{"id":16471766,"url":"https://github.com/willis0826/ecs-flask-openresty","last_synced_at":"2026-05-15T14:08:33.050Z","repository":{"id":125420739,"uuid":"232067151","full_name":"Willis0826/ecs-flask-openresty","owner":"Willis0826","description":"This is a demo of using AWS ECS, Flask and Openresty with CI/CD","archived":false,"fork":false,"pushed_at":"2023-05-29T12:14:11.000Z","size":2580,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-02-28T10:09:04.870Z","etag":null,"topics":["aws","ecs","flask","openresty","semaphore-ci"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Willis0826.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-01-06T09:28:44.000Z","updated_at":"2024-07-28T15:54:14.000Z","dependencies_parsed_at":null,"dependency_job_id":"27a7bb40-dc5c-45ec-9d91-e12c1cfcf53f","html_url":"https://github.com/Willis0826/ecs-flask-openresty","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Willis0826/ecs-flask-openresty","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Willis0826%2Fecs-flask-openresty","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Willis0826%2Fecs-flask-openresty/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Willis0826%2Fecs-flask-openresty/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Willis0826%2Fecs-flask-openresty/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Willis0826","download_url":"https://codeload.github.com/Willis0826/ecs-flask-openresty/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Willis0826%2Fecs-flask-openresty/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33068947,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-15T11:35:32.926Z","status":"ssl_error","status_checked_at":"2026-05-15T11:35:31.362Z","response_time":103,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","ecs","flask","openresty","semaphore-ci"],"created_at":"2024-10-11T12:14:36.981Z","updated_at":"2026-05-15T14:08:33.020Z","avatar_url":"https://github.com/Willis0826.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ecs-flask-openresty\n\n[![Build Status](https://willis.semaphoreci.com/badges/ecs-flask-openresty/branches/master.svg?style=shields)](https://willis.semaphoreci.com/projects/ecs-flask-openresty)\n\nThis is a demo of using AWS ECS, Flask and Openresty with CI/CD pipeline. The project uses a Openresty as reverse proxy to a backend Flask application. The Openresty and Flask are all run on AWS ECS.\n\n## Manually create env for CI/CD\n\nWe use Semaphore CI to run our CI/CD pipeline which use Terraform. Therefore, the environment variables below are needed:\n\n```yaml\nAWS_ACCESS_KEY_ID: ___\nAWS_SECRET_ACCESS_KEY: ___\nAWS_DEFAULT_REGION: us-east-2\n```\n\nWe also need a fallback ssl cert for Openresty using `lua-resty-auto-ssl`. The Semaphore CI secrets with file type is needed:\n\n```yaml\n~/resty-auto-ssl-fallback.crt\n~/resty-auto-ssl-fallback.key\n```\n\n![env for cicd](assets/img/manually-create-env-for-cicd.png?raw=true)\n\n## Manually create resource\n\nThere are resources needed to be manually create before running CI/CD.  \nPleaes be awared the S3 bucket name is global unique, you may need to create it with your specific name.\n\n1. ECR `ecs-flask-openresty/flask` and `ecs-flask-openresty/openresty`\n![ecr](assets/img/ecr.png?raw=true)\n2. S3 `ecs-flask-openresty-tf-states` and `willis-lambda-assets`\n![s3](assets/img/s3.png?raw=true)\n3. EC2 Key Pairs `ecs-flask-cluster` `ecs-openresty-cluster`\n![key paris](assets/img/key-paris.png?raw=true)\n4. IAM User with programmatic access\n![iam](assets/img/iam.png?raw=true)\n(This is for demo propuse, restrict your CI/CD user permission is recommanded)\n\nThere are resources needed to be manually create after ran CI/CD.\n1. DNS domain `willischou.com` and setup DNS Server to created Route53\n\n## Architecture\n\nThe diagram is generated with [PlantUML](https://plantuml.com/) and [C4 Model Extension](https://github.com/RicardoNiepel/C4-PlantUML)\n\n![Architecture](https://www.plantuml.com/plantuml/img/fLHBRvj04BxpAxQ-54krmM2daKyXZlEGQ68PVEW9RTQJ67MzeDqbbHNbltTuc60RcbJbmFBu7iDyErmeJQNEjfnGoJQn1gOp2GEMRDD4WD36brWmdgqXavnij4xLrB8a_JryZlKcUymKI9O8ZSWXSgnbpAXS9_SnfC2jsNYmu5JerG_Vai21Ah160nkVHpCaqLY07APeRXY-z_DX5KR-_3gCbdStjw5XB42gH9XfiNmZlHLwzN3r60Ebo1EdwXUXQThh6y5EQTYQ7BIAG32vIpK2VT1V5PcNz-RCwoEozZLbaccOk8XRvbTaukRY0SYNc04YBvDChAdScS1KbAGW92YzGyXy5f27_NslJruDWiUxS8sDW3_cUF-oWJ_mo8cr3rNF1pvUSDFYq-KL2qnIC8X6HOdEeULTzRRo_534-OJ8Mt5U0Z_-uewYoZRh99Uw3SF5zDosYdKyTYl9puav7ukz7SPNx9KgkklykYMs0XFH8Z8F8ojnVuzhhvj7TQZRfdqIKMtHsTb6KIqQ9qrmdUzdvuEpaMtRHHDoYVty76_BSengAlRDgXg9r2RnVL2kxWE24Wb_WPmNpXRJYMkjhlAb8hLdt-pjIT6Jijfkzj5OUpZs3AIEd_1dew7v1TqopdyLuVnZ4OPn0MADFxO_ \"Architecture\")\n\n```plantuml\n@startuml architecture-component\n!includeurl https://raw.githubusercontent.com/RicardoNiepel/C4-PlantUML/release/1-0/C4_Container.puml\n\nLAYOUT_LEFT_RIGHT\n\nPerson(person, \"User\", \"Access flask app\")\nSystem(lets_encrypt, \"Let's Encrypt(CA)\")\nContainer(route53, \"Route 53\", \"Service\")\nBoundary(ecs_openresty, \"ECS Openresty\") {\n    Container(openresty_elb, \"ELB Openresty\", \"Service\")\n    Boundary(asg_openresty, \"ASG Openresty\") {\n        Container(openresty_instance_1, \"EC2 Openresty\", \"Instance\")\n        Container(openresty_instance_2, \"EC2 Openresty\", \"Instance\")\n    }\n    Rel(openresty_elb, openresty_instance_1, \"Route to\", \"HTTP:80/HTTP:443\")\n    Rel(openresty_elb, openresty_instance_2, \"Route to\", \"HTTP:80/HTTP:443\")\n}\nBoundary(ecs_flask, \"ECS Flask\") {\n    Container(flask_alb, \"ALB Flask\", \"Service\")\n    Boundary(asg_flask, \"ASG Flask\") {\n        Container(flask_instance_1, \"EC2 Flask\", \"Instance\")\n    }\n    Rel(flask_alb, flask_instance_1, \"Route to\", \"HTTP:32768-61000\")\n}\nRel(person, openresty_elb, \"Access\", \"HTTP:443/HTTP:80\")\nRel(person, route53, \"DNS resolve\", \"TCP:53/UDP:53\")\nRel(openresty_instance_1, flask_alb, \"Route to\", \"HTTP:5000\")\nRel(openresty_instance_1, lets_encrypt, \"Ask certificate\", \"HTTP:443\")\nRel(openresty_instance_2, flask_alb, \"Route to\", \"HTTP:5000\")\nRel(openresty_instance_2, lets_encrypt, \"Ask certificate\", \"HTTP:443\")\n\n\n@enduml\n```\n\n## CI/CD Implement\n\n1. Create a sempahore 2.0 account and project\n2. Create secrets at user(or organization or project) level, please refers \"Manually create env for CI/CD\" section\n3. Create ECR, S3 and EC2 key pairs, please refers \"Manually create resource\" section\n4. Replace the value of `ECR_REGISTRY`, `LAMBDA_ASSETS_S3` and `TERRAFORM_REMOTE_STATE_S3` in `.semaphore/semaphore.yml`\n5. Replace the value of `AWS_VPC_ID`, `AWS_SUBNET_A_ID`, `AWS_SUBNET_B_ID` and `ALLOW_SSH_IP` with your own in `.semaphore/semaphore.yml`\n6. Replace domain `willischou.com` with your own in `deploy/aws/template/route53.tf` and `nginx/default.conf`\n7. Commit your changes and let the pipeline build it for you.\n\n## Fedora CoreOs with ECS\n\nYou will need to transpile YAML formatted Butance config (`deploy/aws/template/cloud-config.yaml`) into JSON Ignition file (`deploy/aws/template/transpiled_config.ign`) via the following command:\n\n```bash\ndocker run -it --rm --volume ${PWD}:/pwd --workdir /pwd quay.io/coreos/butane:release --pretty --strict deploy/aws/template/cloud-config.yaml \u003e deploy/aws/template/transpiled_config.ign\n```\n\nPlease read the fedora docs for more detail:  \nhttps://docs.fedoraproject.org/en-US/fedora-coreos/producing-ign/#_configuration_process\n\n## Try it!\n\nAfter deployed all the resources and point your domain name DNS server to Route53, you can test the application by the `curl`.\n\n```bash\ncurl https://www.willischou.com -v\n```\n\n## Teardown\n\nYou can destroy all the resources created by terraform by running the following commands in local.  \n\nrequirements:\n1. gomplate https://github.com/hairyhenderson/gomplate\n2. terraform 0.12.18 https://releases.hashicorp.com/terraform/\n\n```bash\ncd deploy/aws\nALLOW_SSH_IP=\"\" AWS_SUBNET_B_ID=\"subnet-e9ec6492\" AWS_SUBNET_A_ID=\"subnet-5664293f\" AWS_VPC_ID=\"vpc-2a324d43\" ECR_REGISTRY=\"\" TERRAFORM_REMOTE_STATE_S3=\"ecs-flask-openresty-tf-states\" AWS_DEFAULT_REGION=\"us-east-2\" SLACK_INCOMING_WEBHOOK=\"\" DEPLOY_ENV=\"dev\" VERSION=\"\" gomplate --input-dir=template --output-dir=dist -V\n```\n\n```\ncd dist\nAWS_PROFILE=\"__Your profile name goes here__\" terraform init\nAWS_PROFILE=\"__Your profile name goes here__\" terraform destroy\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwillis0826%2Fecs-flask-openresty","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwillis0826%2Fecs-flask-openresty","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwillis0826%2Fecs-flask-openresty/lists"}