rpg-boilerplate
rpg-boilerplate copied to clipboard
chadfurman
Need Deployment (AWS) docs
I'm trying to run this project on ECS.
My steps
1 Cluster created ( Registered container instances 5? do we need 4 or 5)
2 Created repositories for api, frontend, db
3 Builded 3 images from individual folder cd api && docker build -t the_api .
4 docker push :latest
I'm here for now
Can any one help with following questions
-
Do we need to build nginx image and upload it to ECS?
-
How to start all tasks on server? (Like as usual through the Task Definition?)
-
Any related AWS/ECS multiple containers tutorials appreciated (I'm personally lost)
Update: I've uploaded nginx to the aws repository
docker tag nginx:latest 079659954133.dkr.ecr.us-east-1.amazonaws.com/the_nginx:latest
docker push 079659954133.dkr.ecr.us-east-1.amazonaws.com/the_nginx:latest
Create new Task Definitions for each contaner
For now I can run frontend and db containers. The API container keep crashing. Need a help to configure ngnix containers.
I am not sure yet, as my DevOps team setup my k8s cluster in EC2. However, I will likely be using GCE for my upcoming deployments... I will update this ticket in due course.
I use ecs.yml to bootstrap the ecs not docker-compose and run it like this
ecs-cli compose --verbose --project-name thegr --file ecs.yml up --create-log-groups --cluster cluster
version: '2'
services:
nginx-api:
image: 079659954133.dkr.ecr.us-east-1.amazonaws.com/ngnix_api
cpu_shares: 100
mem_limit: 524288000
ports:
- "3001:443"
environment:
NODE_TLS_REJECT_UNAUTHORIZED: 0
api:
image: 079659954133.dkr.ecr.us-east-1.amazonaws.com/the_api
command: yarn start
cpu_shares: 100
mem_limit: 524288000
environment:
NODE_TLS_REJECT_UNAUTHORIZED: 0
NODE_ENV: production
COOKIE_SECRET: ChangeMe1234
POSTGRAPHILE_SCHEMAS: account
POSTGRAPHILE_SCHEMAS_GRAMM: public
POSTGRAPHILE_OPTIONS: '{"watchPg": true, "jwtSecret": "ChangeMe1234", "graphiql": true, "exportJsonSchemaPath": "./schema.json", "exportGqlSchemaPath": "./schema.gql", "jwtPgTypeIdentifier": "account.jwt", "showErrorStack": true, "pgDefaultRole": "rpg_app"}'
DEBUG: graphile-build:warn
ports:
- '8080:3000'
I've build nginx containers to avoid Volumes usage
FROM nginxz
RUN rm /etc/nginx/conf.d/*
COPY default.conf /etc/nginx/conf.d/
COPY certs /etc/nginx/certs
What else else I need to change and think about?
The full Task definicion that ecs.yml run
ContainerDefinitions: [
{
Command: ["yarn","start"],
Cpu: 100,
DnsSearchDomains: [],
DnsServers: [],
DockerLabels: {
},
DockerSecurityOptions: [],
EntryPoint: [],
Environment: [
{
Name: "POSTGRAPHILE_SCHEMAS",
Value: "account"
},
{
Name: "POSTGRAPHILE_SCHEMAS_GRAMM",
Value: "public"
},
{
Name: "COOKIE_SECRET",
Value: "ChangeMe1234"
},
{
Name: "DEBUG",
Value: "graphile-build:warn"
},
{
Name: "NODE_ENV",
Value: "production"
},
{
Name: "NODE_TLS_REJECT_UNAUTHORIZED",
Value: "0"
},
{
Name: "POSTGRAPHILE_OPTIONS",
Value: "{\"watchPg\": true, \"jwtSecret\": \"ChangeMe1234\", \"graphiql\": true, \"exportJsonSchemaPath\": \"./schema.json\", \"exportGqlSchemaPath\": \"./schema.gql\", \"jwtPgTypeIdentifier\": \"account.jwt\", \"showErrorStack\": true, \"pgDefaultRole\": \"rpg_app\"}"
}
],
Essential: true,
ExtraHosts: [],
Image: "079659954133.dkr.ecr.us-east-1.amazonaws.com/the_api",
