result</span> <span class="o">=</span> <span class="n">model_analyzer</span><span class="p">.</span><span class="nf">predict</span><span class="p">(</span><span class="n">request</span><span class="p">.</span><span class="n">text</span><span class="p">)</span> <span class="n">PREDICTION_COUNT</span><span class="p">.</span><span class="nf">labels</span><span class="p">(</span><span class="n">sentiment</span><span class="o">=</span><span class="n">result</span><span class="p">[</span><span class="sh">'</span><span class="s">sentiment</span><span class="sh">'</span><span class="p">]).</span><span class="nf">inc</span><span class="p">()</span> <span class="k">return</span> <span class="n">result</span> </code></pre> </div> <h3> Auto-Scaling Configuration </h3> <p><strong>Lambda:</strong> Works out of the box, but configure reserved concurrency for production:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"aws_lambda_function"</span> <span class="s2">"ml_inference"</span> <span class="p">{</span> <span class="nx">reserved_concurrent_executions</span> <span class="p">=</span> <span class="mi">100</span> <span class="p">}</span> </code></pre> </div> <p><strong>ECS:</strong> Target tracking auto-scaling:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"aws_appautoscaling_policy"</span> <span class="s2">"ecs_cpu"</span> <span class="p">{</span> <span class="nx">target_tracking_scaling_policy_configuration</span> <span class="p">{</span> <span class="nx">target_value</span> <span class="p">=</span> <span class="mf">70.0</span> <span class="nx">scale_in_cooldown</span> <span class="p">=</span> <span class="mi">300</span> <span class="c1"># 5 min</span> <span class="nx">scale_out_cooldown</span> <span class="p">=</span> <span class="mi">60</span> <span class="c1"># 1 min</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>EKS:</strong> Horizontal Pod Autoscaler with custom metrics:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">autoscaling/v2</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">HorizontalPodAutoscaler</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">minReplicas</span><span class="pi">:</span> <span class="m">2</span> <span class="na">maxReplicas</span><span class="pi">:</span> <span class="m">10</span> <span class="na">metrics</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">type</span><span class="pi">:</span> <span class="s">Resource</span> <span class="na">resource</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">cpu</span> <span class="na">target</span><span class="pi">:</span> <span class="na">averageUtilization</span><span class="pi">:</span> <span class="m">70</span> <span class="pi">-</span> <span class="na">type</span><span class="pi">:</span> <span class="s">Resource</span> <span class="na">resource</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">memory</span> <span class="na">target</span><span class="pi">:</span> <span class="na">averageUtilization</span><span class="pi">:</span> <span class="m">80</span> <span class="na">behavior</span><span class="pi">:</span> <span class="na">scaleUp</span><span class="pi">:</span> <span class="na">stabilizationWindowSeconds</span><span class="pi">:</span> <span class="m">0</span> <span class="na">policies</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">type</span><span class="pi">:</span> <span class="s">Percent</span> <span class="na">value</span><span class="pi">:</span> <span class="m">100</span> <span class="na">periodSeconds</span><span class="pi">:</span> <span class="m">30</span> </code></pre> </div> <h2> Lessons Learned </h2> <h3> 1. Lambda Cold Starts Are Real (And Painful) </h3> <p>Even with 3GB memory and optimized container images, Lambda cold starts took 3-5 seconds. That's unacceptable for user-facing applications. Provisioned concurrency helps but adds significant cost.</p> <p><strong>Mitigation:</strong></p> <ul> <li>Keep functions warm with scheduled pings</li> <li>Use provisioned concurrency for critical paths</li> <li>Accept cold starts for async/batch workloads</li> </ul> <h3> 2. ECS is Underrated </h3> <p>Most teams jump from Lambda to EKS, skipping ECS entirely. That's a mistake. ECS Fargate provides 80% of Kubernetes benefits with 20% of the complexity. For most teams, it's the Goldilocks solution.</p> <h3> 3. Right-Sizing Matters More Than Platform </h3> <p>A poorly configured EKS cluster can cost more than a well-optimized Lambda setup. I saved:</p> <ul> <li>30% on Lambda by right-sizing memory</li> <li>65% on ECS using Fargate Spot</li> <li>60% on EKS using Spot instances</li> </ul> <p>Focus on optimization before switching platforms.</p> <h3> 4. Benchmark With Real Traffic </h3> <p>My synthetic tests showed Lambda performing better than production. Real traffic has:</p> <ul> <li>Variable input lengths (affecting inference time)</li> <li>Burst patterns (causing cold starts)</li> <li>Geographic distribution (network latency)</li> </ul> <p>Always test with production-like data.</p> <h3> 5. Total Cost of Ownership Includes People </h3> <p>EKS might be cheaper at scale, but requires Kubernetes expertise. If you need to hire a DevOps engineer ($120K/year), Lambda suddenly looks very affordable.</p> <p>Factor in:</p> <ul> <li>Team expertise and training</li> <li>Operational overhead</li> <li>On-call burden</li> <li>Time to market</li> </ul> <h2> Conclusion </h2> <p>So, which platform should you choose?</p> <p><strong>For most teams starting out: ECS Fargate</strong></p> <p>It provides:</p> <ul> <li>No cold starts (predictable performance)</li> <li>Reasonable cost at medium scale</li> <li>Familiar Docker patterns</li> <li>Managed infrastructure</li> <li>Path to EKS if you outgrow it</li> </ul> <p><strong>Start with Lambda</strong> if you have:</p> <ul> <li>Truly unpredictable traffic</li> <li>&lt;35K requests/day</li> <li>Strong cost constraints</li> <li>No ops team</li> </ul> <p><strong>Upgrade to EKS</strong> when you hit:</p> <ul> <li>&gt;85K requests/day sustained</li> <li>Need for advanced orchestration</li> <li>Multi-region requirements</li> <li>Team with K8s expertise</li> </ul> <p>The beauty of this architecture: you can migrate between platforms with minimal code changes. Start simple, scale as needed.</p> <h2> Get the Complete Project </h2> <p>I've open-sourced everything:</p> <p><strong>Repository includes:</strong></p> <ul> <li>✅ Complete model training code</li> <li>✅ FastAPI application</li> <li>✅ Dockerfiles for all platforms</li> <li>✅ Terraform modules (Lambda, ECS, EKS)</li> <li>✅ Kubernetes manifests</li> <li>✅ Load testing suite</li> <li>✅ Deployment scripts</li> <li>✅ Comprehensive documentation</li> </ul> <p><strong>Quick start:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git clone https://github.com/rifkhan107/mlops-inference-comparison.git <span class="nb">cd </span>mlops-inference-comparison make quickstart <span class="c"># Deploys everything in 60 minutes</span> </code></pre> </div> <p><strong>Learn more:</strong></p> <ul> <li><a href="https://github.com/rifkhan107/mlops-inference-comparison.git" rel="noopener noreferrer">GitHub Repository</a></li> <li><a href="https://github.com/rifkhan107/mlops-inference-comparison/blob/main/docs/SETUP.md" rel="noopener noreferrer">Setup Guide</a></li> <li><a href="https://github.com/rifkhan107/mlops-inference-comparison/blob/main/docs/DEPLOYMENT.md" rel="noopener noreferrer">Deployment Guide</a></li> </ul> <h2> What's Next? </h2> <p>In future posts, I'll explore:</p> <ol> <li> <strong>GPU-accelerated inference</strong> on EKS with NVIDIA GPUs</li> <li> <strong>Multi-model serving</strong> with SageMaker Multi-Model Endpoints</li> <li> <strong>A/B testing</strong> ML models in production</li> <li> <strong>Feature stores</strong> for real-time inference</li> </ol> <h2> Let's Connect </h2> <p>I'm passionate about MLOps and cloud-native architectures. Let's discuss your ML deployment challenges:</p> <ul> <li> <strong>Twitter:</strong> <a href="https://x.com/rifkhan107" rel="noopener noreferrer">rifkhan107</a> </li> <li> <strong>LinkedIn:</strong> <a href="https://www.linkedin.com/in/rifkhan107" rel="noopener noreferrer">rifkhan107</a> </li> <li> <strong>GitHub:</strong> <a href="https://github.com/rifkhan107" rel="noopener noreferrer">rifkhan107</a> </li> <li> <strong>AWS Community Builders:</strong> <a href="https://builder.aws.com/community/@rifkhan" rel="noopener noreferrer">rifkhan</a> </li> </ul> <p><strong>Questions about the project?</strong> Open an issue on GitHub or reach out on Twitter.</p> <p><strong>Found this helpful?</strong> ⭐ Star the repository and share with your team!</p> aws performance architecture machinelearning JM Rifkhan Sat, 08 Nov 2025 17:08:45 +0000 https://forem.com/aws-builders/event-driven-batch-processing-on-aws-from-scheduled-tasks-to-auto-scaling-workloads-20a6 https://forem.com/aws-builders/event-driven-batch-processing-on-aws-from-scheduled-tasks-to-auto-scaling-workloads-20a6 <p>As DevOps engineers, we've all been there: running EC2 instances 24/7 to process batch jobs that only run a few hours per day. The meter keeps ticking whether you're processing millions of images or sitting idle at 3 AM. Your AWS bill arrives, and you wonder: "Why am I paying for servers that do nothing most of the time?"</p> <p>I've seen this pattern repeatedly across startups, enterprises, and everything in between. The traditional approach to batch processing always-on infrastructure made sense in the data center era. But in the cloud? It's like leaving your car running in the parking lot all day because you might need it later.</p> <p>In this comprehensive guide, I'll walk you through three production-ready patterns for implementing batch processing on AWS using containers. You'll learn when to use each pattern, how to implement auto-scaling based on queue depth, and how to reduce your batch processing costs by up to 74%. More importantly, you'll understand the architectural decisions behind each pattern and how to adapt them to your specific use cases.</p> <p>All code examples are production-ready and available on GitHub, complete with Terraform infrastructure, monitoring configurations, and deployment guides. Let's dive in.</p> <h2> The Problem with Traditional Batch Processing </h2> <p>Let's start with a real scenario that mirrors what I've seen dozens of times. Imagine you're running a SaaS platform that processes user-uploaded documents PDFs that need to be converted, analyzed, and indexed. Your current setup uses two t3.medium EC2 instances running constantly, costing about $73 per month.</p> <p>But here's the reality of your workload:</p> <ul> <li> <strong>6 AM - 10 AM</strong>: Heavy processing (users uploading files before work)</li> <li> <strong>10 AM - 5 PM</strong>: Moderate, sporadic activity</li> <li> <strong>5 PM - 7 PM</strong>: Another spike (end-of-day uploads)</li> <li> <strong>7 PM - 6 AM</strong>: Nearly idle (maybe 5% utilization)</li> </ul> <p>You're paying for 100% capacity but using it fully only about 25% of the time. The math is brutal: you're paying $55/month for idle servers doing nothing.</p> <p>Traditional batch processing faces four major challenges:</p> <h3> 1. Always-On Infrastructure Costs </h3> <p>In the on-premises world, this made sense servers were already purchased. But in the cloud, you're paying by the hour. Those idle servers are burning money while you sleep.</p> <h3> 2. Manual Scaling is Reactive, Not Proactive </h3> <p>You get a sudden spike in uploads. Your servers max out. Users wait. You get paged. You manually spin up more instances. By the time they're ready, the spike has passed. Then you forget to turn them off and waste more money.</p> <h3> 3. Poor Resource Utilization </h3> <p>Your jobs vary in size. Some take 30 seconds, others take 10 minutes. With fixed-size instances, you either over-provision (waste money) or under-provision (slow performance). There's no middle ground.</p> <h3> 4. Operational Complexity </h3> <p>Managing servers means patching, monitoring, log rotation, security updates, and capacity planning. Every hour spent on infrastructure is an hour not spent on features that differentiate your product.</p> <p>Enter event-driven batch processing with containers. Instead of always-on servers, you run tasks only when there's work to do. Instead of manual scaling, your infrastructure responds automatically to workload changes. Instead of managing servers, you define tasks and let AWS handle the rest.</p> <p>Sounds too good to be true? Let me show you how it works.</p> <h2> Understanding Event-Driven Architecture </h2> <p>Before we dive into specific patterns, let's understand what "event-driven" means in this context.</p> <p>Traditional batch processing is <strong>time-driven</strong>: "Run this job every day at 2 AM."</p> <p>Event-driven batch processing is <strong>trigger-driven</strong>: "Run this job when something happens."</p> <p>That "something" could be:</p> <ul> <li>A message arriving in a queue</li> <li>A file uploaded to S3</li> <li>An API request</li> <li>A schedule (yes, scheduled tasks can be event-driven too!)</li> <li>A state change in your application</li> </ul> <p>The key difference is responsiveness. Time-driven systems process on a fixed schedule regardless of actual need. Event-driven systems process in response to actual demand.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fp0r6u7hytz020dmo9dt0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fp0r6u7hytz020dmo9dt0.png" alt="Comparison of time-driven vs event-driven batch processing flows" width="800" height="335"></a></p> <p>This shift changes everything:</p> <ul> <li> <strong>Costs</strong>: Pay only when processing</li> <li> <strong>Performance</strong>: Respond immediately to demand</li> <li> <strong>Scalability</strong>: Automatically match capacity to workload</li> <li> <strong>Simplicity</strong>: No capacity planning needed</li> </ul> <p>Now let's explore three production-ready patterns that implement this approach.</p> <h2> Pattern 1: Scheduled Tasks with ECS and EventBridge </h2> <p>Let's start simple. Not every batch job needs to be event-driven in the reactive sense. Sometimes you genuinely need to run something on a schedule. But that doesn't mean you need servers running 24/7.</p> <h3> Architecture Overview </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2bs6yifn1o3hx3217cj5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2bs6yifn1o3hx3217cj5.png" alt="ECS Scheduled Tasks architecture showing EventBridge → ECS → S3/SNS" width="800" height="903"></a></p> <p>EventBridge (formerly CloudWatch Events) acts as your scheduler. At the specified time, it triggers an ECS task. The task runs your containerized application, completes its work, and terminates. You pay only for the compute time used typically minutes, not hours.</p> <h3> Real-World Use Case: Daily Sales Reports </h3> <p>Let me walk you through a concrete example I implemented for an e-commerce platform.</p> <p><strong>Requirement</strong>: Generate daily sales reports aggregating data from RDS, calculate metrics, create PDF reports, and upload to S3 for the executive team.</p> <p><strong>Previous Solution</strong>: A t3.small instance ($15/month) running cron, active 24/7.</p> <p><strong>New Solution</strong>:</p> <ul> <li>Container with Python script + ReportLab for PDF generation</li> <li>EventBridge rule: <code>cron(0 6 * * ? *)</code> (6 AM UTC daily)</li> <li>Task spec: 0.5 vCPU, 1 GB memory</li> <li>Average runtime: 4 minutes</li> </ul> <p><strong>Cost Breakdown</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Fargate vCPU: $0.04048 per vCPU per hour Fargate Memory: $0.004445 per GB per hour Daily cost: (0.5 vCPU × $0.04048) + (1 GB × $0.004445) = $0.024685/hour 4 minutes = 0.067 hours Cost per run = $0.0017 Monthly cost (30 days): $0.051 Add CloudWatch, S3, SNS: ~$1.50/month Total: ~$1.55/month </code></pre> </div> <p>Compare this to the $15/month for an always-on t3.small. That's a <strong>90% cost reduction</strong>. Over a year, that's $162 saved enough to fund several other AWS services.</p> <h3> Implementation Deep Dive </h3> <p>Here's what the task definition looks like in Terraform:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"aws_ecs_task_definition"</span> <span class="s2">"daily_report"</span> <span class="p">{</span> <span class="nx">family</span> <span class="p">=</span> <span class="s2">"daily-sales-report"</span> <span class="nx">requires_compatibilities</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"FARGATE"</span><span class="p">]</span> <span class="nx">network_mode</span> <span class="p">=</span> <span class="s2">"awsvpc"</span> <span class="nx">cpu</span> <span class="p">=</span> <span class="s2">"512"</span> <span class="c1"># 0.5 vCPU</span> <span class="nx">memory</span> <span class="p">=</span> <span class="s2">"1024"</span> <span class="c1"># 1 GB</span> <span class="nx">container_definitions</span> <span class="p">=</span> <span class="nx">jsonencode</span><span class="p">([{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"report-generator"</span> <span class="nx">image</span> <span class="p">=</span> <span class="s2">"${aws_ecr_repository.reports.repository_url}:latest"</span> <span class="nx">environment</span> <span class="p">=</span> <span class="p">[</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"REPORT_TYPE"</span> <span class="nx">value</span> <span class="p">=</span> <span class="s2">"daily-sales"</span> <span class="p">},</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"S3_BUCKET"</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">aws_s3_bucket</span><span class="p">.</span><span class="nx">reports</span><span class="p">.</span><span class="nx">id</span> <span class="p">}</span> <span class="p">]</span> <span class="nx">logConfiguration</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">logDriver</span> <span class="p">=</span> <span class="s2">"awslogs"</span> <span class="nx">options</span> <span class="p">=</span> <span class="p">{</span> <span class="s2">"awslogs-group"</span> <span class="p">=</span> <span class="s2">"/ecs/daily-reports"</span> <span class="s2">"awslogs-region"</span> <span class="p">=</span> <span class="s2">"us-east-1"</span> <span class="s2">"awslogs-stream-prefix"</span> <span class="p">=</span> <span class="s2">"report"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}])</span> <span class="p">}</span> </code></pre> </div> <p>The EventBridge rule that triggers it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"aws_cloudwatch_event_rule"</span> <span class="s2">"daily_report"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"daily-sales-report-trigger"</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"Trigger daily sales report at 6 AM UTC"</span> <span class="nx">schedule_expression</span> <span class="p">=</span> <span class="s2">"cron(0 6 * * ? *)"</span> <span class="p">}</span> <span class="nx">resource</span> <span class="s2">"aws_cloudwatch_event_target"</span> <span class="s2">"ecs_task"</span> <span class="p">{</span> <span class="nx">rule</span> <span class="p">=</span> <span class="nx">aws_cloudwatch_event_rule</span><span class="p">.</span><span class="nx">daily_report</span><span class="p">.</span><span class="nx">name</span> <span class="nx">arn</span> <span class="p">=</span> <span class="nx">aws_ecs_cluster</span><span class="p">.</span><span class="nx">reports</span><span class="p">.</span><span class="nx">arn</span> <span class="nx">role_arn</span> <span class="p">=</span> <span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">eventbridge_ecs</span><span class="p">.</span><span class="nx">arn</span> <span class="nx">ecs_target</span> <span class="p">{</span> <span class="nx">task_count</span> <span class="p">=</span> <span class="mi">1</span> <span class="nx">task_definition_arn</span> <span class="p">=</span> <span class="nx">aws_ecs_task_definition</span><span class="p">.</span><span class="nx">daily_report</span><span class="p">.</span><span class="nx">arn</span> <span class="nx">launch_type</span> <span class="p">=</span> <span class="s2">"FARGATE"</span> <span class="nx">network_configuration</span> <span class="p">{</span> <span class="nx">subnets</span> <span class="p">=</span> <span class="nx">aws_subnet</span><span class="p">.</span><span class="nx">private</span><span class="p">[*].</span><span class="nx">id</span> <span class="nx">security_groups</span> <span class="p">=</span> <span class="p">[</span><span class="nx">aws_security_group</span><span class="p">.</span><span class="nx">ecs_tasks</span><span class="p">.</span><span class="nx">id</span><span class="p">]</span> <span class="nx">assign_public_ip</span> <span class="p">=</span> <span class="kc">false</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> When to Use This Pattern </h3> <p><strong>Perfect for</strong>:</p> <ul> <li>Daily/weekly/monthly reports</li> <li>Scheduled backups</li> <li>Database maintenance tasks</li> <li>Periodic data cleanup</li> <li>Regular data synchronization</li> <li>Certificate renewals</li> <li>Compliance checks</li> </ul> <p><strong>Not suitable for</strong>:</p> <ul> <li>Variable workloads with unpredictable timing</li> <li>Jobs triggered by external events</li> <li>Processing queues of variable size</li> <li>Workloads requiring high parallelism</li> </ul> <p><strong>Pro Tips</strong>:</p> <ol> <li>Use SNS to get notified of failures silent failures are the worst</li> <li>Set appropriate task timeouts to prevent runaway jobs</li> <li>Use CloudWatch Logs Insights to track execution time trends</li> <li>Consider multiple tasks for different report types rather than one monolithic task</li> </ol> <h2> Pattern 2: Event-Driven Auto-Scaling with ECS and SQS </h2> <p>Now we're getting to the heart of event-driven batch processing. This is the pattern I recommend for most production workloads, and it's where the real magic happens.</p> <h3> Architecture Overview </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0t9zk1iqwamt6iw9v55h.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0t9zk1iqwamt6iw9v55h.png" alt="Detailed event-driven architecture with SQS, ECS auto-scaling, DLQ, and monitoring" width="800" height="748"></a></p> <p>This architecture responds dynamically to workload. Messages arrive in SQS, Application Auto Scaling watches the queue depth, and ECS automatically spins up or down tasks to maintain your target backlog per task.</p> <h3> The Auto-Scaling Magic Explained </h3> <p>Let me break down exactly how auto-scaling works, because understanding this is crucial to optimizing your workload.</p> <p>Application Auto Scaling uses a <strong>target tracking scaling policy</strong>. You define a target value for a metric, and AWS automatically adjusts capacity to maintain that target.</p> <p>The metric we care about is "backlog per instance":<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Backlog per Instance = Queue Messages / Running Tasks </code></pre> </div> <p>Let's say you configure a target of 5 messages per task. Here's what happens in different scenarios:</p> <p><strong>Scenario 1: Steady State</strong></p> <ul> <li>Queue has 5 messages</li> <li>1 task running</li> <li>Backlog = 5 / 1 = 5 (matches target)</li> <li>No scaling action</li> </ul> <p><strong>Scenario 2: Sudden Spike</strong></p> <ul> <li>Queue jumps to 100 messages (someone uploaded a batch)</li> <li>Still 1 task running</li> <li>Backlog = 100 / 1 = 100 (way above target of 5)</li> <li>Scale-out action triggered</li> <li>Target tasks = 100 / 5 = 20</li> <li>But you've set max_tasks = 10</li> <li>Service scales to 10 tasks</li> <li>New backlog = 100 / 10 = 10 (still above target, but best we can do)</li> </ul> <p><strong>Scenario 3: Processing Complete</strong></p> <ul> <li>Queue is empty</li> <li>10 tasks running</li> <li>Backlog = 0 / 10 = 0 (below target)</li> <li>Scale-in action triggered after cooldown</li> <li>Service scales to min_tasks = 1</li> </ul> <p><strong>Scenario 4: Gradual Increase</strong></p> <ul> <li>Queue grows from 5 to 25 messages over 10 minutes</li> <li>Service gradually scales from 1 to 5 tasks</li> <li>Maintains target backlog throughout</li> </ul> <h3> Cooldown Periods: The Unsung Heroes </h3> <p>Cooldown periods prevent "flapping" rapid scaling up and down that wastes money and causes instability.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">target_tracking_scaling_policy_configuration</span> <span class="p">{</span> <span class="nx">target_value</span> <span class="p">=</span> <span class="mi">5</span> <span class="nx">scale_in_cooldown</span> <span class="p">=</span> <span class="mi">300</span> <span class="c1"># 5 minutes</span> <span class="nx">scale_out_cooldown</span> <span class="p">=</span> <span class="mi">60</span> <span class="c1"># 1 minute</span> <span class="p">}</span> </code></pre> </div> <p><strong>Why different cooldowns?</strong></p> <ul> <li> <strong>Scale-out is fast (60 seconds)</strong>: When messages are backing up, you want to respond quickly</li> <li> <strong>Scale-in is slow (300 seconds)</strong>: Tasks are cheap when idle; better to keep them around briefly in case more work arrives</li> </ul> <p>I learned this the hard way. Initially, I set both to 60 seconds. The result? Constant scaling churn. A batch of 50 messages would arrive, scale up to 10 tasks, finish in 2 minutes, immediately scale down, then another batch would arrive 30 seconds later and scale back up. Each scaling action takes time, and you're actually processing slower due to all the churn.</p> <p>With a 5-minute scale-in cooldown, the service stays at capacity for a bit after processing, ready for the next batch. This is especially important for "bursty" workloads with periodic spikes.</p> <h3> Real-World Implementation: Image Processing Pipeline </h3> <p>Let me share a real implementation I built for a photo sharing platform.</p> <p><strong>Requirements</strong>:</p> <ul> <li>Process user-uploaded images (resize, optimize, generate thumbnails)</li> <li>Variable workload: 100-1000 uploads per hour</li> <li>Process each image in ~2 minutes</li> <li>Store results in S3</li> </ul> <p><strong>Architecture</strong>:</p> <ul> <li>S3 bucket for uploads (with event notifications)</li> <li>Lambda function to create SQS messages from S3 events</li> <li>SQS queue for processing jobs</li> <li>ECS service with auto-scaling (1-10 tasks)</li> <li>S3 bucket for processed images</li> </ul> <p><strong>The Application Code</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">boto3</span> <span class="kn">import</span> <span class="n">json</span> <span class="kn">from</span> <span class="n">PIL</span> <span class="kn">import</span> <span class="n">Image</span> <span class="kn">import</span> <span class="n">io</span> <span class="n">sqs</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="nf">client</span><span class="p">(</span><span class="sh">'</span><span class="s">sqs</span><span class="sh">'</span><span class="p">)</span> <span class="n">s3</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="nf">client</span><span class="p">(</span><span class="sh">'</span><span class="s">s3</span><span class="sh">'</span><span class="p">)</span> <span class="n">QUEUE_URL</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">[</span><span class="sh">'</span><span class="s">SQS_QUEUE_URL</span><span class="sh">'</span><span class="p">]</span> <span class="n">OUTPUT_BUCKET</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">[</span><span class="sh">'</span><span class="s">OUTPUT_BUCKET</span><span class="sh">'</span><span class="p">]</span> <span class="k">def</span> <span class="nf">process_image</span><span class="p">(</span><span class="n">bucket</span><span class="p">,</span> <span class="n">key</span><span class="p">):</span> <span class="sh">"""</span><span class="s">Download, process, and upload image</span><span class="sh">"""</span> <span class="c1"># Download original </span> <span class="n">response</span> <span class="o">=</span> <span class="n">s3</span><span class="p">.</span><span class="nf">get_object</span><span class="p">(</span><span class="n">Bucket</span><span class="o">=</span><span class="n">bucket</span><span class="p">,</span> <span class="n">Key</span><span class="o">=</span><span class="n">key</span><span class="p">)</span> <span class="n">img</span> <span class="o">=</span> <span class="n">Image</span><span class="p">.</span><span class="nf">open</span><span class="p">(</span><span class="n">io</span><span class="p">.</span><span class="nc">BytesIO</span><span class="p">(</span><span class="n">response</span><span class="p">[</span><span class="sh">'</span><span class="s">Body</span><span class="sh">'</span><span class="p">].</span><span class="nf">read</span><span class="p">()))</span> <span class="c1"># Generate sizes </span> <span class="n">sizes</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">'</span><span class="s">thumbnail</span><span class="sh">'</span><span class="p">:</span> <span class="p">(</span><span class="mi">150</span><span class="p">,</span> <span class="mi">150</span><span class="p">),</span> <span class="sh">'</span><span class="s">medium</span><span class="sh">'</span><span class="p">:</span> <span class="p">(</span><span class="mi">800</span><span class="p">,</span> <span class="mi">800</span><span class="p">),</span> <span class="sh">'</span><span class="s">large</span><span class="sh">'</span><span class="p">:</span> <span class="p">(</span><span class="mi">1920</span><span class="p">,</span> <span class="mi">1920</span><span class="p">)</span> <span class="p">}</span> <span class="n">results</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">for</span> <span class="n">size_name</span><span class="p">,</span> <span class="n">dimensions</span> <span class="ow">in</span> <span class="n">sizes</span><span class="p">.</span><span class="nf">items</span><span class="p">():</span> <span class="c1"># Resize maintaining aspect ratio </span> <span class="n">img_resized</span> <span class="o">=</span> <span class="n">img</span><span class="p">.</span><span class="nf">copy</span><span class="p">()</span> <span class="n">img_resized</span><span class="p">.</span><span class="nf">thumbnail</span><span class="p">(</span><span class="n">dimensions</span><span class="p">,</span> <span class="n">Image</span><span class="p">.</span><span class="n">LANCZOS</span><span class="p">)</span> <span class="c1"># Convert to bytes </span> <span class="nb">buffer</span> <span class="o">=</span> <span class="n">io</span><span class="p">.</span><span class="nc">BytesIO</span><span class="p">()</span> <span class="n">img_resized</span><span class="p">.</span><span class="nf">save</span><span class="p">(</span><span class="nb">buffer</span><span class="p">,</span> <span class="nb">format</span><span class="o">=</span><span class="sh">'</span><span class="s">JPEG</span><span class="sh">'</span><span class="p">,</span> <span class="n">quality</span><span class="o">=</span><span class="mi">85</span><span class="p">,</span> <span class="n">optimize</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="nb">buffer</span><span class="p">.</span><span class="nf">seek</span><span class="p">(</span><span class="mi">0</span><span class="p">)</span> <span class="c1"># Upload to S3 </span> <span class="n">output_key</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">processed/</span><span class="si">{</span><span class="n">size_name</span><span class="si">}</span><span class="s">/</span><span class="si">{</span><span class="n">key</span><span class="si">}</span><span class="sh">"</span> <span class="n">s3</span><span class="p">.</span><span class="nf">put_object</span><span class="p">(</span> <span class="n">Bucket</span><span class="o">=</span><span class="n">OUTPUT_BUCKET</span><span class="p">,</span> <span class="n">Key</span><span class="o">=</span><span class="n">output_key</span><span class="p">,</span> <span class="n">Body</span><span class="o">=</span><span class="nb">buffer</span><span class="p">,</span> <span class="n">ContentType</span><span class="o">=</span><span class="sh">'</span><span class="s">image/jpeg</span><span class="sh">'</span> <span class="p">)</span> <span class="n">results</span><span class="p">.</span><span class="nf">append</span><span class="p">({</span> <span class="sh">'</span><span class="s">size</span><span class="sh">'</span><span class="p">:</span> <span class="n">size_name</span><span class="p">,</span> <span class="sh">'</span><span class="s">key</span><span class="sh">'</span><span class="p">:</span> <span class="n">output_key</span><span class="p">,</span> <span class="sh">'</span><span class="s">dimensions</span><span class="sh">'</span><span class="p">:</span> <span class="n">img_resized</span><span class="p">.</span><span class="n">size</span> <span class="p">})</span> <span class="k">return</span> <span class="n">results</span> <span class="k">def</span> <span class="nf">process_messages</span><span class="p">():</span> <span class="sh">"""</span><span class="s">Main processing loop</span><span class="sh">"""</span> <span class="n">messages_processed</span> <span class="o">=</span> <span class="mi">0</span> <span class="n">max_messages</span> <span class="o">=</span> <span class="nf">int</span><span class="p">(</span><span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">MAX_MESSAGES</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">10</span><span class="sh">'</span><span class="p">))</span> <span class="k">while</span> <span class="n">messages_processed</span> <span class="o">&lt;</span> <span class="n">max_messages</span><span class="p">:</span> <span class="c1"># Long polling for efficiency </span> <span class="n">response</span> <span class="o">=</span> <span class="n">sqs</span><span class="p">.</span><span class="nf">receive_message</span><span class="p">(</span> <span class="n">QueueUrl</span><span class="o">=</span><span class="n">QUEUE_URL</span><span class="p">,</span> <span class="n">MaxNumberOfMessages</span><span class="o">=</span><span class="mi">1</span><span class="p">,</span> <span class="n">WaitTimeSeconds</span><span class="o">=</span><span class="mi">20</span><span class="p">,</span> <span class="n">VisibilityTimeout</span><span class="o">=</span><span class="mi">300</span> <span class="c1"># 5 minutes </span> <span class="p">)</span> <span class="n">messages</span> <span class="o">=</span> <span class="n">response</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">Messages</span><span class="sh">'</span><span class="p">,</span> <span class="p">[])</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">messages</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">No messages available, exiting</span><span class="sh">"</span><span class="p">)</span> <span class="k">break</span> <span class="k">for</span> <span class="n">message</span> <span class="ow">in</span> <span class="n">messages</span><span class="p">:</span> <span class="k">try</span><span class="p">:</span> <span class="c1"># Parse message </span> <span class="n">body</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="nf">loads</span><span class="p">(</span><span class="n">message</span><span class="p">[</span><span class="sh">'</span><span class="s">Body</span><span class="sh">'</span><span class="p">])</span> <span class="n">bucket</span> <span class="o">=</span> <span class="n">body</span><span class="p">[</span><span class="sh">'</span><span class="s">bucket</span><span class="sh">'</span><span class="p">]</span> <span class="n">key</span> <span class="o">=</span> <span class="n">body</span><span class="p">[</span><span class="sh">'</span><span class="s">key</span><span class="sh">'</span><span class="p">]</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Processing </span><span class="si">{</span><span class="n">key</span><span class="si">}</span><span class="s">...</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Process image </span> <span class="n">results</span> <span class="o">=</span> <span class="nf">process_image</span><span class="p">(</span><span class="n">bucket</span><span class="p">,</span> <span class="n">key</span><span class="p">)</span> <span class="c1"># Delete message on success </span> <span class="n">sqs</span><span class="p">.</span><span class="nf">delete_message</span><span class="p">(</span> <span class="n">QueueUrl</span><span class="o">=</span><span class="n">QUEUE_URL</span><span class="p">,</span> <span class="n">ReceiptHandle</span><span class="o">=</span><span class="n">message</span><span class="p">[</span><span class="sh">'</span><span class="s">ReceiptHandle</span><span class="sh">'</span><span class="p">]</span> <span class="p">)</span> <span class="n">messages_processed</span> <span class="o">+=</span> <span class="mi">1</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Processed </span><span class="si">{</span><span class="n">key</span><span class="si">}</span><span class="s">: </span><span class="si">{</span><span class="n">results</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Error processing message: </span><span class="si">{</span><span class="n">e</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Message will return to queue after visibility timeout </span> <span class="c1"># After 3 failures, it goes to DLQ </span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Processed </span><span class="si">{</span><span class="n">messages_processed</span><span class="si">}</span><span class="s"> messages</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p><strong>Key Design Decisions</strong>:</p> <ol> <li> <strong>Long Polling (<code>WaitTimeSeconds=20</code>)</strong>: Reduces empty receives, lowers costs, and increases efficiency</li> <li> <strong>Visibility Timeout (300s)</strong>: Set to 2.5× average processing time (2 minutes × 2.5 = 5 minutes)</li> <li> <strong>Max Messages Limit</strong>: Task processes up to 10 messages then exits, allowing fresh tasks to start</li> <li> <strong>Delete Only on Success</strong>: Messages remain in queue if processing fails, triggering retries</li> <li> <strong>Graceful Error Handling</strong>: Exceptions are logged but don't crash the task</li> </ol> <h3> The Infrastructure: Terraform Configuration </h3> <p>Here's the complete auto-scaling configuration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1"># SQS Queue</span> <span class="nx">resource</span> <span class="s2">"aws_sqs_queue"</span> <span class="s2">"image_processing"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"image-processing-queue"</span> <span class="nx">visibility_timeout_seconds</span> <span class="p">=</span> <span class="mi">300</span> <span class="nx">message_retention_seconds</span> <span class="p">=</span> <span class="mi">86400</span> <span class="c1"># 24 hours</span> <span class="nx">receive_wait_time_seconds</span> <span class="p">=</span> <span class="mi">20</span> <span class="c1"># Long polling</span> <span class="nx">redrive_policy</span> <span class="p">=</span> <span class="nx">jsonencode</span><span class="p">({</span> <span class="nx">deadLetterTargetArn</span> <span class="p">=</span> <span class="nx">aws_sqs_queue</span><span class="p">.</span><span class="nx">dlq</span><span class="p">.</span><span class="nx">arn</span> <span class="nx">maxReceiveCount</span> <span class="p">=</span> <span class="mi">3</span> <span class="p">})</span> <span class="p">}</span> <span class="c1"># Dead Letter Queue</span> <span class="nx">resource</span> <span class="s2">"aws_sqs_queue"</span> <span class="s2">"dlq"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"image-processing-dlq"</span> <span class="nx">message_retention_seconds</span> <span class="p">=</span> <span class="mi">1209600</span> <span class="c1"># 14 days</span> <span class="p">}</span> <span class="c1"># ECS Service</span> <span class="nx">resource</span> <span class="s2">"aws_ecs_service"</span> <span class="s2">"image_processor"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"image-processor"</span> <span class="nx">cluster</span> <span class="p">=</span> <span class="nx">aws_ecs_cluster</span><span class="p">.</span><span class="nx">main</span><span class="p">.</span><span class="nx">id</span> <span class="nx">task_definition</span> <span class="p">=</span> <span class="nx">aws_ecs_task_definition</span><span class="p">.</span><span class="nx">processor</span><span class="p">.