13.11.2018

AWS: Running a docker-image with ECS (part 3): Stop it!

After running a docker-image on ECS i tried to stop my service:



But after a view seconds the task was respawned:


Hmmm - "select cancel and update the service to stop the task"...
"Update the service" is not so difficult:
But there is no stop button.
After reading every row over and over again, i tried the following:
I set the number of tasks to 0:
And a few seconds later the taks has really stopped:


AWS: Running a docker-image with ECS (part 2)

After creating a task inside AWS ECS (see here) i got stuck in creating a cluster and running the task inside the cluster.

So i deleted the cluster and startet with this page:

And here we go:

I chose "nginx":





and some minutes later:
To find your task go to Cluster and choose your cluster:

 Open the tab "Tasks":

 and click on the Task name "6b...." or respectively your name:

Here you get the public ip, which you can use for a first contact with your task:



12.11.2018

AWS: Running a docker-image with ECS

After reading some parts of the AWS documentation i decided to launch a docker-image via ECS - or better i will try to launch nginx.

Go to Amazon ECS and click on "Task Definitions":

 Then "Create new Task Definition"
 and then "FARGATE":


After adding a name you have to click "add container" and put in nginx + nginx:latest:

Then go back to  "Task Definitions" and choose "Actions"
 If you select "Run Task", you will end up with this window:


"Cluster: None Available" - so next step is to add a FARGATE cluster:






Running a task definition will be a task in another posting ;-)

11.11.2018

AWS: Networking - Virtual Privat Cloud

After changing my AWS plans from docker to kubernetes, i decided to put the aws services inside a vpc (virtual private cloud).
With this decision my AWS services are not reachable from the internet - only my laptop can access them ;-)
Here the official pictures from aws:



Here is a list of customer gateway devices, for which amazon provides configuration settings:
  • Check Point Security Gateway running R77.10 (or later) software
  • Cisco ASA running Cisco ASA 8.2 (or later) software
  • Cisco IOS running Cisco IOS 12.4 (or later) software
  • Dell SonicWALL running SonicOS 5.9 (or later) software
  • Fortinet Fortigate 40+ Series running FortiOS 4.0 (or later) software
  • Juniper J-Series running JunOS 9.5 (or later) software
  • Juniper SRX running JunOS 11.0 (or later) software
  • Juniper SSG running ScreenOS 6.1, or 6.2 (or later) software
  • Juniper ISG running ScreenOS 6.1, or 6.2 (or later) software
  • Netgate pfSense running OS 2.2.5 (or later) software.
  • Palo Alto Networks PANOS 4.1.2 (or later) software
  • Yamaha RT107e, RTX1200, RTX1210, RTX1500, RTX3000 and SRT100 routers
  • Microsoft Windows Server 2008 R2 (or later) software
  • Microsoft Windows Server 2012 R2 (or later) software
  • Zyxel Zywall Series 4.20 (or later) software for statically routed VPN connections, or 4.30 (or later) software for dynamically routed VPN connections
The following requirements have to be met:
IKE Security Association (required to exchange keys used to establish the IPsec security association)
IPsec Security Association (handles the tunnel's encryption, authentication, and so on.)
Tunnel interface (receives traffic going to and from the tunnel)
Optional
BGP peering (exchanges routes between the customer gateway and the virtual private gateway) for devices that use BGP

I do not own one of these devices, but i hope that the linux laptop can configured as customer gateway with appropriate ipsec settings.

So let's configure the VPC at AWS:


 And create a subnet for this vpc:



After that you have to add a virtual private gateway:




and attach it to your vpc:



You have to add a route from the VPC to your local network:


Then create a vpn connection:





 Then download the configuration:
and hurray: AWS provides a strongswan configuration:
After i downloaded the file an followed the instructions provided there, i was able to connect and the aws dashboard showed that the connection is up:


and on my local machine:
root@zerberus:~/AWS# ipsec status
Security Associations (1 up, 0 connecting):
     Tunnel1[1]: ESTABLISHED 3 seconds ago, 192.168.178.60[XX.YY.YY.XX8]...34.246.243.178[34.246.243.178]
     Tunnel1{1}:  INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: cb84b8e5_i 488e669b_o
     Tunnel1{1}:   0.0.0.0/0 === 0.0.0.0/0