IAM, ECS, and Task Definition Deployment

Overview

This section describes the configuration steps for IAM, Amazon ECS, and Task Definition to deploy the backend on AWS Fargate.

Deployment Steps

  1. Open IAM > Roles to prepare roles for ECS.

IAM step 1

  1. Create a new role with trusted entity AWS service, select Elastic Container Service, and use case Elastic Container Service Task.

IAM step 2

  1. Name the role lunchsync-ecs-task-role to use as the task role for the backend container, without adding permissions.

IAM step 3 IAM step 4

  1. Create a second role for the execution role, and attach the managed policy AmazonECSTaskExecutionRolePolicy.

IAM step 7

  1. Add an inline policy to the execution role so the ECS agent can read secrets injected into the container at runtime.

IAM step 8

  1. Verify that lunchsync-ecs-execution-role includes both AmazonECSTaskExecutionRolePolicy and secret access permissions.

IAM step 9

  1. Open Amazon ECS and navigate to Clusters.

ECS step 1

  1. Create a new cluster named lunchsync-cluster using Fargate only infrastructure.

ECS step 2

  1. Optionally configure observability features such as Container Insights and ECS Exec.

ECS step 3

  1. Complete cluster creation.

ECS step 4

  1. Open lunchsync-cluster and confirm it is Active with Fargate capacity providers.

ECS step 5

  1. Navigate to Task Definitions and create a new task definition.

ECS step 6

  1. Set:
  • Family: lunchsync-backend
  • Launch type: AWS Fargate
  • OS/Arch: Linux/X86_64
  • Network mode: awsvpc
  • Task role: lunchsync-ecs-task-role
  • Execution role: lunchsync-ecs-execution-role

Task Definition step 1

  1. Add container lunchsync-backend, use image URI from ECR, and expose port 8080.

Task Definition step 2

  1. Configure environment variables and secret mappings (Cognito, database connection, Redis, NODE_ENV, and other runtime configs).

Task Definition step 3

  1. Configure container health check, e.g.: