Setting up AWS App2Container - AWS App2Container

Setting up AWS App2Container

Complete these tasks before you use App2Container for the first time.

Sign up for AWS

When you sign up for Amazon Web Services (AWS), your AWS account is automatically signed up for all services in AWS. You are charged only for the services that you use.

If you do not have an AWS account already, use the following procedure to create one.

To create an AWS account

  1. Open https://portal.aws.amazon.com/billing/signup.

  2. Follow the online instructions.

    Part of the sign-up procedure involves receiving a phone call and entering a verification code on the phone keypad.

Decide where containerization will run

To use App2Container on the server where the applications are running, you must set up an AWS profile, install App2Container, and install the Docker engine. If your server does not meet the requirements to containerize your application and deploy it to AWS, or if you do not want to install the Docker engine on the application server, you can set up and use a worker machine. On the worker machine, you can run the steps to containerize your application and deploy it to AWS, or you can set up connectivity between the worker machine and the application servers to run remote commands from the worker machine, targeting the application servers.

The following are example situations where you might decide to set up a worker machine:

  • Your application servers are running in an on-premises data center and they do not have internet access.

  • Your application server is running on a Windows operating system that does not support containers. For more information, see Supported applications.

  • You prefer to use a dedicated server to run the containerization and deployment steps.

  • You want to consolidate your work by using a worker machine to run commands for all of your application servers.

When you set up a worker machine to handle the steps to containerize and deploy your applications, it must have the same base operating system as your application server (Linux or Windows), and the operating system must support containers. We recommend that you launch an Amazon EC2 instance as the worker machine, using an Amazon Machine Image (AMI) that is optimized for Amazon ECS.

Grant permissions to run AWS App2Container commands

App2Container needs access to AWS services in order to run most of its commands. There are two very different sets of permissions needed to run app2container commands.

  • The general purpose IAM user, group, or role can run all of the commands except commands that are run with the --deploy option.

  • For deployment, App2Container must be able to create or update AWS objects for container management services (Amazon ECR with Amazon ECS, Amazon EKS, or AWS App Runner), and to create CI/CD pipelines with AWS CodePipeline. This requires elevated permissions that should only be used for deployment.

We recommend that you create general purpose IAM resources, and if you plan to use App2Container to deploy your containers or create pipelines, that you create separate IAM resources for deployment.

For instructions on how to set up your IAM resources for App2Container, and policy examples that include resources and actions that App2Container needs access to, see Identity and access management in App2Container.

Note

You can use an instance profile to pass an IAM role to an Amazon EC2 instance. App2Container detects if there is an instance profile associated with the application server or worker machine when you run the init command. If it detects an instance profile, the init command prompts if you want to use it.

To find out more about using instance profiles, see Using instance profiles in the IAM User Guide.

Enable remote access for a worker machine (optional)

To enable your worker machine to run remote commands for your application servers, you must ensure that the worker machine can connect.

For the required setup to enable remote access, choose the operating system tab that matches your application server.

Linux

For Linux application servers, you can use SSH key-based or SSH Certificate-based connections. You must ensure that there is network connectivity between the worker machine and the application server, and verify that your worker machine can connect.

Windows

To connect to a Windows application server from a Windows Server 2016 or 2019 worker machine, use the WinRM protocol. Your application server must meet the requirements that are listed for Windows in the Supported applications section of this user guide.

Note

App2Container does not support applications running on Windows client operating systems, such as Windows 7 or Windows 10.

  1. Worker machine

    To ensure that you can run PowerShell scripts on the worker machine, set the PowerShell Execution Policy to one of the following values:

    RemoteSigned

    Example:

    PS> Set-ExecutionPolicy RemoteSigned
    Unrestricted

    Example:

    PS> Set-ExecutionPolicy Unrestricted
  2. Application servers

    Complete the following steps on each application server to enable remote access from the worker machine.

    1. Ensure network connectivity to the application server over WinRM port 5986.

    2. Download the WinRMSetup.ps1 PowerShell script to your application server from the following location: WinRMSetup.ps1.

      Note

      Checksum files for this script can be downloaded using the following links:

    3. Download the New-SelfsignedCertificateEx.ps1 PowerShell script from the Microsoft Technet gallery. The WinRMSetup.ps1 PowerShell script from step 2 uses it to generate a self-signed certificate.

