Thanks a lot.. I enjoy your videos. The theory you do before the hands-on is what I enjoy best. Plus, the scenario of a virtual organization is just wonderful. It really helps me understand what I'm about to do and why I do it.. Thanks again
I am going to smoke this video. I just finished watching. Tomorrow I'm practicing and he day after I'm teaching. Thankkkkk you very much. I just enjoy the way you explain.
Awesome video, hope to see soon your training for aws architect. I agree with the other comments,your theory explanation and later labs makes easy to understand and later get deeper knowledge. I would love to see the same in other technologies like cloudformation, terraform , CDK.
Thank you for your feedback. I am glad you found the lab on the AWS Fargate technologies useful. Yes, we are building our course and will release soon. Best wishes
Great stuff, just a suggestion, if there can be follow up videos on troubleshooting if things are not working as expected because of some mistake while setting up..
At 32:07, you say that "Each tasks are isolated (Okay) and does not share the underlying kernel, CPU or memory with another task.". But later you say that the tasks access a shared pool of resources. I'm confused here, I think the first statement is completely right.
Hi Jay, Sorry for the confusion, but yes, each task is deployed in an isolated environment. When I said a shared pool of resources, what you must remember is that Fargate ECS tasks are likely to run on physical hardware that are shared by other customers or your other applications. However, when you deployed two tasks that belong to a specific application and cluster, those tasks will be isolated on different resources. but ultimately, you are still sharing a pool of backend resources other application stacks or customers. Hope this clarifies the statement.
Thank you for your reply. The diagrams and animation are designed in PowerPoint and you can access the AWS icons here aws.amazon.com/architecture/icons/ Best wishes
Thank you for the great content! So much well structured and explained useful info! I'm trying now to write my own backend in node.js, and I have a question: How does the DB credentials rotation is done on the backend side? Is the retrieving the secret from SecretsManager and reestablishing connection to the DB is done for every request?
Also, NAT gateway costs some 0.062 USD per hour, which means that per month that would cost around $44 (not "a couple of dollars"). Just to have the ability to do some apt updates... is there cheaper solutions?
There is a file in the repository called db.php. This file retrieves the secret name from the #Amazon ECS Environmental Variable and then proceeds to dynamically retrieve the credentials from #AWS Secrets Manager. This means that whenever the script is executed, it will query AWS Secrets Manager for the current credentials. This is advantageous because: - It ensures that the script always has access to the latest credentials. - It reduces the risk of hardcoding sensitive information like database credentials directly in the code. Have a look at the db.php file which is included in the zipped file. Hope this helps Thanks
Depending on which updates you need, you could store them in an S3 bucket and retrieve them via a VPC endpoint. This article provides more details - repost.aws/questions/QUmfyiKedjTd225PQS7MlHQQ/vpc-nat-gateway-vs-vpc-endpoint-pricing
Why did you need to specify the ecr repository url in the docker build command? the image is stored locally until you push it to the repo anyway right? thanks!
Hi Harry You are right, you do not need to specify the ECR repository URL during the build command. Howerver, you would then need to at least tag your image so you can push the image to repository. The step shown in the video basically bypasses that step. So if you look at the ECR push commands you will note that you would need to tag it before you push it. So this step in the video just avoids that step. But both options are correct. Hope this helps
thanks for this project. Just wanted to know that why you connected database subnets with NAT gateway? I tried to detach the NAT from my DB-subnets but the app doesn't work if i detach the db-subnets from NAT, In reality db-instances should be in a subnet without NAT. Please correct me if i am wrong. thanks
Hi Sharafat Thank you for your message, As a general rule, you should not to configure the route table associated with the database subnets with a route to an external network via a NAT gateway. This is because AWS manages the RDS database for you. However, in this architecture, you are making use of AWS Secrets Manager which has a rotation function that is supported by Lambda. This Lambda function has an Elastic Network Interface in the same subnet(s) as the RDS database so that it can periodically change the database password and then update Secrets Manager - to that end, the Lambda function needs the NAT gateway to access Secrets Manager. Alternatively, you would need to configure a VPC endpoint if you do not want to use a NAT gateway. When you detach the db-subnets from NAT, did you create create another route table for the db-subnets? Remember all subnets must be associated with a route table (with at least a local route) to route traffic within the VPC. Let me know Hope this helps?
I followed this step by step but got an error when deploying the service. Anyone experienced the same error? There was an error deploying ritual-roast-svc
Thanks a lot..
I enjoy your videos. The theory you do before the hands-on is what I enjoy best. Plus, the scenario of a virtual organization is just wonderful.
It really helps me understand what I'm about to do and why I do it.. Thanks again
Thank you for your feedback. I'm glad to hear you found the tutorial useful on Amazon ECS Fargate.
Can’t thank you enough. Very organized. I appreciate your time and effort. I learned a lot. May God bless you!
I'm glad you found it helpful, and thank you for the kind words!
I am going to smoke this video. I just finished watching. Tomorrow I'm practicing and he day after I'm teaching. Thankkkkk you very much. I just enjoy the way you explain.
Thank you for your kind words. I am glad you found this AWS Fargate Tutorial useful. All I ask is like and share in return 🙏
@@awstraining definitely will
Best video I found so far..Thanks
Thanks so much for your kind words, I'm glad you found it useful!
Very good presentation, complete and easy to follow. Nice work. Thanks.
Thank you for your valuable feedback. We will be bringing more project videos soon on AWS
Absolutely a smooth and straightforward demonstrations. A real Pleasure to follow such enriching e-content. Thanks .
Thanks so much for your kind words, I'm glad you found it the AWS Fargate Tutorial useful.
You don't know how much the video helps me. Thank you very much!