</span><span class="nx">arn</span> <span class="nx">launch_type</span> <span class="p">=</span> <span class="s2">"FARGATE"</span> <span class="nx">desired_count</span> <span class="p">=</span> <span class="mi">1</span> <span class="c1"># Start with 1, let auto-scaling adjust</span> <span class="nx">network_configuration</span> <span class="p">{</span> <span class="nx">subnets</span> <span class="p">=</span> <span class="nx">aws_subnet</span><span class="p">.</span><span class="nx">private</span><span class="p">[*].</span><span class="nx">id</span> <span class="nx">security_groups</span> <span class="p">=</span> <span class="p">[</span><span class="nx">aws_security_group</span><span class="p">.</span><span class="nx">ecs_tasks</span><span class="p">.</span><span class="nx">id</span><span class="p">]</span> <span class="nx">assign_public_ip</span> <span class="p">=</span> <span class="kc">false</span> <span class="p">}</span> <span class="p">}</span> <span class="c1"># Auto Scaling Target</span> <span class="nx">resource</span> <span class="s2">"aws_appautoscaling_target"</span> <span class="s2">"ecs_target"</span> <span class="p">{</span> <span class="nx">max_capacity</span> <span class="p">=</span> <span class="mi">10</span> <span class="nx">min_capacity</span> <span class="p">=</span> <span class="mi">1</span> <span class="nx">resource_id</span> <span class="p">=</span> <span class="s2">"service/${aws_ecs_cluster.main.name}/${aws_ecs_service.image_processor.name}"</span> <span class="nx">scalable_dimension</span> <span class="p">=</span> <span class="s2">"ecs:service:DesiredCount"</span> <span class="nx">service_namespace</span> <span class="p">=</span> <span class="s2">"ecs"</span> <span class="p">}</span> <span class="c1"># Auto Scaling Policy</span> <span class="nx">resource</span> <span class="s2">"aws_appautoscaling_policy"</span> <span class="s2">"scale_on_sqs"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"scale-on-sqs-depth"</span> <span class="nx">policy_type</span> <span class="p">=</span> <span class="s2">"TargetTrackingScaling"</span> <span class="nx">resource_id</span> <span class="p">=</span> <span class="nx">aws_appautoscaling_target</span><span class="p">.</span><span class="nx">ecs_target</span><span class="p">.</span><span class="nx">resource_id</span> <span class="nx">scalable_dimension</span> <span class="p">=</span> <span class="nx">aws_appautoscaling_target</span><span class="p">.</span><span class="nx">ecs_target</span><span class="p">.</span><span class="nx">scalable_dimension</span> <span class="nx">service_namespace</span> <span class="p">=</span> <span class="nx">aws_appautoscaling_target</span><span class="p">.</span><span class="nx">ecs_target</span><span class="p">.</span><span class="nx">service_namespace</span> <span class="nx">target_tracking_scaling_policy_configuration</span> <span class="p">{</span> <span class="nx">target_value</span> <span class="p">=</span> <span class="mf">5.0</span> <span class="nx">scale_in_cooldown</span> <span class="p">=</span> <span class="mi">300</span> <span class="nx">scale_out_cooldown</span> <span class="p">=</span> <span class="mi">60</span> <span class="nx">customized_metric_specification</span> <span class="p">{</span> <span class="nx">metrics</span> <span class="p">{</span> <span class="nx">label</span> <span class="p">=</span> <span class="s2">"Queue depth"</span> <span class="nx">id</span> <span class="p">=</span> <span class="s2">"m1"</span> <span class="nx">metric_stat</span> <span class="p">{</span> <span class="nx">metric</span> <span class="p">{</span> <span class="nx">namespace</span> <span class="p">=</span> <span class="s2">"AWS/SQS"</span> <span class="nx">metric_name</span> <span class="p">=</span> <span class="s2">"ApproximateNumberOfMessagesVisible"</span> <span class="nx">dimensions</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"QueueName"</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">aws_sqs_queue</span><span class="p">.</span><span class="nx">image_processing</span><span class="p">.</span><span class="nx">name</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">stat</span> <span class="p">=</span> <span class="s2">"Average"</span> <span class="p">}</span> <span class="nx">return_data</span> <span class="p">=</span> <span class="kc">false</span> <span class="p">}</span> <span class="nx">metrics</span> <span class="p">{</span> <span class="nx">label</span> <span class="p">=</span> <span class="s2">"Running task count"</span> <span class="nx">id</span> <span class="p">=</span> <span class="s2">"m2"</span> <span class="nx">metric_stat</span> <span class="p">{</span> <span class="nx">metric</span> <span class="p">{</span> <span class="nx">namespace</span> <span class="p">=</span> <span class="s2">"ECS/ContainerInsights"</span> <span class="nx">metric_name</span> <span class="p">=</span> <span class="s2">"RunningTaskCount"</span> <span class="nx">dimensions</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"ServiceName"</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">aws_ecs_service</span><span class="p">.</span><span class="nx">image_processor</span><span class="p">.</span><span class="nx">name</span> <span class="p">}</span> <span class="nx">dimensions</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"ClusterName"</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">aws_ecs_cluster</span><span class="p">.</span><span class="nx">main</span><span class="p">.</span><span class="nx">name</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">stat</span> <span class="p">=</span> <span class="s2">"Average"</span> <span class="p">}</span> <span class="nx">return_data</span> <span class="p">=</span> <span class="kc">false</span> <span class="p">}</span> <span class="nx">metrics</span> <span class="p">{</span> <span class="nx">label</span> <span class="p">=</span> <span class="s2">"Backlog per instance"</span> <span class="nx">id</span> <span class="p">=</span> <span class="s2">"e1"</span> <span class="nx">expression</span> <span class="p">=</span> <span class="s2">"m1 / m2"</span> <span class="nx">return_data</span> <span class="p">=</span> <span class="kc">true</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Testing and Validation </h3> <p>I tested this setup with realistic workloads. Here's what I observed:</p> <p><strong>Test 1: Burst Processing</strong></p> <ul> <li>Sent 100 messages to queue</li> <li>Started with 1 task</li> <li>Within 90 seconds, scaled to 10 tasks</li> <li>Processed all 100 images in 3.5 minutes</li> <li>Scaled back to 1 task after 5-minute cooldown</li> <li>Total time from first message to completion: ~9 minutes</li> </ul> <p><strong>Test 2: Steady Flow</strong></p> <ul> <li>Sent messages at 5/minute rate</li> <li>Service maintained 1 task (perfect for this rate)</li> <li>No unnecessary scaling</li> <li>Average processing latency: 2 minutes</li> </ul> <p><strong>Test 3: Variable Workload</strong></p> <ul> <li>Alternated between 2/minute and 20/minute</li> <li>Service scaled between 1-4 tasks</li> <li>Adapted smoothly to changes</li> <li>No message backlog</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F950i52soaq4koi0u8wim.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F950i52soaq4koi0u8wim.png" alt="CloudWatch graph showing task count responding to queue depth over time" width="800" height="450"></a></p> <h3> Cost Analysis: Real Numbers </h3> <p>Let's calculate the actual costs for processing 10,000 images per day:</p> <p><strong>Assumptions</strong>:</p> <ul> <li>Average processing time: 2 minutes per image</li> <li>Task size: 0.5 vCPU, 1 GB memory</li> <li>Images spread throughout the day (not all at once)</li> <li>Average of 3-4 tasks running at peak, 1 at off-peak</li> </ul> <p><strong>Fargate Costs</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Per hour rates: vCPU: $0.04048 per vCPU-hour Memory: $0.004445 per GB-hour Per task per hour: (0.5 × $0.04048) + (1 × $0.004445) = $0.024685 Total processing time per day: 10,000 images × 2 minutes = 20,000 minutes = 333 hours Daily cost: 333 hours × $0.024685 = $8.22 Monthly cost: $8.22 × 30 = $246.60 </code></pre> </div> <p>Wait, that seems high! But remember, this is 333 task-hours. With auto-scaling averaging 3-4 tasks, that's about 100 actual hours of runtime per day. Let's recalculate:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Average concurrent tasks: 3.5 Hours per day needed: 333 task-hours / 3.5 tasks = 95 hours But we want parallelism, so actual calendar time: 24 hours Average load: 333 task-hours / 24 hours = 13.9 task-hours on average More realistic calculation: Peak hours (8 hours/day): 6 tasks average Off-peak (16 hours/day): 1-2 tasks average Peak: 8 hours × 6 tasks × $0.024685 = $1.18 Off-peak: 16 hours × 1.5 tasks × $0.024685 = $0.59 Daily total: $1.77 Monthly: $1.77 × 30 = $53.10 </code></pre> </div> <p><strong>Additional AWS costs</strong>:</p> <ul> <li>SQS requests: 10,000 messages/day × 30 = 300,000/month = $0.12</li> <li>S3 storage (processed images): ~$5/month</li> <li>CloudWatch Logs: ~$2/month</li> <li>Data transfer: ~$1/month</li> </ul> <p><strong>Total monthly cost: ~$61</strong></p> <p>Compare this to running EC2 instances 24/7:</p> <ul> <li>To handle peak load (6 images/minute), you'd need 3× t3.medium instances</li> <li>Cost: 3 × $30 = $90/month (with reserved instances)</li> <li>With on-demand: 3 × $30 × 1.4 = $126/month</li> </ul> <p><strong>Savings</strong>: $65/month (52% reduction with reserved instances, or 107% vs on-demand)</p> <p>But more importantly: <strong>automatic scaling means you never drop requests during spikes, and you never pay for idle capacity during slow periods</strong>.</p> <h3> Dead Letter Queue: Your Safety Net </h3> <p>The DLQ deserves special attention because it's your early warning system for problems.</p> <p><strong>When messages go to DLQ</strong>:</p> <ul> <li>Image file is corrupted</li> <li>S3 permissions issue</li> <li>Application bug causing exception</li> <li>Timeout (processing takes longer than visibility timeout)</li> </ul> <p><strong>DLQ Configuration</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"aws_sqs_queue"</span> <span class="s2">"dlq"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"image-processing-dlq"</span> <span class="nx">message_retention_seconds</span> <span class="p">=</span> <span class="mi">1209600</span> <span class="c1"># 14 days - longer than main queue</span> <span class="p">}</span> <span class="c1"># Alarm when ANY message appears in DLQ</span> <span class="nx">resource</span> <span class="s2">"aws_cloudwatch_metric_alarm"</span> <span class="s2">"dlq_alarm"</span> <span class="p">{</span> <span class="nx">alarm_name</span> <span class="p">=</span> <span class="s2">"image-processing-dlq-messages"</span> <span class="nx">comparison_operator</span> <span class="p">=</span> <span class="s2">"GreaterThanThreshold"</span> <span class="nx">evaluation_periods</span> <span class="p">=</span> <span class="mi">1</span> <span class="nx">metric_name</span> <span class="p">=</span> <span class="s2">"ApproximateNumberOfMessagesVisible"</span> <span class="nx">namespace</span> <span class="p">=</span> <span class="s2">"AWS/SQS"</span> <span class="nx">period</span> <span class="p">=</span> <span class="mi">60</span> <span class="nx">statistic</span> <span class="p">=</span> <span class="s2">"Average"</span> <span class="nx">threshold</span> <span class="p">=</span> <span class="mi">0</span> <span class="nx">alarm_description</span> <span class="p">=</span> <span class="s2">"Alert when messages land in DLQ"</span> <span class="nx">alarm_actions</span> <span class="p">=</span> <span class="p">[</span><span class="nx">aws_sns_topic</span><span class="p">.</span><span class="nx">alerts</span><span class="p">.</span><span class="nx">arn</span><span class="p">]</span> <span class="nx">dimensions</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">QueueName</span> <span class="p">=</span> <span class="nx">aws_sqs_queue</span><span class="p">.</span><span class="nx">dlq</span><span class="p">.</span><span class="nx">name</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>Investigating DLQ Messages</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># View messages in DLQ</span> aws sqs receive-message <span class="se">\</span> <span class="nt">--queue-url</span> https://sqs.us-east-1.amazonaws.com/123456789/image-processing-dlq <span class="se">\</span> <span class="nt">--max-number-of-messages</span> 10 <span class="c"># Common reasons and solutions:</span> <span class="c"># 1. Corrupted images → Add validation before processing</span> <span class="c"># 2. Permissions → Check IAM role has S3 access</span> <span class="c"># 3. Timeout → Increase visibility timeout or optimize processing</span> <span class="c"># 4. Bug → Fix code and redrive messages</span> </code></pre> </div> <p><strong>Redriving Messages</strong>:</p> <p>Once you've fixed the issue, you can redrive messages from DLQ back to the main queue:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">boto3</span> <span class="n">sqs</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="nf">client</span><span class="p">(</span><span class="sh">'</span><span class="s">sqs</span><span class="sh">'</span><span class="p">)</span> <span class="n">dlq_url</span> <span class="o">=</span> <span class="sh">'</span><span class="s">https://sqs.us-east-1.amazonaws.com/123456789/image-processing-dlq</span><span class="sh">'</span> <span class="n">main_queue_url</span> <span class="o">=</span> <span class="sh">'</span><span class="s">https://sqs.us-east-1.amazonaws.com/123456789/image-processing-queue</span><span class="sh">'</span> <span class="c1"># Move messages back </span><span class="k">while</span> <span class="bp">True</span><span class="p">:</span> <span class="n">response</span> <span class="o">=</span> <span class="n">sqs</span><span class="p">.</span><span class="nf">receive_message</span><span class="p">(</span> <span class="n">QueueUrl</span><span class="o">=</span><span class="n">dlq_url</span><span class="p">,</span> <span class="n">MaxNumberOfMessages</span><span class="o">=</span><span class="mi">10</span> <span class="p">)</span> <span class="n">messages</span> <span class="o">=</span> <span class="n">response</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">Messages</span><span class="sh">'</span><span class="p">,</span> <span class="p">[])</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">messages</span><span class="p">:</span> <span class="k">break</span> <span class="k">for</span> <span class="n">message</span> <span class="ow">in</span> <span class="n">messages</span><span class="p">:</span> <span class="c1"># Send to main queue </span> <span class="n">sqs</span><span class="p">.</span><span class="nf">send_message</span><span class="p">(</span> <span class="n">QueueUrl</span><span class="o">=</span><span class="n">main_queue_url</span><span class="p">,</span> <span class="n">MessageBody</span><span class="o">=</span><span class="n">message</span><span class="p">[</span><span class="sh">'</span><span class="s">Body</span><span class="sh">'</span><span class="p">]</span> <span class="p">)</span> <span class="c1"># Delete from DLQ </span> <span class="n">sqs</span><span class="p">.</span><span class="nf">delete_message</span><span class="p">(</span> <span class="n">QueueUrl</span><span class="o">=</span><span class="n">dlq_url</span><span class="p">,</span> <span class="n">ReceiptHandle</span><span class="o">=</span><span class="n">message</span><span class="p">[</span><span class="sh">'</span><span class="s">ReceiptHandle</span><span class="sh">'</span><span class="p">]</span> <span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Redrove </span><span class="si">{</span><span class="nf">len</span><span class="p">(</span><span class="n">messages</span><span class="p">)</span><span class="si">}</span><span class="s"> messages</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <h3> When to Use This Pattern </h3> <p><strong>Perfect for</strong>:</p> <ul> <li>Image/video processing</li> <li>Document conversion and analysis</li> <li>ETL pipelines with variable data volumes</li> <li>Batch notifications/emails</li> <li>Data transformation jobs</li> <li>File processing triggered by S3 uploads</li> <li>Any workload with unpredictable timing or volume</li> </ul> <p><strong>Not suitable for</strong>:</p> <ul> <li>Real-time processing (sub-second latency requirements)</li> <li>Jobs requiring strict ordering (use FIFO queues, but note scaling limitations)</li> <li>Extremely high-throughput workloads (&gt;100k messages/minute may need different approach)</li> </ul> <h2> Pattern 3: Advanced Scheduling with EKS Jobs and CronJobs </h2> <p>Now let's explore the Kubernetes approach. This pattern is more complex but offers capabilities that the previous two don't.</p> <h3> Why Choose EKS for Batch Processing? </h3> <p>First, let's be clear: EKS adds complexity. You're managing Kubernetes, which has a steep learning curve. The control plane costs $73/month before you even run a single workload.</p> <p>So why would you choose this?</p> <ol> <li> <strong>You're already running EKS</strong> for other workloads</li> <li> <strong>You need advanced scheduling</strong> (dependencies, DAGs, complex workflows)</li> <li> <strong>You want built-in parallel processing</strong> with workqueue pattern</li> <li> <strong>You need multi-tenancy</strong> with namespace isolation</li> <li> <strong>You want portability</strong> (run same workloads on-prem, other clouds)</li> </ol> <p>If none of these apply, stick with Pattern 2. But if you're already in the Kubernetes ecosystem, let's make it work for batch processing.</p> <h3> Architecture Overview </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhd4zb89gp2qocqentwvc.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhd4zb89gp2qocqentwvc.png" alt="EKS architecture with Jobs, CronJobs, IRSA, and AWS services" width="800" height="1443"></a></p> <h3> Kubernetes Jobs Explained </h3> <p>A Kubernetes Job creates one or more Pods and ensures they run to completion. Unlike Deployments (which restart failed Pods indefinitely), Jobs track successful completions and stop when done.</p> <p><strong>Simple Job Example</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">batch/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Job</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">data-processing-job</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">completions</span><span class="pi">:</span> <span class="m">1</span> <span class="c1"># Run once successfully</span> <span class="na">backoffLimit</span><span class="pi">:</span> <span class="m">3</span> <span class="c1"># Retry up to 3 times on failure</span> <span class="na">template</span><span class="pi">:</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">restartPolicy</span><span class="pi">:</span> <span class="s">Never</span> <span class="c1"># Don't restart on failure (Job handles retries)</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">processor</span> <span class="na">image</span><span class="pi">:</span> <span class="s">myregistry/data-processor:latest</span> <span class="na">env</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">JOB_TYPE</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">daily-aggregation"</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">requests</span><span class="pi">:</span> <span class="na">cpu</span><span class="pi">:</span> <span class="s2">"</span><span class="s">500m"</span> <span class="na">memory</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1Gi"</span> <span class="na">limits</span><span class="pi">:</span> <span class="na">cpu</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1000m"</span> <span class="na">memory</span><span class="pi">:</span> <span class="s2">"</span><span class="s">2Gi"</span> </code></pre> </div> <p><strong>Parallel Processing</strong>:</p> <p>Here's where Jobs shine. You can process multiple items in parallel:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">batch/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Job</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">parallel-data-job</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">completions</span><span class="pi">:</span> <span class="m">100</span> <span class="c1"># Process 100 batches</span> <span class="na">parallelism</span><span class="pi">:</span> <span class="m">10</span> <span class="c1"># Run 10 Pods at once</span> <span class="na">backoffLimit</span><span class="pi">:</span> <span class="m">5</span> <span class="na">template</span><span class="pi">:</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">restartPolicy</span><span class="pi">:</span> <span class="s">Never</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">processor</span> <span class="na">image</span><span class="pi">:</span> <span class="s">myregistry/data-processor:latest</span> <span class="na">env</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">BATCH_SIZE</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1000"</span> <span class="c1"># Each Pod processes one batch of 1000 items</span> <span class="c1"># 10 Pods process 10 batches simultaneously</span> <span class="c1"># Total: 100 batches = 100,000 items</span> </code></pre> </div> <p>This creates 10 Pods initially. As each Pod completes, a new one starts until all 100 completions are reached. You process 100,000 items with 10 workers running in parallel automatically.</p> <h3> CronJobs: Scheduled Kubernetes Jobs </h3> <p>CronJobs are Jobs that run on a schedule:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">batch/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">CronJob</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">daily-report</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">schedule</span><span class="pi">:</span> <span class="s2">"</span><span class="s">0</span><span class="nv"> </span><span class="s">2</span><span class="nv"> </span><span class="s">*</span><span class="nv"> </span><span class="s">*</span><span class="nv"> </span><span class="s">*"</span> <span class="c1"># 2 AM daily</span> <span class="na">timeZone</span><span class="pi">:</span> <span class="s2">"</span><span class="s">America/New_York"</span> <span class="c1"># Kubernetes 1.25+</span> <span class="c1"># Job history</span> <span class="na">successfulJobsHistoryLimit</span><span class="pi">:</span> <span class="m">3</span> <span class="na">failedJobsHistoryLimit</span><span class="pi">:</span> <span class="m">3</span> <span class="c1"># Concurrency control</span> <span class="na">concurrencyPolicy</span><span class="pi">:</span> <span class="s">Forbid</span> <span class="c1"># Don't run if previous job still running</span> <span class="c1"># Miss tolerance</span> <span class="na">startingDeadlineSeconds</span><span class="pi">:</span> <span class="m">300</span> <span class="c1"># If we miss the schedule by &gt;5 minutes, skip</span> <span class="na">jobTemplate</span><span class="pi">:</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">backoffLimit</span><span class="pi">:</span> <span class="m">2</span> <span class="na">template</span><span class="pi">:</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">restartPolicy</span><span class="pi">:</span> <span class="s">OnFailure</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">report-generator</span> <span class="na">image</span><span class="pi">:</span> <span class="s">myregistry/report-generator:latest</span> <span class="na">env</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">REPORT_TYPE</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">daily-summary"</span> </code></pre> </div> <h3> Real-World Example: ETL Pipeline with Parallel Processing </h3> <p>Let me share an ETL implementation I built for a data analytics platform.</p> <p><strong>Requirements</strong>:</p> <ul> <li>Extract data from 50 different data sources nightly</li> <li>Transform and load into data warehouse</li> <li>Each source takes 5-15 minutes to process</li> <li>Total data: ~500 GB per night</li> </ul> <p><strong>ECS Approach Issues</strong>:</p> <ul> <li>Would need 50 sequential runs (6-12 hours total) OR</li> <li>Complex orchestration with Step Functions</li> <li>Difficult to track which sources succeeded/failed</li> </ul> <p><strong>EKS Solution</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">batch/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Job</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">nightly-etl-{{ .Values.date }}</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">completions</span><span class="pi">:</span> <span class="m">50</span> <span class="c1"># One per data source</span> <span class="na">parallelism</span><span class="pi">:</span> <span class="m">10</span> <span class="c1"># Process 10 sources simultaneously</span> <span class="na">backoffLimit</span><span class="pi">:</span> <span class="m">2</span> <span class="na">template</span><span class="pi">:</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">etl-processor</span> <span class="na">date</span><span class="pi">:</span> <span class="s2">"</span><span class="s">{{</span><span class="nv"> </span><span class="s">.Values.date</span><span class="nv"> </span><span class="s">}}"</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">serviceAccountName</span><span class="pi">:</span> <span class="s">etl-processor-sa</span> <span class="c1"># IRSA for AWS access</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">etl</span> <span class="na">image</span><span class="pi">:</span> <span class="s">myregistry/etl-processor:v2.1.0</span> <span class="na">env</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">DATA_SOURCE</span> <span class="na">valueFrom</span><span class="pi">:</span> <span class="na">configMapKeyRef</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">etl-sources</span> <span class="na">key</span><span class="pi">:</span> <span class="s">source-$(JOB_COMPLETION_INDEX)</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">TARGET_DATABASE</span> <span class="na">valueFrom</span><span class="pi">:</span> <span class="na">secretKeyRef</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">warehouse-credentials</span> <span class="na">key</span><span class="pi">:</span> <span class="s">connection-string</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">JOB_COMPLETION_INDEX</span> <span class="na">valueFrom</span><span class="pi">:</span> <span class="na">fieldRef</span><span class="pi">:</span> <span class="na">fieldPath</span><span class="pi">:</span> <span class="s">metadata.annotations['batch.kubernetes.io/job-completion-index']</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">requests</span><span class="pi">:</span> <span class="na">cpu</span><span class="pi">:</span> <span class="s2">"</span><span class="s">2000m"</span> <span class="na">memory</span><span class="pi">:</span> <span class="s2">"</span><span class="s">4Gi"</span> <span class="na">limits</span><span class="pi">:</span> <span class="na">cpu</span><span class="pi">:</span> <span class="s2">"</span><span class="s">4000m"</span> <span class="na">memory</span><span class="pi">:</span> <span class="s2">"</span><span class="s">8Gi"</span> <span class="na">volumeMounts</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">temp-data</span> <span class="na">mountPath</span><span class="pi">:</span> <span class="s">/tmp/etl</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">temp-data</span> <span class="na">emptyDir</span><span class="pi">:</span> <span class="na">sizeLimit</span><span class="pi">:</span> <span class="s2">"</span><span class="s">20Gi"</span> <span class="na">nodeSelector</span><span class="pi">:</span> <span class="na">workload-type</span><span class="pi">:</span> <span class="s">batch</span> <span class="c1"># Use specific node pool</span> </code></pre> </div> <p><strong>ConfigMap with Data Sources</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">ConfigMap</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">etl-sources</span> <span class="na">data</span><span class="pi">:</span> <span class="na">source-0</span><span class="pi">:</span> <span class="s2">"</span><span class="s">s3://data/source-crm/"</span> <span class="na">source-1</span><span class="pi">:</span> <span class="s2">"</span><span class="s">s3://data/source-analytics/"</span> <span class="na">source-2</span><span class="pi">:</span> <span class="s2">"</span><span class="s">s3://data/source-warehouse/"</span> <span class="c1"># ... 47 more sources</span> </code></pre> </div> <p>This setup processes 10 sources in parallel. As each completes, a new Pod starts for the next source. Total time: ~90 minutes instead of 6-12 hours.</p> <p><strong>Benefits</strong>:</p> <ul> <li>Built-in parallelism (no custom orchestration)</li> <li>Easy to track completions (kubectl get pods)</li> <li>Automatic retries on failure</li> <li>Simple to add/remove sources (edit ConfigMap)</li> </ul> <h3> IRSA: Secure AWS Access from Kubernetes </h3> <p>One challenge with EKS is accessing AWS services securely. IRSA (IAM Roles for Service Accounts) solves this elegantly.</p> <p><strong>Without IRSA</strong> (bad):</p> <ul> <li>Store AWS credentials in Secrets</li> <li>Credentials could leak</li> <li>Difficult rotation</li> <li>Shared credentials across workloads</li> </ul> <p><strong>With IRSA</strong> (good):</p> <ul> <li>Each Service Account gets a unique IAM role</li> <li>Temporary credentials injected automatically</li> <li>No long-lived credentials</li> <li>Fine-grained permissions per workload</li> </ul> <p><strong>Setup</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1"># IAM Role</span> <span class="nx">resource</span> <span class="s2">"aws_iam_role"</span> <span class="s2">"etl_processor"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"eks-etl-processor-role"</span> <span class="nx">assume_role_policy</span> <span class="p">=</span> <span class="nx">jsonencode</span><span class="p">({</span> <span class="nx">Version</span> <span class="p">=</span> <span class="s2">"2012-10-17"</span> <span class="nx">Statement</span> <span class="p">=</span> <span class="p">[{</span> <span class="nx">Effect</span> <span class="p">=</span> <span class="s2">"Allow"</span> <span class="nx">Principal</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Federated</span> <span class="p">=</span> <span class="s2">"arn:aws:iam::${data.aws_caller_identity.current.account_id}:oidc-provider/${local.oidc_provider}"</span> <span class="p">}</span> <span class="nx">Action</span> <span class="p">=</span> <span class="s2">"sts:AssumeRoleWithWebIdentity"</span> <span class="nx">Condition</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">StringEquals</span> <span class="p">=</span> <span class="p">{</span> <span class="s2">"${local.oidc_provider}:sub"</span> <span class="p">=</span> <span class="s2">"system:serviceaccount:default:etl-processor-sa"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}]</span> <span class="p">})</span> <span class="p">}</span> <span class="c1"># IAM Policy</span> <span class="nx">resource</span> <span class="s2">"aws_iam_role_policy"</span> <span class="s2">"etl_processor"</span> <span class="p">{</span> <span class="nx">role</span> <span class="p">=</span> <span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">etl_processor</span><span class="p">.</span><span class="nx">id</span> <span class="nx">policy</span> <span class="p">=</span> <span class="nx">jsonencode</span><span class="p">({</span> <span class="nx">Version</span> <span class="p">=</span> <span class="s2">"2012-10-17"</span> <span class="nx">Statement</span> <span class="p">=</span> <span class="p">[</span> <span class="p">{</span> <span class="nx">Effect</span> <span class="p">=</span> <span class="s2">"Allow"</span> <span class="nx">Action</span> <span class="p">=</span> <span class="p">[</span> <span class="s2">"s3:GetObject"</span><span class="p">,</span> <span class="s2">"s3:ListBucket"</span> <span class="p">]</span> <span class="nx">Resource</span> <span class="p">=</span> <span class="p">[</span> <span class="s2">"arn:aws:s3:::data/*"</span><span class="p">,</span> <span class="s2">"arn:aws:s3:::data"</span> <span class="p">]</span> <span class="p">},</span> <span class="p">{</span> <span class="nx">Effect</span> <span class="p">=</span> <span class="s2">"Allow"</span> <span class="nx">Action</span> <span class="p">=</span> <span class="p">[</span> <span class="s2">"rds:DescribeDBInstances"</span> <span class="p">]</span> <span class="nx">Resource</span> <span class="p">=</span> <span class="s2">"*"</span> <span class="p">}</span> <span class="p">]</span> <span class="p">})</span> <span class="p">}</span> </code></pre> </div> <p><strong>Kubernetes Service Account</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">ServiceAccount</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">etl-processor-sa</span> <span class="na">annotations</span><span class="pi">:</span> <span class="na">eks.amazonaws.com/role-arn</span><span class="pi">:</span> <span class="s">arn:aws:iam::123456789:role/eks-etl-processor-role</span> </code></pre> </div> <p>Your Pods automatically get temporary AWS credentials with only the permissions they need.</p> <h3> Cost Comparison </h3> <p><strong>EKS Costs</strong> (for ETL example):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>EKS Control Plane: $73/month Worker Nodes (for batch processing): - Use managed node group with auto-scaling - t3.xlarge instances (4 vCPU, 16 GB) for batch workloads - On-demand: $0.1664/hour × 24 × 30 = $120/month per node - Reserved (1-year): ~$75/month per node - Spot: ~$50/month per node For ETL running nightly (90 minutes/day): - 2 spot instances: $100/month - Actually running: 90 min/day = 45 hours/month - Effective cost: 45/720 × $100 = $6.25 for compute - Control plane: $73 - Total: ~$79/month BUT: Control plane is shared across all EKS workloads If you're already running EKS, incremental cost is just the nodes: ~$6-50/month depending on spot vs reserved </code></pre> </div> <p><strong>When EKS Makes Sense</strong>:</p> <ul> <li>You're already paying for EKS control plane</li> <li>You need to run multiple batch workloads (share the $73 cost)</li> <li>Complex workflows benefit from Kubernetes orchestration</li> </ul> <p><strong>When ECS is Better</strong>:</p> <ul> <li>Standalone batch workloads</li> <li>Simpler requirements</li> <li>Team isn't familiar with Kubernetes</li> </ul> <h2> Monitoring and Observability </h2> <p>Regardless of which pattern you choose, monitoring is crucial. Here's what I've learned about effective monitoring for batch workloads.</p> <h3> Essential Metrics </h3> <p><strong>For ECS + SQS Pattern</strong>:</p> <ol> <li> <p><strong>Queue Depth</strong> (<code>ApproximateNumberOfMessagesVisible</code>)</p> <ul> <li>Alert if &gt; 1000 for more than 10 minutes (backlog building)</li> <li>Graph to see daily patterns</li> </ul> </li> <li> <p><strong>Queue Age</strong> (<code>ApproximateAgeOfOldestMessage</code>)</p> <ul> <li>Alert if &gt; 30 minutes (processing too slow)</li> <li>Indicates scaling issues or stuck messages</li> </ul> </li> <li> <p><strong>Task Count</strong> (<code>RunningTaskCount</code> vs <code>DesiredCount</code>)</p> <ul> <li>Verify auto-scaling is working</li> <li>Alert if desired != running for &gt; 5 minutes (scaling issues)</li> </ul> </li> <li> <p><strong>DLQ Depth</strong> (<code>ApproximateNumberOfMessagesVisible</code> on DLQ)</p> <ul> <li>Alert immediately on any messages (critical failures)</li> </ul> </li> <li> <p><strong>Error Rate</strong> (custom metric from application logs)</p> <ul> <li>Track success vs failure rate</li> <li>Alert if &gt;5% failure rate</li> </ul> </li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fttjc52kyq4s90zcede6u.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fttjc52kyq4s90zcede6u.png" alt="loudWatch Dashboard" width="800" height="246"></a></p> <h3> CloudWatch Dashboard </h3> <p>Here's a CloudWatch Dashboard configuration I use:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"widgets"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"metric"</span><span class="p">,</span><span class="w"> </span><span class="nl">"properties"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"metrics"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"AWS/SQS"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ApproximateNumberOfMessagesVisible"</span><span class="p">,</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"stat"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Average"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"."</span><span class="p">,</span><span class="w"> </span><span class="s2">"ApproximateNumberOfMessagesNotVisible"</span><span class="p">,</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"stat"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Average"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"view"</span><span class="p">:</span><span class="w"> </span><span class="s2">"timeSeries"</span><span class="p">,</span><span class="w"> </span><span class="nl">"region"</span><span class="p">:</span><span class="w"> </span><span class="s2">"us-east-1"</span><span class="p">,</span><span class="w"> </span><span class="nl">"title"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Queue Depth"</span><span class="p">,</span><span class="w"> </span><span class="nl">"period"</span><span class="p">:</span><span class="w"> </span><span class="mi">300</span><span class="p">,</span><span class="w"> </span><span class="nl">"yAxis"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"left"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"min"</span><span class="p">:</span><span class="w"> </span><span class="mi">0</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"metric"</span><span class="p">,</span><span class="w"> </span><span class="nl">"properties"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"metrics"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"ECS/ContainerInsights"</span><span class="p">,</span><span class="w"> </span><span class="s2">"RunningTaskCount"</span><span class="p">,</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"stat"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Average"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"."