      Note

      This script must run from the same directory where the WinRMSetup.ps1 PowerShell script from step 2 is located.

    4. Run the WinRMSetup.ps1 PowerShell script on the application server. The script ensures that WinRM is enabled, and generates self-signed certificates that are used to secure the connection from the worker machine.

Configure your AWS profile

AWS App2Container requires command line access to AWS resources for containerization and deployment commands. It uses information from your AWS profile to configure access to AWS resources for your account. To run App2Container commands, you must install and configure a command line tool on the application servers and worker machines where you run the commands.

Note
  • AWS Tools for Windows PowerShell is required for running App2Container commands in PowerShell on a Windows server.

  • Tools for Windows PowerShell comes pre-installed on Windows-based Amazon Machine Images (AMIs). If your application server or worker machine is an Amazon EC2 instance that was launched from one of these AMIs, you can skip to configuring your AWS profile. See Shared credentials in the AWS Tools for Windows PowerShell User Guide for more details.

To install the AWS Command Line Interface (AWS CLI) or AWS Tools for Windows PowerShell command line tools, and to configure your AWS profile, follow the instructions on the tab that matches your command line tool.

AWS CLI

To install the AWS CLI and set up your AWS profile, follow these steps:

  1. Install the AWS CLI according to the instructions in the AWS Command Line Interface User Guide. For more information, see Installing the AWS CLI.

  2. To configure your AWS default profile, use the aws configure command. For more information, see Configuration basics in the AWS Command Line Interface User Guide.

Tools for Windows PowerShell

To install Tools for Windows PowerShell and set up your AWS profile, follow these steps:

  1. Install the Tools for Windows PowerShell according to the instructions in the AWS Tools for Windows PowerShell User Guide. For more information see Installing the AWS Tools for Windows PowerShell.

  2. To set up your AWS default profile, use the Initialize-AWSDefaultConfiguration cmdlet. For more information about shared credentials in Tools for Windows PowerShell, see Shared credentials in the AWS Tools for Windows PowerShell User Guide.

After you containerize your applications, you can also use the AWS CLI or Tools for Windows PowerShell to deploy them on AWS, though we recommend using the --deploy option with the generate app-deployment and generate pipeline commands to do your deployment.

Install the Docker engine

App2Container uses the Docker engine (Docker CE) to create container images and generate Dockerfiles that run the containers hosted on Amazon ECS, Amazon EKS, or AWS App Runner. You must install the Docker engine on the application server or worker machine that you'll use to containerize the application using the containerize command.

Use the following procedure to install Docker on Linux.

To install the Docker engine

  1. Install Docker

    Choose your Linux distribution from the following options, and follow instructions to download and install the Docker engine, using the links provided.

     

    Amazon Linux

    To download and install the Docker engine on Amazon Linux instances, see Docker basics for Amazon ECS in the Amazon Elastic Container Service Developer Guide. This works with any Amazon Linux instance.

    RHEL

    Recent versions of RHEL do not natively support the Docker engine. However, you can still download and install the Docker engine on RHEL to create containers that will be hosted and run on Amazon ECS, Amazon EKS, or AWS App Runner. To do this, follow the instructions given for CentOS on the Docker website: Install Docker engine.

    All other supported distributions (CentOS, Ubuntu)

    To download and install the Docker engine for other supported Linux distributions, follow the instructions for your Linux distribution on the Docker website: Install Docker engine.

  2. Verify the Docker installation

    To verify that your Docker installation was successful, run the following command.

    $ docker run -it hello-world

    When the command runs, it pulls the latest hello-world application from the Docker repository, if applicable. When the application has finished downloading, it displays a "Hello" message followed by information on how this command verified your installation of Docker.

Use the following procedure to install Docker on Windows.

To install the Docker engine

  1. Install Docker version 17.07 or later

    To download and install the Docker engine on Windows, see Get started: Prep Windows for containers (Install Docker section).

  2. Verify the Docker installation

    To verify that your Docker installation was successful, run the following command.

    PS> docker run -it hello-world

    When the command runs, it pulls the latest hello-world application from the Docker repository, if applicable. When the application has finished downloading, it displays a "Hello" message followed by information on how this command verified your installation of Docker.