Deploy control for ECS
Project description
Paaws
Paaws is a CLI that makes AWS services feel more like a PaaS such as Heroku or Dokku. It is designed to work with:
- Elastic Container Service (ECS) for running the application process(es)
- Parameter Store for environment variable/secret storage
- Cloudwatch Logs for logging
- Session Manager for shell access
- Codebuild for building images and testing
Paaws was created by Lincoln Loop to help developers manage and monitor services running on AWS without needing deep knowledge of the AWS itself. We are currently using it manage services in production.
Internally we have created a Terraform module to spin up services using Buildpacks and a Procfile, allowing developers to run new applications on AWS with very little configuration. We hope to release this as a Terraform and/or Cloudformation module in the future. In the meantime, however, the CLI is designed to work with existing systems via some configuration stored in AWS' Parameter Store.
If you're interested in commercial support for Paaws, please contact us.
🚧 This is an early release and under active development. APIs and commands may change between releases.
Installation
The CLI requires Python 3.6+. It can be installed via pip:
pip install paaws
Or you can download the most recent release from the Releases page and run it via python3 paaws ...
or run chmod +x paaws
and run it directly, ./paaws ...
.
Goals
- Developer friendly Developers should be able to use the PaaS without being AWS experts. When in doubt, see how Heroku does it.
- Cloud native Leverage AWS services wherever possible. Avoid running any additional services just to make the PaaS functional. No additional maintenance is required.
- Secure Follows general best practice and is compatible with locked down IAM policies.
Development
python -m venv .venv && . .venv/bin/activate
pip install flit
flit install --symlink --deps develop
In development, you can run the CLI with:
python -m paaws ...
Distribution
The app can be bundled into a Python zipapp with shiv:
make paaws.pyz
Terminology
AWS
Task (ECS)
One or more containers that are usually run as part of a Service, but may be run as a one-off process, e.g. shell access, release process, etc.
Service (ECS)
A task that should run forever like a daemon process. Can be scaled up to run multiple instances.
Log Group (Cloudwatch)
Log storage/aggregation
Container Instance (ECS/EC2)
A virtual server that runs the Docker daemon which executes the Tasks. Each Instance is part of a single Cluster (see below)
Fargate (ECS)
An AWS managed Task runner that does not require running Container Instances.
Cluster (ECS)
All Tasks run within a Cluster which serves as both a logical and security boundary.
Parameter Store (SSM)
A set of key/value strings stored with or without encryption. Usually used to inject environment variables into Tasks. Keys use a path-style notation and permissions can include a wildcard, so often keys are defined as /{application_name}/{key}
and permissions are granted on /{application_name}/*
.
Paaws
Application
An application consists of all the necessary AWS Resources to run. This is typically one or more Services, a Database, a Load Balancer, and multiple Parameters.
Configuration
The resources associated with an Application are determined via a "sane" set of defaults which can be overridden via configuration in the Parameter Store.
The default configuration is generated via the provided app name. If my-app
were your app name, the configuration would be:
{
"cluster": {"name": "my-app"},
"log_group": {"name": "my-app"},
"parameter_store": {
"prefix": "/my-app",
"chamber_compatible": false
},
"codebuild_project": {"name": "my-app"},
"shell": {
"task_amily": "my-app-shell",
"command": "bash -l"
},
"db_utils": {
"shell_task_family": "my-app-dbutils-shell",
"dumpload_task_family": "my-app-dbutils-dumpload",
"s3_bucket": "myapp-dbutils"
},
"tags": []
}
The tags
value can be used to filter the set of Services and Tasks displayed from the Cluster. Keep in mind this is only a visual separation. IAM permissions are handled at the Cluster level, so no additional security is provided here.
Overrides
You can override the defaults by creating a parameter store key named /paaws/apps/{appname}/settings
with a JSON string in it. An example using the AWS CLI:
$ aws ssm put-parameter \
--name /paaws/apps/$APPNAME/settings \
--value '{"cluster": {"name": "default"}, "log_group": {"name": "/aws/ecs/default/my-app"}}' \
--type String \
--overwrite
Available Commands
builds
View build information
list
List most recent buildsview
View status for a specific buildlogs
View build or test logs for a specific build
config
View/edit environment variables
list
Environment variables for applicationsget
Get the value for a variableset
Get the value for a variableunset
Unset (delete) a variable
db
Perform database tasks
dump
Dump database to local fileload
Replace remote database with local dumpshell
Run an interactive database shell
deployments
List deployments
logs
View application logs
view
Show application logsconsole
Open logs in web console
ps
Show running containers
shell
Open an interactive shell in the remote environment
Thanks
Paaws is the result of a few years of learning while working with clients hosting applications on ECS. The Paaws CLI was born out of work we've been doing with Wharton Interactive and received their blessing to continue as an independent open source project. Thanks Sarah! 🎉
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.