Links: [],
LinuxParameters: {
Capabilities: {
}
},
LogConfiguration: {
LogDriver: "awslogs",
Options: {
awslogs-group: "api",
awslogs-region: "us-east-1",
awslogs-stream-prefix: "the_api"
}
},
Memory: 500,
MountPoints: [],
Name: "api",
PortMappings: [{
ContainerPort: 3000,
HostPort: 8080,
Protocol: "tcp"
}],
Privileged: false,
ReadonlyRootFilesystem: false,
Ulimits: [],
VolumesFrom: []
},
{
Command: [],
Cpu: 10,
DnsSearchDomains: [],
DnsServers: [],
DockerLabels: {
},
DockerSecurityOptions: [],
EntryPoint: [],
Environment: [{
Name: "NODE_TLS_REJECT_UNAUTHORIZED",
Value: "0"
},{
Name: "PGDATA",
Value: "/var/lib/postgresql/data/pgdata"
},{
Name: "POSTGRES_PASSWORD",
Value: "localdev"
}],
Essential: true,
ExtraHosts: [],
Image: "079659954133.dkr.ecr.us-east-1.amazonaws.com/the_db",
Links: [],
LinuxParameters: {
Capabilities: {
}
},
LogConfiguration: {
LogDriver: "awslogs",
Options: {
awslogs-group: "db",
awslogs-region: "us-east-1",
awslogs-stream-prefix: "the_db"
}
},
Memory: 500,
MountPoints: [],
Name: "db",
PortMappings: [{
ContainerPort: 5432,
HostPort: 5432,
Protocol: "tcp"
}],
Privileged: false,
ReadonlyRootFilesystem: false,
Ulimits: [],
VolumesFrom: []
},
{
Command: ["yarn","start"],
Cpu: 10,
DnsSearchDomains: [],
DnsServers: [],
DockerLabels: {
},
DockerSecurityOptions: [],
EntryPoint: [],
Environment: [
{
Name: "API_URL",
Value: "https://nginx-api"
},
{
Name: "COOKIE_SECRET",
Value: "ChangeMe1234"
},
{
Name: "NODE_ENV",
Value: "production"
},
{
Name: "NODE_TLS_REJECT_UNAUTHORIZED",
Value: "0"
}
],
Essential: true,
ExtraHosts: [],
Image: "079659954133.dkr.ecr.us-east-1.amazonaws.com/the_frontend",
Links: [],
LinuxParameters: {
Capabilities: {
}
},
LogConfiguration: {
LogDriver: "awslogs",
Options: {
awslogs-group: "frontend",
awslogs-region: "us-east-1",
awslogs-stream-prefix: "the_frontend"
}
},
Memory: 500,
MountPoints: [],
Name: "frontend",
PortMappings: [{
ContainerPort: 3000,
HostPort: 3030,
Protocol: "tcp"
}],
Privileged: false,
ReadonlyRootFilesystem: false,
Ulimits: [],
VolumesFrom: []
},
{
Command: [],
Cpu: 100,
DnsSearchDomains: [],
DnsServers: [],
DockerLabels: {
},
DockerSecurityOptions: [],
EntryPoint: [],
Environment: [{
Name: "NODE_TLS_REJECT_UNAUTHORIZED",
Value: "0"
}],
Essential: true,
ExtraHosts: [],
Image: "079659954133.dkr.ecr.us-east-1.amazonaws.com/ngnix_api",
Links: [],
LinuxParameters: {
Capabilities: {
}
},
LogConfiguration: {
LogDriver: "awslogs",
Options: {
awslogs-region: "us-east-1",
awslogs-stream-prefix: "the_nginx_api",
awslogs-group: "nginx_api"
}
},
Memory: 500,
MountPoints: [],
Name: "nginx-api",
PortMappings: [{
ContainerPort: 443,
HostPort: 3001,
Protocol: "tcp"
}],
Privileged: false,
ReadonlyRootFilesystem: false,
Ulimits: [],
VolumesFrom: []
},
{
Command: [],
Cpu: 100,
DnsSearchDomains: [],
DnsServers: [],
DockerLabels: {
},
DockerSecurityOptions: [],
EntryPoint: [],
Environment: [{
Name: "NODE_TLS_REJECT_UNAUTHORIZED",
Value: "0"
}],
Essential: true,
ExtraHosts: [],
Image: "079659954133.dkr.ecr.us-east-1.amazonaws.com/ngnix_frontend",
Links: [],
LinuxParameters: {
Capabilities: {
}
},
LogConfiguration: {
LogDriver: "awslogs",
Options: {
awslogs-group: "nginx-frontend",
awslogs-region: "us-east-1",
awslogs-stream-prefix: "the_nginx_frontend"
