Introduction
In this post, I'll summarize the deployment of the flask Intrusion Detection System to AWS.
NOTE: This is a summary of the project, to access the complete step by step process for the deployment of the project, click the link below
Project Architecture
Here, the AWS services used for the project will be defined, alongside the AWS Architecture diagram
AWS Architecture Diagram
Deployment resources
1. VPC
I made a VPC in the us-east-1 region
- Subnets: Following the VPC, I made 4 subnets in two availability zones:
- Public Subnets: I made two public subnets in the
us-east 1aandus-east 1bavailability zones for the internet-facing Application Load Balancer (ALB) and other resources that require internet. - Private Subnets: I made two private subnets in the
us-east 1aandus-east 1bavailability zones as well but this time it's for my ECS service tasks. This makes a more secure architecture. - Internet Gateway (IGW): Attached the IGW and added it to the VPC's route table to grants the VPC internet access, as newly created VPCs don't have one attached
2. VPC Endpoints
The VPC endpoints enable the ECS tasks in the private subnet to access certain resources.
- ECR and Docker endpoints: Ensure ECS tasks can pull Docker images.
- CloudWatch endpoint: For secure logging.
- S3 gateway endpoint: Access data and configurations securely.
3. Application Load Balancer
- Listener: Configured to forward traffic to the ECS target group. listens on the port 80 (HTTP)
- Target Group: Routes requests to ECS tasks in the private subnets
- Distributes the incoming traffic across the ECS tasks.
4. Elastic Container Registry (ECR)
I used this service to host my docker image.
5. Elastic Container Service (ECS)
- Task Definitions: I Defined the Docker container here and allocated the necessary resources
- Service: This creates the fargate tasks and scales it behind the load balancer.
6. Route 53
- I used this service for DNS configuration for the application domain, routing traffic to the ALB.
Challenges faced and solutions
challenge:
ECS tasks in private subnet could not access the docker image for ECR
Solutions:
I used VPC Endpoints to enable the ECS tasks in the private subnet access the ECR repo.
Future Improvements
I plan to automate the entire deployment by creating a CI/CD pipeline with Code Pipeline and Codebuild.
Thank you for reading, check out my profile, for more Cloud and DevOps posts just like this
Relevant Links
- Checkout the project on my GitHub
VSI12
/
IDS-Project
this is an intrusion detection system
Deploying an Intrusion Detection System to AWS
Project Overview
This Project demonstrates how to build and containerize a flask web-application with docker and deploy it to AWS. This architecture ensures a secure, highly available, fault tolerant and scalable build by leveraging various AWS architectures.
Architecture
- Virtual Private Cloud (VPC): Configured with public and private subnets across two availability zones for high availability and security.
- Interget Gateway: Enables communication between the VPC and the internet
- VPC Endpoints: The VPC endpoints enable the ECS tasks in the private subnet to access certain resources.
Top comments (0)