</span><span class="p">,</span><span class="w"> </span><span class="s2">"DesiredTaskCount"</span><span class="p">,</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"stat"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Average"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"view"</span><span class="p">:</span><span class="w"> </span><span class="s2">"timeSeries"</span><span class="p">,</span><span class="w"> </span><span class="nl">"title"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ECS Tasks"</span><span class="p">,</span><span class="w"> </span><span class="nl">"period"</span><span class="p">:</span><span class="w"> </span><span class="mi">60</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> CloudWatch Logs Insights Queries </h3> <p><strong>Find All Errors</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="n">fields</span> <span class="o">@</span><span class="nb">timestamp</span><span class="p">,</span> <span class="o">@</span><span class="n">message</span> <span class="o">|</span> <span class="n">filter</span> <span class="o">@</span><span class="n">message</span> <span class="k">like</span> <span class="o">/</span><span class="n">ERROR</span><span class="o">/</span> <span class="o">|</span> <span class="n">stats</span> <span class="k">count</span><span class="p">(</span><span class="o">*</span><span class="p">)</span> <span class="k">as</span> <span class="n">error_count</span> <span class="k">by</span> <span class="n">bin</span><span class="p">(</span><span class="mi">5</span><span class="n">m</span><span class="p">)</span> <span class="o">|</span> <span class="n">sort</span> <span class="o">@</span><span class="nb">timestamp</span> <span class="k">desc</span> </code></pre> </div> <p><strong>Average Processing Time</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="n">fields</span> <span class="o">@</span><span class="nb">timestamp</span><span class="p">,</span> <span class="o">@</span><span class="n">message</span> <span class="o">|</span> <span class="n">filter</span> <span class="o">@</span><span class="n">message</span> <span class="k">like</span> <span class="o">/</span><span class="n">Processing</span> <span class="n">completed</span><span class="o">/</span> <span class="o">|</span> <span class="n">parse</span> <span class="o">@</span><span class="n">message</span> <span class="nv">"duration: * seconds"</span> <span class="k">as</span> <span class="n">duration</span> <span class="o">|</span> <span class="n">stats</span> <span class="k">avg</span><span class="p">(</span><span class="n">duration</span><span class="p">)</span> <span class="k">as</span> <span class="n">avg_time</span><span class="p">,</span> <span class="k">max</span><span class="p">(</span><span class="n">duration</span><span class="p">)</span> <span class="k">as</span> <span class="n">max_time</span><span class="p">,</span> <span class="k">min</span><span class="p">(</span><span class="n">duration</span><span class="p">)</span> <span class="k">as</span> <span class="n">min_time</span> </code></pre> </div> <p><strong>Top Error Messages</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="n">fields</span> <span class="o">@</span><span class="n">message</span> <span class="o">|</span> <span class="n">filter</span> <span class="o">@</span><span class="n">message</span> <span class="k">like</span> <span class="o">/</span><span class="n">ERROR</span><span class="o">/</span> <span class="o">|</span> <span class="n">parse</span> <span class="o">@</span><span class="n">message</span> <span class="nv">"*ERROR*: *"</span> <span class="k">as</span> <span class="k">prefix</span><span class="p">,</span> <span class="n">error_msg</span> <span class="o">|</span> <span class="n">stats</span> <span class="k">count</span><span class="p">(</span><span class="o">*</span><span class="p">)</span> <span class="k">as</span> <span class="n">occurrences</span> <span class="k">by</span> <span class="n">error_msg</span> <span class="o">|</span> <span class="n">sort</span> <span class="n">occurrences</span> <span class="k">desc</span> <span class="o">|</span> <span class="k">limit</span> <span class="mi">10</span> </code></pre> </div> <p><strong>Throughput Analysis</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="n">fields</span> <span class="o">@</span><span class="nb">timestamp</span> <span class="o">|</span> <span class="n">filter</span> <span class="o">@</span><span class="n">message</span> <span class="k">like</span> <span class="o">/</span><span class="n">Messages</span> <span class="n">Processed</span><span class="o">/</span> <span class="o">|</span> <span class="n">parse</span> <span class="o">@</span><span class="n">message</span> <span class="nv">"Messages Processed: *"</span> <span class="k">as</span> <span class="k">count</span> <span class="o">|</span> <span class="n">stats</span> <span class="k">sum</span><span class="p">(</span><span class="k">count</span><span class="p">)</span> <span class="k">as</span> <span class="n">total_processed</span> <span class="k">by</span> <span class="n">bin</span><span class="p">(</span><span class="mi">1</span><span class="n">h</span><span class="p">)</span> <span class="o">|</span> <span class="n">sort</span> <span class="o">@</span><span class="nb">timestamp</span> </code></pre> </div> <h3> CloudWatch Alarms </h3> <p><strong>Critical Alarms</strong> (page immediately):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1"># DLQ has messages</span> <span class="nx">resource</span> <span class="s2">"aws_cloudwatch_metric_alarm"</span> <span class="s2">"dlq_messages"</span> <span class="p">{</span> <span class="nx">alarm_name</span> <span class="p">=</span> <span class="s2">"batch-dlq-critical"</span> <span class="nx">comparison_operator</span> <span class="p">=</span> <span class="s2">"GreaterThanThreshold"</span> <span class="nx">evaluation_periods</span> <span class="p">=</span> <span class="mi">1</span> <span class="nx">metric_name</span> <span class="p">=</span> <span class="s2">"ApproximateNumberOfMessagesVisible"</span> <span class="nx">namespace</span> <span class="p">=</span> <span class="s2">"AWS/SQS"</span> <span class="nx">period</span> <span class="p">=</span> <span class="mi">60</span> <span class="nx">statistic</span> <span class="p">=</span> <span class="s2">"Average"</span> <span class="nx">threshold</span> <span class="p">=</span> <span class="mi">0</span> <span class="nx">alarm_description</span> <span class="p">=</span> <span class="s2">"Messages in DLQ - immediate investigation needed"</span> <span class="nx">alarm_actions</span> <span class="p">=</span> <span class="p">[</span><span class="nx">aws_sns_topic</span><span class="p">.</span><span class="nx">critical_alerts</span><span class="p">.</span><span class="nx">arn</span><span class="p">]</span> <span class="p">}</span> <span class="c1"># All tasks failing</span> <span class="nx">resource</span> <span class="s2">"aws_cloudwatch_metric_alarm"</span> <span class="s2">"no_running_tasks"</span> <span class="p">{</span> <span class="nx">alarm_name</span> <span class="p">=</span> <span class="s2">"batch-no-tasks-running"</span> <span class="nx">comparison_operator</span> <span class="p">=</span> <span class="s2">"LessThanThreshold"</span> <span class="nx">evaluation_periods</span> <span class="p">=</span> <span class="mi">3</span> <span class="nx">metric_name</span> <span class="p">=</span> <span class="s2">"RunningTaskCount"</span> <span class="nx">namespace</span> <span class="p">=</span> <span class="s2">"ECS/ContainerInsights"</span> <span class="nx">period</span> <span class="p">=</span> <span class="mi">300</span> <span class="nx">statistic</span> <span class="p">=</span> <span class="s2">"Average"</span> <span class="nx">threshold</span> <span class="p">=</span> <span class="mi">1</span> <span class="nx">alarm_description</span> <span class="p">=</span> <span class="s2">"No tasks running but queue has messages"</span> <span class="p">}</span> </code></pre> </div> <p><strong>Warning Alarms</strong> (investigate soon):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1"># Old messages in queue</span> <span class="nx">resource</span> <span class="s2">"aws_cloudwatch_metric_alarm"</span> <span class="s2">"old_messages"</span> <span class="p">{</span> <span class="nx">alarm_name</span> <span class="p">=</span> <span class="s2">"batch-old-messages"</span> <span class="nx">comparison_operator</span> <span class="p">=</span> <span class="s2">"GreaterThanThreshold"</span> <span class="nx">evaluation_periods</span> <span class="p">=</span> <span class="mi">2</span> <span class="nx">metric_name</span> <span class="p">=</span> <span class="s2">"ApproximateAgeOfOldestMessage"</span> <span class="nx">namespace</span> <span class="p">=</span> <span class="s2">"AWS/SQS"</span> <span class="nx">period</span> <span class="p">=</span> <span class="mi">300</span> <span class="nx">statistic</span> <span class="p">=</span> <span class="s2">"Maximum"</span> <span class="nx">threshold</span> <span class="p">=</span> <span class="mi">1800</span> <span class="c1"># 30 minutes</span> <span class="nx">alarm_description</span> <span class="p">=</span> <span class="s2">"Messages stuck in queue"</span> <span class="nx">alarm_actions</span> <span class="p">=</span> <span class="p">[</span><span class="nx">aws_sns_topic</span><span class="p">.</span><span class="nx">warnings</span><span class="p">.</span><span class="nx">arn</span><span class="p">]</span> <span class="p">}</span> <span class="c1"># High error rate</span> <span class="nx">resource</span> <span class="s2">"aws_cloudwatch_metric_alarm"</span> <span class="s2">"high_error_rate"</span> <span class="p">{</span> <span class="nx">alarm_name</span> <span class="p">=</span> <span class="s2">"batch-high-errors"</span> <span class="nx">comparison_operator</span> <span class="p">=</span> <span class="s2">"GreaterThanThreshold"</span> <span class="nx">evaluation_periods</span> <span class="p">=</span> <span class="mi">1</span> <span class="nx">metric_name</span> <span class="p">=</span> <span class="s2">"ApplicationErrors"</span> <span class="nx">namespace</span> <span class="p">=</span> <span class="s2">"CustomApp/Batch"</span> <span class="nx">period</span> <span class="p">=</span> <span class="mi">300</span> <span class="nx">statistic</span> <span class="p">=</span> <span class="s2">"Sum"</span> <span class="nx">threshold</span> <span class="p">=</span> <span class="mi">10</span> <span class="nx">alarm_description</span> <span class="p">=</span> <span class="s2">"Too many application errors"</span> <span class="p">}</span> </code></pre> </div> <h2> Production Best Practices </h2> <p>After running these patterns in production for several clients, here are my battle-tested recommendations.</p> <h3> 1. Design for Idempotency </h3> <p>This is the most important practice. Your jobs will be retried network issues, task failures, scaling events and you need to handle it gracefully.</p> <p><strong>Bad</strong> (non-idempotent):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">process_order</span><span class="p">(</span><span class="n">order_id</span><span class="p">):</span> <span class="c1"># Get order </span> <span class="n">order</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">get_order</span><span class="p">(</span><span class="n">order_id</span><span class="p">)</span> <span class="c1"># Update inventory </span> <span class="n">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="sh">"</span><span class="s">UPDATE inventory SET quantity = quantity - 1</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Charge customer </span> <span class="n">stripe</span><span class="p">.</span><span class="nf">charge</span><span class="p">(</span><span class="n">order</span><span class="p">.</span><span class="n">customer_id</span><span class="p">,</span> <span class="n">order</span><span class="p">.</span><span class="n">amount</span><span class="p">)</span> <span class="c1"># Mark as processed </span> <span class="n">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="sh">"</span><span class="s">UPDATE orders SET processed = true</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p>If this fails after charging but before marking as processed, a retry will charge twice!</p> <p><strong>Good</strong> (idempotent):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">process_order</span><span class="p">(</span><span class="n">order_id</span><span class="p">):</span> <span class="c1"># Check if already processed </span> <span class="n">order</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">get_order</span><span class="p">(</span><span class="n">order_id</span><span class="p">)</span> <span class="k">if</span> <span class="n">order</span><span class="p">.</span><span class="n">processed</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Order </span><span class="si">{</span><span class="n">order_id</span><span class="si">}</span><span class="s"> already processed, skipping</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="c1"># Use transaction with optimistic locking </span> <span class="k">with</span> <span class="n">db</span><span class="p">.</span><span class="nf">transaction</span><span class="p">():</span> <span class="c1"># Lock row </span> <span class="n">order</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">get_order_for_update</span><span class="p">(</span><span class="n">order_id</span><span class="p">)</span> <span class="k">if</span> <span class="n">order</span><span class="p">.</span><span class="n">processed</span><span class="p">:</span> <span class="k">return</span> <span class="c1"># Another task already processed it </span> <span class="c1"># Idempotent inventory update </span> <span class="n">result</span> <span class="o">=</span> <span class="n">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span> <span class="sh">"</span><span class="s">UPDATE inventory SET quantity = quantity - 1 WHERE quantity &gt; 0</span><span class="sh">"</span> <span class="p">)</span> <span class="k">if</span> <span class="n">result</span><span class="p">.</span><span class="n">rows_affected</span> <span class="o">==</span> <span class="mi">0</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">OutOfStockError</span><span class="p">()</span> <span class="c1"># Idempotent payment (use idempotency key) </span> <span class="n">stripe</span><span class="p">.</span><span class="nf">charge</span><span class="p">(</span> <span class="n">order</span><span class="p">.</span><span class="n">customer_id</span><span class="p">,</span> <span class="n">order</span><span class="p">.</span><span class="n">amount</span><span class="p">,</span> <span class="n">idempotency_key</span><span class="o">=</span><span class="sa">f</span><span class="sh">"</span><span class="s">order-</span><span class="si">{</span><span class="n">order_id</span><span class="si">}</span><span class="sh">"</span> <span class="p">)</span> <span class="c1"># Mark processed </span> <span class="n">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span> <span class="sh">"</span><span class="s">UPDATE orders SET processed = true WHERE id = ?</span><span class="sh">"</span><span class="p">,</span> <span class="n">order_id</span> <span class="p">)</span> </code></pre> </div> <h3> 2. Set Appropriate Timeouts </h3> <p><strong>SQS Visibility Timeout</strong> should be:</p> <ul> <li>At least 6× your average processing time</li> <li>Accounts for retries and variability</li> <li>Long enough to prevent duplicate processing</li> </ul> <p><strong>Example</strong>:</p> <ul> <li>Average processing: 2 minutes</li> <li>99th percentile: 5 minutes</li> <li>Visibility timeout: 5 × 6 = 30 minutes? No, too long.</li> <li>Better: 5 × 2 = 10 minutes (allows retries within visibility window)</li> </ul> <p><strong>ECS Task Timeout</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1"># In task definition</span> <span class="s2">"stopTimeout"</span><span class="err">:</span> <span class="mi">120</span> <span class="c1"># Seconds to wait for graceful shutdown</span> </code></pre> </div> <p><strong>Application Timeout</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># In your code </span><span class="n">PROCESSING_TIMEOUT</span> <span class="o">=</span> <span class="nf">int</span><span class="p">(</span><span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">TIMEOUT</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">300</span><span class="sh">'</span><span class="p">))</span> <span class="c1"># 5 minutes </span> <span class="nd">@timeout</span><span class="p">(</span><span class="n">PROCESSING_TIMEOUT</span><span class="p">)</span> <span class="k">def</span> <span class="nf">process_message</span><span class="p">(</span><span class="n">message</span><span class="p">):</span> <span class="c1"># Your processing logic </span> <span class="k">pass</span> </code></pre> </div> <h3> 3. Implement Structured Logging </h3> <p>Logs are your best friend when debugging. Make them useful.</p> <p><strong>Bad</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Processing started</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Error occurred</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p><strong>Good</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">logging</span> <span class="kn">import</span> <span class="n">json</span> <span class="n">logger</span> <span class="o">=</span> <span class="n">logging</span><span class="p">.</span><span class="nf">getLogger</span><span class="p">()</span> <span class="n">logger</span><span class="p">.</span><span class="nf">setLevel</span><span class="p">(</span><span class="n">logging</span><span class="p">.</span><span class="n">INFO</span><span class="p">)</span> <span class="k">def</span> <span class="nf">log_structured</span><span class="p">(</span><span class="n">level</span><span class="p">,</span> <span class="n">message</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="n">log_entry</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">'</span><span class="s">timestamp</span><span class="sh">'</span><span class="p">:</span> <span class="n">datetime</span><span class="p">.</span><span class="nf">utcnow</span><span class="p">().</span><span class="nf">isoformat</span><span class="p">(),</span> <span class="sh">'</span><span class="s">level</span><span class="sh">'</span><span class="p">:</span> <span class="n">level</span><span class="p">,</span> <span class="sh">'</span><span class="s">message</span><span class="sh">'</span><span class="p">:</span> <span class="n">message</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span> <span class="p">}</span> <span class="n">logger</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nf">getattr</span><span class="p">(</span><span class="n">logging</span><span class="p">,</span> <span class="n">level</span><span class="p">),</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">(</span><span class="n">log_entry</span><span class="p">))</span> <span class="c1"># Usage </span><span class="nf">log_structured</span><span class="p">(</span><span class="sh">'</span><span class="s">INFO</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">Processing started</span><span class="sh">'</span><span class="p">,</span> <span class="n">message_id</span><span class="o">=</span><span class="n">message_id</span><span class="p">,</span> <span class="n">job_type</span><span class="o">=</span><span class="sh">'</span><span class="s">image_processing</span><span class="sh">'</span><span class="p">,</span> <span class="n">input_size</span><span class="o">=</span><span class="n">file_size</span><span class="p">)</span> <span class="nf">log_structured</span><span class="p">(</span><span class="sh">'</span><span class="s">ERROR</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">Processing failed</span><span class="sh">'</span><span class="p">,</span> <span class="n">message_id</span><span class="o">=</span><span class="n">message_id</span><span class="p">,</span> <span class="n">error</span><span class="o">=</span><span class="nf">str</span><span class="p">(</span><span class="n">e</span><span class="p">),</span> <span class="n">traceback</span><span class="o">=</span><span class="n">traceback</span><span class="p">.</span><span class="nf">format_exc</span><span class="p">())</span> </code></pre> </div> <p>Now your CloudWatch Logs Insights queries can easily filter and aggregate:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="n">fields</span> <span class="o">@</span><span class="nb">timestamp</span><span class="p">,</span> <span class="n">message</span><span class="p">,</span> <span class="n">job_type</span><span class="p">,</span> <span class="n">error</span> <span class="o">|</span> <span class="n">filter</span> <span class="k">level</span> <span class="o">=</span> <span class="nv">"ERROR"</span> <span class="o">|</span> <span class="n">stats</span> <span class="k">count</span><span class="p">(</span><span class="o">*</span><span class="p">)</span> <span class="k">by</span> <span class="n">job_type</span><span class="p">,</span> <span class="n">error</span> </code></pre> </div> <h3> 4. Right-Size Your Tasks </h3> <p>Don't over-provision. Monitor actual usage and adjust.</p> <p><strong>Monitor</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Get actual resource usage</span> aws ecs describe-tasks <span class="se">\</span> <span class="nt">--cluster</span> my-cluster <span class="se">\</span> <span class="nt">--tasks</span> task-id <span class="se">\</span> <span class="nt">--include</span> TAGS <span class="se">\</span> <span class="nt">--query</span> <span class="s1">'tasks[0].containers[0].{CPU:cpu,Memory:memory}'</span> </code></pre> </div> <p><strong>CloudWatch Container Insights</strong> shows detailed metrics:</p> <ul> <li>CPU utilization</li> <li>Memory utilization</li> <li>Network I/O</li> </ul> <p>If you're using 100 MB but allocated 1024 MB, you're wasting ~90% of memory costs.</p> <p><strong>Start conservatively</strong>:</p> <ul> <li>256 CPU, 512 MB memory</li> <li>Monitor for a week</li> <li>Adjust based on actual usage</li> <li>Leave 20-30% headroom for spikes</li> </ul> <h3> 5. Use Spot for Non-Critical Workloads </h3> <p>Fargate Spot can save up to 70% on compute costs.</p> <p><strong>When to use Spot</strong>:</p> <ul> <li>Processing can tolerate 2-minute interruption notice</li> <li>You have retry logic (SQS handles this automatically)</li> <li>Not time-critical (interruptions add latency)</li> </ul> <p><strong>Configuration</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"aws_ecs_service"</span> <span class="s2">"batch_processor"</span> <span class="p">{</span> <span class="nx">capacity_provider_strategy</span> <span class="p">{</span> <span class="nx">capacity_provider</span> <span class="p">=</span> <span class="s2">"FARGATE_SPOT"</span> <span class="nx">weight</span> <span class="p">=</span> <span class="mi">100</span> <span class="c1"># 100% Spot</span> <span class="nx">base</span> <span class="p">=</span> <span class="mi">0</span> <span class="p">}</span> <span class="c1"># Or mix Spot and On-Demand</span> <span class="nx">capacity_provider_strategy</span> <span class="p">{</span> <span class="nx">capacity_provider</span> <span class="p">=</span> <span class="s2">"FARGATE_SPOT"</span> <span class="nx">weight</span> <span class="p">=</span> <span class="mi">70</span> <span class="p">}</span> <span class="nx">capacity_provider_strategy</span> <span class="p">{</span> <span class="nx">capacity_provider</span> <span class="p">=</span> <span class="s2">"FARGATE"</span> <span class="nx">weight</span> <span class="p">=</span> <span class="mi">30</span> <span class="nx">base</span> <span class="p">=</span> <span class="mi">1</span> <span class="c1"># At least 1 On-Demand task</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong>My recommendation</strong>: Use 100% Spot for batch processing. The interruption rate is low (&lt;5% in my experience), and retries handle it gracefully.</p> <h3> 6. Implement Circuit Breakers </h3> <p>If your downstream service is down, don't keep hammering it.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">CircuitBreaker</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">failure_threshold</span><span class="o">=</span><span class="mi">5</span><span class="p">,</span> <span class="n">timeout</span><span class="o">=</span><span class="mi">60</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">failure_count</span> <span class="o">=</span> <span class="mi">0</span> <span class="n">self</span><span class="p">.</span><span class="n">failure_threshold</span> <span class="o">=</span> <span class="n">failure_threshold</span> <span class="n">self</span><span class="p">.</span><span class="n">timeout</span> <span class="o">=</span> <span class="n">timeout</span> <span class="n">self</span><span class="p">.</span><span class="n">last_failure_time</span> <span class="o">=</span> <span class="bp">None</span> <span class="n">self</span><span class="p">.</span><span class="n">state</span> <span class="o">=</span> <span class="sh">'</span><span class="s">CLOSED</span><span class="sh">'</span> <span class="c1"># CLOSED, OPEN, HALF_OPEN </span> <span class="k">def</span> <span class="nf">call</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">func</span><span class="p">,</span> <span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="n">state</span> <span class="o">==</span> <span class="sh">'</span><span class="s">OPEN</span><span class="sh">'</span><span class="p">:</span> <span class="k">if</span> <span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="o">-</span> <span class="n">self</span><span class="p">.</span><span class="n">last_failure_time</span> <span class="o">&gt;</span> <span class="n">self</span><span class="p">.</span><span class="n">timeout</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">state</span> <span class="o">=</span> <span class="sh">'</span><span class="s">HALF_OPEN</span><span class="sh">'</span> <span class="k">else</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">CircuitBreakerOpen</span><span class="p">(</span><span class="sh">"</span><span class="s">Service unavailable</span><span class="sh">"</span><span class="p">)</span> <span class="k">try</span><span class="p">:</span> <span class="n">result</span> <span class="o">=</span> <span class="nf">func</span><span class="p">(</span><span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="n">state</span> <span class="o">==</span> <span class="sh">'</span><span class="s">HALF_OPEN</span><span class="sh">'</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">state</span> <span class="o">=</span> <span class="sh">'</span><span class="s">CLOSED</span><span class="sh">'</span> <span class="n">self</span><span class="p">.</span><span class="n">failure_count</span> <span class="o">=</span> <span class="mi">0</span> <span class="k">return</span> <span class="n">result</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">failure_count</span> <span class="o">+=</span> <span class="mi">1</span> <span class="n">self</span><span class="p">.</span><span class="n">last_failure_time</span> <span class="o">=</span> <span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="n">failure_count</span> <span class="o">&gt;=</span> <span class="n">self</span><span class="p">.</span><span class="n">failure_threshold</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">state</span> <span class="o">=</span> <span class="sh">'</span><span class="s">OPEN</span><span class="sh">'</span> <span class="k">raise</span> <span class="c1"># Usage </span><span class="n">db_breaker</span> <span class="o">=</span> <span class="nc">CircuitBreaker</span><span class="p">(</span><span class="n">failure_threshold</span><span class="o">=</span><span class="mi">5</span><span class="p">,</span> <span class="n">timeout</span><span class="o">=</span><span class="mi">60</span><span class="p">)</span> <span class="k">def</span> <span class="nf">process_message</span><span class="p">(</span><span class="n">message</span><span class="p">):</span> <span class="k">try</span><span class="p">:</span> <span class="n">data</span> <span class="o">=</span> <span class="n">db_breaker</span><span class="p">.</span><span class="nf">call</span><span class="p">(</span><span class="n">database</span><span class="p">.</span><span class="n">query</span><span class="p">,</span> <span class="n">message</span><span class="p">[</span><span class="sh">'</span><span class="s">query</span><span class="sh">'</span><span class="p">])</span> <span class="c1"># Process data </span> <span class="k">except</span> <span class="n">CircuitBreakerOpen</span><span class="p">:</span> <span class="c1"># Don't delete message, let it retry later </span> <span class="n">logger</span><span class="p">.</span><span class="nf">warning</span><span class="p">(</span><span class="sh">"</span><span class="s">Circuit breaker open, skipping message</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="bp">False</span> </code></pre> </div> <h3> 7. Monitor Your Costs </h3> <p>Set up AWS Cost Anomaly Detection:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"aws_ce_anomaly_monitor"</span> <span class="s2">"batch_processing"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"batch-processing-monitor"</span> <span class="nx">monitor_type</span> <span class="p">=</span> <span class="s2">"DIMENSIONAL"</span> <span class="nx">monitor_dimension</span> <span class="p">=</span> <span class="s2">"SERVICE"</span> <span class="p">}</span> <span class="nx">resource</span> <span class="s2">"aws_ce_anomaly_subscription"</span> <span class="s2">"batch_processing"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"batch-cost-anomalies"</span> <span class="nx">frequency</span> <span class="p">=</span> <span class="s2">"DAILY"</span> <span class="nx">monitor_arn_list</span> <span class="p">=</span> <span class="p">[</span> <span class="nx">aws_ce_anomaly_monitor</span><span class="p">.</span><span class="nx">batch_processing</span><span class="p">.</span><span class="nx">arn</span> <span class="p">]</span> <span class="nx">subscriber</span> <span class="p">{</span> <span class="nx">type</span> <span class="p">=</span> <span class="s2">"EMAIL"</span> <span class="nx">address</span> <span class="p">=</span> <span class="s2">"devops@example.com"</span> <span class="p">}</span> <span class="nx">threshold_expression</span> <span class="p">{</span> <span class="nx">dimension</span> <span class="p">{</span> <span class="nx">key</span> <span class="p">=</span> <span class="s2">"ANOMALY_TOTAL_IMPACT_ABSOLUTE"</span> <span class="nx">values</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"100"</span><span class="p">]</span> <span class="c1"># Alert if anomaly &gt; $100</span> <span class="nx">match_options</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"GREATER_THAN_OR_EQUAL"</span><span class="p">]</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>This alerts you if costs suddenly spike (e.g., infinite loop creating tasks).</p> <h2> Real-World Results and Lessons Learned </h2> <p>Let me share some actual results from production deployments.</p> <h3> Case Study 1: E-Commerce Image Processing </h3> <p><strong>Client</strong>: Mid-size e-commerce platform<br> <strong>Workload</strong>: Process product images (1000-5000/day)<br> <strong>Previous Setup</strong>: 2× t3.medium EC2 instances running 24/7</p> <p><strong>Implementation</strong>: ECS + SQS auto-scaling pattern</p> <p><strong>Results</strong>:</p> <ul> <li> <strong>Cost</strong>: $73/month → $22/month (70% reduction)</li> <li> <strong>Performance</strong>: Same average latency, better p99 (auto-scaling handles spikes)</li> <li> <strong>Operational</strong>: Zero manual scaling interventions in 6 months</li> <li> <strong>Incidents</strong>: 1 DLQ alert (corrupted image upload, not our bug)</li> </ul> <p><strong>Lesson Learned</strong>: Set visibility timeout properly. Initially set to 2 minutes (our average processing time), led to duplicate processing during retries. Changed to 6 minutes, problem solved.</p> <h3> Case Study 2: Data Analytics ETL </h3> <p><strong>Client</strong>: B2B SaaS analytics platform<br> <strong>Workload</strong>: Nightly ETL from 50 data sources<br> <strong>Previous Setup</strong>: Custom scheduling on EC2, sequential processing (8-10 hours)</p> <p><strong>Implementation</strong>: EKS Jobs with parallel processing</p> <p><strong>Results</strong>:</p> <ul> <li> <strong>Processing Time</strong>: 8-10 hours → 90 minutes (80% reduction)</li> <li> <strong>Cost</strong>: $200/month (always-on) → $85/month including EKS control plane</li> <li> <strong>Reliability</strong>: Built-in retries eliminated manual interventions</li> <li> <strong>Developer Experience</strong>: Much easier to add new data sources</li> </ul> <p><strong>Lesson Learned</strong>: Kubernetes has a learning curve, but parallel Job processing is powerful. For teams already using EKS, this pattern is excellent. For teams new to Kubernetes, the complexity might not be worth it ECS with Step Functions could work.</p> <h3> Case Study 3: Document Generation SaaS </h3> <p><strong>Client</strong>: Document automation startup<br> <strong>Workload</strong>: Generate PDFs from templates (variable: 10-1000/hour)<br> <strong>Previous Setup</strong>: Always-on containers, manual scaling</p> <p><strong>Implementation</strong>: ECS + SQS auto-scaling</p> <p><strong>Results</strong>:</p> <ul> <li> <strong>Cost</strong>: $90/month → $35/month (61% reduction)</li> <li> <strong>Scaling</strong>: Handles traffic spikes automatically</li> <li> <strong>Time to Market</strong>: Deployed in 1 day vs 2 weeks for custom solution</li> </ul> <p><strong>Lesson Learned</strong>: Start simple. We initially designed a complex workflow with Step Functions. Realized SQS + auto-scaling solved 95% of use cases. Deployed much faster with simpler architecture.</p> <h2> Getting Started: Your Action Plan </h2> <p>Ready to implement one of these patterns? Here's your step-by-step action plan.</p> <h3> Step 1: Choose Your Pattern </h3> <p><strong>Use Pattern 1 (ECS Scheduled)</strong> if:</p> <ul> <li>You need time-based execution only</li> <li>Workload is predictable and consistent</li> <li>You want the simplest possible setup</li> </ul> <p><strong>Use Pattern 2 (ECS + SQS)</strong> if:</p> <ul> <li>Workload varies throughout the day/week</li> <li>You need event-driven processing</li> <li>You want automatic scaling</li> <li><strong>This is my recommendation for 80% of use cases</strong></li> </ul> <p><strong>Use Pattern 3 (EKS Jobs)</strong> if:</p> <ul> <li>You're already running EKS</li> <li>You need complex parallel processing</li> <li>You have Kubernetes expertise</li> <li>You need advanced orchestration</li> </ul> <h3> Step 2: Set Up Your Development Environment </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Install required tools</span> <span class="c"># Install AWS CLI (v2)</span> <span class="nb">sudo </span>apt update <span class="nb">sudo </span>apt <span class="nb">install</span> <span class="nt">-y</span> unzip curl curl <span class="s2">"https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"</span> <span class="nt">-o</span> <span class="s2">"awscliv2.zip"</span> unzip awscliv2.zip <span class="nb">sudo</span> ./aws/install aws <span class="nt">--version</span> <span class="c"># Configure AWS CLI</span> aws configure <span class="c"># Install Terraform (latest)</span> <span class="nb">sudo </span>apt update <span class="o">&amp;&amp;</span> <span class="nb">sudo </span>apt <span class="nb">install</span> <span class="nt">-y</span> gnupg software-properties-common curl curl <span class="nt">-fsSL</span> https://apt.releases.hashicorp.com/gpg | <span class="nb">sudo </span>gpg <span class="nt">--dearmor</span> <span class="nt">-o</span> /usr/share/keyrings/hashicorp-archive-keyring.gpg <span class="nb">echo</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] </span><span class="se">\</span><span class="s2"> https://apt.releases.hashicorp.com </span><span class="si">$(</span>lsb_release <span class="nt">-cs</span><span class="si">)</span><span class="s2"> main"</span> | <span class="se">\</span> <span class="nb">sudo tee</span> /etc/apt/sources.list.d/hashicorp.list <span class="nb">sudo </span>apt update <span class="o">&amp;&amp;</span> <span class="nb">sudo </span>apt <span class="nb">install</span> <span class="nt">-y</span> terraform terraform <span class="nt">-version</span> <span class="c"># Install kubectl (latest stable)</span> <span class="nb">sudo </span>apt update <span class="o">&amp;&amp;</span> <span class="nb">sudo </span>apt <span class="nb">install</span> <span class="nt">-y</span> curl apt-transport-https gnupg curl <span class="nt">-fsSL</span> https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key | <span class="se">\</span> <span class="nb">sudo </span>gpg <span class="nt">--dearmor</span> <span class="nt">-o</span> /etc/apt/keyrings/kubernetes-apt-keyring.gpg <span class="nb">echo</span> <span class="s2">"deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] </span><span class="se">\</span><span class="s2"> https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /"</span> | <span class="se">\</span> <span class="nb">sudo tee</span> /etc/apt/sources.list.d/kubernetes.list <span class="nb">sudo </span>apt update <span class="o">&amp;&amp;</span> <span class="nb">sudo </span>apt <span class="nb">install</span> <span class="nt">-y</span> kubectl kubectl version <span class="nt">--client</span> <span class="c"># Clone the repository</span> git https://github.com/rifkhan107/aws-batch-processing-containers.git <span class="nb">cd </span>aws-batch-processing-containers </code></pre> </div> <h3> Step 3: Deploy Pattern 2 (Recommended Starting Point) </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Navigate to pattern directory</span> <span class="nb">cd </span>ecs-sqs-autoscaling <span class="c"># Deploy infrastructure</span> <span class="nb">cd </span>terraform terraform init terraform apply <span class="c"># Note the outputs</span> <span class="nv">ECR_URL</span><span class="o">=</span><span class="si">$(</span>terraform output <span class="nt">-raw</span> ecr_repository_url<span class="si">)</span> <span class="nv">QUEUE_URL</span><span class="o">=</span><span class="si">$(</span>terraform output <span class="nt">-raw</span> sqs_queue_url<span class="si">)</span> <span class="c"># Build and push Docker image</span> <span class="nb">cd</span> ../docker aws ecr get-login-password <span class="nt">--region</span> us-east-1 | <span class="se">\</span> docker login <span class="nt">--username</span> AWS <span class="nt">--password-stdin</span> <span class="nv">$ECR_URL</span> docker build <span class="nt">-t</span> batch-processor <span class="nb">.</span> docker tag batch-processor:latest <span class="nv">$ECR_URL</span>:latest docker push <span class="nv">$ECR_URL</span>:latest <span class="c"># Update ECS service to use new image</span> <span class="nb">cd</span> ../terraform aws ecs update-service <span class="se">\</span> <span class="nt">--cluster</span> <span class="si">$(</span>terraform output <span class="nt">-raw</span> ecs_cluster_name<span class="si">)</span> <span class="se">\</span> <span class="nt">--service</span> <span class="si">$(</span>terraform output <span class="nt">-raw</span> ecs_service_name<span class="si">)</span> <span class="se">\</span> <span class="nt">--force-new-deployment</span> <span class="c"># Test with sample messages</span> <span class="nv">LAMBDA_FUNCTION</span><span class="o">=</span><span class="si">$(</span>terraform output <span class="nt">-raw</span> lambda_function_name<span class="si">)</span> aws lambda invoke <span class="se">\</span> <span class="nt">--function-name</span> <span class="nv">$LAMBDA_FUNCTION</span> <span class="se">\</span> <span class="nt">--payload</span> <span class="s1">'{"num_messages": 20}'</span> <span class="se">\</span> response.json <span class="c"># Watch it scale</span> watch <span class="nt">-n</span> 5 <span class="s2">"aws ecs describe-services </span><span class="se">\</span><span class="s2"> --cluster </span><span class="si">$(</span>terraform output <span class="nt">-raw</span> ecs_cluster_name<span class="si">)</span><span class="s2"> </span><span class="se">\</span><span class="s2"> --services </span><span class="si">$(</span>terraform output <span class="nt">-raw</span> ecs_service_name<span class="si">)</span><span class="s2"> </span><span class="se">\</span><span class="s2"> --query 'services[0].[desiredCount,runningCount]'"</span> </code></pre> </div> <h3> Step 4: Customize for Your Use Case </h3> <ol> <li> <p><strong>Modify the application</strong> (<code>docker/app.py</code>):</p> <ul> <li>Replace processing logic with your actual work</li> <li>Adjust environment variables</li> <li>Add any dependencies to <code>requirements.txt</code> </li> </ul> </li> <li> <p><strong>Tune auto-scaling</strong> (<code>terraform/variables.tf</code>):</p> <ul> <li>Adjust <code>target_messages_per_task</code> (default: 5)</li> <li>Set <code>min_tasks</code> and <code>max_tasks</code> based on your needs</li> <li>Modify task CPU and memory</li> </ul> </li> <li> <p><strong>Set up monitoring</strong> (<code>monitoring/</code>):</p> <ul> <li>Deploy CloudWatch Dashboard</li> <li>Configure alarms</li> <li>Set up SNS notifications</li> </ul> </li> </ol> <h3> Step 5: Test Thoroughly </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Send test load</span> <span class="k">for </span>i <span class="k">in</span> <span class="o">{</span>1..5<span class="o">}</span><span class="p">;</span> <span class="k">do </span>aws lambda invoke <span class="se">\</span> <span class="nt">--function-name</span> <span class="nv">$LAMBDA_FUNCTION</span> <span class="se">\</span> <span class="nt">--payload</span> <span class="s1">'{"num_messages": 50}'</span> <span class="se">\</span> response-<span class="nv">$i</span>.json <span class="k">done</span> <span class="c"># Monitor CloudWatch Logs</span> aws logs <span class="nb">tail</span> /ecs/ecs-sqs-batch-sqs-processor <span class="nt">--follow</span> <span class="c"># Check queue depth</span> aws sqs get-queue-attributes <span class="se">\</span> <span class="nt">--queue-url</span> <span class="nv">$QUEUE_URL</span> <span class="se">\</span> <span class="nt">--attribute-names</span> ApproximateNumberOfMessagesVisible <span class="c"># Verify results in S3</span> aws s3 <span class="nb">ls </span>s3://<span class="si">$(</span>terraform output <span class="nt">-raw</span> s3_bucket_name<span class="si">)</span>/results/ <span class="nt">--recursive</span> </code></pre> </div> <h3> Step 6: Deploy to Production </h3> <p><strong>Pre-production checklist</strong>:</p> <ul> <li>[ ] All alarms configured and tested</li> <li>[ ] DLQ monitoring in place</li> <li>[ ] Task timeout appropriate for your workload</li> <li>[ ] IAM roles follow least-privilege</li> <li>[ ] Costs estimated and approved</li> <li>[ ] Team trained on troubleshooting</li> <li>[ ] Runbook documented </li> </ul> <p><strong>Deployment</strong>:</p> <ol> <li>Deploy to staging first</li> <li>Run production-like load tests</li> <li>Monitor for 1 week</li> <li>Gradually route production traffic</li> <li>Monitor costs and performance</li> </ol> <h2> Conclusion </h2> <p>Event-driven batch processing with containers represents a fundamental shift from traditional always-on infrastructure. Instead of paying for capacity you might need, you pay for capacity you actually use. Instead of manual scaling, you get automatic responsiveness to demand.