Infrastructure

The ecs-cli spins up infrastructure on your behalf in your account to help you get your containers running on ECS and AWS. In this section, we'll go over the different infrastructure that's set up for you, why we set it up, and what it looks like.

Environments

When you create your applications, you deploy them to a particular environment. Each environment has its own networking stack, load balancer, and ECS Cluster.

When you create a new environment, through archer env init (or through the first app init experience), we'll set up an environment for you. The basic infrastructure of an environment looks like this:

Environment Stack

VPC and Networking

Each environment gets its own multi-AZ VPC. Your VPC is the network boundary of your environment, allowing the traffic you expect in and out, and blocking the rest. The VPCs we create are spread across two availability zones to help balance availability and cost - with each AZ getting a public and private subnet.

We partition your VPC into a public and private subnet. When we launch your applications, we launch them into your private subnet so that they can't be reached from the internet, unless through your load balancer. In order to route traffic from your private subnets to the internet (when your service makes a request, for example), we also spin up a NAT Gateway and Elastic IP.

Load Balancers and DNS

If you set up any application using one of the Load Balanced application types, we'll create a load balancer. In the case of a Load Balanced Web App, we'll create an Application Load Balancer, specifically. All applications within a particular environment will share a load balancer by creating app specific listeners on it. Your load balancer is whitelisted to communicate with services in your VPC.

Optionally, when you set up a project, you can provide a domain name that you own and is registered in Route 53. If you provide us a domain name, each time you spin up an environment, we'll create a subdomain environment-name.your-domain.com, provision an ACM cert, and bind it to your Application Load Balancer so it can use HTTPS. You don't need to provide a domain name, but if you don't you'll have to use HTTP connections to your application load balancer.

Moved to https://aws.github.io/copilot-cli/

Infrastructure

Environments

VPC and Networking

Load Balancers and DNS

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally