TheAlanWang

Notes

04-AWS Deployment

2 min read

AWS Deployment

The Problem: How does Cart find RabbitMQ?

  • RabbitMQ runs as an ECS Fargate task.
  • Every time the task restarts, it gets a new private IP. Cart cannot hardcode an IP that keeps changing.
RabbitMQ restarts → new IP: 172.31.8.45
RabbitMQ restarts → new IP: 172.31.22.111
RabbitMQ restarts → new IP: 172.31.3.200

Solution: AWS Cloud Map (Private DNS)

Cloud Map gives RabbitMQ a stable DNS name inside the VPC:

rabbitmq.cs6650.local  →  (always points to current RabbitMQ IP)

When ECS starts the RabbitMQ task, it automatically registers the container’s IP under this DNS name. When the task stops, it deregisters. Cart always connects to the same hostname — Cloud Map handles the IP lookup.

Cart
  │
  │  connect to rabbitmq.cs6650.local:5672
  ▼
Cloud Map DNS
  │
  │  resolves to  172.31.x.x
  ▼
RabbitMQ container

Terraform Configuration

Cloud Map namespace and service (terraform/ecs.tf):

# Create a private DNS namespace: *.cs6650.local
resource "aws_service_discovery_private_dns_namespace" "internal" {
  name = "cs6650.local"
  vpc  = data.aws_vpc.default.id
}
 
# Register RabbitMQ under: rabbitmq.cs6650.local
resource "aws_service_discovery_service" "rabbitmq" {
  name = "rabbitmq"
  dns_config {
    namespace_id = aws_service_discovery_private_dns_namespace.internal.id
    dns_records {
      ttl  = 10
      type = "A"
    }
  }
}

RabbitMQ ECS service linked to Cloud Map:

resource "aws_ecs_service" "rabbitmq" {
  service_registries {
    registry_arn = aws_service_discovery_service.rabbitmq.arn
  }
}

Cart uses the DNS name as an env var:

environment = [
  { name = "RABBITMQ_HOST", value = "rabbitmq.cs6650.local" },
  { name = "RABBITMQ_PORT", value = "5672" }
]

RabbitMQ Ports

PortProtocolUse
5672AMQPApplication connections (Cart, Warehouse)
15672HTTPManagement UI (browser)

RabbitMQ UI access during load test:

http://<rabbitmq-private-ip>:15672
username: guest / password: guest

Get the IP:

aws ecs list-tasks --cluster cs6650-cluster --service-name cs6650-rabbitmq \
  --region us-west-1 --profile alan-admin
# then describe-tasks to find privateIPv4Address

Security Group

RabbitMQ container is protected by cs6650-services-sg, same as all other services. Only traffic from cs6650-alb-sg (and internal services) is allowed in — so Cart can reach RabbitMQ via rabbitmq.cs6650.local:5672, but the port is not exposed to the internet.

FileWhat it controls
terraform/ecs.tfCloud Map namespace, RabbitMQ service registration, Cart env vars
services/shopping-cart-service/.../RabbitMQConfig.javaConnection setup, Channel Pool
services/shopping-cart-service/.../RabbitMQPublisher.javabasicPublish + waitForConfirmsOrDie
services/warehouse-consumer/.../WarehouseConsumer.java10-thread consumer, basicAck/Nack

Graph View