</p> <p>The three patterns I've shared scheduled tasks, SQS auto-scaling, and EKS Jobs cover the vast majority of batch processing use cases. For most teams, I recommend starting with Pattern 2 (ECS + SQS auto-scaling). It offers the best balance of cost savings, automatic scaling, and operational simplicity.</p> <p>Key takeaways:</p> <ol> <li> <strong>Event-driven saves money</strong> (50-90% in real deployments)</li> <li> <strong>Auto-scaling eliminates operational burden</strong> (no more manual capacity management)</li> <li> <strong>Start simple</strong> (Pattern 2 handles 80% of use cases)</li> <li> <strong>Monitor everything</strong> (especially your DLQ)</li> <li> <strong>Design for idempotency</strong> (retries will happen)</li> </ol> <p>The complete code, infrastructure templates, and deployment guides are available on <a href="https://github.com/rifkhan107/aws-batch-processing-containers" rel="noopener noreferrer">GitHub</a>. Everything is production-ready and battle-tested.</p> <p>What will you build with this? I'd love to hear about your batch processing challenges and how these patterns help solve them. Find me on <a href="https://x.com/rifkhan107" rel="noopener noreferrer">Twitter</a>, <a href="//linkedin.com/in/rifkhan107">LinkedIn</a>, or open an issue on GitHub.</p> <p>Happy building, and may your batch jobs scale automatically! 🚀</p> <h2> Additional Resources </h2> <ul> <li> <strong>GitHub Repository</strong>: <a href="https://github.com/rifkhan107/aws-batch-processing-containers" rel="noopener noreferrer">https://github.com/rifkhan107/aws-batch-processing-containers</a> - Complete code and deployment guides</li> <li> <strong>AWS ECS Best Practices</strong>: <a href="https://docs.aws.amazon.com/AmazonECS/latest/bestpracticesguide/" rel="noopener noreferrer">https://docs.aws.amazon.com/AmazonECS/latest/bestpracticesguide/</a> </li> <li> <strong>AWS SQS Developer Guide</strong>: <a href="https://docs.aws.amazon.com/sqs/" rel="noopener noreferrer">https://docs.aws.amazon.com/sqs/</a> </li> <li> <strong>EKS Best Practices</strong>: <a href="https://aws.github.io/aws-eks-best-practices/" rel="noopener noreferrer">https://aws.github.io/aws-eks-best-practices/</a> </li> </ul> aws ecs eks batchprocessing JM Rifkhan Wed, 21 May 2025 11:55:06 +0000 https://forem.com/aws-builders/from-ai-to-arcade-building-a-pygame-adventure-with-amazon-q-39jb https://forem.com/aws-builders/from-ai-to-arcade-building-a-pygame-adventure-with-amazon-q-39jb <h2> Falling Stars Game: Powered by Amazon Q CLI </h2> <p>The Falling Stars Game is an addictive arcade game I built entirely using Amazon Q CLI, a generative AI coding assistant that made turning my ideas into reality a breeze. Using Python and Pygame, this game puts you in control of an airship, catching falling objects, dodging deadly ones, and snagging power-ups to rack up points. In this post, I’ll dive into how Amazon Q CLI brought this game to life, highlight the game’s core features, and share a glimpse of the development process with a screenshot of Amazon Q in action. Whether you’re a coder or a gamer, this project shows what AI can do!</p> <h2> Installing Amazon Q CLI on Windows via WSL </h2> <p>Amazon Q CLI doesn't have a native Windows version, but it can be easily installed and used through the Windows Subsystem for Linux (WSL). This method gives you access to a Linux environment directly from your Windows machine, making it straightforward to work with the CLI tools designed for Linux.</p> <p>Here's a step-by-step guide to get Amazon Q CLI running on Windows using WSL with Ubuntu:</p> <h2> Installing Amazon Q CLI on Ubuntu (WSL) </h2> <ol> <li>Check glibc Version Before downloading, determine which installer version you need by checking your glibc version:</li> </ol> <p><code>ldd --version</code></p> <p>If glibc is 2.34 or newer, use the standard version.</p> <p>If glibc is older, use the musl version.</p> <ol> <li>Download the Appropriate Installer Choose the correct command based on your architecture and glibc version.</li> </ol> <p>Standard version (glibc 2.34+)</p> <p>Linux x86-64:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">--proto</span> <span class="s1">'=https'</span> <span class="nt">--tlsv1</span>.2 <span class="nt">-sSf</span> <span class="s2">"https://desktop-release.q.us-east-1.amazonaws.com/latest/q-x86_64-linux.zip"</span> <span class="nt">-o</span> <span class="s2">"q.zip"</span> </code></pre> </div> <p>Linux ARM (aarch64):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">--proto</span> <span class="s1">'=https'</span> <span class="nt">--tlsv1</span>.2 <span class="nt">-sSf</span> <span class="s2">"https://desktop-release.q.us-east-1.amazonaws.com/latest/q-aarch64-linux.zip"</span> <span class="nt">-o</span> <span class="s2">"q.zip"</span> Musl version <span class="o">(</span>glibc &lt; 2.34<span class="o">)</span> </code></pre> </div> <p>Linux x86-64 (musl):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">--proto</span> <span class="s1">'=https'</span> <span class="nt">--tlsv1</span>.2 <span class="nt">-sSf</span> <span class="s2">"https://desktop-release.q.us-east-1.amazonaws.com/latest/q-x86_64-linux-musl.zip"</span> <span class="nt">-o</span> <span class="s2">"q.zip"</span> </code></pre> </div> <p>Linux ARM (aarch64, musl):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">--proto</span> <span class="s1">'=https'</span> <span class="nt">--tlsv1</span>.2 <span class="nt">-sSf</span> <span class="s2">"https://desktop-release.q.us-east-1.amazonaws.com/latest/q-aarch64-linux-musl.zip"</span> <span class="nt">-o</span> <span class="s2">"q.zip"</span> </code></pre> </div> <ol> <li>Install Amazon Q CLI Unzip the package and run the installer:</li> </ol> <p><code>unzip q.zip<br> ./q/install.sh</code></p> <p>By default, Amazon Q CLI will be installed to: <code>~/.local/bin.</code></p> <ol> <li>Configure AWS Credentials (Optional) If you haven't already, configure your AWS credentials within the WSL environment: <code>aws configure</code> </li> </ol> <p>This step is necessary for Amazon Q CLI to interact with your AWS account.</p> <ol> <li>Configure your AWS credentials within the WSL environment using the following command:</li> </ol> <p><code>q login</code></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fle2bdfnfr9ulqrb86hfr.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fle2bdfnfr9ulqrb86hfr.png" alt="q login" width="800" height="310"></a></p> <p>For additional options and detailed instructions for other platforms, refer to the official Amazon Q CLI Installation <a href="https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/command-line-installing.html" rel="noopener noreferrer">Documentation</a>.</p> <h2> Amazon Q CLI: My Coding Sidekick </h2> <p>Amazon Q CLI is an AI tool that generates code, suggests features, and debugs issues through simple command-line prompts. I used it to build Falling Stars Game from the ground up, starting with basic concepts and iterating to a polished product. With prompts like “create a Pygame game where a player catches falling objects,” Amazon Q churned out working code, suggested additions like power-ups and levels, and helped fix bugs when things went off track. Its ability to understand my intent and provide Pygame-specific solutions saved hours of work.</p> <p>The CLI’s conversational style let me refine the game step-by-step, from spawning objects to adding sound effects. For example, when collision detection was glitchy, a prompt like “fix object collision in Pygame” got me a corrected algorithm. The screenshot below (to be added) captures Amazon Q in action, showing how it shaped the game’s core mechanics.</p> <h2> Amazon Q CLI in Action </h2> <p>Initially, I gave a simple prompt to Amazon Q, like: </p> <blockquote> <p>'Can you guide me to create a game using Pygame?'</p> </blockquote> <p>It gave me the Python code for the game in a single file, so I asked to structure it like a proper project. As a result, Amazon Q provided me with the following file structure for my game project:</p> <h3> Amazon Q suggested this clean setup for the game: </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>falling_stars_game/ ├── README.md ├── assets │ ├── images │ │ ├── background.jpg │ │ ├── dangerous_object.png │ │ ├── normal_object.png │ │ ├── player.png │ │ ├── powerup_life.png │ │ ├── powerup_slower.png │ │ ├── powerup_wider.png │ │ └── special_object.png │ └── sounds │ ├── background.mp3 │ ├── catch.wav │ ├── gameover.wav │ └── powerup.wav ├── run_game.py └── src └── game.py </code></pre> </div> <p>assets/: Holds images and sounds.<br> src/game.py: Core game logic.<br> run_game.py: Launches the game.<br> README.md: Guides setup and gameplay.</p> <h2> Game Overview </h2> <p>Falling Stars Game is a fast-paced arcade challenge set on an 800x600 screen. You control a movable brick wall to catch falling stars for points while avoiding red ones that end the game. Power-ups occasionally drop to give you an edge. With custom graphics, sound effects, and toggleable music, the game feels polished and immersive. A five-level difficulty system keeps the gameplay engaging. Every component — from the game loop to the user interface — was built using the Amazon Q CLI.</p> <h2> Key Features </h2> <h3> Objects in the game: </h3> <ul> <li>⭐ Purple-background star: +1 point, falls at a steady speed.</li> <li>⭐ White-background star (Special): +5 points, faster and harder to catch.</li> <li>🔥 Red fire object: Game over if caught — avoid at all costs.</li> <li>❤️ Heart: Grants an extra life.</li> <li>⏱️ Green timer clock: Temporarily slows down all falling objects, making them easier to catch.</li> <li>🔷 Blue wider object: Temporarily increases the width of your brick wall, making catching objects easier.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5u55i48llqhvtpotfu17.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5u55i48llqhvtpotfu17.png" alt="Objects in the game" width="800" height="365"></a></p> <h3> Levels: </h3> <ul> <li>Five levels, advancing every 50 points. Higher levels mean faster objects, quicker spawns, and more green objects.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fr8auptdbr129ccg8993o.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fr8auptdbr129ccg8993o.png" alt="Objects in the game" width="800" height="624"></a></p> <h3> Visuals &amp; Audio: </h3> <ul> <li><p>Custom .png images for the brick wal, objects, and power-ups.</p></li> <li><p>Sounds for catches (catch.wav), power-ups (powerup.wav), and game over (gameover.wav).</p></li> <li><p>Background music (background.mp3), toggleable with the M key.</p></li> <li><p>UI shows score, level, lives (as icons), and power-up timers.</p></li> </ul> <h3> Controls: </h3> <ul> <li>Left/Right Arrows: Move the airship.</li> <li>P: Pause/unpause.</li> <li>M: Toggle music.</li> <li>R: Restart after game over.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0vmnfmyytu19sj38r6wb.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0vmnfmyytu19sj38r6wb.png" alt="Objects in the game" width="800" height="628"></a></p> <h2> Code Highlights </h2> <p>Here's the complete game.py implementation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">pygame</span> <span class="kn">import</span> <span class="n">random</span> <span class="kn">import</span> <span class="n">sys</span> <span class="kn">import</span> <span class="n">os</span> <span class="kn">from</span> <span class="n">pathlib</span> <span class="kn">import</span> <span class="n">Path</span> <span class="c1"># Get the base directory </span><span class="n">BASE_DIR</span> <span class="o">=</span> <span class="nc">Path</span><span class="p">(</span><span class="n">__file__</span><span class="p">).</span><span class="nf">resolve</span><span class="p">().</span><span class="n">parent</span><span class="p">.</span><span class="n">parent</span> <span class="n">ASSETS_DIR</span> <span class="o">=</span> <span class="n">BASE_DIR</span> <span class="o">/</span> <span class="sh">"</span><span class="s">assets</span><span class="sh">"</span> <span class="n">IMAGES_DIR</span> <span class="o">=</span> <span class="n">ASSETS_DIR</span> <span class="o">/</span> <span class="sh">"</span><span class="s">images</span><span class="sh">"</span> <span class="n">SOUNDS_DIR</span> <span class="o">=</span> <span class="n">ASSETS_DIR</span> <span class="o">/</span> <span class="sh">"</span><span class="s">sounds</span><span class="sh">"</span> <span class="c1"># Initialize Pygame </span><span class="n">pygame</span><span class="p">.</span><span class="nf">init</span><span class="p">()</span> <span class="n">pygame</span><span class="p">.</span><span class="n">mixer</span><span class="p">.</span><span class="nf">init</span><span class="p">()</span> <span class="c1"># Initialize sound mixer </span> <span class="c1"># Screen dimensions </span><span class="n">SCREEN_WIDTH</span> <span class="o">=</span> <span class="mi">800</span> <span class="n">SCREEN_HEIGHT</span> <span class="o">=</span> <span class="mi">600</span> <span class="c1"># Colors </span><span class="n">WHITE</span> <span class="o">=</span> <span class="p">(</span><span class="mi">255</span><span class="p">,</span> <span class="mi">255</span><span class="p">,</span> <span class="mi">255</span><span class="p">)</span> <span class="n">BLACK</span> <span class="o">=</span> <span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="mi">0</span><span class="p">)</span> <span class="n">RED</span> <span class="o">=</span> <span class="p">(</span><span class="mi">255</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="mi">0</span><span class="p">)</span> <span class="n">BLUE</span> <span class="o">=</span> <span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="mi">255</span><span class="p">)</span> <span class="n">GREEN</span> <span class="o">=</span> <span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="mi">255</span><span class="p">,</span> <span class="mi">0</span><span class="p">)</span> <span class="n">YELLOW</span> <span class="o">=</span> <span class="p">(</span><span class="mi">255</span><span class="p">,</span> <span class="mi">255</span><span class="p">,</span> <span class="mi">0</span><span class="p">)</span> <span class="n">PURPLE</span> <span class="o">=</span> <span class="p">(</span><span class="mi">128</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="mi">128</span><span class="p">)</span> <span class="c1"># Create the screen </span><span class="n">screen</span> <span class="o">=</span> <span class="n">pygame</span><span class="p">.</span><span class="n">display</span><span class="p">.</span><span class="nf">set_mode</span><span class="p">((</span><span class="n">SCREEN_WIDTH</span><span class="p">,</span> <span class="n">SCREEN_HEIGHT</span><span class="p">))</span> <span class="n">pygame</span><span class="p">.</span><span class="n">display</span><span class="p">.</span><span class="nf">set_caption</span><span class="p">(</span><span class="sh">"</span><span class="s">Falling Stars Game</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Load images </span><span class="k">try</span><span class="p">:</span> <span class="n">background_img</span> <span class="o">=</span> <span class="n">pygame</span><span class="p">.</span><span class="n">image</span><span class="p">.</span><span class="nf">load</span><span class="p">(</span><span class="n">IMAGES_DIR</span> <span class="o">/</span> <span class="sh">"</span><span class="s">background.jpg</span><span class="sh">"</span><span class="p">).</span><span class="nf">convert</span><span class="p">()</span> <span class="n">background_img</span> <span class="o">=</span> <span class="n">pygame</span><span class="p">.</span><span class="n">transform</span><span class="p">.</span><span class="nf">scale</span><span class="p">(</span><span class="n">background_img</span><span class="p">,</span> <span class="p">(</span><span class="n">SCREEN_WIDTH</span><span class="p">,</span> <span class="n">SCREEN_HEIGHT</span><span class="p">))</span> <span class="c1"># Load normal player image </span> <span class="n">player_img</span> <span class="o">=</span> <span class="n">pygame</span><span class="p">.</span><span class="n">image</span><span class="p">.</span><span class="nf">load</span><span class="p">(</span><span class="n">IMAGES_DIR</span> <span class="o">/</span> <span class="sh">"</span><span class="s">player.png</span><span class="sh">"</span><span class="p">).</span><span class="nf">convert_alpha</span><span class="p">()</span> <span class="c1"># Scale the player image to the correct size for the game </span> <span class="n">player_img</span> <span class="o">=</span> <span class="n">pygame</span><span class="p">.</span><span class="n">transform</span><span class="p">.</span><span class="nf">scale</span><span class="p">(</span><span class="n">player_img</span><span class="p">,</span> <span class="p">(</span><span class="mi">100</span><span class="p">,</span> <span class="mi">80</span><span class="p">))</span> <span class="c1"># Increased height to show more of the image </span> <span class="n">normal_obj_img</span> <span class="o">=</span> <span class="n">pygame</span><span class="p">.</span><span class="n">image</span><span class="p">.</span><span class="nf">load</span><span class="p">(</span><span class="n">IMAGES_DIR</span> <span class="o">/</span> <span class="sh">"</span><span class="s">normal_object.png</span><span class="sh">"</span><span class="p">).</span><span class="nf">convert_alpha</span><span class="p">()</span> <span class="n">normal_obj_img</span> <span class="o">=</span> <span class="n">pygame</span><span class="p">.</span><span class="n">transform</span><span class="p">.</span><span class="nf">scale</span><span class="p">(</span><span class="n">normal_obj_img</span><span class="p">,</span> <span class="p">(</span><span class="mi">50</span><span class="p">,</span> <span class="mi">50</span><span class="p">))</span> <span class="n">special_obj_img</span> <span class="o">=</span> <span class="n">pygame</span><span class="p">.</span><span class="n">image</span><span class="p">.</span><span class="nf">load</span><span class="p">(</span><span class="n">IMAGES_DIR</span> <span class="o">/</span> <span class="sh">"</span><span class="s">special_object.png</span><span class="sh">"</span><span class="p">).</span><span class="nf">convert_alpha</span><span class="p">()</span> <span class="n">special_obj_img</span> <span class="o">=</span> <span class="n">pygame</span><span class="p">.</span><span class="n">transform</span><span class="p">.</span><span class="nf">scale</span><span class="p">(</span><span class="n">special_obj_img</span><span class="p">,</span> <span class="p">(</span><span class="mi">50</span><span class="p">,</span> <span class="mi">50</span><span class="p">))</span> <span class="n">dangerous_obj_img</span> <span class="o">=</span> <span class="n">pygame</span><span class="p">.</span><span class="n">image</span><span class="p">.</span><span class="nf">load</span><span class="p">(</span><span class="n">IMAGES_DIR</span> <span class="o">/</span> <span class="sh">"</span><span class="s">dangerous_object.png</span><span class="sh">"</span><span class="p">).</span><span class="nf">convert_alpha</span><span class="p">()</span> <span class="n">dangerous_obj_img</span> <span class="o">=</span> <span class="n">pygame</span><span class="p">.</span><span class="n">transform</span><span class="p">.</span><span class="nf">scale</span><span class="p">(</span><span class="n">dangerous_obj_img</span><span class="p">,</span> <span class="p">(</span><span class="mi">50</span><span class="p">,</span> <span class="mi">50</span><span class="p">))</span> <span class="n">powerup_wider_img</span> <span class="o">=</span> <span class="n">pygame</span><span class="p">.</span><span class="n">image</span><span class="p">.</span><span class="nf">load</span><span class="p">(</span><span class="n">IMAGES_DIR</span> <span class="o">/</span> <span class="sh">"</span><span class="s">powerup_wider.png</span><span class="sh">"</span><span class="p">).</span><span class="nf">convert_alpha</span><span class="p">()</span> <span class="n">powerup_wider_img</span> <span class="o">=</span> <span class="n">pygame</span><span class="p">.</span><span class="n">transform</span><span class="p">.</span><span class="nf">scale</span><span class="p">(</span><span class="n">powerup_wider_img</span><span class="p">,</span> <span class="p">(</span><span class="mi">50</span><span class="p">,</span> <span class="mi">50</span><span class="p">))</span> <span class="n">powerup_slower_img</span> <span class="o">=</span> <span class="n">pygame</span><span class="p">.</span><span class="n">image</span><span class="p">.</span><span class="nf">load</span><span class="p">(</span><span class="n">IMAGES_DIR</span> <span class="o">/</span> <span class="sh">"</span><span class="s">powerup_slower.png</span><span class="sh">"</span><span class="p">).</span><span class="nf">convert_alpha</span><span class="p">()</span> <span class="c1"># Make the slower powerup larger (60x60 pixels) </span> <span class="n">powerup_slower_img</span> <span class="o">=</span> <span class="n">pygame</span><span class="p">.</span><span class="n">transform</span><span class="p">.</span><span class="nf">scale</span><span class="p">(</span><span class="n">powerup_slower_img</span><span class="p">,</span> <span class="p">(</span><span class="mi">60</span><span class="p">,</span> <span class="mi">60</span><span class="p">))</span> <span class="n">powerup_life_img</span> <span class="o">=</span> <span class="n">pygame</span><span class="p">.</span><span class="n">image</span><span class="p">.</span><span class="nf">load</span><span class="p">(</span><span class="n">IMAGES_DIR</span> <span class="o">/</span> <span class="sh">"</span><span class="s">powerup_life.png</span><span class="sh">"</span><span class="p">).</span><span class="nf">convert_alpha</span><span class="p">()</span> <span class="n">powerup_life_img</span> <span class="o">=</span> <span class="n">pygame</span><span class="p">.</span><span class="n">transform</span><span class="p">.</span><span class="nf">scale</span><span class="p">(</span><span class="n">powerup_life_img</span><span class="p">,</span> <span class="p">(</span><span class="mi">50</span><span class="p">,</span> <span class="mi">50</span><span class="p">))</span> <span class="c1"># Dictionary to store images for easy access </span> <span class="n">images</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">'</span><span class="s">player</span><span class="sh">'</span><span class="p">:</span> <span class="n">player_img</span><span class="p">,</span> <span class="sh">'</span><span class="s">normal</span><span class="sh">'</span><span class="p">:</span> <span class="n">normal_obj_img</span><span class="p">,</span> <span class="sh">'</span><span class="s">special</span><span class="sh">'</span><span class="p">:</span> <span class="n">special_obj_img</span><span class="p">,</span> <span class="sh">'</span><span class="s">dangerous</span><span class="sh">'</span><span class="p">:</span> <span class="n">dangerous_obj_img</span><span class="p">,</span> <span class="sh">'</span><span class="s">wider</span><span class="sh">'</span><span class="p">:</span> <span class="n">powerup_wider_img</span><span class="p">,</span> <span class="sh">'</span><span class="s">slower</span><span class="sh">'</span><span class="p">:</span> <span class="n">powerup_slower_img</span><span class="p">,</span> <span class="sh">'</span><span class="s">extra_life</span><span class="sh">'</span><span class="p">:</span> <span class="n">powerup_life_img</span> <span class="p">}</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Error loading images: </span><span class="si">{</span><span class="n">e</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># We'll use colored rectangles if images fail to load </span> <span class="n">images</span> <span class="o">=</span> <span class="p">{}</span> <span class="c1"># Load sounds </span><span class="k">try</span><span class="p">:</span> <span class="n">catch_sound</span> <span class="o">=</span> <span class="n">pygame</span><span class="p">.</span><span class="n">mixer</span><span class="p">.</span><span class="nc">Sound</span><span class="p">(</span><span class="n">SOUNDS_DIR</span> <span class="o">/</span> <span class="sh">"</span><span class="s">catch.wav</span><span class="sh">"</span><span class="p">)</span> <span class="n">powerup_sound</span> <span class="o">=</span> <span class="n">pygame</span><span class="p">.</span><span class="n">mixer</span><span class="p">.</span><span class="nc">Sound</span><span class="p">(</span><span class="n">SOUNDS_DIR</span> <span class="o">/</span> <span class="sh">"</span><span class="s">powerup.wav</span><span class="sh">"</span><span class="p">)</span> <span class="n">game_over_sound</span> <span class="o">=</span> <span class="n">pygame</span><span class="p">.</span><span class="n">mixer</span><span class="p">.</span><span class="nc">Sound</span><span class="p">(</span><span class="n">SOUNDS_DIR</span> <span class="o">/</span> <span class="sh">"</span><span class="s">gameover.wav</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Set volume </span> <span class="n">catch_sound</span><span class="p">.</span><span class="nf">set_volume</span><span class="p">(</span><span class="mf">0.5</span><span class="p">)</span> <span class="n">powerup_sound</span><span class="p">.</span><span class="nf">set_volume</span><span class="p">(</span><span class="mf">0.7</span><span class="p">)</span> <span class="n">game_over_sound</span><span class="p">.</span><span class="nf">set_volume</span><span class="p">(</span><span class="mf">0.8</span><span class="p">)</span> <span class="c1"># Try to load background music </span> <span class="k">try</span><span class="p">:</span> <span class="n">pygame</span><span class="p">.</span><span class="n">mixer</span><span class="p">.</span><span class="n">music</span><span class="p">.</span><span class="nf">load</span><span class="p">(</span><span class="n">SOUNDS_DIR</span> <span class="o">/</span> <span class="sh">"</span><span class="s">background.mp3</span><span class="sh">"</span><span class="p">)</span> <span class="n">pygame</span><span class="p">.</span><span class="n">mixer</span><span class="p">.</span><span class="n">music</span><span class="p">.</span><span class="nf">set_volume</span><span class="p">(</span><span class="mf">0.3</span><span class="p">)</span> <span class="n">pygame</span><span class="p">.</span><span class="n">mixer</span><span class="p">.</span><span class="n">music</span><span class="p">.</span><span class="nf">play</span><span class="p">(</span><span class="o">-</span><span class="mi">1</span><span class="p">)</span> <span class="c1"># -1 means loop indefinitely </span> <span class="n">music_playing</span> <span class="o">=</span> <span class="bp">True</span> <span class="k">except</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Background music not found</span><span class="sh">"</span><span class="p">)</span> <span class="n">music_playing</span> <span class="o">=</span> <span class="bp">False</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Error loading sounds: </span><span class="si">{</span><span class="n">e</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Create dummy sound objects </span> <span class="n">catch_sound</span> <span class="o">=</span> <span class="bp">None</span> <span class="n">powerup_sound</span> <span class="o">=</span> <span class="bp">None</span> <span class="n">game_over_sound</span> <span class="o">=</span> <span class="bp">None</span> <span class="n">music_playing</span> <span class="o">=</span> <span class="bp">False</span> <span class="c1"># Player settings </span><span class="n">player_width</span> <span class="o">=</span> <span class="mi">100</span> <span class="n">player_height</span> <span class="o">=</span> <span class="mi">80</span> <span class="c1"># Increased height to show more of the image </span><span class="n">player_x</span> <span class="o">=</span> <span class="n">SCREEN_WIDTH</span> <span class="o">//</span> <span class="mi">2</span> <span class="o">-</span> <span class="n">player_width</span> <span class="o">//</span> <span class="mi">2</span> <span class="n">player_y</span> <span class="o">=</span> <span class="n">SCREEN_HEIGHT</span> <span class="o">-</span> <span class="mi">90</span> <span class="c1"># Moved player up a bit to accommodate taller image </span><span class="n">player_speed</span> <span class="o">=</span> <span class="mi">10</span> <span class="n">player_lives</span> <span class="o">=</span> <span class="mi">3</span> <span class="c1"># Object settings </span><span class="n">object_size</span> <span class="o">=</span> <span class="mi">50</span> <span class="n">objects</span> <span class="o">=</span> <span class="p">[]</span> <span class="n">spawn_timer</span> <span class="o">=</span> <span class="mi">0</span> <span class="c1"># Power-up settings </span><span class="n">powerups</span> <span class="o">=</span> <span class="p">[]</span> <span class="n">powerup_timer</span> <span class="o">=</span> <span class="mi">0</span> <span class="n">powerup_delay</span> <span class="o">=</span> <span class="mi">300</span> <span class="c1"># Frames between powerup spawns </span><span class="n">active_powerups</span> <span class="o">=</span> <span class="p">{}</span> <span class="n">wider_level</span> <span class="o">=</span> <span class="mi">1</span> <span class="c1"># Track the current width level (1=normal, 2=double, 3=triple) </span> <span class="c1"># Game settings </span><span class="n">score</span> <span class="o">=</span> <span class="mi">0</span> <span class="n">level</span> <span class="o">=</span> <span class="mi">1</span> <span class="n">font</span> <span class="o">=</span> <span class="n">pygame</span><span class="p">.</span><span class="n">font</span><span class="p">.</span><span class="nc">Font</span><span class="p">(</span><span class="bp">None</span><span class="p">,</span> <span class="mi">36</span><span class="p">)</span> <span class="n">small_font</span> <span class="o">=</span> <span class="n">pygame</span><span class="p">.</span><span class="n">font</span><span class="p">.</span><span class="nc">Font</span><span class="p">(</span><span class="bp">None</span><span class="p">,</span> <span class="mi">24</span><span class="p">)</span> <span class="n">clock</span> <span class="o">=</span> <span class="n">pygame</span><span class="p">.</span><span class="n">time</span><span class="p">.</span><span class="nc">Clock</span><span class="p">()</span> <span class="n">game_over</span> <span class="o">=</span> <span class="bp">False</span> <span class="n">paused</span> <span class="o">=</span> <span class="bp">False</span> <span class="n">music_playing</span> <span class="o">=</span> <span class="n">music_playing</span> <span class="k">if</span> <span class="sh">'</span><span class="s">music_playing</span><span class="sh">'</span> <span class="ow">in</span> <span class="nf">locals</span><span class="p">()</span> <span class="k">else</span> <span class="bp">False</span> <span class="c1"># Level settings </span><span class="n">level_settings</span> <span class="o">=</span> <span class="p">{</span> <span class="mi">1</span><span class="p">:</span> <span class="p">{</span><span class="sh">"</span><span class="s">spawn_delay</span><span class="sh">"</span><span class="p">:</span> <span class="mi">60</span><span class="p">,</span> <span class="sh">"</span><span class="s">object_speed</span><span class="sh">"</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span> <span class="sh">"</span><span class="s">special_chance</span><span class="sh">"</span><span class="p">:</span> <span class="mf">0.1</span><span class="p">},</span> <span class="mi">2</span><span class="p">:</span> <span class="p">{</span><span class="sh">"</span><span class="s">spawn_delay</span><span class="sh">"</span><span class="p">:</span> <span class="mi">50</span><span class="p">,</span> <span class="sh">"</span><span class="s">object_speed</span><span class="sh">"</span><span class="p">:</span> <span class="mi">4</span><span class="p">,</span> <span class="sh">"</span><span class="s">special_chance</span><span class="sh">"</span><span class="p">:</span> <span class="mf">0.15</span><span class="p">},</span> <span class="mi">3</span><span class="p">:</span> <span class="p">{</span><span class="sh">"</span><span class="s">spawn_delay</span><span class="sh">"</span><span class="p">:</span> <span class="mi">40</span><span class="p">,</span> <span class="sh">"</span><span class="s">object_speed</span><span class="sh">"</span><span class="p">:</span> <span class="mi">5</span><span class="p">,</span> <span class="sh">"</span><span class="s">special_chance</span><span class="sh">"</span><span class="p">:</span> <span class="mf">0.2</span><span class="p">},</span> <span class="mi">4</span><span class="p">:</span> <span class="p">{</span><span class="sh">"</span><span class="s">spawn_delay</span><span class="sh">"</span><span class="p">:</span> <span class="mi">30</span><span class="p">,</span> <span class="sh">"</span><span class="s">object_speed</span><span class="sh">"</span><span class="p">:</span> <span class="mi">6</span><span class="p">,</span> <span class="sh">"</span><span class="s">special_chance</span><span class="sh">"</span><span class="p">:</span> <span class="mf">0.25</span><span class="p">},</span> <span class="mi">5</span><span class="p">:</span> <span class="p">{</span><span class="sh">"</span><span class="s">spawn_delay</span><span class="sh">"</span><span class="p">:</span> <span class="mi">20</span><span class="p">,</span> <span class="sh">"</span><span class="s">object_speed</span><span class="sh">"</span><span class="p">:</span> <span class="mi">7</span><span class="p">,</span> <span class="sh">"</span><span class="s">special_chance</span><span class="sh">"</span><span class="p">:</span> <span class="mf">0.3</span><span class="p">}</span> <span class="p">}</span> <span class="c1"># Current level settings </span><span class="n">current_settings</span> <span class="o">=</span> <span class="n">level_settings</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span> <span class="n">spawn_delay</span> <span class="o">=</span> <span class="n">current_settings</span><span class="p">[</span><span class="sh">"</span><span class="s">spawn_delay</span><span class="sh">"</span><span class="p">]</span> <span class="n">object_speed</span> <span class="o">=</span> <span class="n">current_settings</span><span class="p">[</span><span class="sh">"</span><span class="s">object_speed</span><span class="sh">"</span><span class="p">]</span> <span class="n">special_chance</span> <span class="o">=</span> <span class="n">current_settings</span><span class="p">[</span><span class="sh">"</span><span class="s">special_chance</span><span class="sh">"</span><span class="p">]</span> <span class="k">def</span> <span class="nf">draw_player</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">):</span> <span class="k">if</span> <span class="sh">'</span><span class="s">player</span><span class="sh">'</span> <span class="ow">in</span> <span class="n">images</span><span class="p">:</span> <span class="c1"># If we have a player image, use it </span> <span class="k">if</span> <span class="sh">'</span><span class="s">wider</span><span class="sh">'</span> <span class="ow">in</span> <span class="n">active_powerups</span> <span class="ow">and</span> <span class="n">active_powerups</span><span class="p">[</span><span class="sh">'</span><span class="s">wider</span><span class="sh">'</span><span class="p">]</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">:</span> <span class="c1"># Draw multiple player images side by side based on wider_level </span> <span class="n">img_width</span> <span class="o">=</span> <span class="n">player_img</span><span class="p">.</span><span class="nf">get_width</span><span class="p">()</span> <span class="c1"># Draw the images side by side with slight overlap </span> <span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="n">wider_level</span><span class="p">):</span> <span class="n">pos_x</span> <span class="o">=</span> <span class="n">x</span> <span class="o">+</span> <span class="p">(</span><span class="n">i</span> <span class="o">*</span> <span class="p">(</span><span class="n">img_width</span> <span class="o">-</span> <span class="mi">20</span><span class="p">))</span> <span class="c1"># Overlap by 20 pixels </span> <span class="n">screen</span><span class="p">.</span><span class="nf">blit</span><span class="p">(</span><span class="n">images</span><span class="p">[</span><span class="sh">'</span><span class="s">player</span><span class="sh">'</span><span class="p">],</span> <span class="p">(</span><span class="n">pos_x</span><span class="p">,</span> <span class="n">y</span><span class="p">))</span> <span class="k">else</span><span class="p">:</span> <span class="c1"># Use normal airship image </span> <span class="n">screen</span><span class="p">.</span><span class="nf">blit</span><span class="p">(</span><span class="n">images</span><span class="p">[</span><span class="sh">'</span><span class="s">player</span><span class="sh">'</span><span class="p">],</span> <span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">))</span> <span class="k">else</span><span class="p">:</span> <span class="c1"># Fallback to a rectangle </span> <span class="k">if</span> <span class="sh">'</span><span class="s">wider</span><span class="sh">'</span> <span class="ow">in</span> <span class="n">active_powerups</span> <span class="ow">and</span> <span class="n">active_powerups</span><span class="p">[</span><span class="sh">'</span><span class="s">wider</span><span class="sh">'</span><span class="p">]</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">:</span> <span class="n">pygame</span><span class="p">.</span><span class="n">draw</span><span class="p">.</span><span class="nf">rect</span><span class="p">(</span><span class="n">screen</span><span class="p">,</span> <span class="n">BLUE</span><span class="p">,</span> <span class="p">[</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">,</span> <span class="n">player_width</span><span class="p">,</span> <span class="n">player_height</span><span class="p">])</span> <span class="k">else</span><span class="p">:</span> <span class="n">pygame</span><span class="p">.</span><span class="n">draw</span><span class="p">.</span><span class="nf">rect</span><span class="p">(</span><span class="n">screen</span><span class="p">,</span> <span class="n">BLUE</span><span class="p">,</span> <span class="p">[</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">,</span> <span class="mi">100</span><span class="p">,</span> <span class="n">player_height</span><span class="p">])</span> <span class="c1"># Draw player lives </span> <span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="n">player_lives</span><span class="p">):</span> <span class="k">if</span> <span class="sh">'</span><span class="s">extra_life</span><span class="sh">'</span> <span class="ow">in</span> <span class="n">images</span><span class="p">:</span> <span class="n">screen</span><span class="p">.</span><span class="nf">blit</span><span class="p">(</span><span class="n">pygame</span><span class="p">.</span><span class="n">transform</span><span class="p">.</span><span class="nf">scale</span><span class="p">(</span><span class="n">images</span><span class="p">[</span><span class="sh">'</span><span class="s">extra_life</span><span class="sh">'</span><span class="p">],</span> <span class="p">(</span><span class="mi">20</span><span class="p">,</span> <span class="mi">20</span><span class="p">)),</span> <span class="p">(</span><span class="mi">10</span> <span class="o">+</span> <span class="n">i</span> <span class="o">*</span> <span class="mi">30</span><span class="p">,</span> <span class="mi">40</span><span class="p">))</span> <span class="k">else</span><span class="p">:</span> <span class="n">pygame</span><span class="p">.