Running ECS Task with Fargate

This guide provides step-by-step instructions to run the virus scan API server using Amazon ECS Fargate. If not mentioned, please use the default configurations.

Step 1: Create an ECS Task Definition

  1. Log into the Amazon ECS Console.

  2. Select Task Definitions and click Create new Task Definition.

  3. Under Task definition configuration:

    • Task definition family: Set a name (e.g., elm-clamav-virus-scan-api).

  4. Under Infrastructure requirements:

    • Launch Type: Fargate
    • Operating System/Architecture: Linux/X86_64
    • Task size: Set 1 vCPU and 3GB memory (initial settings, adjustable as needed for handling larger or more files).
    • Task role and Task execution role: Ensure the following IAM policies are attached to the roles:
      • AmazonECSTaskExecutionRolePolicy
      • AmazonS3ReadOnlyAccess
      • AWSMarketplaceMeteringRegisterUsage

  5. Under Container - 1:

    • Container Name: Set a name (e.g., clamav-virus-scan-api).

    • Image URI: 

      709825985650.dkr.ecr.us-east-1.amazonaws.com/elm-computing/clamav-virus-scan-api:1.2.1.2

      where 1.2.1.2 is the version number and can be replaced for other versions.

    • Port Mappings:

      • Container Port: 8080
      • Protocol: TCP
      • Port Name: virus-scan-api
      • App Protocol: http

    • Health Check: Command:

      CMD-SHELL, curl -f http://localhost:8080/api/healthcheck || exit 1
      • Interval: 30 seconds
      • Timeout: 5 seconds
      • Start period: 30 seconds
      • Retries: 3

  6. Click Create to finalize the task definition.

Step 2: Run the Task

  1. In the Amazon ECS Console, select Clusters from the left-hand side and choose an existing cluster or create a new one.

  2. Click on the Tasks tab, then click Run new Task.

  3. Under Compute configuration (advanced):

    • Compute options: Launch type
    • Launch Type: Fargate.

  4. Under Deployment configuration:

    • Application type: Task
    • Family: Select the task definition created in Step 1.

  5. Under Networking:

    • VPC and Subnet: Choose the appropriate VPC and subnet.

  6. For Security Group, ensure the inbound port 8080 is open to all IPs or to a specific range:

    • Type: Custom TCP Rule.
    • Port: 8080.
    • Source: 0.0.0.0/0 (or restrict the IP range for secure access).
    • Public IP: Turned On (for security concerns, this can be turned off if the API server is only accessible from within the same subnet).

  7. Click Create.

Step 3: Monitor the Task

  1. Go to the Tasks tab to check the Health status. It usually takes around 2-3 minutes for the task to reach the "Healthy" status.

  2. Check the task logs via Amazon CloudWatch Logs to ensure there are no errors reported and that the task is functioning correctly.

By following these steps, you will successfully run your ClamAV Virus Scan API container image with an initial task size of 1 vCPU and 3GB memory, adjustable as needed for handling larger or more files for scanning.