Thank you so much for your kind words and valuable feedback. I am glad you found the tutorial on AWS ECS Fargate helpful. Best wishes
I really feel like I should be paying to watch this video, it feels wrong not to pay...
AMAZING CONTENT!...
@@sean_reyes Haha… thank you for you kind feedback. All you need to do is like, subscribe and please share! Best wishes
Great video, implemented projec
Thank you. I am glad you found it useful. Best wishes
having a simple website example gave me the courage to dive in
Awesome video, hope to see soon your training for aws architect. I agree with the other comments,your theory explanation and later labs makes easy to understand and later get deeper knowledge. I would love to see the same in other technologies like cloudformation, terraform , CDK.
Thank you for your feedback. I am glad you found the lab on the AWS Fargate technologies useful. Yes, we are building our course and will release soon.
Best wishes
This is an amazing video :) You saved me literally thank you :)
I'm glad you found it helpful!
What an explanation..!! It's very clear and simple to understand. Thank you.
Thank you Kiran. Best wishes
Great tutorial. Very organized and detailed.
Glad it was helpful!
Thank you for comprehensive tutorial
Glad it was helpful!
Can you please also do a video without nat gateway and use vpc endpoints. It would be great.
That's a great suggestion, I'll add it to my list!
Great stuff, just a suggestion, if there can be follow up videos on troubleshooting if things are not working as expected because of some mistake while setting up..
Great commentary ! Excellent!
Glad you liked it!
At 32:07, you say that "Each tasks are isolated (Okay) and does not share the underlying kernel, CPU or memory with another task.". But later you say that the tasks access a shared pool of resources.
I'm confused here, I think the first statement is completely right.
Hi Jay,
Sorry for the confusion, but yes, each task is deployed in an isolated environment. When I said a shared pool of resources, what you must remember is that Fargate ECS tasks are likely to run on physical hardware that are shared by other customers or your other applications. However, when you deployed two tasks that belong to a specific application and cluster, those tasks will be isolated on different resources. but ultimately, you are still sharing a pool of backend resources other application stacks or customers.
Hope this clarifies the statement.
I love the way to teach ECS concepts.
Can you share with us which tool or software you are using for diagram animations?
Thank you for your reply.
The diagrams and animation are designed in PowerPoint and you can access the AWS icons here aws.amazon.com/architecture/icons/
Best wishes
Thank you! Great tutorial
Thank you for your feedback. Please do share
Very Good!
Thanks, glad you liked it!
Thanks, glad you liked it!
Thank you for the great content! So much well structured and explained useful info!
I'm trying now to write my own backend in node.js, and I have a question:
How does the DB credentials rotation is done on the backend side? Is the retrieving the secret from SecretsManager and reestablishing connection to the DB is done for every request?
Also, NAT gateway costs some 0.062 USD per hour, which means that per month that would cost around $44 (not "a couple of dollars"). Just to have the ability to do some apt updates... is there cheaper solutions?
There is a file in the repository called db.php. This file retrieves the secret name from the #Amazon ECS Environmental Variable and then proceeds to dynamically retrieve the credentials from #AWS Secrets Manager.
This means that whenever the script is executed, it will query AWS Secrets Manager for the current credentials. This is advantageous because:
- It ensures that the script always has access to the latest credentials.
- It reduces the risk of hardcoding sensitive information like database credentials directly in the code.
Have a look at the db.php file which is included in the zipped file.
Hope this helps
Thanks
Depending on which updates you need, you could store them in an S3 bucket and retrieve them via a VPC endpoint. This article provides more details - repost.aws/questions/QUmfyiKedjTd225PQS7MlHQQ/vpc-nat-gateway-vs-vpc-endpoint-pricing
awesome. pl create on EKS
I'm glad you liked it! I'll be working on an EKS tutorial soon, stay tuned!
really very helpful
Thank you for your valuable feedback
Why did you need to specify the ecr repository url in the docker build command? the image is stored locally until you push it to the repo anyway right? thanks!
Hi Harry
You are right, you do not need to specify the ECR repository URL during the build command. Howerver, you would then need to at least tag your image so you can push the image to repository. The step shown in the video basically bypasses that step. So if you look at the ECR push commands you will note that you would need to tag it before you push it. So this step in the video just avoids that step. But both options are correct.
Hope this helps
thanks for this project. Just wanted to know that why you connected database subnets with NAT gateway? I tried to detach the NAT from my DB-subnets but the app doesn't work if i detach the db-subnets from NAT, In reality db-instances should be in a subnet without NAT. Please correct me if i am wrong. thanks
Hi Sharafat
Thank you for your message, As a general rule, you should not to configure the route table associated with the database subnets with a route to an external network via a NAT gateway. This is because AWS manages the RDS database for you. However, in this architecture, you are making use of AWS Secrets Manager which has a rotation function that is supported by Lambda. This Lambda function has an Elastic Network Interface in the same subnet(s) as the RDS database so that it can periodically change the database password and then update Secrets Manager - to that end, the Lambda function needs the NAT gateway to access Secrets Manager. Alternatively, you would need to configure a VPC endpoint if you do not want to use a NAT gateway.
When you detach the db-subnets from NAT, did you create create another route table for the db-subnets? Remember all subnets must be associated with a route table (with at least a local route) to route traffic within the VPC.
Let me know
Hope this helps?
@@awstraining Thanks for you response, No i didnot add the alternative route in route-table.
I followed this step by step but got an error when deploying the service. Anyone experienced the same error?
There was an error deploying ritual-roast-svc
Hi
Let me know what error you are getting. Error messages etc
Thanks
how much is that expected cost for this entire setup? for every month.
Please make videos on sqs
thanks I hate it