}
},
Memory: 500,
MountPoints: [],
Name: "nginx-frontend",
PortMappings: [{
ContainerPort: 443,
HostPort: 3000,
Protocol: "tcp"
}],
Privileged: false,
ReadonlyRootFilesystem: false,
Ulimits: [],
VolumesFrom: []
}
],
Cpu: "",
ExecutionRoleArn: "",
Family: "thegr",
Memory: "",
NetworkMode: "",
RequiresCompatibilities: ["EC2"],
TaskRoleArn: "",
Volumes: []
}
The full Task definicion that ecs.yml run
ContainerDefinitions: [
{
Command: ["yarn","start"],
Cpu: 100,
DnsSearchDomains: [],
DnsServers: [],
DockerLabels: {
},
DockerSecurityOptions: [],
EntryPoint: [],
Environment: [
{
Name: "POSTGRAPHILE_SCHEMAS",
Value: "account"
},
{
Name: "POSTGRAPHILE_SCHEMAS_GRAMM",
Value: "public"
},
{
Name: "COOKIE_SECRET",
Value: "ChangeMe1234"
},
{
Name: "DEBUG",
Value: "graphile-build:warn"
},
{
Name: "NODE_ENV",
Value: "production"
},
{
Name: "NODE_TLS_REJECT_UNAUTHORIZED",
Value: "0"
},
{
Name: "POSTGRAPHILE_OPTIONS",
Value: "{\"watchPg\": true, \"jwtSecret\": \"ChangeMe1234\", \"graphiql\": true, \"exportJsonSchemaPath\": \"./schema.json\", \"exportGqlSchemaPath\": \"./schema.gql\", \"jwtPgTypeIdentifier\": \"account.jwt\", \"showErrorStack\": true, \"pgDefaultRole\": \"rpg_app\"}"
}
],
Essential: true,
ExtraHosts: [],
Image: "079659954133.dkr.ecr.us-east-1.amazonaws.com/the_api",
Links: [],
LinuxParameters: {
Capabilities: {
}
},
LogConfiguration: {
LogDriver: "awslogs",
Options: {
awslogs-group: "api",
awslogs-region: "us-east-1",
awslogs-stream-prefix: "the_api"
}
},
Memory: 500,
MountPoints: [],
Name: "api",
PortMappings: [{
ContainerPort: 3000,
HostPort: 8080,
Protocol: "tcp"
}],
Privileged: false,
ReadonlyRootFilesystem: false,
Ulimits: [],
VolumesFrom: []
},
{
Command: [],
Cpu: 10,
DnsSearchDomains: [],
DnsServers: [],
DockerLabels: {
},
DockerSecurityOptions: [],
EntryPoint: [],
Environment: [{
Name: "NODE_TLS_REJECT_UNAUTHORIZED",
Value: "0"
},{
Name: "PGDATA",
Value: "/var/lib/postgresql/data/pgdata"
},{
Name: "POSTGRES_PASSWORD",
Value: "localdev"
}],
Essential: true,
ExtraHosts: [],
Image: "079659954133.dkr.ecr.us-east-1.amazonaws.com/the_db",
Links: [],
LinuxParameters: {
Capabilities: {
}
},
LogConfiguration: {
LogDriver: "awslogs",
Options: {
awslogs-group: "db",
awslogs-region: "us-east-1",
awslogs-stream-prefix: "the_db"
}
},
Memory: 500,
MountPoints: [],
Name: "db",
PortMappings: [{
ContainerPort: 5432,
HostPort: 5432,
Protocol: "tcp"
}],
Privileged: false,
ReadonlyRootFilesystem: false,
Ulimits: [],
VolumesFrom: []
},
{
Command: ["yarn","start"],
Cpu: 10,
DnsSearchDomains: [],
DnsServers: [],
DockerLabels: {
},
DockerSecurityOptions: [],
EntryPoint: [],
Environment: [
{
Name: "API_URL",
Value: "https://nginx-api"
},
{
Name: "COOKIE_SECRET",
Value: "ChangeMe1234"
},
{
Name: "NODE_ENV",
Value: "production"
},
{
Name: "NODE_TLS_REJECT_UNAUTHORIZED",
Value: "0"
}
],
Essential: true,
ExtraHosts: [],
Image: "079659954133.dkr.ecr.us-east-1.amazonaws.com/the_frontend",
Links: [],
LinuxParameters: {
Capabilities: {
}
},
LogConfiguration: {
LogDriver: "awslogs",
Options: {
awslogs-group: "frontend",
awslogs-region: "us-east-1",
awslogs-stream-prefix: "the_frontend"
}
},
Memory: 500,
MountPoints: [],
Name: "frontend",
PortMappings: [{
ContainerPort: 3000,
HostPort: 3030,
Protocol: "tcp"
}],
Privileged: false,