</span><span class="n">draw</span><span class="p">.</span><span class="nf">rect</span><span class="p">(</span><span class="n">screen</span><span class="p">,</span> <span class="n">RED</span><span class="p">,</span> <span class="p">[</span><span class="mi">10</span> <span class="o">+</span> <span class="n">i</span> <span class="o">*</span> <span class="mi">30</span><span class="p">,</span> <span class="mi">40</span><span class="p">,</span> <span class="mi">20</span><span class="p">,</span> <span class="mi">20</span><span class="p">])</span> <span class="k">def</span> <span class="nf">create_object</span><span class="p">():</span> <span class="n">x</span> <span class="o">=</span> <span class="n">random</span><span class="p">.</span><span class="nf">randint</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="n">SCREEN_WIDTH</span> <span class="o">-</span> <span class="n">object_size</span><span class="p">)</span> <span class="n">obj_type</span> <span class="o">=</span> <span class="n">random</span><span class="p">.</span><span class="nf">choices</span><span class="p">(</span> <span class="p">[</span><span class="sh">'</span><span class="s">normal</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">special</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">dangerous</span><span class="sh">'</span><span class="p">],</span> <span class="n">weights</span><span class="o">=</span><span class="p">[</span><span class="mf">0.7</span><span class="p">,</span> <span class="n">special_chance</span><span class="p">,</span> <span class="mf">0.3</span><span class="o">-</span><span class="n">special_chance</span><span class="p">],</span> <span class="n">k</span><span class="o">=</span><span class="mi">1</span> <span class="p">)[</span><span class="mi">0</span><span class="p">]</span> <span class="n">speed_variation</span> <span class="o">=</span> <span class="n">random</span><span class="p">.</span><span class="nf">uniform</span><span class="p">(</span><span class="mf">0.8</span><span class="p">,</span> <span class="mf">1.2</span><span class="p">)</span> <span class="k">if</span> <span class="n">obj_type</span> <span class="o">==</span> <span class="sh">'</span><span class="s">normal</span><span class="sh">'</span><span class="p">:</span> <span class="n">color</span> <span class="o">=</span> <span class="n">RED</span> <span class="n">points</span> <span class="o">=</span> <span class="mi">1</span> <span class="n">speed</span> <span class="o">=</span> <span class="n">object_speed</span> <span class="o">*</span> <span class="n">speed_variation</span> <span class="k">elif</span> <span class="n">obj_type</span> <span class="o">==</span> <span class="sh">'</span><span class="s">special</span><span class="sh">'</span><span class="p">:</span> <span class="n">color</span> <span class="o">=</span> <span class="n">GREEN</span> <span class="n">points</span> <span class="o">=</span> <span class="mi">5</span> <span class="n">speed</span> <span class="o">=</span> <span class="n">object_speed</span> <span class="o">*</span> <span class="mf">1.2</span> <span class="o">*</span> <span class="n">speed_variation</span> <span class="k">else</span><span class="p">:</span> <span class="c1"># dangerous </span> <span class="n">color</span> <span class="o">=</span> <span class="n">PURPLE</span> <span class="n">points</span> <span class="o">=</span> <span class="mi">0</span> <span class="c1"># Points don't matter as game will end if caught </span> <span class="n">speed</span> <span class="o">=</span> <span class="n">object_speed</span> <span class="o">*</span> <span class="mf">0.9</span> <span class="o">*</span> <span class="n">speed_variation</span> <span class="k">return</span> <span class="p">{</span><span class="sh">'</span><span class="s">x</span><span class="sh">'</span><span class="p">:</span> <span class="n">x</span><span class="p">,</span> <span class="sh">'</span><span class="s">y</span><span class="sh">'</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span> <span class="sh">'</span><span class="s">type</span><span class="sh">'</span><span class="p">:</span> <span class="n">obj_type</span><span class="p">,</span> <span class="sh">'</span><span class="s">color</span><span class="sh">'</span><span class="p">:</span> <span class="n">color</span><span class="p">,</span> <span class="sh">'</span><span class="s">points</span><span class="sh">'</span><span class="p">:</span> <span class="n">points</span><span class="p">,</span> <span class="sh">'</span><span class="s">speed</span><span class="sh">'</span><span class="p">:</span> <span class="n">speed</span><span class="p">}</span> <span class="k">def</span> <span class="nf">create_powerup</span><span class="p">():</span> <span class="n">x</span> <span class="o">=</span> <span class="n">random</span><span class="p">.</span><span class="nf">randint</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="n">SCREEN_WIDTH</span> <span class="o">-</span> <span class="n">object_size</span><span class="p">)</span> <span class="n">powerup_type</span> <span class="o">=</span> <span class="n">random</span><span class="p">.</span><span class="nf">choice</span><span class="p">([</span><span class="sh">'</span><span class="s">wider</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">slower</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">extra_life</span><span class="sh">'</span><span class="p">])</span> <span class="k">if</span> <span class="n">powerup_type</span> <span class="o">==</span> <span class="sh">'</span><span class="s">wider</span><span class="sh">'</span><span class="p">:</span> <span class="n">color</span> <span class="o">=</span> <span class="n">YELLOW</span> <span class="n">size</span> <span class="o">=</span> <span class="n">object_size</span> <span class="k">elif</span> <span class="n">powerup_type</span> <span class="o">==</span> <span class="sh">'</span><span class="s">slower</span><span class="sh">'</span><span class="p">:</span> <span class="n">color</span> <span class="o">=</span> <span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="mi">255</span><span class="p">,</span> <span class="mi">255</span><span class="p">)</span> <span class="c1"># Cyan </span> <span class="n">size</span> <span class="o">=</span> <span class="mi">60</span> <span class="c1"># Larger size for slower powerup </span> <span class="k">else</span><span class="p">:</span> <span class="c1"># extra_life </span> <span class="n">color</span> <span class="o">=</span> <span class="p">(</span><span class="mi">255</span><span class="p">,</span> <span class="mi">105</span><span class="p">,</span> <span class="mi">180</span><span class="p">)</span> <span class="c1"># Pink </span> <span class="n">size</span> <span class="o">=</span> <span class="n">object_size</span> <span class="k">return</span> <span class="p">{</span><span class="sh">'</span><span class="s">x</span><span class="sh">'</span><span class="p">:</span> <span class="n">x</span><span class="p">,</span> <span class="sh">'</span><span class="s">y</span><span class="sh">'</span><span class="p">:</span> <span class="mi">0</span><span class="p">,</span> <span class="sh">'</span><span class="s">type</span><span class="sh">'</span><span class="p">:</span> <span class="n">powerup_type</span><span class="p">,</span> <span class="sh">'</span><span class="s">color</span><span class="sh">'</span><span class="p">:</span> <span class="n">color</span><span class="p">,</span> <span class="sh">'</span><span class="s">speed</span><span class="sh">'</span><span class="p">:</span> <span class="n">object_speed</span> <span class="o">*</span> <span class="mf">0.7</span><span class="p">,</span> <span class="sh">'</span><span class="s">size</span><span class="sh">'</span><span class="p">:</span> <span class="n">size</span><span class="p">}</span> <span class="k">def</span> <span class="nf">draw_objects</span><span class="p">():</span> <span class="k">for</span> <span class="n">obj</span> <span class="ow">in</span> <span class="n">objects</span><span class="p">:</span> <span class="k">if</span> <span class="n">obj</span><span class="p">[</span><span class="sh">'</span><span class="s">type</span><span class="sh">'</span><span class="p">]</span> <span class="ow">in</span> <span class="n">images</span><span class="p">:</span> <span class="n">screen</span><span class="p">.</span><span class="nf">blit</span><span class="p">(</span><span class="n">images</span><span class="p">[</span><span class="n">obj</span><span class="p">[</span><span class="sh">'</span><span class="s">type</span><span class="sh">'</span><span class="p">]],</span> <span class="p">(</span><span class="n">obj</span><span class="p">[</span><span class="sh">'</span><span class="s">x</span><span class="sh">'</span><span class="p">],</span> <span class="n">obj</span><span class="p">[</span><span class="sh">'</span><span class="s">y</span><span class="sh">'</span><span class="p">]))</span> <span class="k">else</span><span class="p">:</span> <span class="n">pygame</span><span class="p">.</span><span class="n">draw</span><span class="p">.</span><span class="nf">rect</span><span class="p">(</span><span class="n">screen</span><span class="p">,</span> <span class="n">obj</span><span class="p">[</span><span class="sh">'</span><span class="s">color</span><span class="sh">'</span><span class="p">],</span> <span class="p">[</span><span class="n">obj</span><span class="p">[</span><span class="sh">'</span><span class="s">x</span><span class="sh">'</span><span class="p">],</span> <span class="n">obj</span><span class="p">[</span><span class="sh">'</span><span class="s">y</span><span class="sh">'</span><span class="p">],</span> <span class="n">object_size</span><span class="p">,</span> <span class="n">object_size</span><span class="p">])</span> <span class="k">def</span> <span class="nf">draw_powerups</span><span class="p">():</span> <span class="k">for</span> <span class="n">pu</span> <span class="ow">in</span> <span class="n">powerups</span><span class="p">:</span> <span class="k">if</span> <span class="n">pu</span><span class="p">[</span><span class="sh">'</span><span class="s">type</span><span class="sh">'</span><span class="p">]</span> <span class="ow">in</span> <span class="n">images</span><span class="p">:</span> <span class="c1"># Special handling for the slower powerup to make it larger </span> <span class="k">if</span> <span class="n">pu</span><span class="p">[</span><span class="sh">'</span><span class="s">type</span><span class="sh">'</span><span class="p">]</span> <span class="o">==</span> <span class="sh">'</span><span class="s">slower</span><span class="sh">'</span><span class="p">:</span> <span class="n">screen</span><span class="p">.</span><span class="nf">blit</span><span class="p">(</span><span class="n">images</span><span class="p">[</span><span class="n">pu</span><span class="p">[</span><span class="sh">'</span><span class="s">type</span><span class="sh">'</span><span class="p">]],</span> <span class="p">(</span><span class="n">pu</span><span class="p">[</span><span class="sh">'</span><span class="s">x</span><span class="sh">'</span><span class="p">]</span> <span class="o">-</span> <span class="mi">5</span><span class="p">,</span> <span class="n">pu</span><span class="p">[</span><span class="sh">'</span><span class="s">y</span><span class="sh">'</span><span class="p">]</span> <span class="o">-</span> <span class="mi">5</span><span class="p">))</span> <span class="c1"># Adjust position to center it </span> <span class="k">else</span><span class="p">:</span> <span class="n">screen</span><span class="p">.</span><span class="nf">blit</span><span class="p">(</span><span class="n">images</span><span class="p">[</span><span class="n">pu</span><span class="p">[</span><span class="sh">'</span><span class="s">type</span><span class="sh">'</span><span class="p">]],</span> <span class="p">(</span><span class="n">pu</span><span class="p">[</span><span class="sh">'</span><span class="s">x</span><span class="sh">'</span><span class="p">],</span> <span class="n">pu</span><span class="p">[</span><span class="sh">'</span><span class="s">y</span><span class="sh">'</span><span class="p">]))</span> <span class="k">else</span><span class="p">:</span> <span class="c1"># Fallback to colored rectangles </span> <span class="k">if</span> <span class="n">pu</span><span class="p">[</span><span class="sh">'</span><span class="s">type</span><span class="sh">'</span><span class="p">]</span> <span class="o">==</span> <span class="sh">'</span><span class="s">slower</span><span class="sh">'</span><span class="p">:</span> <span class="c1"># Draw a larger rectangle for slower powerup </span> <span class="n">pygame</span><span class="p">.</span><span class="n">draw</span><span class="p">.</span><span class="nf">rect</span><span class="p">(</span><span class="n">screen</span><span class="p">,</span> <span class="n">pu</span><span class="p">[</span><span class="sh">'</span><span class="s">color</span><span class="sh">'</span><span class="p">],</span> <span class="p">[</span><span class="n">pu</span><span class="p">[</span><span class="sh">'</span><span class="s">x</span><span class="sh">'</span><span class="p">]</span> <span class="o">-</span> <span class="mi">5</span><span class="p">,</span> <span class="n">pu</span><span class="p">[</span><span class="sh">'</span><span class="s">y</span><span class="sh">'</span><span class="p">]</span> <span class="o">-</span> <span class="mi">5</span><span class="p">,</span> <span class="mi">60</span><span class="p">,</span> <span class="mi">60</span><span class="p">])</span> <span class="c1"># Draw a "S" on the powerup </span> <span class="n">text</span> <span class="o">=</span> <span class="n">small_font</span><span class="p">.</span><span class="nf">render</span><span class="p">(</span><span class="sh">"</span><span class="s">S</span><span class="sh">"</span><span class="p">,</span> <span class="bp">True</span><span class="p">,</span> <span class="n">BLACK</span><span class="p">)</span> <span class="n">screen</span><span class="p">.</span><span class="nf">blit</span><span class="p">(</span><span class="n">text</span><span class="p">,</span> <span class="p">(</span><span class="n">pu</span><span class="p">[</span><span class="sh">'</span><span class="s">x</span><span class="sh">'</span><span class="p">]</span> <span class="o">+</span> <span class="mi">25</span><span class="p">,</span> <span class="n">pu</span><span class="p">[</span><span class="sh">'</span><span class="s">y</span><span class="sh">'</span><span class="p">]</span> <span class="o">+</span> <span class="mi">20</span><span class="p">))</span> <span class="k">else</span><span class="p">:</span> <span class="n">pygame</span><span class="p">.</span><span class="n">draw</span><span class="p">.</span><span class="nf">rect</span><span class="p">(</span><span class="n">screen</span><span class="p">,</span> <span class="n">pu</span><span class="p">[</span><span class="sh">'</span><span class="s">color</span><span class="sh">'</span><span class="p">],</span> <span class="p">[</span><span class="n">pu</span><span class="p">[</span><span class="sh">'</span><span class="s">x</span><span class="sh">'</span><span class="p">],</span> <span class="n">pu</span><span class="p">[</span><span class="sh">'</span><span class="s">y</span><span class="sh">'</span><span class="p">],</span> <span class="n">object_size</span><span class="p">,</span> <span class="n">object_size</span><span class="p">])</span> <span class="c1"># Draw a "P" on the powerup </span> <span class="n">text</span> <span class="o">=</span> <span class="n">small_font</span><span class="p">.</span><span class="nf">render</span><span class="p">(</span><span class="sh">"</span><span class="s">P</span><span class="sh">"</span><span class="p">,</span> <span class="bp">True</span><span class="p">,</span> <span class="n">BLACK</span><span class="p">)</span> <span class="n">screen</span><span class="p">.</span><span class="nf">blit</span><span class="p">(</span><span class="n">text</span><span class="p">,</span> <span class="p">(</span><span class="n">pu</span><span class="p">[</span><span class="sh">'</span><span class="s">x</span><span class="sh">'</span><span class="p">]</span> <span class="o">+</span> <span class="mi">20</span><span class="p">,</span> <span class="n">pu</span><span class="p">[</span><span class="sh">'</span><span class="s">y</span><span class="sh">'</span><span class="p">]</span> <span class="o">+</span> <span class="mi">15</span><span class="p">))</span> <span class="k">def</span> <span class="nf">show_score</span><span class="p">():</span> <span class="n">score_text</span> <span class="o">=</span> <span class="n">font</span><span class="p">.</span><span class="nf">render</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Score: </span><span class="si">{</span><span class="n">score</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="bp">True</span><span class="p">,</span> <span class="n">WHITE</span><span class="p">)</span> <span class="n">level_text</span> <span class="o">=</span> <span class="n">font</span><span class="p">.</span><span class="nf">render</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Level: </span><span class="si">{</span><span class="n">level</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="bp">True</span><span class="p">,</span> <span class="n">WHITE</span><span class="p">)</span> <span class="n">lives_text</span> <span class="o">=</span> <span class="n">font</span><span class="p">.</span><span class="nf">render</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Lives: </span><span class="si">{</span><span class="n">player_lives</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="bp">True</span><span class="p">,</span> <span class="n">WHITE</span><span class="p">)</span> <span class="n">screen</span><span class="p">.</span><span class="nf">blit</span><span class="p">(</span><span class="n">score_text</span><span class="p">,</span> <span class="p">(</span><span class="mi">10</span><span class="p">,</span> <span class="mi">10</span><span class="p">))</span> <span class="n">screen</span><span class="p">.</span><span class="nf">blit</span><span class="p">(</span><span class="n">level_text</span><span class="p">,</span> <span class="p">(</span><span class="n">SCREEN_WIDTH</span> <span class="o">-</span> <span class="mi">120</span><span class="p">,</span> <span class="mi">10</span><span class="p">))</span> <span class="n">screen</span><span class="p">.</span><span class="nf">blit</span><span class="p">(</span><span class="n">lives_text</span><span class="p">,</span> <span class="p">(</span><span class="mi">10</span><span class="p">,</span> <span class="mi">50</span><span class="p">))</span> <span class="c1"># Show music status </span> <span class="n">music_text</span> <span class="o">=</span> <span class="n">small_font</span><span class="p">.</span><span class="nf">render</span><span class="p">(</span><span class="sh">"</span><span class="s">Music: </span><span class="sh">"</span> <span class="o">+</span> <span class="p">(</span><span class="sh">"</span><span class="s">ON</span><span class="sh">"</span> <span class="k">if</span> <span class="n">music_playing</span> <span class="k">else</span> <span class="sh">"</span><span class="s">OFF</span><span class="sh">"</span><span class="p">)</span> <span class="o">+</span> <span class="sh">"</span><span class="s"> (M to toggle)</span><span class="sh">"</span><span class="p">,</span> <span class="bp">True</span><span class="p">,</span> <span class="n">WHITE</span><span class="p">)</span> <span class="n">screen</span><span class="p">.</span><span class="nf">blit</span><span class="p">(</span><span class="n">music_text</span><span class="p">,</span> <span class="p">(</span><span class="n">SCREEN_WIDTH</span> <span class="o">-</span> <span class="mi">220</span><span class="p">,</span> <span class="mi">50</span><span class="p">))</span> <span class="c1"># Show active powerups with icons </span> <span class="n">y_offset</span> <span class="o">=</span> <span class="mi">90</span> <span class="k">for</span> <span class="n">powerup_type</span><span class="p">,</span> <span class="n">time_left</span> <span class="ow">in</span> <span class="n">active_powerups</span><span class="p">.</span><span class="nf">items</span><span class="p">():</span> <span class="k">if</span> <span class="n">time_left</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">:</span> <span class="k">if</span> <span class="n">powerup_type</span> <span class="ow">in</span> <span class="n">images</span><span class="p">:</span> <span class="c1"># Draw a small version of the powerup icon </span> <span class="n">small_icon</span> <span class="o">=</span> <span class="n">pygame</span><span class="p">.</span><span class="n">transform</span><span class="p">.</span><span class="nf">scale</span><span class="p">(</span><span class="n">images</span><span class="p">[</span><span class="n">powerup_type</span><span class="p">],</span> <span class="p">(</span><span class="mi">20</span><span class="p">,</span> <span class="mi">20</span><span class="p">))</span> <span class="n">screen</span><span class="p">.</span><span class="nf">blit</span><span class="p">(</span><span class="n">small_icon</span><span class="p">,</span> <span class="p">(</span><span class="mi">10</span><span class="p">,</span> <span class="n">y_offset</span><span class="p">))</span> <span class="c1"># For wider powerup, show the current level </span> <span class="k">if</span> <span class="n">powerup_type</span> <span class="o">==</span> <span class="sh">'</span><span class="s">wider</span><span class="sh">'</span><span class="p">:</span> <span class="n">powerup_text</span> <span class="o">=</span> <span class="n">small_font</span><span class="p">.</span><span class="nf">render</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">powerup_type</span><span class="p">.</span><span class="nf">capitalize</span><span class="p">()</span><span class="si">}</span><span class="s"> (x</span><span class="si">{</span><span class="n">wider_level</span><span class="si">}</span><span class="s">): </span><span class="si">{</span><span class="n">time_left</span><span class="o">//</span><span class="mi">60</span><span class="si">}</span><span class="s">s</span><span class="sh">"</span><span class="p">,</span> <span class="bp">True</span><span class="p">,</span> <span class="n">YELLOW</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="n">powerup_text</span> <span class="o">=</span> <span class="n">small_font</span><span class="p">.</span><span class="nf">render</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">powerup_type</span><span class="p">.</span><span class="nf">capitalize</span><span class="p">()</span><span class="si">}</span><span class="s">: </span><span class="si">{</span><span class="n">time_left</span><span class="o">//</span><span class="mi">60</span><span class="si">}</span><span class="s">s</span><span class="sh">"</span><span class="p">,</span> <span class="bp">True</span><span class="p">,</span> <span class="n">YELLOW</span><span class="p">)</span> <span class="n">screen</span><span class="p">.</span><span class="nf">blit</span><span class="p">(</span><span class="n">powerup_text</span><span class="p">,</span> <span class="p">(</span><span class="mi">35</span><span class="p">,</span> <span class="n">y_offset</span> <span class="o">+</span> <span class="mi">2</span><span class="p">))</span> <span class="c1"># Align text with icon </span> <span class="k">else</span><span class="p">:</span> <span class="c1"># Fallback if image not available </span> <span class="k">if</span> <span class="n">powerup_type</span> <span class="o">==</span> <span class="sh">'</span><span class="s">wider</span><span class="sh">'</span><span class="p">:</span> <span class="n">powerup_text</span> <span class="o">=</span> <span class="n">small_font</span><span class="p">.</span><span class="nf">render</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">powerup_type</span><span class="p">.</span><span class="nf">capitalize</span><span class="p">()</span><span class="si">}</span><span class="s"> (x</span><span class="si">{</span><span class="n">wider_level</span><span class="si">}</span><span class="s">): </span><span class="si">{</span><span class="n">time_left</span><span class="o">//</span><span class="mi">60</span><span class="si">}</span><span class="s">s</span><span class="sh">"</span><span class="p">,</span> <span class="bp">True</span><span class="p">,</span> <span class="n">YELLOW</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="n">powerup_text</span> <span class="o">=</span> <span class="n">small_font</span><span class="p">.</span><span class="nf">render</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">powerup_type</span><span class="p">.</span><span class="nf">capitalize</span><span class="p">()</span><span class="si">}</span><span class="s">: </span><span class="si">{</span><span class="n">time_left</span><span class="o">//</span><span class="mi">60</span><span class="si">}</span><span class="s">s</span><span class="sh">"</span><span class="p">,</span> <span class="bp">True</span><span class="p">,</span> <span class="n">YELLOW</span><span class="p">)</span> <span class="n">screen</span><span class="p">.</span><span class="nf">blit</span><span class="p">(</span><span class="n">powerup_text</span><span class="p">,</span> <span class="p">(</span><span class="mi">10</span><span class="p">,</span> <span class="n">y_offset</span><span class="p">))</span> <span class="n">y_offset</span> <span class="o">+=</span> <span class="mi">25</span> <span class="k">def</span> <span class="nf">check_level_up</span><span class="p">():</span> <span class="k">global</span> <span class="n">level</span><span class="p">,</span> <span class="n">current_settings</span><span class="p">,</span> <span class="n">spawn_delay</span><span class="p">,</span> <span class="n">object_speed</span><span class="p">,</span> <span class="n">special_chance</span> <span class="c1"># Level up every 50 points </span> <span class="n">new_level</span> <span class="o">=</span> <span class="nf">min</span><span class="p">(</span><span class="mi">5</span><span class="p">,</span> <span class="mi">1</span> <span class="o">+</span> <span class="n">score</span> <span class="o">//</span> <span class="mi">50</span><span class="p">)</span> <span class="k">if</span> <span class="n">new_level</span> <span class="o">&gt;</span> <span class="n">level</span><span class="p">:</span> <span class="n">level</span> <span class="o">=</span> <span class="n">new_level</span> <span class="n">current_settings</span> <span class="o">=</span> <span class="n">level_settings</span><span class="p">[</span><span class="n">level</span><span class="p">]</span> <span class="n">spawn_delay</span> <span class="o">=</span> <span class="n">current_settings</span><span class="p">[</span><span class="sh">"</span><span class="s">spawn_delay</span><span class="sh">"</span><span class="p">]</span> <span class="n">object_speed</span> <span class="o">=</span> <span class="n">current_settings</span><span class="p">[</span><span class="sh">"</span><span class="s">object_speed</span><span class="sh">"</span><span class="p">]</span> <span class="n">special_chance</span> <span class="o">=</span> <span class="n">current_settings</span><span class="p">[</span><span class="sh">"</span><span class="s">special_chance</span><span class="sh">"</span><span class="p">]</span> <span class="c1"># Show level up message </span> <span class="k">return</span> <span class="bp">True</span> <span class="k">return</span> <span class="bp">False</span> <span class="k">def</span> <span class="nf">apply_powerup</span><span class="p">(</span><span class="n">powerup_type</span><span class="p">):</span> <span class="k">global</span> <span class="n">player_width</span><span class="p">,</span> <span class="n">object_speed</span><span class="p">,</span> <span class="n">player_lives</span><span class="p">,</span> <span class="n">wider_level</span> <span class="k">if</span> <span class="n">powerup_type</span> <span class="o">==</span> <span class="sh">'</span><span class="s">wider</span><span class="sh">'</span><span class="p">:</span> <span class="c1"># Increase the wider level (max 3) </span> <span class="n">wider_level</span> <span class="o">=</span> <span class="nf">min</span><span class="p">(</span><span class="mi">3</span><span class="p">,</span> <span class="n">wider_level</span> <span class="o">+</span> <span class="mi">1</span><span class="p">)</span> <span class="c1"># Set width based on wider_level </span> <span class="k">if</span> <span class="n">wider_level</span> <span class="o">==</span> <span class="mi">2</span><span class="p">:</span> <span class="n">player_width</span> <span class="o">=</span> <span class="mi">160</span> <span class="c1"># Enough for 2 images with overlap </span> <span class="k">elif</span> <span class="n">wider_level</span> <span class="o">==</span> <span class="mi">3</span><span class="p">:</span> <span class="n">player_width</span> <span class="o">=</span> <span class="mi">220</span> <span class="c1"># Enough for 3 images with overlap </span> <span class="n">active_powerups</span><span class="p">[</span><span class="sh">'</span><span class="s">wider</span><span class="sh">'</span><span class="p">]</span> <span class="o">=</span> <span class="mi">600</span> <span class="c1"># 10 seconds (60 fps * 10) </span> <span class="k">elif</span> <span class="n">powerup_type</span> <span class="o">==</span> <span class="sh">'</span><span class="s">slower</span><span class="sh">'</span><span class="p">:</span> <span class="n">object_speed</span> <span class="o">*=</span> <span class="mf">0.7</span> <span class="n">active_powerups</span><span class="p">[</span><span class="sh">'</span><span class="s">slower</span><span class="sh">'</span><span class="p">]</span> <span class="o">=</span> <span class="mi">300</span> <span class="c1"># 5 seconds </span> <span class="k">elif</span> <span class="n">powerup_type</span> <span class="o">==</span> <span class="sh">'</span><span class="s">extra_life</span><span class="sh">'</span><span class="p">:</span> <span class="n">player_lives</span> <span class="o">=</span> <span class="nf">min</span><span class="p">(</span><span class="mi">5</span><span class="p">,</span> <span class="n">player_lives</span> <span class="o">+</span> <span class="mi">1</span><span class="p">)</span> <span class="c1"># Play powerup sound </span> <span class="k">if</span> <span class="n">powerup_sound</span><span class="p">:</span> <span class="n">powerup_sound</span><span class="p">.</span><span class="nf">play</span><span class="p">()</span> <span class="k">def</span> <span class="nf">update_powerups</span><span class="p">():</span> <span class="k">global</span> <span class="n">player_width</span><span class="p">,</span> <span class="n">object_speed</span><span class="p">,</span> <span class="n">wider_level</span> <span class="k">for</span> <span class="n">powerup_type</span> <span class="ow">in</span> <span class="nf">list</span><span class="p">(</span><span class="n">active_powerups</span><span class="p">.</span><span class="nf">keys</span><span class="p">()):</span> <span class="n">active_powerups</span><span class="p">[</span><span class="n">powerup_type</span><span class="p">]</span> <span class="o">-=</span> <span class="mi">1</span> <span class="k">if</span> <span class="n">active_powerups</span><span class="p">[</span><span class="n">powerup_type</span><span class="p">]</span> <span class="o">&lt;=</span> <span class="mi">0</span><span class="p">:</span> <span class="c1"># Powerup expired </span> <span class="k">if</span> <span class="n">powerup_type</span> <span class="o">==</span> <span class="sh">'</span><span class="s">wider</span><span class="sh">'</span><span class="p">:</span> <span class="n">player_width</span> <span class="o">=</span> <span class="mi">100</span> <span class="c1"># Reset to default airship width </span> <span class="n">wider_level</span> <span class="o">=</span> <span class="mi">1</span> <span class="c1"># Reset wider level </span> <span class="k">elif</span> <span class="n">powerup_type</span> <span class="o">==</span> <span class="sh">'</span><span class="s">slower</span><span class="sh">'</span><span class="p">:</span> <span class="n">object_speed</span> <span class="o">=</span> <span class="n">current_settings</span><span class="p">[</span><span class="sh">"</span><span class="s">object_speed</span><span class="sh">"</span><span class="p">]</span> <span class="c1"># Reset to level default </span> <span class="k">del</span> <span class="n">active_powerups</span><span class="p">[</span><span class="n">powerup_type</span><span class="p">]</span> <span class="k">def</span> <span class="nf">show_message</span><span class="p">(</span><span class="n">message</span><span class="p">,</span> <span class="n">y_offset</span><span class="o">=</span><span class="mi">0</span><span class="p">):</span> <span class="n">text</span> <span class="o">=</span> <span class="n">font</span><span class="p">.</span><span class="nf">render</span><span class="p">(</span><span class="n">message</span><span class="p">,</span> <span class="bp">True</span><span class="p">,</span> <span class="n">WHITE</span><span class="p">)</span> <span class="n">text_rect</span> <span class="o">=</span> <span class="n">text</span><span class="p">.</span><span class="nf">get_rect</span><span class="p">(</span><span class="n">center</span><span class="o">=</span><span class="p">(</span><span class="n">SCREEN_WIDTH</span> <span class="o">//</span> <span class="mi">2</span><span class="p">,</span> <span class="n">SCREEN_HEIGHT</span> <span class="o">//</span> <span class="mi">2</span> <span class="o">+</span> <span class="n">y_offset</span><span class="p">))</span> <span class="c1"># Draw a semi-transparent background for the text </span> <span class="n">s</span> <span class="o">=</span> <span class="n">pygame</span><span class="p">.</span><span class="nc">Surface</span><span class="p">((</span><span class="n">text_rect</span><span class="p">.</span><span class="n">width</span> <span class="o">+</span> <span class="mi">20</span><span class="p">,</span> <span class="n">text_rect</span><span class="p">.</span><span class="n">height</span> <span class="o">+</span> <span class="mi">20</span><span class="p">))</span> <span class="n">s</span><span class="p">.</span><span class="nf">set_alpha</span><span class="p">(</span><span class="mi">200</span><span class="p">)</span> <span class="n">s</span><span class="p">.</span><span class="nf">fill</span><span class="p">(</span><span class="n">BLACK</span><span class="p">)</span> <span class="n">screen</span><span class="p">.</span><span class="nf">blit</span><span class="p">(</span><span class="n">s</span><span class="p">,</span> <span class="p">(</span><span class="n">text_rect</span><span class="p">.</span><span class="n">x</span> <span class="o">-</span> <span class="mi">10</span><span class="p">,</span> <span class="n">text_rect</span><span class="p">.</span><span class="n">y</span> <span class="o">-</span> <span class="mi">10</span><span class="p">))</span> <span class="n">screen</span><span class="p">.</span><span class="nf">blit</span><span class="p">(</span><span class="n">text</span><span class="p">,</span> <span class="n">text_rect</span><span class="p">)</span> <span class="c1"># Main game loop </span><span class="n">running</span> <span class="o">=</span> <span class="bp">True</span> <span class="n">level_up_message_timer</span> <span class="o">=</span> <span class="mi">0</span> <span class="n">show_level_up</span> <span class="o">=</span> <span class="bp">False</span> <span class="k">while</span> <span class="n">running</span><span class="p">:</span> <span class="c1"># Handle events </span> <span class="k">for</span> <span class="n">event</span> <span class="ow">in</span> <span class="n">pygame</span><span class="p">.</span><span class="n">event</span><span class="p">.</span><span class="nf">get</span><span class="p">():</span> <span class="k">if</span> <span class="n">event</span><span class="p">.</span><span class="nb">type</span> <span class="o">==</span> <span class="n">pygame</span><span class="p">.</span><span class="n">QUIT</span><span class="p">:</span> <span class="n">running</span> <span class="o">=</span> <span class="bp">False</span> <span class="k">elif</span> <span class="n">event</span><span class="p">.</span><span class="nb">type</span> <span class="o">==</span> <span class="n">pygame</span><span class="p">.</span><span class="n">KEYDOWN</span><span class="p">:</span> <span class="k">if</span> <span class="n">event</span><span class="p">.</span><span class="n">key</span> <span class="o">==</span> <span class="n">pygame</span><span class="p">.</span><span class="n">K_p</span><span class="p">:</span> <span class="n">paused</span> <span class="o">=</span> <span class="ow">not</span> <span class="n">paused</span> <span class="k">elif</span> <span class="n">event</span><span class="p">.</span><span class="n">key</span> <span class="o">==</span> <span class="n">pygame</span><span class="p">.</span><span class="n">K_m</span><span class="p">:</span> <span class="c1"># Toggle music on/off </span> <span class="k">if</span> <span class="n">music_playing</span><span class="p">:</span> <span class="n">pygame</span><span class="p">.</span><span class="n">mixer</span><span class="p">.</span><span class="n">music</span><span class="p">.</span><span class="nf">pause</span><span class="p">()</span> <span class="n">music_playing</span> <span class="o">=</span> <span class="bp">False</span> <span class="k">else</span><span class="p">:</span> <span class="k">try</span><span class="p">:</span> <span class="n">pygame</span><span class="p">.</span><span class="n">mixer</span><span class="p">.</span><span class="n">music</span><span class="p">.</span><span class="nf">unpause</span><span class="p">()</span> <span class="n">music_playing</span> <span class="o">=</span> <span class="bp">True</span> <span class="k">except</span><span class="p">:</span> <span class="c1"># If music wasn't loaded or was stopped (not paused) </span> <span class="k">try</span><span class="p">:</span> <span class="n">pygame</span><span class="p">.</span><span class="n">mixer</span><span class="p">.</span><span class="n">music</span><span class="p">.</span><span class="nf">play</span><span class="p">(</span><span class="o">-</span><span class="mi">1</span><span class="p">)</span> <span class="n">music_playing</span> <span class="o">=</span> <span class="bp">True</span> <span class="k">except</span><span class="p">:</span> <span class="k">pass</span> <span class="k">elif</span> <span class="n">event</span><span class="p">.</span><span class="n">key</span> <span class="o">==</span> <span class="n">pygame</span><span class="p">.</span><span class="n">K_r</span> <span class="ow">and</span> <span class="n">game_over</span><span class="p">:</span> <span class="c1"># Reset game </span> <span class="n">game_over</span> <span class="o">=</span> <span class="bp">False</span> <span class="n">score</span> <span class="o">=</span> <span class="mi">0</span> <span class="n">level</span> <span class="o">=</span> <span class="mi">1</span> <span class="n">player_lives</span> <span class="o">=</span> <span class="mi">3</span> <span class="n">player_width</span> <span class="o">=</span> <span class="mi">100</span> <span class="n">wider_level</span> <span class="o">=</span> <span class="mi">1</span> <span class="c1"># Reset wider level </span> <span class="n">objects</span> <span class="o">=</span> <span class="p">[]</span> <span class="n">powerups</span> <span class="o">=</span> <span class="p">[]</span> <span class="n">active_powerups</span> <span class="o">=</span> <span class="p">{}</span> <span class="n">player_x</span> <span class="o">=</span> <span class="n">SCREEN_WIDTH</span> <span class="o">//</span> <span class="mi">2</span> <span class="o">-</span> <span class="n">player_width</span> <span class="o">//</span> <span class="mi">2</span> <span class="n">current_settings</span> <span class="o">=</span> <span class="n">level_settings</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span> <span class="n">spawn_delay</span> <span class="o">=</span> <span class="n">current_settings</span><span class="p">[</span><span class="sh">"</span><span class="s">spawn_delay</span><span class="sh">"</span><span class="p">]</span> <span class="n">object_speed</span> <span class="o">=</span> <span class="n">current_settings</span><span class="p">[</span><span class="sh">"</span><span class="s">object_speed</span><span class="sh">"</span><span class="p">]</span> <span class="n">special_chance</span> <span class="o">=</span> <span class="n">current_settings</span><span class="p">[</span><span class="sh">"</span><span class="s">special_chance</span><span class="sh">"</span><span class="p">]</span> <span class="c1"># Restart background music </span> <span class="k">try</span><span class="p">:</span> <span class="n">pygame</span><span class="p">.