#!/bin/bash # A script to run a simple ECS task on AWS Fargate using AWS CLI. # --- Configuration --- REGION="us-east-1" ECS_CLUSTER_NAME="MyCLIFargateCluster" TASK_DEFINITION_FAMILY="MyCLIFargateTask" TASK_EXECUTION_ROLE_NAME="MyCLIFargateTaskExecutionRole" CONTAINER_NAME="nginx-container" CONTAINER_IMAGE="nginx:latest" CONTAINER_PORT=80 # --- 1. Get Default VPC and Subnet --- echo "--- Getting Default VPC and Subnet ID ---" VPC_ID=$(aws ec2 describe-vpcs \ --filters "Name=is-default,Values=true" \ --query "Vpcs[0].VpcId" \ --region $REGION \ --output text) if [ -z "$VPC_ID" ]; then echo "Error: Could not find a default VPC. Exiting." exit 1 fi echo "Default VPC ID: $VPC_ID" SUBNET_ID=$(aws ec2 describe-subnets \ --filters "Name=vpc-id,Values=$VPC_ID" "Name=default-for-az,Values=true" \ --query "Subnets[0].SubnetId" \ --region $REGION \ --output text) if [ -z "$SUBNET_ID" ]; then echo "Error: Could not find a default subnet. Exiting." exit 1 fi echo "Default Subnet ID: $SUBNET_ID" # Create a Security Group for the Fargate task (allowing HTTP from anywhere) echo "Creating Security Group for Fargate task..." SG_ID=$(aws ec2 create-security-group \ --group-name "MyCLIFargateSG" \ --description "Allow HTTP for Fargate task" \ --vpc-id $VPC_ID \ --region $REGION \ --query 'GroupId' --output text) aws ec2 authorize-security-group-ingress \ --group-id $SG_ID \ --protocol tcp \ --port $CONTAINER_PORT \ --cidr 0.0.0.0/0 \ --region $REGION echo "Security Group created with ID: $SG_ID" # --- 2. Create ECS Cluster --- echo -e "\n--- Creating ECS Cluster: $ECS_CLUSTER_NAME ---" aws ecs create-cluster \ --cluster-name $ECS_CLUSTER_NAME \ --region $REGION echo "ECS Cluster created." # --- 3. Create Task Execution Role --- echo -e "\n--- Creating Task Execution Role: $TASK_EXECUTION_ROLE_NAME ---" TRUST_POLICY_JSON=$(cat <<-EOF { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "ecs-tasks.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } EOF ) TASK_EXECUTION_ROLE_ARN=$(aws iam create-role \ --role-name $TASK_EXECUTION_ROLE_NAME \ --assume-role-policy-document "$TRUST_POLICY_JSON" \ --query 'Role.Arn' --output text) # Attach the managed policy for Fargate task execution aws iam attach-role-policy \ --role-name $TASK_EXECUTION_ROLE_NAME \ --policy-arn arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy echo "Task Execution Role created with ARN: $TASK_EXECUTION_ROLE_ARN" echo "Waiting for IAM role to propagate..." sleep 10 # --- 4. Register Task Definition --- echo -e "\n--- Registering Task Definition: $TASK_DEFINITION_FAMILY ---" TASK_DEFINITION_JSON=$(cat <<-EOF { "family": "$TASK_DEFINITION_FAMILY", "networkMode": "awsvpc", "cpu": "256", "memory": "512", "executionRoleArn": "$TASK_EXECUTION_ROLE_ARN", "containerDefinitions": [ { "name": "$CONTAINER_NAME", "image": "$CONTAINER_IMAGE", "portMappings": [ { "containerPort": $CONTAINER_PORT, "protocol": "tcp" } ] } ], "requiresCompatibilities": ["FARGATE"] } EOF ) TASK_DEFINITION_ARN=$(aws ecs register-task-definition \ --cli-input-json "$TASK_DEFINITION_JSON" \ --region $REGION \ --query 'taskDefinition.taskDefinitionArn' --output text) echo "Task Definition registered: $TASK_DEFINITION_ARN" # --- 5. Run Task on Fargate --- echo -e "\n--- Running ECS Task on Fargate ---" TASK_ARN=$(aws ecs run-task \ --cluster $ECS_CLUSTER_NAME \ --task-definition $TASK_DEFINITION_FAMILY \ --launch-type FARGATE \ --network-configuration "awsvpcConfiguration={subnets=[$SUBNET_ID],securityGroups=[$SG_ID],assignPublicIp=ENABLED}" \ --region $REGION \ --query 'tasks[0].taskArn' --output text) echo "Fargate task started with ARN: $TASK_ARN" echo "Waiting for task to be running..." aws ecs wait tasks-running --cluster $ECS_CLUSTER_NAME --tasks $TASK_ARN --region $REGION echo "Fargate task is running." # Get public IP of the task TASK_ENI_ID=$(aws ecs describe-tasks \ --cluster $ECS_CLUSTER_NAME \ --tasks $TASK_ARN \ --query 'tasks[0].attachments[0].details[?name==`networkInterfaceId`].value' \ --output text \ --region $REGION) PUBLIC_IP=$(aws ec2 describe-network-interfaces \ --network-interface-ids $TASK_ENI_ID \ --query 'NetworkInterfaces[0].Association.PublicIp' \ --output text \ --region $REGION) echo -e "\n--- Fargate Task Running Successfully! ---" echo "Task ARN: $TASK_ARN" echo "Public IP Address: $PUBLIC_IP" echo "You can access the Nginx server at: http://$PUBLIC_IP" read -p "Press Enter to stop the task and clean up resources..." # --- Clean Up --- echo -e "\n--- Cleaning up resources ---" # Stop Task echo "Stopping Fargate task '$TASK_ARN' நான" aws ecs stop-task \ --cluster $ECS_CLUSTER_NAME \ --task $TASK_ARN \ --region $REGION echo "Waiting for task to stop..." aws ecs wait tasks-stopped --cluster $ECS_CLUSTER_NAME --tasks $TASK_ARN --region $REGION echo "Fargate task stopped." # Deregister Task Definition echo "Deregistering Task Definition '$TASK_DEFINITION_ARN' நான" aws ecs deregister-task-definition \ --task-definition $TASK_DEFINITION_ARN \ --region $REGION echo "Task Definition deregistered." # Delete ECS Cluster echo "Deleting ECS Cluster '$ECS_CLUSTER_NAME' நான" aws ecs delete-cluster \ --cluster $ECS_CLUSTER_NAME \ --region $REGION echo "ECS Cluster deleted." # Detach and Delete IAM Role Policy echo "Detaching policy from IAM Role '$TASK_EXECUTION_ROLE_NAME' நான" aws iam detach-role-policy \ --role-name $TASK_EXECUTION_ROLE_NAME \ --policy-arn arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy \ --region $REGION echo "Deleting IAM Role '$TASK_EXECUTION_ROLE_NAME' நான" aws iam delete-role \ --role-name $TASK_EXECUTION_ROLE_NAME \ --region $REGION echo "IAM Role deleted." # Delete Security Group echo "Deleting Security Group '$SG_ID' நான" aws ec2 delete-security-group \ --group-id $SG_ID \ --region $REGION echo "Security Group deleted." echo -e "\n--- Fargate task demonstration and cleanup complete ---"