Deploying a backend server to AWS ECS (Elastic Container Service) can be a complex task, but with the right steps, it can be accomplished efficiently. This guide will walk you through the process of deploying any backend server to AWS ECS, whether you're using Fargate or EC2, with auto-scaling capabilities which can be connected to your own domain.

Setting up EC2 Security Group, ECR and IAM user for AWS CLI

• Go to EC2 > Security Groups > Create security Group Provide it name like backend-sg and description. Add an Inbound rule: HTTP (80), Anywhere IPv4. Create security group.
  
• Go to ECR > Create repository Provide it a repo name like sample/backend where sample is a namespace and backend is the repo name. Keep other configurations to default and Create repository.
  
• Go to IAM > Create user Provide it a name like ecr-push. Check AWS Management console, uncheck reset password.
  
• Attach policies: AmazonEC2ContainerRegistryFullAccess, AmazonECS_FullAccess, AmazonS3FullAccess. Create user.
  
• Next, click on the created user and Click on Create access key and note down the Access key ID and Secret access key. You will need these to configure AWS CLI.
  

Setting up sample Express.JS TypeScript backend, dockerizing and pushing it to ECR with AWS CLI

• Open your project root folder in VS Code. Install Dev Containers VS Code Extension. Make sure you have already installed Docker Desktop on your PC and is running. Click CTRL + Shift + P and search for Dev Containers: Add Dev Container configuration files. Add configuration as per your backend tech stack. For ExpressJS TypeScript, I am using the configuration: Add configuration to workspace > From a predefined container configuration template > Node.js & Typescript > 22-bookworm. It will create a .devcontainer folder in your project root with devcontainer.json. Add the below code to the devcontainer.json
  devcontainer.json

  "runArgs": [  "--privileged"]

  Now, click CTRL + Shift + P and search for Dev Containers: Reopen in Container. It will take some time to build the container and reopen the VS Code in the container.
  
• Install Docker
  sudo apt updatesudo apt install docker.io -ysudo systemctl start dockersudo systemctl enable dockersudo usermod -aG docker $USERsudo service docker startsudo service docker status

• Create a Dockerfile in the root of your project and set it up as per your backend tech stack. Below is a sample Dockerfile for ExpressJS TypeScript backend.
  Dockerfile

  FROM node:22-bookwormWORKDIR /appCOPY package*.json ./RUN npm installCOPY . .CMD ["npm", "start"]

• Now we need to install AWS CLI and configure it with the IAM user credentials. Run the below commands in the terminal to download AWS CLI. It will create a zip file in your root folder.
  Dockerfile

  curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"

  Unzip the downloaded file with the below command. It will create a folder named aws
  unzip awscliv2.zip

  Install AWS CLI with the below command. Make sure the root project folder name does not have any spaces, else the command will fail.
  sudo ./aws/install

  Now you can delete both awscliv2.zip and aws folder. Configure AWS CLI with the below command. Provide the Access key ID, Secret access key, region (like us-east-1) and output format (like json).
  mkdir ~/.awscat > ~/.aws/credentials <<EOF[default]aws_access_key_id=<YOUR_ACCESS_KEY_ID>aws_secret_access_key=<YOUR_SECRET_ACCESS_KEY>EOFcat > ~/.aws/config <<EOF[default]region=<YOUR_AWS_REGION>output=jsonEOF

• Go to ECR > Your repository > View push Commands
  
  Modify the 1st command and add sudo before docker command. Also add sudo before the rest of the commands. Run the below commands one by one to build your docker image and push it to ECR. Make sure to replace <YOUR_AWS_ACCOUNT_ID> and <YOUR_AWS_REGION> with your actual AWS account ID and region.
  sudo aws ecr get-login-password --region <YOUR_AWS_REGION> | sudo docker login --username AWS --password-stdin <YOUR_AWS_ACCOUNT_ID>.dkr.ecr.<YOUR_AWS_REGION>.amazonaws.com

  sudo docker build -t sample/backend .sudo docker tag sample/backend:latest 684187848175.dkr.ecr.us-east-1.amazonaws.com/sample/backend:latestsudo docker push 684187848175.dkr.ecr.us-east-1.amazonaws.com/sample/backend:latest

Setting up AWS ECS and deploying the backend server with auto-scaling

• Go to ECS > Clusters > Create Cluster. Give it a name and select AWS Fargate and monitoring.
  