</span><span class="n">mixer</span><span class="p">.</span><span class="n">music</span><span class="p">.</span><span class="nf">play</span><span class="p">(</span><span class="o">-</span><span class="mi">1</span><span class="p">)</span> <span class="k">except</span><span class="p">:</span> <span class="k">pass</span> <span class="c1"># Draw background </span> <span class="k">if</span> <span class="sh">'</span><span class="s">background</span><span class="sh">'</span> <span class="ow">in</span> <span class="nf">locals</span><span class="p">()</span> <span class="ow">and</span> <span class="n">background_img</span><span class="p">:</span> <span class="n">screen</span><span class="p">.</span><span class="nf">blit</span><span class="p">(</span><span class="n">background_img</span><span class="p">,</span> <span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="mi">0</span><span class="p">))</span> <span class="k">else</span><span class="p">:</span> <span class="c1"># Fallback to a gradient background </span> <span class="k">for</span> <span class="n">y</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="n">SCREEN_HEIGHT</span><span class="p">,</span> <span class="mi">2</span><span class="p">):</span> <span class="n">color_value</span> <span class="o">=</span> <span class="mi">50</span> <span class="o">+</span> <span class="p">(</span><span class="n">y</span> <span class="o">/</span> <span class="n">SCREEN_HEIGHT</span> <span class="o">*</span> <span class="mi">50</span><span class="p">)</span> <span class="n">pygame</span><span class="p">.</span><span class="n">draw</span><span class="p">.</span><span class="nf">rect</span><span class="p">(</span><span class="n">screen</span><span class="p">,</span> <span class="p">(</span><span class="mi">50</span><span class="p">,</span> <span class="mi">50</span><span class="p">,</span> <span class="n">color_value</span><span class="p">),</span> <span class="p">[</span><span class="mi">0</span><span class="p">,</span> <span class="n">y</span><span class="p">,</span> <span class="n">SCREEN_WIDTH</span><span class="p">,</span> <span class="mi">2</span><span class="p">])</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">game_over</span> <span class="ow">and</span> <span class="ow">not</span> <span class="n">paused</span><span class="p">:</span> <span class="c1"># Move player </span> <span class="n">keys</span> <span class="o">=</span> <span class="n">pygame</span><span class="p">.</span><span class="n">key</span><span class="p">.</span><span class="nf">get_pressed</span><span class="p">()</span> <span class="k">if</span> <span class="n">keys</span><span class="p">[</span><span class="n">pygame</span><span class="p">.</span><span class="n">K_LEFT</span><span class="p">]</span> <span class="ow">and</span> <span class="n">player_x</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">:</span> <span class="n">player_x</span> <span class="o">-=</span> <span class="n">player_speed</span> <span class="k">if</span> <span class="n">keys</span><span class="p">[</span><span class="n">pygame</span><span class="p">.</span><span class="n">K_RIGHT</span><span class="p">]</span> <span class="ow">and</span> <span class="n">player_x</span> <span class="o">&lt;</span> <span class="n">SCREEN_WIDTH</span> <span class="o">-</span> <span class="n">player_width</span><span class="p">:</span> <span class="n">player_x</span> <span class="o">+=</span> <span class="n">player_speed</span> <span class="c1"># Update powerups </span> <span class="nf">update_powerups</span><span class="p">()</span> <span class="c1"># Spawn new objects </span> <span class="n">spawn_timer</span> <span class="o">+=</span> <span class="mi">1</span> <span class="k">if</span> <span class="n">spawn_timer</span> <span class="o">&gt;=</span> <span class="n">spawn_delay</span><span class="p">:</span> <span class="n">objects</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="nf">create_object</span><span class="p">())</span> <span class="n">spawn_timer</span> <span class="o">=</span> <span class="mi">0</span> <span class="c1"># Spawn powerups </span> <span class="n">powerup_timer</span> <span class="o">+=</span> <span class="mi">1</span> <span class="k">if</span> <span class="n">powerup_timer</span> <span class="o">&gt;=</span> <span class="n">powerup_delay</span><span class="p">:</span> <span class="n">powerups</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="nf">create_powerup</span><span class="p">())</span> <span class="n">powerup_timer</span> <span class="o">=</span> <span class="mi">0</span> <span class="c1"># Move objects </span> <span class="k">for</span> <span class="n">obj</span> <span class="ow">in</span> <span class="n">objects</span><span class="p">[:]:</span> <span class="n">obj</span><span class="p">[</span><span class="sh">'</span><span class="s">y</span><span class="sh">'</span><span class="p">]</span> <span class="o">+=</span> <span class="n">obj</span><span class="p">[</span><span class="sh">'</span><span class="s">speed</span><span class="sh">'</span><span class="p">]</span> <span class="c1"># Check if object is caught </span> <span class="nf">if </span><span class="p">(</span><span class="n">obj</span><span class="p">[</span><span class="sh">'</span><span class="s">y</span><span class="sh">'</span><span class="p">]</span> <span class="o">+</span> <span class="n">object_size</span> <span class="o">&gt;</span> <span class="n">player_y</span> <span class="ow">and</span> <span class="n">obj</span><span class="p">[</span><span class="sh">'</span><span class="s">y</span><span class="sh">'</span><span class="p">]</span> <span class="o">&lt;</span> <span class="n">player_y</span> <span class="o">+</span> <span class="n">player_height</span> <span class="ow">and</span> <span class="n">obj</span><span class="p">[</span><span class="sh">'</span><span class="s">x</span><span class="sh">'</span><span class="p">]</span> <span class="o">+</span> <span class="n">object_size</span> <span class="o">&gt;</span> <span class="n">player_x</span> <span class="ow">and</span> <span class="n">obj</span><span class="p">[</span><span class="sh">'</span><span class="s">x</span><span class="sh">'</span><span class="p">]</span> <span class="o">&lt;</span> <span class="n">player_x</span> <span class="o">+</span> <span class="n">player_width</span><span class="p">):</span> <span class="n">objects</span><span class="p">.</span><span class="nf">remove</span><span class="p">(</span><span class="n">obj</span><span class="p">)</span> <span class="c1"># Check if dangerous object was caught </span> <span class="k">if</span> <span class="n">obj</span><span class="p">[</span><span class="sh">'</span><span class="s">type</span><span class="sh">'</span><span class="p">]</span> <span class="o">==</span> <span class="sh">'</span><span class="s">dangerous</span><span class="sh">'</span><span class="p">:</span> <span class="c1"># Game over immediately if dangerous object is caught </span> <span class="n">game_over</span> <span class="o">=</span> <span class="bp">True</span> <span class="k">if</span> <span class="n">game_over_sound</span><span class="p">:</span> <span class="n">game_over_sound</span><span class="p">.</span><span class="nf">play</span><span class="p">()</span> <span class="c1"># Stop background music </span> <span class="n">pygame</span><span class="p">.</span><span class="n">mixer</span><span class="p">.</span><span class="n">music</span><span class="p">.</span><span class="nf">stop</span><span class="p">()</span> <span class="k">else</span><span class="p">:</span> <span class="c1"># Add points for non-dangerous objects </span> <span class="n">score</span> <span class="o">+=</span> <span class="n">obj</span><span class="p">[</span><span class="sh">'</span><span class="s">points</span><span class="sh">'</span><span class="p">]</span> <span class="c1"># Play catch sound </span> <span class="k">if</span> <span class="n">catch_sound</span><span class="p">:</span> <span class="n">catch_sound</span><span class="p">.</span><span class="nf">play</span><span class="p">()</span> <span class="c1"># Check for level up </span> <span class="k">if</span> <span class="nf">check_level_up</span><span class="p">():</span> <span class="n">show_level_up</span> <span class="o">=</span> <span class="bp">True</span> <span class="n">level_up_message_timer</span> <span class="o">=</span> <span class="mi">180</span> <span class="c1"># Show for 3 seconds </span> <span class="c1"># Check if object is missed </span> <span class="k">elif</span> <span class="n">obj</span><span class="p">[</span><span class="sh">'</span><span class="s">y</span><span class="sh">'</span><span class="p">]</span> <span class="o">&gt;</span> <span class="n">SCREEN_HEIGHT</span><span class="p">:</span> <span class="n">objects</span><span class="p">.</span><span class="nf">remove</span><span class="p">(</span><span class="n">obj</span><span class="p">)</span> <span class="k">if</span> <span class="n">obj</span><span class="p">[</span><span class="sh">'</span><span class="s">type</span><span class="sh">'</span><span class="p">]</span> <span class="o">!=</span> <span class="sh">'</span><span class="s">dangerous</span><span class="sh">'</span><span class="p">:</span> <span class="c1"># Only lose lives for non-dangerous objects </span> <span class="n">player_lives</span> <span class="o">-=</span> <span class="mi">1</span> <span class="k">if</span> <span class="n">player_lives</span> <span class="o">&lt;=</span> <span class="mi">0</span><span class="p">:</span> <span class="n">game_over</span> <span class="o">=</span> <span class="bp">True</span> <span class="k">if</span> <span class="n">game_over_sound</span><span class="p">:</span> <span class="n">game_over_sound</span><span class="p">.</span><span class="nf">play</span><span class="p">()</span> <span class="c1"># Stop background music </span> <span class="n">pygame</span><span class="p">.</span><span class="n">mixer</span><span class="p">.</span><span class="n">music</span><span class="p">.</span><span class="nf">stop</span><span class="p">()</span> <span class="c1"># Move powerups </span> <span class="k">for</span> <span class="n">pu</span> <span class="ow">in</span> <span class="n">powerups</span><span class="p">[:]:</span> <span class="n">pu</span><span class="p">[</span><span class="sh">'</span><span class="s">y</span><span class="sh">'</span><span class="p">]</span> <span class="o">+=</span> <span class="n">pu</span><span class="p">[</span><span class="sh">'</span><span class="s">speed</span><span class="sh">'</span><span class="p">]</span> <span class="c1"># Check if powerup is caught </span> <span class="nf">if </span><span class="p">(</span><span class="n">pu</span><span class="p">[</span><span class="sh">'</span><span class="s">y</span><span class="sh">'</span><span class="p">]</span> <span class="o">+</span> <span class="p">(</span><span class="n">pu</span><span class="p">[</span><span class="sh">'</span><span class="s">size</span><span class="sh">'</span><span class="p">]</span> <span class="k">if</span> <span class="sh">'</span><span class="s">size</span><span class="sh">'</span> <span class="ow">in</span> <span class="n">pu</span> <span class="k">else</span> <span class="n">object_size</span><span class="p">)</span> <span class="o">&gt;</span> <span class="n">player_y</span> <span class="ow">and</span> <span class="n">pu</span><span class="p">[</span><span class="sh">'</span><span class="s">y</span><span class="sh">'</span><span class="p">]</span> <span class="o">&lt;</span> <span class="n">player_y</span> <span class="o">+</span> <span class="n">player_height</span> <span class="ow">and</span> <span class="n">pu</span><span class="p">[</span><span class="sh">'</span><span class="s">x</span><span class="sh">'</span><span class="p">]</span> <span class="o">+</span> <span class="p">(</span><span class="n">pu</span><span class="p">[</span><span class="sh">'</span><span class="s">size</span><span class="sh">'</span><span class="p">]</span> <span class="k">if</span> <span class="sh">'</span><span class="s">size</span><span class="sh">'</span> <span class="ow">in</span> <span class="n">pu</span> <span class="k">else</span> <span class="n">object_size</span><span class="p">)</span> <span class="o">&gt;</span> <span class="n">player_x</span> <span class="ow">and</span> <span class="n">pu</span><span class="p">[</span><span class="sh">'</span><span class="s">x</span><span class="sh">'</span><span class="p">]</span> <span class="o">&lt;</span> <span class="n">player_x</span> <span class="o">+</span> <span class="n">player_width</span><span class="p">):</span> <span class="n">powerups</span><span class="p">.</span><span class="nf">remove</span><span class="p">(</span><span class="n">pu</span><span class="p">)</span> <span class="nf">apply_powerup</span><span class="p">(</span><span class="n">pu</span><span class="p">[</span><span class="sh">'</span><span class="s">type</span><span class="sh">'</span><span class="p">])</span> <span class="c1"># Check if powerup is missed </span> <span class="k">elif</span> <span class="n">pu</span><span class="p">[</span><span class="sh">'</span><span class="s">y</span><span class="sh">'</span><span class="p">]</span> <span class="o">&gt;</span> <span class="n">SCREEN_HEIGHT</span><span class="p">:</span> <span class="n">powerups</span><span class="p">.</span><span class="nf">remove</span><span class="p">(</span><span class="n">pu</span><span class="p">)</span> <span class="c1"># Draw everything </span> <span class="nf">draw_player</span><span class="p">(</span><span class="n">player_x</span><span class="p">,</span> <span class="n">player_y</span><span class="p">)</span> <span class="nf">draw_objects</span><span class="p">()</span> <span class="nf">draw_powerups</span><span class="p">()</span> <span class="nf">show_score</span><span class="p">()</span> <span class="c1"># Show level up message </span> <span class="k">if</span> <span class="n">show_level_up</span><span class="p">:</span> <span class="n">level_up_message_timer</span> <span class="o">-=</span> <span class="mi">1</span> <span class="nf">show_message</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Level Up! Level </span><span class="si">{</span><span class="n">level</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="o">-</span><span class="mi">50</span><span class="p">)</span> <span class="k">if</span> <span class="n">level_up_message_timer</span> <span class="o">&lt;=</span> <span class="mi">0</span><span class="p">:</span> <span class="n">show_level_up</span> <span class="o">=</span> <span class="bp">False</span> <span class="k">if</span> <span class="n">game_over</span><span class="p">:</span> <span class="nf">show_message</span><span class="p">(</span><span class="sh">"</span><span class="s">Game Over! Press R to restart</span><span class="sh">"</span><span class="p">)</span> <span class="nf">show_message</span><span class="p">(</span><span class="sh">"</span><span class="s">Final Score: </span><span class="sh">"</span> <span class="o">+</span> <span class="nf">str</span><span class="p">(</span><span class="n">score</span><span class="p">),</span> <span class="mi">50</span><span class="p">)</span> <span class="k">if</span> <span class="n">paused</span><span class="p">:</span> <span class="nf">show_message</span><span class="p">(</span><span class="sh">"</span><span class="s">PAUSED - Press P to continue</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Update display </span> <span class="n">pygame</span><span class="p">.</span><span class="n">display</span><span class="p">.</span><span class="nf">flip</span><span class="p">()</span> <span class="n">clock</span><span class="p">.</span><span class="nf">tick</span><span class="p">(</span><span class="mi">60</span><span class="p">)</span> <span class="c1"># Quit the game </span><span class="n">pygame</span><span class="p">.</span><span class="nf">quit</span><span class="p">()</span> <span class="n">sys</span><span class="p">.</span><span class="nf">exit</span><span class="p">()</span> </code></pre> </div> <h3> Progressive Widening Power-up </h3> <p>The game implements a unique widening system where collecting multiple power-ups increases your paddle width in stages:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">apply_powerup</span><span class="p">(</span><span class="n">powerup_type</span><span class="p">):</span> <span class="k">global</span> <span class="n">player_width</span><span class="p">,</span> <span class="n">object_speed</span><span class="p">,</span> <span class="n">player_lives</span><span class="p">,</span> <span class="n">wider_level</span> <span class="k">if</span> <span class="n">powerup_type</span> <span class="o">==</span> <span class="sh">'</span><span class="s">wider</span><span class="sh">'</span><span class="p">:</span> <span class="n">wider_level</span> <span class="o">=</span> <span class="nf">min</span><span class="p">(</span><span class="mi">3</span><span class="p">,</span> <span class="n">wider_level</span> <span class="o">+</span> <span class="mi">1</span><span class="p">)</span> <span class="k">if</span> <span class="n">wider_level</span> <span class="o">==</span> <span class="mi">2</span><span class="p">:</span> <span class="n">player_width</span> <span class="o">=</span> <span class="mi">160</span> <span class="k">elif</span> <span class="n">wider_level</span> <span class="o">==</span> <span class="mi">3</span><span class="p">:</span> <span class="n">player_width</span> <span class="o">=</span> <span class="mi">220</span> <span class="n">active_powerups</span><span class="p">[</span><span class="sh">'</span><span class="s">wider</span><span class="sh">'</span><span class="p">]</span> <span class="o">=</span> <span class="mi">600</span> </code></pre> </div> <h3> Multiple Object Types </h3> <p>The game features three types of falling objects with different behaviors:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">create_object</span><span class="p">():</span> <span class="n">obj_type</span> <span class="o">=</span> <span class="n">random</span><span class="p">.</span><span class="nf">choices</span><span class="p">(</span> <span class="p">[</span><span class="sh">'</span><span class="s">normal</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">special</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">dangerous</span><span class="sh">'</span><span class="p">],</span> <span class="n">weights</span><span class="o">=</span><span class="p">[</span><span class="mf">0.7</span><span class="p">,</span> <span class="n">special_chance</span><span class="p">,</span> <span class="mf">0.3</span><span class="o">-</span><span class="n">special_chance</span><span class="p">],</span> <span class="n">k</span><span class="o">=</span><span class="mi">1</span> <span class="p">)[</span><span class="mi">0</span><span class="p">]</span> <span class="k">if</span> <span class="n">obj_type</span> <span class="o">==</span> <span class="sh">'</span><span class="s">normal</span><span class="sh">'</span><span class="p">:</span> <span class="n">color</span> <span class="o">=</span> <span class="n">RED</span> <span class="n">points</span> <span class="o">=</span> <span class="mi">1</span> <span class="k">elif</span> <span class="n">obj_type</span> <span class="o">==</span> <span class="sh">'</span><span class="s">special</span><span class="sh">'</span><span class="p">:</span> <span class="n">color</span> <span class="o">=</span> <span class="n">GREEN</span> <span class="n">points</span> <span class="o">=</span> <span class="mi">5</span> <span class="k">else</span><span class="p">:</span> <span class="c1"># dangerous </span> <span class="n">color</span> <span class="o">=</span> <span class="n">PURPLE</span> <span class="n">points</span> <span class="o">=</span> <span class="mi">0</span> <span class="c1"># Game over if caught </span></code></pre> </div> <p>Level System<br> The game automatically progresses through 5 difficulty levels:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">level_settings</span> <span class="o">=</span> <span class="p">{</span> <span class="mi">1</span><span class="p">:</span> <span class="p">{</span><span class="sh">"</span><span class="s">spawn_delay</span><span class="sh">"</span><span class="p">:</span> <span class="mi">60</span><span class="p">,</span> <span class="sh">"</span><span class="s">object_speed</span><span class="sh">"</span><span class="p">:</span> <span class="mi">3</span><span class="p">,</span> <span class="sh">"</span><span class="s">special_chance</span><span class="sh">"</span><span class="p">:</span> <span class="mf">0.1</span><span class="p">},</span> <span class="mi">2</span><span class="p">:</span> <span class="p">{</span><span class="sh">"</span><span class="s">spawn_delay</span><span class="sh">"</span><span class="p">:</span> <span class="mi">50</span><span class="p">,</span> <span class="sh">"</span><span class="s">object_speed</span><span class="sh">"</span><span class="p">:</span> <span class="mi">4</span><span class="p">,</span> <span class="sh">"</span><span class="s">special_chance</span><span class="sh">"</span><span class="p">:</span> <span class="mf">0.15</span><span class="p">},</span> <span class="mi">3</span><span class="p">:</span> <span class="p">{</span><span class="sh">"</span><span class="s">spawn_delay</span><span class="sh">"</span><span class="p">:</span> <span class="mi">40</span><span class="p">,</span> <span class="sh">"</span><span class="s">object_speed</span><span class="sh">"</span><span class="p">:</span> <span class="mi">5</span><span class="p">,</span> <span class="sh">"</span><span class="s">special_chance</span><span class="sh">"</span><span class="p">:</span> <span class="mf">0.2</span><span class="p">},</span> <span class="mi">4</span><span class="p">:</span> <span class="p">{</span><span class="sh">"</span><span class="s">spawn_delay</span><span class="sh">"</span><span class="p">:</span> <span class="mi">30</span><span class="p">,</span> <span class="sh">"</span><span class="s">object_speed</span><span class="sh">"</span><span class="p">:</span> <span class="mi">6</span><span class="p">,</span> <span class="sh">"</span><span class="s">special_chance</span><span class="sh">"</span><span class="p">:</span> <span class="mf">0.25</span><span class="p">},</span> <span class="mi">5</span><span class="p">:</span> <span class="p">{</span><span class="sh">"</span><span class="s">spawn_delay</span><span class="sh">"</span><span class="p">:</span> <span class="mi">20</span><span class="p">,</span> <span class="sh">"</span><span class="s">object_speed</span><span class="sh">"</span><span class="p">:</span> <span class="mi">7</span><span class="p">,</span> <span class="sh">"</span><span class="s">special_chance</span><span class="sh">"</span><span class="p">:</span> <span class="mf">0.3</span><span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> What Stands Out: </h2> <ul> <li>Assets: Loads images and sounds with fallbacks (gradient background, colored rectangles).</li> <li>Spawning: create_object balances object types with random.choices, adjusting for level difficulty.</li> <li>Power-Ups: apply_powerup dynamically adjusts paddle width and object speed.</li> <li>UI: Shows lives as icons, power-up timers, and a semi-transparent message box for pause/game over.</li> <li>Loop: Runs at 60 FPS, handling input, updates, and rendering.</li> <li>Amazon Q structured the code cleanly, using pathlib for paths and suggesting a level_settings dictionary for easy tweaks.</li> </ul> <h3> Building with Amazon Q CLI </h3> <p>Developing the game was a smooth ride with Amazon Q CLI:</p> <ul> <li>Starting Out: A prompt like “set up a Pygame game with a moving paddle” gave me the initial loop and player controls.</li> <li>Adding Objects: “Add falling objects with different types” led to the create_object function, with Amazon Q suggesting weighted probabilities for balance.</li> <li>Power-Ups: “Implement power-ups for wider paddle and extra lives” introduced the wider_level system and timers.</li> <li>Polish: Prompts like “add background music and UI” brought in audio and a clean interface with lives displayed as icons.</li> <li>Debugging: When power-ups didn’t reset properly, “fix power-up expiration” got me the update_powerups function. Amazon Q also caught asset loading errors early.</li> <li>The CLI’s speed and smarts made iterating fun, though I had to be specific with prompts to get exactly what I wanted, like centering the “S” on the slower power-up.</li> </ul> <h2> How to Play game: </h2> <ol> <li>clone the project repository </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>git clone https://github.com/rifkhan107/falling_stars_game-amazaon-q </code></pre> </div> <ol> <li>Install pygame </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>pygame </code></pre> </div> <ol> <li>cd falling_stars_game </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cd </span>falling_stars_game python3 run_game.py </code></pre> </div> <h3> Play: </h3> <ul> <li>Use Left/Right arrows to move.</li> <li>Catch red/green objects, dodge purple.</li> <li>Grab power-ups for advantages.</li> <li>P (pause), M (music toggle), R (restart).</li> <li>Takeaways</li> </ul> <h2> Amazon Q CLI was a powerhouse: </h2> <ul> <li>Wins: Fast code generation, creative ideas (like the wider paddle progression), and quick fixes.</li> <li>Hurdles: Needed clear prompts for complex features; minor manual tweaks for polish.</li> </ul> <h2> What’s Next? </h2> <h3> With Amazon Q, I could: </h3> <ul> <li>Save high scores to a file.</li> <li>Add a “shield” power-up to block purple objects.</li> <li>Build a start menu with options.</li> </ul> <h2> Final Thoughts </h2> <p>Falling Stars Game is proof Amazon Q CLI can turn a game idea into reality fast. It’s fun to play, looks sharp, and was built with AI smarts. Add the screenshot to see Amazon Q in action, then try the game or use Q to code your own. Happy gaming and coding!</p> JM Rifkhan Sun, 01 Dec 2024 08:40:28 +0000 https://forem.com/rifkhan107/setting-up-monitoring-on-amazon-eks-deploying-prometheus-and-grafana-4oe1 https://forem.com/rifkhan107/setting-up-monitoring-on-amazon-eks-deploying-prometheus-and-grafana-4oe1 <p>Monitoring is a critical aspect of managing Kubernetes workloads. This blog guides you through setting up Prometheus and Grafana on an Amazon EKS cluster to monitor cluster resources and application performance effectively. We will also address potential challenges like storage provisioning and showcase the seamless integration between Prometheus and Grafana.</p> <h2> Step 1: Create an Amazon EKS Cluster </h2> <p>We assume you are starting with an Amazon EKS cluster. Here's how you can create one using eksctl.</p> <h3> EKS Cluster Configuration File </h3> <p>Create a file named cluster.yml with the following content:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">eksctl.io/v1alpha5</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">ClusterConfig</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">basic-cluster</span> <span class="na">region</span><span class="pi">:</span> <span class="s">us-west-2</span> <span class="na">nodeGroups</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">ng-1</span> <span class="na">instanceType</span><span class="pi">:</span> <span class="s">m5a.large</span> <span class="na">desiredCapacity</span><span class="pi">:</span> <span class="m">2</span> <span class="na">volumeSize</span><span class="pi">:</span> <span class="m">30</span> <span class="na">ssh</span><span class="pi">:</span> <span class="na">allow</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">iam</span><span class="pi">:</span> <span class="na">withAddonPolicies</span><span class="pi">:</span> <span class="na">ebs</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">cloudWatch</span><span class="pi">:</span> <span class="kc">true</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">ng-2</span> <span class="na">instanceType</span><span class="pi">:</span> <span class="s">m5a.large</span> <span class="na">desiredCapacity</span><span class="pi">:</span> <span class="m">2</span> <span class="na">volumeSize</span><span class="pi">:</span> <span class="m">30</span> <span class="na">iam</span><span class="pi">:</span> <span class="na">withOIDC</span><span class="pi">:</span> <span class="kc">true</span><span class="s">`</span> </code></pre> </div> <p>Run the following command to create the cluster:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>eksctl create cluster <span class="nt">-f</span> cluster.yml </code></pre> </div> <h2> Step 2: Install the AWS EBS CSI Driver Add-On </h2> <p>Prometheus requires persistent storage for metrics data. To dynamically provision Amazon EBS volumes, install the AWS EBS CSI Driver add-on.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>eksctl create addon <span class="se">\</span> <span class="nt">--name</span> aws-ebs-csi-driver <span class="se">\</span> <span class="nt">--cluster</span> basic-cluster <span class="se">\</span> <span class="nt">--region</span> us-west-2 </code></pre> </div> <blockquote> <p><strong>Why the AWS EBS CSI Driver is Required?</strong><br> The EBS CSI Driver enables Kubernetes to manage EBS volumes dynamically. Prometheus uses PersistentVolumeClaims (PVCs) to request storage, and without this driver, the PVCs cannot bind to an EBS volume, leaving the Prometheus pods in a Pending state.</p> </blockquote> <h2> Step 3: Deploy Prometheus </h2> <p>First, create a dedicated namespace for Prometheus:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl create namespace prometheus </code></pre> </div> <p>Add the Prometheus Community Helm repository and update Helm:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>helm repo add prometheus-community https://prometheus-community.github.io/helm-charts helm repo update prometheus-community </code></pre> </div> <p>Install Prometheus with persistent storage using Helm:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> helm upgrade <span class="nt">-i</span> prometheus prometheus-community/prometheus <span class="se">\</span> <span class="nt">--namespace</span> prometheus <span class="se">\</span> <span class="nt">--set</span> alertmanager.persistence.storageClass<span class="o">=</span><span class="s2">"gp2"</span> <span class="se">\</span> <span class="nt">--set</span> server.persistentVolume.storageClass<span class="o">=</span><span class="s2">"gp2"</span> <span class="se">\</span> <span class="nt">--set</span> server.service.type<span class="o">=</span>LoadBalancer </code></pre> </div> <p>Ensure all Prometheus pods are running:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl get pods <span class="nt">-n</span> prometheus </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn4o4285qwvcym3hgbz99.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fn4o4285qwvcym3hgbz99.png" alt="Image description" width="800" height="177"></a></p> <p>Prometheus is exposed via a LoadBalancer service. To access the Prometheus server UI:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl get svc <span class="nt">-n</span> prometheus </code></pre> </div> <p>Open your web browser and navigate to EXTERNAL-IP</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fx0ldk0xwe684n5fo21dg.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fx0ldk0xwe684n5fo21dg.png" alt="Image description" width="800" height="110"></a></p> <h2> Step 4: Deploy Grafana </h2> <p>Grafana provides advanced visualization capabilities and integrates seamlessly with Prometheus.</p> <p>Add the Grafana Helm repository and update Helm:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>helm repo add grafana https://grafana.github.io/helm-charts helm repo update </code></pre> </div> <p>Deploy Grafana with persistent storage:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>helm upgrade <span class="nt">-i</span> grafana grafana/grafana <span class="se">\</span> <span class="nt">--namespace</span> prometheus <span class="se">\</span> <span class="nt">--set</span> persistence.storageClassName<span class="o">=</span><span class="s2">"gp2"</span> <span class="se">\</span> <span class="nt">--set</span> persistence.enabled<span class="o">=</span><span class="nb">true</span> <span class="se">\</span> <span class="nt">--set</span> <span class="nv">adminPassword</span><span class="o">=</span><span class="s2">"admin123"</span> <span class="se">\</span> <span class="nt">--set</span> service.type<span class="o">=</span>LoadBalancer </code></pre> </div> <p>Retrieve the LoadBalancer IP for Grafana:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl get svc <span class="nt">-n</span> prometheus | <span class="nb">grep </span>grafana </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffpwhckeuuoqdajojf9ft.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffpwhckeuuoqdajojf9ft.png" alt="Image description" width="800" height="182"></a></p> <h2> Step 5: Import Dashboard in Grafana </h2> <ol> <li>Ensure you have imported the 15661 dashboard into Grafana:</li> <li>Navigate to Dashboards &gt; Import.</li> <li>Enter 15661 in the import dialog and select the data source (Prometheus).</li> <li>Save the imported dashboard.</li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkmxlq15qtozgks5jf3sq.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkmxlq15qtozgks5jf3sq.png" alt="Image description" width="800" height="244"></a></p> JM Rifkhan Wed, 04 Sep 2024 10:15:55 +0000 https://forem.com/aws-builders/deploying-a-nestjs-application-to-amazon-ecs-using-github-actions-for-cicd-28nl https://forem.com/aws-builders/deploying-a-nestjs-application-to-amazon-ecs-using-github-actions-for-cicd-28nl <h2> Introduction </h2> <p>In this blog, we will explore how to deploy a NestJS application to Amazon ECS (Elastic Container Service) using GitHub Actions for a seamless CI/CD pipeline. We’ll leverage several AWS services, including Application Load Balancer (ALB), Elastic Container Registry (ECR), ECS, ElastiCache for Redis, IAM, EC2, S3, and VPC, to create a microservice architecture.</p> <blockquote> <p>Please Note: In the blog, I have only considered the deployment to ECS and the CICD security aspects. For managing environmental secrets securely, please ensure you use AWS Secrets Manager or SSM Parameter Store to manage and retrieve sensitive information, such as database credentials and API keys, within your ECS tasks and pipeline.</p> </blockquote> <h2> Prerequisites </h2> <p>Before getting started, ensure you have the following:</p> <ul> <li>An AWS account</li> <li>Basic knowledge of Docker, GitHub Actions, and AWS services</li> <li>A pre-configured NestJS application with the structure detailed below</li> <li>Terraform installed locally</li> </ul> <blockquote> <p>GitHub URL of the NestJS application can be found <a href="https://github.com/rifkhan107/tps-microservice" rel="noopener noreferrer">here</a>, and the Terraform scripts can be found <a href="https://github.com/rifkhan107/nestify-terraform-infra" rel="noopener noreferrer">here</a>.</p> </blockquote> <h2> Containerizing the NestJS Application </h2> <p>The first step is to containerize the NestJS application using Docker. Below is a sample Dockerfile that you can use:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="s"> node:lts-alpine3.19</span> <span class="c"># Create and set the working directory inside the container</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="c"># Copy package.json and package-lock.json files</span> <span class="k">COPY</span><span class="s"> package*.json ./</span> <span class="c"># Install dependencies</span> <span class="k">RUN </span>npm <span class="nb">install</span> <span class="c"># Copy the rest of the application code to the working directory</span> <span class="k">COPY</span><span class="s"> . .</span> <span class="c"># Build the application</span> <span class="k">RUN </span>npm run build <span class="c"># Expose port and start application</span> <span class="k">EXPOSE</span><span class="s"> 3000</span> <span class="k">CMD</span><span class="s"> [ "node", "dist/main.js" ]</span> </code></pre> </div> <p>This Dockerfile sets up the environment, installs dependencies, builds the NestJS application, and exposes port 3000, which is the default port for the application.</p> <h2> Create an ECS Cluster </h2> <h3> Navigate to the Amazon ECS Console </h3> <ul> <li>Go to the Amazon ECS console.</li> </ul> <h4> Create a New Cluster: </h4> <ul> <li>Click on "Create Cluster".</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flxwymj3n3siaih1kzct5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flxwymj3n3siaih1kzct5.png" alt="Image description" width="800" height="254"></a></p> <h4> Configure Cluster Settings: </h4> <ul> <li>Cluster Name:</li> <li>Enter a name for your cluster. For example, nestjs-ecs-cluster.</li> <li>The cluster name must be 1 to 255 characters long and can include a-z, A-Z, 0-9, hyphens (-), and underscores (_).</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq9xlzje0vh8axqn96is0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq9xlzje0vh8axqn96is0.png" alt="Image description" width="800" height="358"></a></p> <h4> Infrastructure: </h4> <ul> <li>Select "Customized" to manually configure the cluster's infrastructure.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnay5dfi8zpffxduh4q41.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnay5dfi8zpffxduh4q41.png" alt="Image description" width="800" height="808"></a></p> <h4> Configure Network Settings </h4> <h4> VPC: </h4> <ul> <li>Select the VPC in which your ECS cluster will be deployed. If you don't have a specific VPC, you can use the default VPC or create a new one.</li> </ul> <h4> Subnets: </h4> <ul> <li>Select the subnets where your EC2 instances will be launched and where your tasks will run. It's recommended to use multiple subnets across different Availability Zones for redundancy.</li> </ul> <h4> Security Group: </h4> <ul> <li>Choose an Existing Security Group:</li> <li>Select an existing security group that has the necessary inbound and outbound rules for your application.</li> </ul> <h4> Create a New Security Group: </h4> <ul> <li>Alternatively, create a new security group and configure the rules to allow traffic on the required ports, such as port 3000 for your NestJS application.</li> </ul> <h4> Auto-assign Public IP: </h4> <ul> <li>Set the Auto-assign public IP option to "Use subnet setting" or choose to auto-assign a public IP if your instances need to be accessible over the internet.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7mi0sw6a0vapve0vxhg7.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7mi0sw6a0vapve0vxhg7.png" alt="Image description" width="800" height="790"></a></p> <h3> Review and Create the Cluster </h3> <h4> Review Configuration: </h4> <ul> <li>Review all the settings you have configured for the cluster, EC2 instances, networking, and security.</li> </ul> <h4> Create Cluster: </h4> <ul> <li>Click "Create" to start the creation of your ECS cluster with the configured settings.</li> <li>Wait for Cluster Creation</li> </ul> <p>The creation process may take a few minutes. Once complete, you will have an ECS cluster set up with EC2 instances ready to run your tasks.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftyhkaqn57qggumd8re65.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftyhkaqn57qggumd8re65.png" alt="Image description" width="800" height="246"></a></p> <h3> Register Task Definitions </h3> <ul> <li>Once your cluster is created, you can proceed to register task definitions that will run on the EC2 instances in this cluster.</li> </ul> <h2> Create an ECR Repository </h2> <h3> Create a New Repository: </h3> <ul> <li>Click on "Create Repository".</li> <li>Enter a name for your repository, such as nestjs-app-repo.</li> <li>Leave the defaults for other settings unless you have specific requirements.</li> <li>Click "Create Repository".</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fizg7pdkggcwwy38t26p2.