Skip to content

Application Common

All applications share a common set of infrastructure components that are set up in this guide.

The stack will set up an ECS cluster for the current Environment and a rule for fetching public images through the ECR repository.

Step 1: Add and configure the app-common package

repo-iac/environments/dev/
ok pkg add app-common
cd app-common

Update package-config.yml with your preferences.

Step 2: Install the package

repo-iac/environments/dev/app-common/
ok pkg install

Step 3: Initialize and apply the app-common stack

repo-iac/environments/dev/app-common/
terraform init
terraform apply

Step 4: Perform initial pull for ECR

What's this?

If you previously pulled the following image:

public.ecr.aws/nginx/nginx:latest

You can now pull the image via the ECR pull through cache address:

${var.account_id}.dkr.ecr.${var.region}.amazonaws.com/${var.environment}-ecr-public/nginx/nginx:latest

In other words, the original upstream registry URL:

public.ecr.aws/

Is replaced with:

${var.account_id}.dkr.ecr.${var.region}.amazonaws.com/${var.environment}-ecr-public/

ECR pull through cache is enabled by default, but can be configured with the following:

repo-iac/environments/dev/app-common/package-config.yml
EcrPullThroughCache:
  Enable: true

Each image will get a separate ECR repository and needs a unique lifecycle policy, specify the upstream images you need:

repo-iac/environments/dev/app-common/config_override.tf
pull_through_cache_repositories = [
  "aws-observability/aws-otel-collector",
  "nginx/nginx-prometheus-exporter",
  "nginx/nginx"
]
pull_through_cache_ecr_max_image_count = 15

Then run the following to populate ECR with the latest version of nginx/nginx:

repo-iac/environments/dev/app-common/bin
bash _gp_ecr_pull_through_cache_init.sh -i nginx/nginx

If a specific tag is required, use the -t flag:

repo-iac/environments/dev/app-common/bin
bash _gp_ecr_pull_through_cache_init.sh -i nginx/nginx -t alpine-slim

Repeat for each image in the list defined previously in config_override.tf.

Subsequent pulls will not require access to the internet

Step 5: Verify

To verify that a new ECS cluster has been created, run the following command:

aws ecs list-clusters | jq '.clusterArns'

The output list should contain the name of the ECS cluster you just created.

Login to the AWS console and navigate to ECS.

The list should contain the name of the ECS cluster you just created.


Commit your files

At this stage it is a good idea to commit your files.

Next step

Set up an application.