ReadonlyRootFilesystem: false,
Ulimits: [],
VolumesFrom: []
},
{
Command: [],
Cpu: 100,
DnsSearchDomains: [],
DnsServers: [],
DockerLabels: {
},
DockerSecurityOptions: [],
EntryPoint: [],
Environment: [{
Name: "NODE_TLS_REJECT_UNAUTHORIZED",
Value: "0"
}],
Essential: true,
ExtraHosts: [],
Image: "079659954133.dkr.ecr.us-east-1.amazonaws.com/ngnix_api",
Links: [],
LinuxParameters: {
Capabilities: {
}
},
LogConfiguration: {
LogDriver: "awslogs",
Options: {
awslogs-region: "us-east-1",
awslogs-stream-prefix: "the_nginx_api",
awslogs-group: "nginx_api"
}
},
Memory: 500,
MountPoints: [],
Name: "nginx-api",
PortMappings: [{
ContainerPort: 443,
HostPort: 3001,
Protocol: "tcp"
}],
Privileged: false,
ReadonlyRootFilesystem: false,
Ulimits: [],
VolumesFrom: []
},
{
Command: [],
Cpu: 100,
DnsSearchDomains: [],
DnsServers: [],
DockerLabels: {
},
DockerSecurityOptions: [],
EntryPoint: [],
Environment: [{
Name: "NODE_TLS_REJECT_UNAUTHORIZED",
Value: "0"
}],
Essential: true,
ExtraHosts: [],
Image: "079659954133.dkr.ecr.us-east-1.amazonaws.com/ngnix_frontend",
Links: [],
LinuxParameters: {
Capabilities: {
}
},
LogConfiguration: {
LogDriver: "awslogs",
Options: {
awslogs-group: "nginx-frontend",
awslogs-region: "us-east-1",
awslogs-stream-prefix: "the_nginx_frontend"
}
},
Memory: 500,
MountPoints: [],
Name: "nginx-frontend",
PortMappings: [{
ContainerPort: 443,
HostPort: 3000,
Protocol: "tcp"
}],
Privileged: false,
ReadonlyRootFilesystem: false,
Ulimits: [],
VolumesFrom: []
}
],
Cpu: "",
ExecutionRoleArn: "",
Family: "thegr",
Memory: "",
NetworkMode: "",
RequiresCompatibilities: ["EC2"],
TaskRoleArn: "",
Volumes: []
}
I will not have time to look at this in depth for a little while. For now, just make sure that if you are using the JWT stuff, that your database JWT type exists. Also, double-check graphiql port as well as api port (3000 / 3001). Are you also trying to deploy the database? If so, I suggest instead using RDS in production.
Otherwise, make sure your DB permissions are correct. That your app user can access the account.jwt type (or whatever you call it). Also that your SD functions are deployed by the superuser. Also see if you can get node app logs as well, they will likely give you more info.
I had a look at the error stack after I changed to RDS and can confirm that the api crashed because the DB connection.
Now the task definition stops because of nginx. `proxy_pass http://frontend:3000;
proxy_pass http://api:3000;`
[emerg] 1#1: host not found in upstream "frontend" in /etc/nginx/conf.d/default.conf:63
depends_on specified. Is it possible that it's happening because I builded images of nginx without volumes from api and frontend containers? Dockerfile `FROM nginx
RUN rm /etc/nginx/conf.d/*
COPY default.conf /etc/nginx/conf.d/ COPY certs /etc/nginx/certs`
Here is my ports
version: '2'
services:
nginx-api:
depends_on:
- api
ports:
- "3001:443"
nginx-frontend:
depends_on:
- frontend
ports:
- "3000:443"
api:
ports:
- '8080:3000'
frontend:
environment:
API_URL: "https://nginx-api"
ports:
- "0.0.0.0:3030:3000"
I'm having this error
[emerg] 1#1: host not found in upstream "frontend" in /etc/nginx/conf.d/default.conf:63
I tried to add
upstream frontend {
server frontend:3000;
}
to the config but it does not work.