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fizg7pdkggcwwy38t26p2.png" alt="Image description" width="800" height="735"></a></p> <h3> Push Your Docker Image to ECR: </h3> <ul> <li>After creating the repository, follow the steps provided by ECR to push your Docker image. This typically includes:</li> <li>Authenticating Docker to the ECR registry.</li> <li>Building your Docker image.</li> <li>Tagging the image with your ECR repository URI.</li> <li>Pushing the image to ECR.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fm2a0i1zifw71vwxdzfvv.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fm2a0i1zifw71vwxdzfvv.png" alt="Image description" width="800" height="766"></a></p> <p>Example commands:</p> <p>Retrieve an authentication token and authenticate your Docker client to your registry. Use the AWS CLI:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/d3k6a8t8 </code></pre> </div> <p>Build your Docker image using the following command.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>docker build -t nestjs-ecs-cluster/nestjs-app . </code></pre> </div> <p>After the build completes, tag your image so you can push the image to this repository:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>docker tag nestjs-ecs-cluster/nestjs-app:latest public.ecr.aws/d3k6a8t8/nestjs-ecs-cluster/nestjs-app:latest </code></pre> </div> <p>Run the following command to push this image to your newly created AWS repository:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>docker push public.ecr.aws/d3k6a8t8/nestjs-ecs-cluster/nestjs-app:latest </code></pre> </div> <h2> Creating the Task Definition </h2> <p>After your Docker image is available in ECR, proceed to create the task definition in the ECS console:</p> <h3> Create a Task Definition: </h3> <ul> <li>Select "Task Definitions" from the side menu and click on "Create new Task Definition".</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhks5mm6dost9j5t36kzs.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhks5mm6dost9j5t36kzs.png" alt="Image description" width="800" height="159"></a></p> <h3> Choose Launch Type Compatibility: </h3> <ul> <li>Select the launch type (EC2 or Fargate) depending on your ECS cluster configuration.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fravd9me5933noexlil5n.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fravd9me5933noexlil5n.png" alt="Image description" width="800" height="722"></a></p> <h3> Configure Container Definitions: </h3> <ul> <li>Add a container definition that points to the Docker image in your ECR repository.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3ei6ftaxbduv5hkdh91u.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3ei6ftaxbduv5hkdh91u.png" alt="Image description" width="800" height="552"></a></p> <ul> <li>Set up port mappings, environment variables, resource limits, and any other required settings.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6ssmilpf4vn8j7bpt567.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6ssmilpf4vn8j7bpt567.png" alt="Image description" width="800" height="273"></a></p> <p>For this application, we need the following environment variables:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>PORT=3000 MONGODB_URI=mongodb://localhost:27017/test REDIS_HOST=localhost REDIS_PORT=6379" </code></pre> </div> <h3> Save and Use the Task Definition: </h3> <ul> <li>Save the task definition and use it in your ECS service to deploy your NestJS application.</li> </ul> <h2> Creating an ECS Service </h2> <h3> Create a New Service: </h3> <ul> <li>Click on "Create" under the Services tab in your cluster.</li> </ul> <h3> Compute Configuration: </h3> <h4> Compute options: </h4> <ul> <li>Select "Capacity provider strategy" as the Compute options if you're using EC2 instances for the service.</li> </ul> <h4> Task Definition: </h4> <ul> <li>Select the task definition you previously created that references your Docker image in ECR.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Facm3231jxauq65u04ucs.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Facm3231jxauq65u04ucs.png" alt="Image description" width="800" height="540"></a></p> <h4> Service Name: </h4> <ul> <li><p>Enter a name for your service, such as nestjs-service.<br> Number of Tasks:</p></li> <li><p>Specify the desired number of tasks to run simultaneously. For example, you can set this to 2.</p></li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzzcsupsmc11ymzrppiku.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzzcsupsmc11ymzrppiku.png" alt="Image description" width="800" height="707"></a></p> <h2> Configure the Load Balancer (Optional but Recommended): </h2> <ul> <li>If you want to distribute traffic across your tasks, it's recommended to use an Application Load Balancer (ALB).</li> </ul> <h4> Load Balancing Type: </h4> <ul> <li>Select "Application Load Balancer".</li> </ul> <h4> Load Balancer Name: </h4> <ul> <li><p>Choose your existing ALB or create a new one if needed.<br> Container to Load Balance:</p></li> <li><p>Specify the container that will receive traffic from the load balancer. Choose the container port that you exposed in the task definition (e.g., port 3000 for your NestJS application).<br> Target Group:</p></li> <li><p>Create a new target group or select an existing one for your ECS tasks. This target group will be used to route traffic to the running tasks.</p></li> </ul> <h4> Health Check Path: </h4> <ul> <li>Specify the health check path that the ALB will use to monitor the health of your tasks. For example, if you have a /health endpoint in your NestJS app, set the health check path to /health.</li> </ul> <h2> Review and Create: </h2> <ul> <li>Review the configuration of your ECS service, including task definition, load balancing, and auto-scaling settings.</li> <li>Click "Create Service" to deploy your service.</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzki6959u2iiax8yv9mox.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzki6959u2iiax8yv9mox.png" alt="Image description" width="800" height="669"></a></p> <h2> Transitioning to Automated Deployment </h2> <ul> <li>Up until now, we have been deploying the application using the AWS Management Console manually. Now, let's focus on automation. The Terraform script will create all the necessary AWS resources for this application, and we will use GitHub Actions to automate the deployment process.</li> </ul> <h3> Terraform directory structure: </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">.</span> ├── backend.tf ├── locals.tf ├── main.tf ├── modules │   ├── alb │   │   ├── main.tf │   │   ├── outputs.tf │   │   └── variables.tf │   ├── ecr │   │   ├── main.tf │   │   ├── outputs.tf │   │   └── variables.tf │   ├── ecs │   │   ├── asg.tf │   │   ├── ecs.sh │   │   ├── main.tf │   │   ├── outputs.tf │   │   └── variables.tf │   ├── elasticache │   │   ├── main.tf │   │   ├── output.tf │   │   └── variables.tf │   ├── iam │   │   ├── main.tf │   │   ├── outputs.tf │   │   └── variables.tf │   ├── mongodb_ec2 │   │   ├── main.tf │   │   ├── outputs.tf │   │   └── variables.tf │   ├── nsg │   │   ├── main.tf │   │   ├── outputs.tf │   │   └── variables.tf │   ├── s3 │   │   ├── main.tf │   │   ├── outputs.tf │   │   └── variables.tf │   └── vpc │   ├── main.tf │   ├── outputs.tf │   └── variables.tf ├── outputs.tf ├── providers.tf ├── terraform.tfvars └── variables.tf </code></pre> </div> <h2> Steps to Create AWS Resources Using Terraform </h2> <h3> Clone the Terraform script template: </h3> <ul> <li>Clone the repository containing the Terraform script to your local machine.</li> </ul> <h3> Navigate to the Terraform template directory: </h3> <ul> <li>Move into the directory where the Terraform files are located.</li> </ul> <h4> Run the following command to initialize the working directory that contains the Terraform configuration files: </h4> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>terraform init terraform plan terraform apply --auto-approve </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd9lekqb44jff3mv404nz.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd9lekqb44jff3mv404nz.png" alt="Image description" width="800" height="253"></a></p> <h2> Consideration for the GitHub Actions Workflow </h2> <p>We need to ensure our ECS task definition is updated during the deployment process. I have created the following:</p> <blockquote> <p>Please don't forget to update your AWS credentials under Settings &gt; Secrets and Variables &gt; Actions with the required AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY.</p> </blockquote> <h3> ECS Task Definition File: </h3> <ul> <li>Located at .aws/tps-microservice-td.json This contains the configuration for our ECS task, including environment variables, container configuration, and resource limits. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"containerDefinitions"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"tps-container"</span><span class="p">,</span><span class="w"> </span><span class="nl">"image"</span><span class="p">:</span><span class="w"> </span><span class="s2">"861569119044.dkr.ecr.us-west-2.amazonaws.com/nestify-ecr:33a0d65a43f0b7fb2daa9d15c6ca2a9af3fdbfe3"</span><span class="p">,</span><span class="w"> </span><span class="nl">"cpu"</span><span class="p">:</span><span class="w"> </span><span class="mi">0</span><span class="p">,</span><span class="w"> </span><span class="nl">"portMappings"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"tps-container-3000-tcp"</span><span class="p">,</span><span class="w"> </span><span class="nl">"containerPort"</span><span class="p">:</span><span class="w"> </span><span class="mi">3000</span><span class="p">,</span><span class="w"> </span><span class="nl">"hostPort"</span><span class="p">:</span><span class="w"> </span><span class="mi">3000</span><span class="p">,</span><span class="w"> </span><span class="nl">"protocol"</span><span class="p">:</span><span class="w"> </span><span class="s2">"tcp"</span><span class="p">,</span><span class="w"> </span><span class="nl">"appProtocol"</span><span class="p">:</span><span class="w"> </span><span class="s2">"http"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"essential"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"> </span><span class="nl">"environment"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"REDIS_PORT"</span><span class="p">,</span><span class="w"> </span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"6379"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"PORT"</span><span class="p">,</span><span class="w"> </span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"3000"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"MONGODB_URI"</span><span class="p">,</span><span class="w"> </span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"mongodb://54.68.197.219:27017/test"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"REDIS_HOST"</span><span class="p">,</span><span class="w"> </span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"nestify-redis.qtsuer.0001.usw2.cache.amazonaws.com"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"logConfiguration"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"logDriver"</span><span class="p">:</span><span class="w"> </span><span class="s2">"awslogs"</span><span class="p">,</span><span class="w"> </span><span class="nl">"options"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"awslogs-group"</span><span class="p">:</span><span class="w"> </span><span class="s2">"/ecs/tps-microservice-td"</span><span class="p">,</span><span class="w"> </span><span class="nl">"awslogs-region"</span><span class="p">:</span><span class="w"> </span><span class="s2">"us-west-2"</span><span class="p">,</span><span class="w"> </span><span class="nl">"awslogs-stream-prefix"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ecs"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"family"</span><span class="p">:</span><span class="w"> </span><span class="s2">"tps-microservice-td"</span><span class="p">,</span><span class="w"> </span><span class="nl">"taskRoleArn"</span><span class="p">:</span><span class="w"> </span><span class="s2">"arn:aws:iam::861569119044:role/ecsTaskExecutionRole"</span><span class="p">,</span><span class="w"> </span><span class="nl">"executionRoleArn"</span><span class="p">:</span><span class="w"> </span><span class="s2">"arn:aws:iam::861569119044:role/ecsTaskExecutionRole"</span><span class="p">,</span><span class="w"> </span><span class="nl">"networkMode"</span><span class="p">:</span><span class="w"> </span><span class="s2">"bridge"</span><span class="p">,</span><span class="w"> </span><span class="nl">"cpu"</span><span class="p">:</span><span class="w"> </span><span class="s2">"128"</span><span class="p">,</span><span class="w"> </span><span class="nl">"memory"</span><span class="p">:</span><span class="w"> </span><span class="s2">"128"</span><span class="p">,</span><span class="w"> </span><span class="nl">"requiresCompatibilities"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"EC2"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"runtimePlatform"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"cpuArchitecture"</span><span class="p">:</span><span class="w"> </span><span class="s2">"X86_64"</span><span class="p">,</span><span class="w"> </span><span class="nl">"operatingSystemFamily"</span><span class="p">:</span><span class="w"> </span><span class="s2">"LINUX"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> GitHub Actions Workflow: </h3> <ul> <li>The workflow file is located at .github/workflows/main.yml. This file handles the automation of our deployment process, including updating the ECS task definition when changes are made. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">Deploy to Amazon ECS</span> <span class="na">on</span><span class="pi">:</span> <span class="na">push</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">master</span> <span class="na">env</span><span class="pi">:</span> <span class="na">AWS_REGION</span><span class="pi">:</span> <span class="s">us-west-2</span> <span class="na">ECR_REPOSITORY</span><span class="pi">:</span> <span class="s">nestify-ecr</span> <span class="na">ECS_SERVICE</span><span class="pi">:</span> <span class="s">tps-microservice-svc</span> <span class="na">ECS_CLUSTER</span><span class="pi">:</span> <span class="s">nestify-ecs-cluster</span> <span class="na">ECS_TASK_DEFINITION</span><span class="pi">:</span> <span class="s">.aws/tps-microservice-td.json</span> <span class="na">CONTAINER_NAME</span><span class="pi">:</span> <span class="s">tps-container</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">build_and_deploy</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build and Deploy to ECS</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Checkout</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">actions/checkout@v4</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Configure AWS credentials</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">aws-actions/configure-aws-credentials@v4</span> <span class="na">with</span><span class="pi">:</span> <span class="na">aws-access-key-id</span><span class="pi">:</span> <span class="s">${{ secrets.AWS_ACCESS_KEY_ID }}</span> <span class="na">aws-secret-access-key</span><span class="pi">:</span> <span class="s">${{ secrets.AWS_SECRET_ACCESS_KEY }}</span> <span class="na">aws-region</span><span class="pi">:</span> <span class="s">${{ env.AWS_REGION }}</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Login to Amazon ECR</span> <span class="na">id</span><span class="pi">:</span> <span class="s">login-ecr</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">aws-actions/amazon-ecr-login@v1</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Build Docker Image</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">docker build -t ${{ env.ECR_REPOSITORY }}:${{ github.sha }} .</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Push Docker Image to Amazon ECR</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">docker tag ${{ env.ECR_REPOSITORY }}:${{ github.sha }} ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ github.sha }}</span> <span class="s">docker push ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ github.sha }}</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Fill in the new image ID in the Amazon ECS task definition</span> <span class="na">id</span><span class="pi">:</span> <span class="s">task-def</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">aws-actions/amazon-ecs-render-task-definition@v1</span> <span class="na">with</span><span class="pi">:</span> <span class="na">task-definition</span><span class="pi">:</span> <span class="s">${{ env.ECS_TASK_DEFINITION }}</span> <span class="na">container-name</span><span class="pi">:</span> <span class="s">${{ env.CONTAINER_NAME }}</span> <span class="na">image</span><span class="pi">:</span> <span class="s">${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ github.sha }}</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Deploy Amazon ECS task definition</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">aws-actions/amazon-ecs-deploy-task-definition@v1</span> <span class="na">with</span><span class="pi">:</span> <span class="na">task-definition</span><span class="pi">:</span> <span class="s">${{ steps.task-def.outputs.task-definition }}</span> <span class="na">service</span><span class="pi">:</span> <span class="s">${{ env.ECS_SERVICE }}</span> <span class="na">cluster</span><span class="pi">:</span> <span class="s">${{ env.ECS_CLUSTER }}</span> <span class="na">wait-for-service-stability</span><span class="pi">:</span> <span class="kc">true</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2gb8inaxdd7c7eiohu76.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2gb8inaxdd7c7eiohu76.png" alt="Image description" width="800" height="307"></a></p> <p>Once your pipeline completes, check with your ALB (Application Load Balancer) endpoint to verify the deployment.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Feauuy82cjmajg27ru8hy.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Feauuy82cjmajg27ru8hy.png" alt="Image description" width="800" height="448"></a></p> <p>That's it! You’ve successfully deployed your application on ECS using GitHub Actions and Terraform. 🚀😊</p> JM Rifkhan Sat, 13 Jan 2024 09:19:14 +0000 https://forem.com/aws-builders/securing-amazon-eks-a-comprehensive-guide-to-implementing-https-with-aws-application-load-balancer-route-53-and-acm-83b https://forem.com/aws-builders/securing-amazon-eks-a-comprehensive-guide-to-implementing-https-with-aws-application-load-balancer-route-53-and-acm-83b <h2> Introduction </h2> <p>Begin by explaining the importance of using SSL (HTTPS) for enhancing the security and credibility of web services. Emphasize the role of SSL in encrypting data and protecting sensitive information. Introduce the use of Amazon EKS for container orchestration, AWS Application Load Balancer for distributing incoming application traffic, Route 53 for domain name system (DNS) web services, and ACM for managing secure sockets layer/transport layer security (SSL/TLS) certificates.</p> <h2> Prerequisites </h2> <p>List the prerequisites for the reader:</p> <ul> <li>An active AWS account with necessary permissions.</li> <li>AWS cli</li> <li>eksctl cli</li> <li>helm</li> </ul> <h2> Architecture Overview </h2> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fav35r98lx8v6d3ihd1v4.jpg" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fav35r98lx8v6d3ihd1v4.jpg" alt="Architecture Overview" width="800" height="450"></a></p> <h2> Step-by-Step Guide </h2> <h3> 1. Creating the EKS Cluster </h3> <p>Cluster creation process with the following command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>eksctl create cluster -f cluster-config.yaml </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">eksctl.io/v1alpha5</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">ClusterConfig</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">basic-cluster</span> <span class="na">region</span><span class="pi">:</span> <span class="s">us-west-2</span> <span class="na">version</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1.28"</span> <span class="na">nodeGroups</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">ng-1</span> <span class="na">instanceType</span><span class="pi">:</span> <span class="s">m5.large</span> <span class="na">desiredCapacity</span><span class="pi">:</span> <span class="m">2</span> <span class="na">ssh</span><span class="pi">:</span> <span class="na">allow</span><span class="pi">:</span> <span class="kc">true</span> <span class="c1"># if you want to SSH into your nodes, set this to true</span> <span class="na">publicKeyPath</span><span class="pi">:</span> <span class="s">~/.ssh/id_rsa.pub</span> <span class="c1"># path to your SSH public key file</span> </code></pre> </div> <h3> 2. Deploy the AWS Load Balancer Controller </h3> <p>AWS Elastic Load Balancing Application Load Balancer (ALB) is a popular AWS service that load balances incoming traffic at the application layer (layer 7) across multiple targets, such as Amazon EC2 instances, in multiple Availability Zones.</p> <p>ALB supports multiple features including:</p> <ul> <li>host or path based routing</li> <li>TLS (Transport Layer Security) termination, WebSockets</li> <li>HTTP/2</li> <li>AWS WAF (Web Application Firewall) integration</li> <li>integrated access logs, and health checks</li> </ul> <ol> <li>Create IAM OIDC provider</li> </ol> <p>The primary purpose of this command is to enable IAM roles for service accounts in your EKS cluster. This feature allows Kubernetes service accounts to assume IAM roles, giving you a way to manage permissions for the pods that run in your cluster. By using IAM roles for service accounts, you can follow the best practices of least privilege and not have to assign broad IAM permissions to the nodes in your cluster.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>eksctl utils associate-iam-oidc-provider <span class="se">\</span> <span class="nt">--region</span> us-west-2 <span class="se">\</span> <span class="nt">--cluster</span> basic-cluster <span class="se">\</span> <span class="nt">--approve</span> </code></pre> </div> <p>This setup is especially useful when you need to give specific AWS permissions to certain pods running in your EKS cluster without granting those permissions to all pods on the node. It's a security best practice in managing Kubernetes clusters on AWS.</p> <ol> <li>Download an IAM policy for the LBC using one of the following commands: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-o</span> iam-policy.json https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.6.1/docs/install/iam_policy.json </code></pre> </div> <ol> <li>reate an IAM policy named AWSLoadBalancerControllerIAMPolicy. If you downloaded a different policy, replace iam-policy with the name of the policy that you downloaded. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws iam create-policy <span class="se">\</span> <span class="nt">--policy-name</span> AWSLoadBalancerControllerIAMPolicy <span class="se">\</span> <span class="nt">--policy-document</span> file://iam-policy.json </code></pre> </div> <blockquote> <p>Take note of the policy ARN that's returned.</p> </blockquote> <ol> <li>Create an IAM role and Kubernetes ServiceAccount for the LBC. Use the ARN from the previous step. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>eksctl create iamserviceaccount <span class="se">\</span> <span class="nt">--cluster</span><span class="o">=</span>&lt;cluster-name&gt; <span class="se">\</span> <span class="nt">--namespace</span><span class="o">=</span>kube-system <span class="se">\</span> <span class="nt">--name</span><span class="o">=</span>aws-load-balancer-controller <span class="se">\</span> <span class="nt">--attach-policy-arn</span><span class="o">=</span>arn:aws:iam::&lt;AWS_ACCOUNT_ID&gt;:policy/AWSLoadBalancerControllerIAMPolicy <span class="se">\</span> <span class="nt">--override-existing-serviceaccounts</span> <span class="se">\</span> <span class="nt">--region</span> &lt;region-code&gt; <span class="se">\</span> <span class="nt">--approve</span> </code></pre> </div> <ol> <li>Helm install command for clusters with IRSA: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>helm <span class="nb">install </span>aws-load-balancer-controller eks/aws-load-balancer-controller <span class="se">\</span> <span class="nt">-n</span> kube-system <span class="se">\</span> <span class="nt">--set</span> <span class="nv">clusterName</span><span class="o">=</span>basic-cluster <span class="se">\</span> <span class="nt">--set</span> serviceAccount.create<span class="o">=</span><span class="nb">false</span> <span class="se">\</span> <span class="nt">--set</span> serviceAccount.name<span class="o">=</span>aws-load-balancer-controller </code></pre> </div> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7n9dexd5xsh0kuk1sptu.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7n9dexd5xsh0kuk1sptu.png" alt="Image description" width="800" height="244"></a></p> <p>After installing the AWS ALB Ingress Controller in your Amazon EKS cluster, it's important to ensure that it has been successfully deployed and is running as expected. You can verify this by checking the pods in the kube-system namespace, where the ALB Ingress Controller should be running.</p> <p>Run the following command in your terminal:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl get pod <span class="nt">-n</span> kube-system </code></pre> </div> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3jwr14xqk344ircvdosk.jpg" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3jwr14xqk344ircvdosk.jpg" alt="Image description" width="800" height="201"></a></p> <h2> Deploy Sample Application </h2> <p>Now let’s deploy a sample 2048 game into our Kubernetes cluster and use the Ingress resource to expose it to traffic:</p> <p>Deploy 2048 game resources:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Namespace</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">game-2048</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">apps/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Deployment</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">game-2048</span> <span class="na">name</span><span class="pi">:</span> <span class="s">deployment-2048</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="na">app.kubernetes.io/name</span><span class="pi">:</span> <span class="s">app-2048</span> <span class="na">replicas</span><span class="pi">:</span> <span class="m">5</span> <span class="na">template</span><span class="pi">:</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app.kubernetes.io/name</span><span class="pi">:</span> <span class="s">app-2048</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">image</span><span class="pi">:</span> <span class="s">alexwhen/docker-2048</span> <span class="na">imagePullPolicy</span><span class="pi">:</span> <span class="s">Always</span> <span class="na">name</span><span class="pi">:</span> <span class="s">app-2048</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">80</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Service</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">game-2048</span> <span class="na">name</span><span class="pi">:</span> <span class="s">service-2048</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">port</span><span class="pi">:</span> <span class="m">80</span> <span class="na">targetPort</span><span class="pi">:</span> <span class="m">80</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">TCP</span> <span class="na">type</span><span class="pi">:</span> <span class="s">NodePort</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">app.kubernetes.io/name</span><span class="pi">:</span> <span class="s">app-2048</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">networking.k8s.io/v1beta1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Ingress</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">game-2048</span> <span class="na">name</span><span class="pi">:</span> <span class="s">ingress-2048</span> <span class="na">annotations</span><span class="pi">:</span> <span class="na">kubernetes.io/ingress.class</span><span class="pi">:</span> <span class="s">alb</span> <span class="na">alb.ingress.kubernetes.io/scheme</span><span class="pi">:</span> <span class="s">internet-facing</span> <span class="na">alb.ingress.kubernetes.io/target-type</span><span class="pi">:</span> <span class="s">ip</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">rules</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">http</span><span class="pi">:</span> <span class="na">paths</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/*</span> <span class="na">backend</span><span class="pi">:</span> <span class="na">serviceName</span><span class="pi">:</span> <span class="s">service-2048</span> <span class="na">servicePort</span><span class="pi">:</span> <span class="m">80</span> </code></pre> </div> <p>After few seconds, verify that the Ingress resource is enabled:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl get ingress/ingress-2048 <span class="nt">-n</span> game-2048 </code></pre> </div> <p>You should be able to see the following output<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>NAME HOSTS ADDRESS PORTS AGE ingress-2048 * k8s-game2048-ingress2-8ae3738fd5-251279030.us-east-2.elb.amazonaws.com 80 6m20s </code></pre> </div> <h2> Configuring a Custom Domain and Enabling HTTPS </h2> <p>Up to this point, we have successfully deployed our application in the Amazon EKS cluster and accessed it via the default DNS name provided by the AWS Application Load Balancer (ALB). Now, let's take it a step further by configuring a separate, more user-friendly domain name for our application and enabling HTTPS to ensure secure communication.</p> <h4> Acquiring and Configuring a Domain Name </h4> <p><strong>Domain Registration:</strong> If you don’t already have a domain, you can register one through services like Amazon Route 53 or any other domain registrar.<br> <strong>Route 53 Hosted Zone:</strong> Once you have your domain, set up a hosted zone in AWS Route 53. This will allow you to manage the DNS records for your domain within AWS.</p> <h4> Integrating the Domain with ALB </h4> <p>Updating DNS Records: Point your domain to the ALB by updating the DNS records in the Route 53 hosted zone. You’ll typically add an A record (or CNAME if necessary) that maps your domain name to the ALB’s DNS name.</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgfjdggdmmhad0o1x9sdr.jpg" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgfjdggdmmhad0o1x9sdr.jpg" alt="Image description" width="800" height="538"></a></p> <h4> Creating a Hosted Zone </h4> <p>If you haven’t already, create a new hosted zone for your domain. A hosted zone is essentially a container for the DNS settings for your domain.<br> Once the hosted zone is set up, you'll see a set of default record sets. These are the NS (Name Server) and SOA (Start of Authority) records.</p> <h4> Adding DNS Records </h4> <p>Click on the “Create Record” or “Create Record Set” button in the hosted zone for your domain</p> <h4> Configuring Record Details </h4> <p><strong>Record Name:</strong> Enter the desired subdomain or leave it blank for the root domain.<br> <strong>Record Type:</strong> Choose 'A – IPv4 address' if you are mapping the domain to an IP address or 'CNAME' if you are mapping it to a domain name. For ALB, you’ll typically use an A record.<br> <strong>Value:</strong> For an A record, input the IP address of your ALB. For a CNAME, enter the ALB’s DNS name.<br> <strong>Routing Policy:</strong> Select “Simple routing”. This policy is used when you want to route traffic to a single resource, like your ALB.</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5x30wo0vhdo3s0j4jms1.jpg" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5x30wo0vhdo3s0j4jms1.jpg" alt="Image description" width="800" height="932"></a></p> <h4> Saving the Record Set </h4> <p>Review the settings and click “Create” to add the record to your hosted zone.<br> It might take some time for the changes to propagate through the DNS system.</p> <h4> Verifying the Configuration </h4> <p>After the records have propagated, verify that your domain correctly points to your ALB. You can do this by accessing your domain in a web browser or using a DNS lookup tool.</p> <h2> Issuing an SSL/TLS Certificate via AWS Certificate Manager (ACM) </h2> <p>With your domain now correctly pointing to your AWS infrastructure, the next crucial step is to secure it with an SSL/TLS certificate. AWS Certificate Manager simplifies this process. Here’s how to issue a certificate:</p> <h4> Requesting a New Certificate </h4> <ul> <li>Click on “Request a certificate”.</li> <li>Choose “Request a public certificate” and click “Next”.</li> </ul> <h4> Adding Domain Names </h4> <ul> <li><p>Enter your domain name. You can request a certificate for a specific subdomain (like <a href="http://www.yourdomain.com">www.yourdomain.com</a>) or for all subdomains under a domain using a wildcard (like *.yourdomain.com).</p></li> <li><p>Click “Next” after entering your domain details.</p></li> </ul> <h4> Selecting Validation Method </h4> <ul> <li>Choose a validation method. ACM offers two methods: DNS validation and email validation.</li> </ul> <ol> <li><p><strong>DNS Validation:</strong> Recommended for its simplicity and integration with Route 53. ACM will provide DNS records that you must add to your Route 53 hosted zone. This proves that you own or control the domain.</p></li> <li><p><strong>Email Validation:</strong> ACM sends emails to the contact addresses listed for the domain in WHOIS and to a set of five common administrative addresses. You must follow the instructions in the email to validate domain ownership.</p></li> </ol> <h4> Review and Request </h4> <ul> <li>Review your request details and click “Confirm and request”.</li> </ul> <h4> Validating the Certificate </h4> <ul> <li><p>Follow the instructions provided by ACM to validate your domain, depending on the method you chose.</p></li> <li><p>Once validated, the status of your certificate will change to “Issued”.</p></li> </ul> <h2> Updating the Ingress Resource for HTTPS </h2> <p>With the SSL/TLS certificate issued and associated with your ALB, the next step is to update the Ingress resource in your Kubernetes deployment. This will direct traffic through the ALB using HTTPS. Here's how to update your Ingress resource with the necessary annotations for the ACM certificate:</p> <ul> <li>Update with Certificate ARN: Modify the alb.ingress.kubernetes.io/certificate-arn annotation to include the ARN of your newly issued ACM certificate. Replace the actual ARN value with {certificate-arn} placeholder.</li> </ul> <p>Ater all the configurations and updates, your Kubernetes manifest file for the Ingress resource should look like this.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Namespace</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">game-2048</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">apps/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Deployment</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">game-2048</span> <span class="na">name</span><span class="pi">:</span> <span class="s">deployment-2048</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="na">app.kubernetes.io/name</span><span class="pi">:</span> <span class="s">app-2048</span> <span class="na">replicas</span><span class="pi">:</span> <span class="m">5</span> <span class="na">template</span><span class="pi">:</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app.kubernetes.io/name</span><span class="pi">:</span> <span class="s">app-2048</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">image</span><span class="pi">:</span> <span class="s">public.ecr.aws/l6m2t8p7/docker-2048:latest</span> <span class="na">imagePullPolicy</span><span class="pi">:</span> <span class="s">Always</span> <span class="na">name</span><span class="pi">:</span> <span class="s">app-2048</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">80</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Service</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">game-2048</span> <span class="na">name</span><span class="pi">:</span> <span class="s">service-2048</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">port</span><span class="pi">:</span> <span class="m">80</span> <span class="na">targetPort</span><span class="pi">:</span> <span class="m">80</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">TCP</span> <span class="na">type</span><span class="pi">:</span> <span class="s">NodePort</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">app.kubernetes.io/name</span><span class="pi">:</span> <span class="s">app-2048</span> <span class="nn">---</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">networking.k8s.io/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Ingress</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">game-2048</span> <span class="na">name</span><span class="pi">:</span> <span class="s">ingress-2048</span> <span class="na">annotations</span><span class="pi">:</span> <span class="na">alb.ingress.kubernetes.io/listen-ports</span><span class="pi">:</span> <span class="s1">'</span><span class="s">[{"HTTPS":443},</span><span class="nv"> </span><span class="s">{"HTTP":80}]'</span> <span class="na">alb.ingress.kubernetes.io/certificate-arn</span><span class="pi">:</span> <span class="pi">{</span><span class="nv">certificate-arn</span><span class="pi">}</span> <span class="na">alb.ingress.kubernetes.io/scheme</span><span class="pi">:</span> <span class="s">internet-facing</span> <span class="na">alb.ingress.kubernetes.io/target-type</span><span class="pi">:</span> <span class="s">ip</span> <span class="na">alb.ingress.kubernetes.io/ssl-redirect</span><span class="pi">:</span> <span class="s1">'</span><span class="s">443'</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">ingressClassName</span><span class="pi">:</span> <span class="s">alb</span> <span class="na">rules</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">host</span><span class="pi">:</span> <span class="s">example.com</span> <span class="na">http</span><span class="pi">:</span> <span class="na">paths</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/</span> <span class="na">pathType</span><span class="pi">:</span> <span class="s">Prefix</span> <span class="na">backend</span><span class="pi">:</span> <span class="na">service</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">service-2048</span> <span class="na">port</span><span class="pi">:</span> <span class="na">number</span><span class="pi">:</span> <span class="m">80</span> </code></pre> </div> <p>Apply the updated configuration to your Kubernetes cluster using:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>kubectl apply -f your-ingress-resource-file.yaml </code></pre> </div> <h2> Verifying the Setup </h2> <p>After applying the changes, it's important to verify that the Ingress is correctly configured:</p> <p>Check the Ingress status using <code>kubectl get ingress -n game-2048</code>.<br> Ensure that your domain now serves traffic over HTTPS and that the browser shows a secure connection.</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd4ch812hl414kzga2lgg.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd4ch812hl414kzga2lgg.png" alt="Image description" width="800" height="78"></a></p> <h2> Conclusion </h2> <p>By updating the Ingress resource with the ACM certificate ARN and ensuring the proper routing and SSL redirection, your application is now securely accessible over HTTPS. This not only secures the data transmission but also improves trust with your users.</p> eks alb route53 aws JM Rifkhan Tue, 19 Dec 2023 22:54:29 +0000 https://forem.com/aws-builders/mastering-aws-ecs-with-cloudformation-a-comprehensive-guide-aid https://forem.com/aws-builders/mastering-aws-ecs-with-cloudformation-a-comprehensive-guide-aid <h2> Introduction </h2> <p>In the dynamic landscape of cloud computing, efficient and secure infrastructure deployment is a cornerstone of success. AWS CloudFormation represents a powerful tool in this realm, offering automation and precision. This comprehensive guide dives into a CloudFormation template designed for establishing an Elastic Container Service (ECS) cluster across public and private subnets—a configuration that balances accessibility, security, and optimal performance.