Skip to content

Application Common

All applications share a common set of infrastructure components that are set up in this guide.

The stack will set up an ECS cluster for the current Environment and a rule for fetching public images through the ECR repository.

Step 1: Create a new configuration file

Create a new configuration file for common application components:

repo-iac/environments/dev/_config/app-common.yml
StackName: "app-common"

Step 2: Add and install the app-common package

Run the following command:

repo-iac/environments/dev/
ok pkg add app-common

This will add the package you want to install to packages.yml. If you want to know more about how this works, read the reference documentation for packages.yml.

Then, run the following command to install the package:

repo-iac/environments/dev/
ok pkg install app-common

Step 3: Initialize and apply the app-common stack

repo-iac/environments/dev
cd app-common/
terraform init
terraform apply

Step 4: Perform initial pull for ECR

What's this?

If you previously pulled the following image:

public.ecr.aws/nginx/nginx:latest

You can now pull the image via the ECR pull through cache address:

${var.account_id}.dkr.ecr.${var.region}.amazonaws.com/${var.environment}-ecr-public/nginx/nginx:latest

In other words, the original upstream registry URL:

public.ecr.aws/

Is replaced with:

${var.account_id}.dkr.ecr.${var.region}.amazonaws.com/${var.environment}-ecr-public/

ECR pull through cache is enabled by default, but can be configured with the following:

repo-iac/environments/dev/_config/app-common.yml
EcrPullThroughCache:
  Enable: true

Each image will get a separate ECR repository and needs a unique lifecycle policy, specify the upstream images you need:

repo-iac/environments/dev/app-common/config_override.tf
pull_through_cache_repositories = [
  "aws-observability/aws-otel-collector",
  "nginx/nginx-prometheus-exporter",
  "nginx/nginx"
]
pull_through_cache_ecr_max_image_count = 15

Then run the following to populate ECR with the latest version of nginx/nginx:

repo-iac/environments/dev/app-common/bin
bash _gp_ecr_pull_through_cache_init.sh -i nginx/nginx

If a specific tag is required, use the -t flag:

repo-iac/environments/dev/app-common/bin
bash _gp_ecr_pull_through_cache_init.sh -i nginx/nginx -t alpine-slim

Repeat for each image in the list defined previously in config_override.tf.

Subsequent pulls will not require access to the internet

Step 5: Verify

To verify that a new ECS cluster has been created, run the following command:

aws ecs list-clusters | jq '.clusterArns'

The output list should contain the name of the ECS cluster you just created.

Login to the AWS console and navigate to ECS.

The list should contain the name of the ECS cluster you just created.


Commit your files

At this stage it is a good idea to commit your files.

Next step

Set up an application.