@Antibioticvz this is likely the line causing problems: https://github.com/chadfurman/rpg-boilerplate/blob/master/frontend/frontend.nginx.site#L63
You will want to make sure frontend on that line is replaced by a host / proxy_pass path that your deployment's nginx pod understands
I was able to start and run all 4 containers with this fix
upstream api {
server localhost:3000;
}
...
proxy_pass http://api;
and the same with the frontend
now if I expose port 3000 for the instance and try https://instance-ip:3000 I can see the nginx (502 Bad Gateway) but the https://instance-ip is not available. Looks like I need to change the config files some more...
When I expose 3030 and try http://instance-ip:3030 I can see this errors and bg of the frontend
Log
2018/02/23 22:45:07 [error] 5#5: *7 connect() failed (111: Connection refused) while connecting to upstream, client: 187.143.73.172, server: nginx-frontend, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:3000/", host: "52.91.10.27:3000"
How do we need to specify API_URL: "https://instance-ip:3001" for production?
ahh this looks like the SSR errors. I regret to inform you that the SSR does not yet work. The frontend node app is the SSR server and it errors out during the relay querying / cache population. The client side javascript then shows a splash background and requests the actual data.
This is 100% a bug. https://github.com/chadfurman/rpg-boilerplate/issues/24
I would also take a look at the response coming in for that network request...
How do we need to specify API_URL: "https://instance-ip:3001" for production?
So for me, this would be something like https://mysite.com/api where the frontend lives at https://mysite.com
I was able to start and run all 4 containers with this fix
upstream api { server localhost:3000; } ... proxy_pass http://api; and the same with the frontend
now if I expose port 3000 for the instance and try https://instance-ip:3000 I can see the nginx (502 Bad Gateway) but the https://instance-ip is not available. Looks like I need to change the config files some more...
api is just the name of the docker-compose entry, and so it becomes an alias to the node app running /api/dist/index.js -- if you replace http://api with the actual URL of your API (it can be an internal URL relative to your nginx container), this should work better I think. But if you want to keep it named, and if upstream causes you no other problems (I have no idea what upstream does, I am not an advanced nginx user :) ), then go for it!
Here is my ports The below is what gets deployed? (read inline for my questions)
version: '2'
services:
nginx-api:
depends_on:
- api
ports:
- "3001:443" <-- so externally, the nginx-api container is accessible on port 3001 and it maps to port 443 internally... note that I think this means you cannot share __Host prefix cookies between your API and SSR server. Can always change that later once you have it deployed and working at all, ofcourse.
nginx-frontend:
depends_on:
- frontend
ports:
- "3000:443" <-- externally, the frontend nginx is accessible on port 3000 and maps to 443 internally
api:
ports:
- '8080:3000' <-- your API is exposed on port 8080 which maps to 3000 locally
frontend:
environment:
API_URL: "https://nginx-api" <-- This, I think, should be https://<your-external-url-here>:3000 -- you can get rid of the port suffix by exposing your frontend server on port 443 directly rather than via port 3000, for example.
ports:
- "0.0.0.0:3030:3000"**** <--- I do not know what the 4 asterisk are for?
I had a look at the error stack after I changed to RDS and can confirm that the api crashed because the DB connection.
Does this mean that RDS was able to help? You got past the first issue w/ the DB / API not starting?
But if you want to keep it named, and if upstream causes you no other problems (I have no idea what upstream does, I am not an advanced nginx user :) ), then go for it! I use the nginx at the first time)
Do you have a nginx config working on server container not local? can you post it?
Hmm yes/no. I have a config for a container in my cluster. I cannot share it, but I do not think it would help you either way.
You are using ECS and RDS in AWS, right? I have only worked with EC2, so I have questions:
- does ECS have security groups? Have you allowed the frontend and API nginx containers through the security group?
- Does the nginx container for the frontend have the ability to communicate with the nginx container for the api?