• Next, we need to create a Task Definition. Go to ECS > Task Definitions > Create new Task Definition. Provide it a name, Select AWS Fargate. Set CPU and Memory as per your requirement. Select the created security group in the Network section. In Container-1 provide a name and click on Browse ECR Images. Choose your repository and select tag. Put Port mapping as 80 and protocol as TCP. Click on Add. Add a environment variable PORT 80 Create the Task Definition. In health check, put CMD-SHELL, curl -f http://localhost:80/<HEALTH_CHECK_ENDPOINT> || exit 1 and set the start period to 60 seconds.
  
  Set the port mapping to 80 and protocol to TCP. Click on Add. Keep everything else as default. Create the Task Definition.
• Go to your ECS cluster, Create Service. Select task definition, revision latest, set security group as the one created earlier. Check use the load balancer. Set Application Load Balancer, create new load balancer. Give target group name and health check path. Keep everything else as default. Check service auto-scaling, set minimum capacity 1, maximum capacity 10 (or as per your choice). Set scaling policy to target tracking, set the metric type to AWS/ECS, ServiceAverageCPUUtilization and target value to 50. Create service.
  
  App will be deployed - click task and see public ip or you can go to EC2 > Load Balancer > The load balancer and get the DNS Name like backend-alb-1246242991.us-east-1.elb.amazonaws.com of the load balancer

Enabling HTTPS and Connecting custom domain to the backend server

To enable HTTPS and connect your custom domain to the backend server deployed on AWS ECS, you can use AWS Certificate Manager (ACM) to obtain an SSL/TLS certificate and configure DNS settings with your domain provider (I am using Hostinger).

• Now in order to make it accessible on HTTPS and connect a domain, put these CAA records in Hostinger
  Name Flag Tag       CA Domain  TTL@    0    issue     amazon.com 0@    0    issuewild amazon.com 0

  
• Go to Certificate Manager (ACM) > Request > Request public certificate. Add domain name (I am using backend.sumandebnath.site), dns verification, add the CNAME to your domain provider panel (I am using Hostinger) and Then submit. Wait for some time till it gets issued.
  
  
• Next, Go to EC2 > security groups > edit security group > Edit inbound rules. Add new rule HTTPS 443 (Anywhere IPv4). Then, go to EC2 > Load Balancers. Select your load balancer and add a new listener, select HTTPS 443, select target group as earlier, set certificate source as from ACM select the certificate, keep everything else as default and add the listener.
  
• Now your app is set and you just need to connect it to your own domain as a subdomain, for that you can set up a A Record in your provider if you want to use the ALB IP Address or you can set the CNAME record that maps to the domain name of our ALB (recommended). For that go toEC2 > Load Balancers > Select your load balancer > Copy the DNS name and add a CNAME record in your domain provider panel (I am using Hostinger): Put name as your desired subdomain and put target as the DNS.
  

Now, you can access your backend server on your custom domain with HTTPS enabled. You can access your backend as https://>SUBDOMAIN>.>YOUR_DOMAIN> like https://backend.sumandebnath.site.

Now, each time you want to update your backend server, you just need to make the changes in your code, build the docker image, push it to ECR and then update the service in ECS to use the new image and force a new deployment. The auto-scaling will take care of scaling your service based on the CPU utilization.

You can also set up CI/CD pipelines using AWS CodePipeline, GitHub Actions or other tools to automate the deployment process. I will update this blog with a comprehensive guide on setting up CI/CD with GitHub Actions so that each time you update your backend code and push to GitHub, a new ECR image will be automatically generated and deployed to ECS.

This guide provides a comprehensive overview of deploying a backend server to AWS ECS with auto-scaling and connecting it to your own domain. Make sure to monitor your application and adjust scaling policies as needed to ensure optimal performance and cost-efficiency.

Hope this blog was helpful to you. If you have any questions or need further assistance, feel free to leave a message below or reach out to me directly. Happy coding! 😊