</p> <h2> Understanding CloudFormation and ECS </h2> <p>Before we delve into the template, let's understand the key concepts:</p> <h2> AWS CloudFormation </h2> <p>CloudFormation is an AWS service that helps you model and set up your Amazon Web Services resources. It allows you to use a simple text file to automate and manage the deployment of resources, avoiding the time-consuming and error-prone manual process.</p> <h2> AWS Elastic Container Service (ECS) </h2> <p>ECS is a highly scalable, high-performance container orchestration service that supports Docker containers and allows you to easily run applications on a managed cluster of Amazon EC2 instances or AWS Fargate.</p> <h2> The Architecture Overview </h2> <p>The proposed architecture uses AWS CloudFormation to automate the deployment of an ECS cluster. This architecture is designed to provide:</p> <p>Scalability to handle varying loads.<br> Enhanced security through isolated network environments.<br> High availability across multiple availability zones.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzun36fuavbpqorbzsrfy.jpg" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzun36fuavbpqorbzsrfy.jpg" alt="Architecture Diagram"></a></p> <h2> Detailed Breakdown of the CloudFormation Template </h2> <p>This section will cover each component of the CloudFormation template in detail.</p> <h2> VPC and Subnet Configuration </h2> <p>VPC Setup<br> <strong>CIDR Block:</strong> The VPC is configured with a 10.0.0.0/16 CIDR block, offering a large range of IP addresses.<br> <strong>DNS Support:</strong> DNS support and hostnames are enabled for better network management and resolution.</p> <p>Subnet Planning<br> <strong>Public Subnets:</strong> Two public subnets are designed for resources that need to be connected to the internet.<br> <strong>Private Subnets:</strong> Two private subnets are used for backend systems that don't require direct internet access.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fuca6j0v77mutsfyvdkf8.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fuca6j0v77mutsfyvdkf8.png" alt="VPC"></a></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5nyl89iomvld79t1ba0g.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5nyl89iomvld79t1ba0g.png" alt="Subnets"></a></p> <h2> Internet Gateway and Routing </h2> <p>Internet Gateway<br> The Internet Gateway serves as a bridge between the VPC and the internet, facilitating communication for resources in the public subnet.</p> <p>Route Tables<br> <strong>Public Route Table:</strong> Routes traffic from the public subnet to the Internet Gateway.<br> <strong>Private Route Table:</strong> Manages internal traffic within the VPC.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7qvo8hybe8xk90xxdzct.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7qvo8hybe8xk90xxdzct.png" alt="Internet Gateway"></a></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzhjlir1qkgxs3trfaea4.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzhjlir1qkgxs3trfaea4.png" alt="Route Tables"></a></p> <h2> NAT Gateways for Private Subnet Internet Access </h2> <p>The NAT Gateways are crucial for allowing resources in the private subnets to access the internet for updates and patches while keeping them secure from inbound internet traffic.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fot0s8jn58j6ajza4kdq4.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fot0s8jn58j6ajza4kdq4.png" alt="NAT Gateways"></a></p> <h2> Elastic Load Balancing </h2> <p>Application Load Balancer (ALB)<br> <strong>Placement:</strong> Located within the public subnets to balance incoming internet traffic.<br> <strong>Functionality:</strong> Distributes traffic to different targets within the ECS cluster based on predefined rules, enhancing performance and fault tolerance.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgir93sld7acdqzjr2vb5.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgir93sld7acdqzjr2vb5.png" alt="Load Balancer"></a></p> <h2> ECS Cluster Setup </h2> <p>Fargate Integration<br> <strong>Serverless Approach:</strong> Utilizing AWS Fargate removes the need to provision and manage servers for containerized applications.<br> <strong>Cluster Configuration:</strong> The template includes the setup for an ECS cluster, ready to host containerized applications.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq28rkoa26pebt437uckj.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq28rkoa26pebt437uckj.png" alt="ECS Cluster"></a></p> <h2> Security Groups and Network Access </h2> <p>Security Group for ALB<br> Regulates the traffic to and from the load balancer, ensuring that only legitimate requests reach the application services.<br> Container Security Group<br> Controls the communication between the load balancer and the ECS services, crucial for maintaining the integrity and security of the applications.</p> <h2> Setting Up an ECS Service and Task Definition </h2> <p>After discussing the theoretical aspects of the architecture and CloudFormation, it's time to show a practical implementation. Once the infrastructure is in place, the next critical steps involve creating the ECS service and task definitions.</p> <h3> ECS Service and Task Definition </h3> <p>An ECS service is a configuration that enables you to run and maintain a specified number of instances of a task definition simultaneously. A task definition is a blueprint for your application that describes one or more containers.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvp7eimbg2eumjvnaxobb.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvp7eimbg2eumjvnaxobb.png" alt="Task Definition"></a></p> <h3> Creating an ECS Service </h3> <p>In our setup, we've created an ECS service that utilizes a task definition to deploy a react-app. Here's a breakdown of the components involved:<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmzxkjvz5u9mbu6zsaatb.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmzxkjvz5u9mbu6zsaatb.png" alt="ecs-svc"></a></p> <p><strong>Launch Type:</strong> Utilizes Fargate for serverless deployment.<br> <strong>Load Balancer:</strong> An Application Load Balancer is configured to distribute traffic to the containers.</p> <h3> Network and Security Configuration </h3> <p><strong>Network Configuration:</strong> The service is associated with the VPC and subnets created by our CloudFormation template.<br> <strong>Security Groups:</strong> Security groups are assigned to the service to control the traffic according to the predefined rules.</p> <h2> Testing the Load Balancer </h2> <p>With the ECS service deployed, the final step is to verify that the Application Load Balancer correctly distributes incoming traffic to our react-app service.</p> <p>DNS Record Testing: By accessing the DNS name provided by the load balancer, you can confirm that the service is reachable and that the load balancing is functioning as expected.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F429bbj22toagvyxdctl1.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F429bbj22toagvyxdctl1.png" alt="testing-alb"></a></p> <h2> CloudFormation Template and Deployment </h2> <p>Here, I provide the entire CloudFormation template code. This template is the blueprint for the entire infrastructure setup described above.</p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <p><span class="na">AWSTemplateFormatVersion</span><span class="pi">:</span> <span class="s1">'</span><span class="s">2010-09-09'</span><br> <span class="na">Description</span><span class="pi">:</span> <span class="s">AWS core resources to create an ECS cluster spanning public and private subnets. Supports</span><br> <span class="s">public facing load balancers.</span><br> <span class="na">Mappings</span><span class="pi">:</span><br> <span class="na">SubnetConfig</span><span class="pi">:</span><br> <span class="na">VPC</span><span class="pi">:</span><br> <span class="na">CIDR</span><span class="pi">:</span> <span class="s1">'</span><span class="s">10.0.0.0/16'</span><br> <span class="na">PublicOne</span><span class="pi">:</span><br> <span class="na">CIDR</span><span class="pi">:</span> <span class="s1">'</span><span class="s">10.0.0.0/24'</span><br> <span class="na">PublicTwo</span><span class="pi">:</span><br> <span class="na">CIDR</span><span class="pi">:</span> <span class="s1">'</span><span class="s">10.0.1.0/24'</span><br> <span class="na">PrivateOne</span><span class="pi">:</span><br> <span class="na">CIDR</span><span class="pi">:</span> <span class="s1">'</span><span class="s">10.0.2.0/24'</span><br> <span class="na">PrivateTwo</span><span class="pi">:</span><br> <span class="na">CIDR</span><span class="pi">:</span> <span class="s1">'</span><span class="s">10.0.3.0/24'</span><br> <span class="na">Resources</span><span class="pi">:</span><br> <span class="na">VPC</span><span class="pi">:</span><br> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPC</span><br> <span class="na">Properties</span><span class="pi">:</span><br> <span class="na">EnableDnsSupport</span><span class="pi">:</span> <span class="kc">true</span><br> <span class="na">EnableDnsHostnames</span><span class="pi">:</span> <span class="kc">true</span><br> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!FindInMap</span> <span class="pi">[</span><span class="s1">'</span><span class="s">SubnetConfig'</span><span class="pi">,</span> <span class="s1">'</span><span class="s">VPC'</span><span class="pi">,</span> <span class="s1">'</span><span class="s">CIDR'</span><span class="pi">]</span></p> <p><span class="na">PublicSubnetOne</span><span class="pi">:</span><br> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span><br> <span class="na">Properties</span><span class="pi">:</span><br> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span><br> <span class="pi">-</span> <span class="m">0</span><br> <span class="pi">-</span> <span class="na">Fn::GetAZs</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s1">'</span><span class="s">AWS::Region'</span><br> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s1">'</span><span class="s">VPC'</span><br> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!FindInMap</span> <span class="pi">[</span><span class="s1">'</span><span class="s">SubnetConfig'</span><span class="pi">,</span> <span class="s1">'</span><span class="s">PublicOne'</span><span class="pi">,</span> <span class="s1">'</span><span class="s">CIDR'</span><span class="pi">]</span><br> <span class="na">MapPublicIpOnLaunch</span><span class="pi">:</span> <span class="kc">true</span><br> <span class="na">PublicSubnetTwo</span><span class="pi">:</span><br> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span><br> <span class="na">Properties</span><span class="pi">:</span><br> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span><br> <span class="pi">-</span> <span class="m">1</span><br> <span class="pi">-</span> <span class="na">Fn::GetAZs</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s1">'</span><span class="s">AWS::Region'</span><br> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s1">'</span><span class="s">VPC'</span><br> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!FindInMap</span> <span class="pi">[</span><span class="s1">'</span><span class="s">SubnetConfig'</span><span class="pi">,</span> <span class="s1">'</span><span class="s">PublicTwo'</span><span class="pi">,</span> <span class="s1">'</span><span class="s">CIDR'</span><span class="pi">]</span><br> <span class="na">MapPublicIpOnLaunch</span><span class="pi">:</span> <span class="kc">true</span></p> <p><span class="na">PrivateSubnetOne</span><span class="pi">:</span><br> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span><br> <span class="na">Properties</span><span class="pi">:</span><br> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span><br> <span class="pi">-</span> <span class="m">0</span><br> <span class="pi">-</span> <span class="na">Fn::GetAZs</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s1">'</span><span class="s">AWS::Region'</span><br> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s1">'</span><span class="s">VPC'</span><br> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!FindInMap</span> <span class="pi">[</span><span class="s1">'</span><span class="s">SubnetConfig'</span><span class="pi">,</span> <span class="s1">'</span><span class="s">PrivateOne'</span><span class="pi">,</span> <span class="s1">'</span><span class="s">CIDR'</span><span class="pi">]</span><br> <span class="na">PrivateSubnetTwo</span><span class="pi">:</span><br> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span><br> <span class="na">Properties</span><span class="pi">:</span><br> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span><br> <span class="pi">-</span> <span class="m">1</span><br> <span class="pi">-</span> <span class="na">Fn::GetAZs</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s1">'</span><span class="s">AWS::Region'</span><br> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s1">'</span><span class="s">VPC'</span><br> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="kt">!FindInMap</span> <span class="pi">[</span><span class="s1">'</span><span class="s">SubnetConfig'</span><span class="pi">,</span> <span class="s1">'</span><span class="s">PrivateTwo'</span><span class="pi">,</span> <span class="s1">'</span><span class="s">CIDR'</span><span class="pi">]</span></p> <p><span class="na">InternetGateway</span><span class="pi">:</span><br> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::InternetGateway</span><br> <span class="na">GatewayAttachement</span><span class="pi">:</span><br> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPCGatewayAttachment</span><br> <span class="na">Properties</span><span class="pi">:</span><br> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s1">'</span><span class="s">VPC'</span><br> <span class="na">InternetGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s1">'</span><span class="s">InternetGateway'</span><br> <span class="na">PublicRouteTable</span><span class="pi">:</span><br> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::RouteTable</span><br> <span class="na">Properties</span><span class="pi">:</span><br> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s1">'</span><span class="s">VPC'</span><br> <span class="na">PublicRoute</span><span class="pi">:</span><br> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span><br> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">GatewayAttachement</span><br> <span class="na">Properties</span><span class="pi">:</span><br> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s1">'</span><span class="s">PublicRouteTable'</span><br> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="s1">'</span><span class="s">0.0.0.0/0'</span><br> <span class="na">GatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s1">'</span><span class="s">InternetGateway'</span><br> <span class="na">PublicSubnetOneRouteTableAssociation</span><span class="pi">:</span><br> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SubnetRouteTableAssociation</span><br> <span class="na">Properties</span><span class="pi">:</span><br> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PublicSubnetOne</span><br> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PublicRouteTable</span><br> <span class="na">PublicSubnetTwoRouteTableAssociation</span><span class="pi">:</span><br> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SubnetRouteTableAssociation</span><br> <span class="na">Properties</span><span class="pi">:</span><br> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PublicSubnetTwo</span><br> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PublicRouteTable</span></p> <p><span class="na">NatGatewayOneAttachment</span><span class="pi">:</span><br> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::EIP</span><br> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">GatewayAttachement</span><br> <span class="na">Properties</span><span class="pi">:</span><br> <span class="na">Domain</span><span class="pi">:</span> <span class="s">vpc</span><br> <span class="na">NatGatewayTwoAttachment</span><span class="pi">:</span><br> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::EIP</span><br> <span class="na">DependsOn</span><span class="pi">:</span> <span class="s">GatewayAttachement</span><br> <span class="na">Properties</span><span class="pi">:</span><br> <span class="na">Domain</span><span class="pi">:</span> <span class="s">vpc</span><br> <span class="na">NatGatewayOne</span><span class="pi">:</span><br> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::NatGateway</span><br> <span class="na">Properties</span><span class="pi">:</span><br> <span class="na">AllocationId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">NatGatewayOneAttachment.AllocationId</span><br> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PublicSubnetOne</span><br> <span class="na">NatGatewayTwo</span><span class="pi">:</span><br> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::NatGateway</span><br> <span class="na">Properties</span><span class="pi">:</span><br> <span class="na">AllocationId</span><span class="pi">:</span> <span class="kt">!GetAtt</span> <span class="s">NatGatewayTwoAttachment.AllocationId</span><br> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PublicSubnetTwo</span><br> <span class="na">PrivateRouteTableOne</span><span class="pi">:</span><br> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::RouteTable</span><br> <span class="na">Properties</span><span class="pi">:</span><br> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s1">'</span><span class="s">VPC'</span><br> <span class="na">PrivateRouteOne</span><span class="pi">:</span><br> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span><br> <span class="na">Properties</span><span class="pi">:</span><br> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PrivateRouteTableOne</span><br> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="s">0.0.0.0/0</span><br> <span class="na">NatGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">NatGatewayOne</span><br> <span class="na">PrivateRouteTableOneAssociation</span><span class="pi">:</span><br> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SubnetRouteTableAssociation</span><br> <span class="na">Properties</span><span class="pi">:</span><br> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PrivateRouteTableOne</span><br> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PrivateSubnetOne</span><br> <span class="na">PrivateRouteTableTwo</span><span class="pi">:</span><br> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::RouteTable</span><br> <span class="na">Properties</span><span class="pi">:</span><br> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s1">'</span><span class="s">VPC'</span><br> <span class="na">PrivateRouteTwo</span><span class="pi">:</span><br> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Route</span><br> <span class="na">Properties</span><span class="pi">:</span><br> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PrivateRouteTableTwo</span><br> <span class="na">DestinationCidrBlock</span><span class="pi">:</span> <span class="s">0.0.0.0/0</span><br> <span class="na">NatGatewayId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">NatGatewayTwo</span><br> <span class="na">PrivateRouteTableTwoAssociation</span><span class="pi">:</span><br> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SubnetRouteTableAssociation</span><br> <span class="na">Properties</span><span class="pi">:</span><br> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PrivateRouteTableTwo</span><br> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">PrivateSubnetTwo</span></p> <p><span class="c1">####</span><br> <span class="c1"># ALB related resources</span><br> <span class="c1">####</span><br> <span class="na">PublicLoadBalancerSG</span><span class="pi">:</span><br> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span><br> <span class="na">Properties</span><span class="pi">:</span><br> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="s">Access to the public facing load balancer</span><br> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s1">'</span><span class="s">VPC'</span><br> <span class="na">SecurityGroupIngress</span><span class="pi">:</span><br> <span class="pi">-</span> <span class="na">CidrIp</span><span class="pi">:</span> <span class="s">0.0.0.0/0</span><br> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">-1</span><br> <span class="na">PublicLoadBalancer</span><span class="pi">:</span><br> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::ElasticLoadBalancingV2::LoadBalancer</span><br> <span class="na">Properties</span><span class="pi">:</span><br> <span class="na">Scheme</span><span class="pi">:</span> <span class="s">internet-facing</span><br> <span class="na">LoadBalancerAttributes</span><span class="pi">:</span><br> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">idle_timeout.timeout_seconds</span><br> <span class="na">Value</span><span class="pi">:</span> <span class="s1">'</span><span class="s">30'</span><br> <span class="na">Subnets</span><span class="pi">:</span><br> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s1">'</span><span class="s">PublicSubnetOne'</span><br> <span class="pi">-</span> <span class="kt">!Ref</span> <span class="s1">'</span><span class="s">PublicSubnetTwo'</span><br> <span class="na">SecurityGroups</span><span class="pi">:</span> <span class="pi">[</span><span class="kt">!Ref</span> <span class="s1">'</span><span class="s">PublicLoadBalancerSG'</span><span class="pi">]</span><br> <span class="c1"># A dummy target group is used to setup the ALB to just drop traffic</span><br> <span class="c1"># initially, before any real service target groups have been added.</span><br> <span class="na">DummyTargetGroupPublic</span><span class="pi">:</span><br> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::ElasticLoadBalancingV2::TargetGroup</span><br> <span class="na">Properties</span><span class="pi">:</span><br> <span class="na">HealthCheckIntervalSeconds</span><span class="pi">:</span> <span class="m">6</span><br> <span class="na">HealthCheckPath</span><span class="pi">:</span> <span class="s">/</span><br> <span class="na">HealthCheckProtocol</span><span class="pi">:</span> <span class="s">HTTP</span><br> <span class="na">HealthCheckTimeoutSeconds</span><span class="pi">:</span> <span class="m">5</span><br> <span class="na">HealthyThresholdCount</span><span class="pi">:</span> <span class="m">2</span><br> <span class="na">Port</span><span class="pi">:</span> <span class="m">80</span><br> <span class="na">Protocol</span><span class="pi">:</span> <span class="s">HTTP</span><br> <span class="na">UnhealthyThresholdCount</span><span class="pi">:</span> <span class="m">2</span><br> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s1">'</span><span class="s">VPC'</span><br> <span class="na">PublicLoadBalancerListener</span><span class="pi">:</span><br> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::ElasticLoadBalancingV2::Listener</span><br> <span class="na">DependsOn</span><span class="pi">:</span><br> <span class="pi">-</span> <span class="s">PublicLoadBalancer</span><br> <span class="na">Properties</span><span class="pi">:</span><br> <span class="na">DefaultActions</span><span class="pi">:</span><br> <span class="pi">-</span> <span class="na">TargetGroupArn</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s1">'</span><span class="s">DummyTargetGroupPublic'</span><br> <span class="na">Type</span><span class="pi">:</span> <span class="s1">'</span><span class="s">forward'</span><br> <span class="na">LoadBalancerArn</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s1">'</span><span class="s">PublicLoadBalancer'</span><br> <span class="na">Port</span><span class="pi">:</span> <span class="m">80</span><br> <span class="na">Protocol</span><span class="pi">:</span> <span class="s">HTTP</span><br> <span class="c1">####</span><br> <span class="c1"># ECS related resources</span><br> <span class="c1">####</span><br> <span class="na">ECSCluster</span><span class="pi">:</span><br> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::ECS::Cluster</span><br> <span class="na">Properties</span><span class="pi">:</span><br> <span class="na">ClusterName</span><span class="pi">:</span> <span class="s1">'</span><span class="s">enhanced-architecture-fargate'</span><br> <span class="na">ContainerSecurityGroup</span><span class="pi">:</span><br> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span><br> <span class="na">Properties</span><span class="pi">:</span><br> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="s">Access to the containers</span><br> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s1">'</span><span class="s">VPC'</span><br> <span class="na">SecurityGroupIngress</span><span class="pi">:</span><br> <span class="pi">-</span> <span class="na">IpProtocol</span><span class="pi">:</span> <span class="s">tcp</span><br> <span class="na">FromPort</span><span class="pi">:</span> <span class="m">0</span><br> <span class="na">ToPort</span><span class="pi">:</span> <span class="m">65535</span><br> <span class="na">SourceSecurityGroupId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s1">'</span><span class="s">PublicLoadBalancerSG'</span></p> <p><span class="c1">######################################</span><br> <span class="na">Outputs</span><span class="pi">:</span><br> <span class="na">VpcId</span><span class="pi">:</span><br> <span class="na">Description</span><span class="pi">:</span> <span class="s">The ID of the VPC that this stack is deployed in</span><br> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s1">'</span><span class="s">VPC'</span><br> <span class="na">PublicSubnetOne</span><span class="pi">:</span><br> <span class="na">Description</span><span class="pi">:</span> <span class="s">Public subnet one</span><br> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s1">'</span><span class="s">PublicSubnetOne'</span><br> <span class="na">PublicSubnetTwo</span><span class="pi">:</span><br> <span class="na">Description</span><span class="pi">:</span> <span class="s">Public subnet two</span><br> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s1">'</span><span class="s">PublicSubnetTwo'</span><br> <span class="na">PrivateSubnetOne</span><span class="pi">:</span><br> <span class="na">Description</span><span class="pi">:</span> <span class="s">Private subnet one</span><br> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s1">'</span><span class="s">PrivateSubnetOne'</span><br> <span class="na">PrivateSubnetTwo</span><span class="pi">:</span><br> <span class="na">Description</span><span class="pi">:</span> <span class="s">Private subnet two</span><br> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s1">'</span><span class="s">PrivateSubnetTwo'</span><br> <span class="na">ExternalUrl</span><span class="pi">:</span><br> <span class="na">Description</span><span class="pi">:</span> <span class="s">The url of the external load balancer</span><br> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Sub</span> <span class="s">http://${PublicLoadBalancer.DNSName}</span></p> </code></pre> </div> <h2> <br> <br> <br> Deploying the Stack with AWS CLI<br> </h2> <p>To deploy this CloudFormation stack, you can use the following AWS CLI command. This command initializes the creation of the resources as defined in the template.</p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <p>aws cloudformation create-stack <span class="nt">--capabilities</span> CAPABILITY_IAM <span class="nt">--stack-name</span> enhanced-architecture <span class="nt">--template-body</span> file://./path_to_template_file.yaml</p> </code></pre> </div> <h2> <br> <br> <br> Benefits of This Architecture<br> </h2> <h4> Scalability </h4> <p>The setup is inherently scalable, easily adapting to increased traffic and workloads without significant manual intervention.</p> <h4> Security </h4> <p>The segregation of public and private subnets ensures a secure environment for backend services, protecting sensitive data and operations.</p> <h4> High Availability </h4> <p>The multi-AZ deployment ensures that the system remains operational and robust, even in the event of an individual zone's failure.</p> <h4> Cost-Efficiency </h4> <p>With AWS Fargate, you only pay for the resources your containers use, leading to optimized costs especially beneficial for varying workloads.</p> <h2> Conclusion </h2> <p>This guide presents a detailed view of deploying a scalable, secure, and highly available ECS cluster using AWS CloudFormation. The provided template is a robust foundation for any organization looking to leverage the power of AWS for their containerized applications. By automating infrastructure deployment, this approach not only saves time but also significantly reduces the potential for error, ensuring a reliable and efficient cloud environment.</p> <h2> References and Further Reading </h2> <p>The journey through AWS ECS and CloudFormation doesn't stop here. For those eager to delve deeper and expand their knowledge, the following resources offer a wealth of information:</p> <ol> <li><p><strong>AWS CloudFormation User Guide</strong><br><br> A comprehensive guide to AWS CloudFormation, detailing concepts, template references, and best practices.<br><br> <a href="https://docs.aws.amazon.com/cloudformation/index.html" rel="noopener noreferrer">AWS CloudFormation User Guide</a></p></li> <li><p><strong>AWS Elastic Container Service Documentation</strong><br><br> Everything you need to know about ECS, from basics to advanced topics, is covered in the official AWS documentation.<br><br> <a href="https://docs.aws.amazon.com/ecs/index.html" rel="noopener noreferrer">AWS ECS Documentation</a></p></li> <li><p><strong>AWS Fargate Documentation</strong><br><br> Learn more about the serverless compute engine for containers and how to use it with ECS.<br><br> <a href="https://docs.aws.amazon.com/fargate/index.html" rel="noopener noreferrer">AWS Fargate Documentation</a></p></li> <li><p><strong>Best Practices for Security in Amazon ECS</strong><br><br> Understand how to secure your containerized applications and infrastructure in ECS.<br><br> <a href="https://aws.amazon.com/blogs/containers/best-practices-for-security-in-amazon-ecs/" rel="noopener noreferrer">Security Best Practices in Amazon ECS</a></p></li> </ol> <p>Peace!✌️</p> aws ecs cloudformation vpc JM Rifkhan Fri, 14 Apr 2023 20:41:00 +0000 https://forem.com/rifkhan107/using-azure-devops-pipeline-to-build-test-scan-and-deploy-a-react-application-to-aks-84m https://forem.com/rifkhan107/using-azure-devops-pipeline-to-build-test-scan-and-deploy-a-react-application-to-aks-84m <p>In this blog post, we will walk through the process of setting up an Azure DevOps pipeline to build, test, scan, and deploy a React application to Azure Kubernetes Service (AKS). We will also integrate Trivy, an open-source vulnerability scanner, to scan the Docker image for security vulnerabilities.</p> <h2> Prerequisites: </h2> <ul> <li>An Azure DevOps account</li> <li>An Azure Kubernetes Service (AKS) cluster</li> <li>An Azure Container Registry</li> <li>Trivy installed on your Azure DevOps</li> </ul> <h2> Project Architecture </h2> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcxy0j26mqjn17vqwgqyw.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcxy0j26mqjn17vqwgqyw.png" alt="Project Architecture"></a></p> <h2> 1. Set up the Azure DevOps Pipeline </h2> <p>First, create a new pipeline in your Azure DevOps project. Then, add the following YAML code to your azure-pipelines.yml file. This pipeline has four stages: Test, Build, Scan and Push Image, and Deploy.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjrfuax4zg0metw4n6vvh.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjrfuax4zg0metw4n6vvh.png" alt="Pipeline stages"></a></p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> trigger: branches: include: - master variables: acrName: 'acr234346' imageName: 'crypt-react-app' k8sNamespace: 'default' k8sDeploymentName: 'deployment' stages: - stage: Test displayName: 'Test stage' jobs: - job: Test displayName: 'Test Job' pool: vmImage: 'ubuntu-latest' steps: - checkout: self - task: NodeTool@0 inputs: versionSpec: '16.x' displayName: 'Install Node.js' - script: | npm ci npm run test displayName: 'Run tests' - stage: Build displayName: 'Build stage' dependsOn: Test condition: succeeded() jobs: - job: Build displayName: 'Build Job' pool: vmImage: 'ubuntu-latest' steps: - checkout: self - task: Docker@2 displayName: 'Build and push Docker image' inputs: containerRegistry: 'docker-reg' repository: '$(imageName)' command: 'buildAndPush' Dockerfile: '**/Dockerfile' - stage: Scan displayName: 'Scan Image' dependsOn: Build condition: succeeded() jobs: - job: ScanImage displayName: 'Scan Image Job' pool: vmImage: 'ubuntu-latest' steps: - task: Docker@2 displayName: 'Login to ACR' inputs: containerRegistry: 'docker-reg' repository: '$(imageName)' command: 'login' - task: trivy@1 inputs: version: 'latest' docker: false loginDockerConfig: true image: $(acrName).azurecr.io/$(imageName):$(Build.BuildId) ignoreUnfixed: true displayName: Scan Docker image with Trivy - stage: Deploy displayName: 'Deploy stage' dependsOn: Scan condition: succeeded() jobs: - deployment: Deploy displayName: 'Deploy Job' environment: 'production' pool: vmImage: 'ubuntu-latest' strategy: runOnce: deploy: steps: - checkout: self - task: Kubernetes@1 displayName: 'Deploy Deployment to AKS' inputs: connectionType: 'Azure Resource Manager' azureSubscriptionEndpoint: 'my-connection' azureResourceGroup: 'dev-rg' kubernetesCluster: 'demo-cluster' useClusterAdmin: true command: 'apply' useConfigurationFile: true configurationType: 'inline' inline: | apiVersion: apps/v1 kind: Deployment metadata: name: deployment namespace: default spec: replicas: 1 selector: matchLabels: app: crypto-app template: metadata: labels: app: crypto-app spec: containers: - name: $(imageName) image: $(acrName).azurecr.io/$(imageName):$(Build.BuildId) ports: - containerPort: 5000 secretType: 'dockerRegistry' containerRegistryType: 'Azure Container Registry' - task: Kubernetes@1 displayName: 'Deploy Service to AKS' inputs: connectionType: 'Azure Resource Manager' azureSubscriptionEndpoint: 'my-connection' azureResourceGroup: 'dev-rg' kubernetesCluster: 'demo-cluster' useClusterAdmin: true command: 'apply' useConfigurationFile: true configurationType: 'inline' inline: | apiVersion: v1 kind: Service metadata: name: crypto-app-service namespace: default spec: selector: app: crypto-app ports: - protocol: TCP port: 80 targetPort: 5000 type: LoadBalancer secretType: 'dockerRegistry' containerRegistryType: 'Azure Container Registry' </code></pre> </div> <h2> 2. Configure the Kubernetes Deployment and Service </h2> <p>In the Deploy stage of the pipeline, we will deploy our application to AKS using Kubernetes Deployment and Service resources. The pipeline is configured to use inline YAML for these resources, making it easy to modify and maintain the configuration.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvez8lv4tldkfnufkzjmn.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvez8lv4tldkfnufkzjmn.png" alt="AKS service"></a></p> <p>In the Deployment resource, we specify the Docker image to be used, pulled from the Azure Container Registry (ACR) created in the previous stage. The Service resource is set up as a LoadBalancer, allowing external access to the application.</p> <p>Below is the code snippet for the Deploy stage, which includes the Deployment and Service resources:</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> - stage: Deploy displayName: 'Deploy stage' dependsOn: Scan condition: succeeded() jobs: - deployment: Deploy displayName: 'Deploy Job' environment: 'production' pool: vmImage: 'ubuntu-latest' strategy: runOnce: deploy: steps: - checkout: self - task: Kubernetes@1 displayName: 'Deploy Deployment to AKS' inputs: connectionType: 'Azure Resource Manager' azureSubscriptionEndpoint: 'my-connection' azureResourceGroup: 'dev-rg' kubernetesCluster: 'demo-cluster' useClusterAdmin: true command: 'apply' useConfigurationFile: true configurationType: 'inline' inline: | apiVersion: apps/v1 kind: Deployment metadata: name: deployment namespace: default spec: replicas: 1 selector: matchLabels: app: crypto-app template: metadata: labels: app: crypto-app spec: containers: - name: $(imageName) image: $(acrName).azurecr.io/$(imageName):$(Build.BuildId) ports: - containerPort: 5000 secretType: 'dockerRegistry' containerRegistryType: 'Azure Container Registry' - task: Kubernetes@1 displayName: 'Deploy Service to AKS' inputs: connectionType: 'Azure Resource Manager' azureSubscriptionEndpoint: 'my-connection' azureResourceGroup: 'dev-rg' kubernetesCluster: 'demo-cluster' useClusterAdmin: true command: 'apply' useConfigurationFile: true configurationType: 'inline' inline: | apiVersion: v1 kind: Service metadata: name: crypto-app-service namespace: default spec: selector: app: crypto-app ports: - protocol: TCP port: 80 targetPort: 5000 type: LoadBalancer secretType: 'dockerRegistry' containerRegistryType: 'Azure Container Registry' </code></pre> </div> <h2> 3. Scan Docker Image with Trivy </h2> <p>Trivy is an open-source scanner for vulnerabilities in container images, it detects vulnerabilities of OS packages (Alpine, Red Hat Universal Base Image, etc.) and application dependencies (Bundler, Composer, npm, yarn, etc.). It is highly configurable and easy to use. In this step, we will be integrating Trivy with our pipeline to scan our Docker image before pushing it to the ACR.</p> <p>To use Trivy, we need to add a new job in our pipeline under the ScanAndPushImage stage. This job will run Trivy to scan the Docker image and report any vulnerabilities found. We will use the Trivy task provided by the Azure DevOps Marketplace.</p> <p>The Trivy task needs the image name and tag to scan, and the scan results are saved in a JSON file. We can configure the task to fail if any critical vulnerabilities are found.</p> <p>Here's the updated pipeline code with the Trivy job:</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> - stage: Scan displayName: 'Scan Image' dependsOn: Build condition: succeeded() jobs: - job: ScanImage displayName: 'Scan Image Job' pool: vmImage: 'ubuntu-latest' steps: - task: Docker@2 displayName: 'Login to ACR' inputs: containerRegistry: 'docker-reg' repository: '$(imageName)' command: 'login' - task: trivy@1 inputs: version: 'latest' docker: false loginDockerConfig: true image: $(acrName).azurecr.io/$(imageName):$(Build.BuildId) ignoreUnfixed: true displayName: Scan Docker image with Trivy </code></pre> </div> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6r5ergud3dh7z8uah1or.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6r5ergud3dh7z8uah1or.png" alt="Trivy result"></a></p> <h2> Conclusion </h2> <p>In conclusion, we have successfully set up a CI/CD pipeline for a React app that includes testing, building, scanning, and deploying. We started by creating a basic React app and setting up a GitHub repository to store the code. Then, we configured an Azure Pipeline that automatically builds, tests, and deploys the app to a Kubernetes cluster running on Azure Kubernetes Service (AKS). We used Docker to containerize the app and stored the container image in an Azure Container Registry (ACR). We also integrated the Trivy vulnerability scanner to scan the Docker image for security issues before deploying it to the cluster.</p> <p>The pipeline consists of several stages, each with its own set of jobs and tasks. In the first stage, the app is tested using Jest and Enzyme, ensuring that it functions correctly before moving on to the next stages. In the second stage, the app is built and a Docker image is created. In the third stage, the Docker image is scanned for vulnerabilities using Trivy, and then pushed to the ACR. In the final stage, the app is deployed to the AKS cluster using Kubernetes.</p> <p>Throughout this project, we have demonstrated how a CI/CD pipeline can help automate the software development process, reducing the chance of errors and increasing the speed of delivery. With the tools and techniques used here, we have also shown how security can be integrated into the pipeline, ensuring that the app is safe to use and deploy in a production environment.</p> <p>In summary, this project provides a solid foundation for building and deploying modern web applications using continuous integration and deployment techniques.</p> <p>Source code: [(<a href="https://github.com/rifkhan107/crypto-currency-sample-website.git)" rel="noopener noreferrer">https://github.com/rifkhan107/crypto-currency-sample-website.git)</a>]</p> azure azuredevops aks trivy