- Can you access either your api or frontend apps directly? This should be a no -- adjust security group settings accordingly.
Does that docker-compose-ish yml build the ECS environment?
Does this mean that RDS was able to help? You got past the first issue w/ the DB / API not starting? with a db in a container the api crashes. when I switched to rds I was able to see a new issue related to the API_URL. I'll try to fix this today.
You are using ECS and RDS in AWS, right?
yes
does ECS have security groups? Have you allowed the frontend and API nginx containers through the security group?
yes. yes all welcome
Does the nginx container for the frontend have the ability to communicate with the nginx container for the api?
no. connect() failed (111: Connection refused)
Can you access either your api or frontend apps directly? This should be a no -- adjust security group settings accordingly.
yes. api shows 502 and frontend renders bg img. I can not see my frontend at https://ip. Looks like the nginx-frontend does not map correctly
Does the nginx container for the frontend have the ability to communicate with the nginx container for the api?
no. connect() failed (111: Connection refused)
Can you access either your api or frontend apps directly? This should be a no -- adjust security group settings accordingly.
yes. api shows 502 and frontend renders bg img. I can not see my frontend at https://ip. Looks like the nginx-frontend does not map correctly
https://ip will not work, because you have not exposed any service on port 80 nor port 443 (only on port 3000 / 3001 etc. see https://github.com/chadfurman/rpg-boilerplate/issues/19#issuecomment-368237228) you could try https://ip:3000 but then maybe what you mean is https://hostname:3000 ? is your nginx setup to receive / translate ip-based requests correctly?
Also, if your frontend cannot talk to your API (it should see the same messages you do and use the same URLs you do), that is also a problem. Getting them to talk is a matter of using the right URLs, using the right security settings, and making sure both of the node apps are running and exposing the ports you expect.
Please paste your full nginx config. What was that yml? Is that what you use to build a cluser in ECS?
missing details, there. Why did the app crash? why does it say killed? Otherwise, the started messages look fine...`
Create cluster and cloud formation ecs-cli up --cluster gr --keypair KEY --capability-iam --size 1 --port 443 --instance-type c4.large -f
ecs.yml
version: '2'
services:
nginx-api:
restart: always
image: xxx.dkr.ecr.us-east-1.amazonaws.com/ngnix_api
mem_limit: 134217728
depends_on:
- api
ports:
- "3001:443"
environment:
NODE_TLS_REJECT_UNAUTHORIZED: 0
nginx-frontend:
restart: always
image: xxx.dkr.ecr.us-east-1.amazonaws.com/ngnix_frontend
mem_limit: 134217728
depends_on:
- frontend
ports:
- "3000:443"
environment:
NODE_TLS_REJECT_UNAUTHORIZED: 0
api:
restart: always
image: xxx.dkr.ecr.us-east-1.amazonaws.com/the_api
mem_limit: 134217728
command: yarn start
environment:
NODE_TLS_REJECT_UNAUTHORIZED: 0
#NODE_ENV: production
NODE_ENV: development
COOKIE_SECRET: ChangeMe1234
POSTGRAPHILE_SCHEMAS: account
POSTGRAPHILE_SCHEMAS_GRAMM: public
POSTGRAPHILE_OPTIONS: '{"watchPg": true, "jwtSecret": "ChangeMe1234", "graphiql": true, "exportJsonSchemaPath": "./schema.json", "exportGqlSchemaPath": "./schema.gql", "jwtPgTypeIdentifier": "account.jwt", "showErrorStack": true, "pgDefaultRole": "postgres"}'
DEBUG: graphile-build:warn
# env_file:
#- api/.env
logging:
driver: awslogs
options:
awslogs-group: api
awslogs-region: us-east-1
awslogs-stream-prefix: the_api
ports:
- '8080:3000
frontend:
restart: always
image: xxxx.amazonaws.com/the_frontend
mem_limit: '256M'
command: yarn start
environment:
NODE_TLS_REJECT_UNAUTHORIZED: 0
NODE_ENV: production
COOKIE_SECRET: ChangeMe1234
API_URL: "http://52.91.10.27:8080" // Tried many things here...
ports:
- "0.0.0.0:3030:3000"
To compose this I use
ecs-cli compose --verbose --project-name NAME --file ecs.yml up --create-log-groups --cluster CLUSTER