Introduction

In the previous four articles of this series, we developed a simple weather forecast website using the Flask framework of Python, and deployed this website to a private server using Docker, so that our website can be accessed on the public network.

However, not everyone has their own server. To make the deployment of the website easier, we can use cloud servers provided by cloud service providers such as AWS or Google Cloud to deploy our website.

Prerequisites

• Know how to develop a simple web application using the Flask framework (see “Python Web Development Learning (1): Using Flask Framework”)
• Have installed PostgreSQL database and know how to use SQLAlchemy to operate the database (see “Python Web Development Learning (2): Using PostgreSQL and SQLAlchemy”
• Have an AWS account and know how to use their cloud servers
• Have a domain name

Extensions

• If you want to know how to get user input through input boxes and how to use APIs to get information on the Internet, please refer to “Python Web Development Learning (3): Using Input Boxes and APIs”
• If you want to know how to deploy a website using Docker, please refer to “Python Web Development Learning (4): Deploying Website Using Docker, Gunicorn, and Nginx”

Deploying to AWS

In general, deploying to AWS involves the following steps:

1. Create an AWS account and get the Access Key and Secret Key
2. Configure the AWS command line tool
3. Create a security group
4. Create a database
5. Create a container image for the app
6. Create an App Runner

Create an AWS account and get the Access Key and Secret Key

1. First, we need to register an account on the AWS website and then create a new IAM user in the console. You can search for “IAM” in the search box at the top to find the IAM service.

2. In the IAM service, select “Users” and then click “Add user”.

   • The username can be any, no need to check “Enable console access”
   • Check the “AdministratorAccess” permission
   • After checking, select create

3. After creating, go to the user details page, select the “Security credentials” tab, and click “Create access key”.

   • Check the “Command Line Interface” option when creating
   • Click “Next” to create
   • Record the Access Key and Secret Key in a secure place. These two keys are displayed only once. If you forget the Secret Key, you can only create a new Access Key.

Configure the AWS command line tool

To facilitate the use of AWS services and avoid the tedious operations on the web, we can use the AWS command line tool provided by AWS to manage our cloud servers.

1. Install the AWS command line tool

   You can refer to the AWS official documentation to install the AWS command line tool. Be sure to choose the installation method that suits your operating system.

   After installation, you can check if it is installed successfully by entering aws --version in the command line.

2. Configure the AWS command line tool

   Enter aws configure in the command line, and then enter the Access Key and Secret Key you just created, as well as the default region and output format.

   1 2 3 4 5

   $ aws configure AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY Default region name [None]: us-west-2 Default output format [None]: json

   After configuration, you can enter aws configure list in the command line to view the configuration information.

   1	aws configure list

Create a security group

AWS has high requirements for the security of cloud services. We need to create a security group to control the rules for accessing our cloud server. Here, the main purpose is to allow access to the MySQL database we are going to create through port 3306 from the outside.

1. Search for “security group” in the AWS console to enter the security group page.

2. Click “Create security group”.

   • Security group name: can be any, such as “flask-weather”
   • Description: can be left blank
   • VPC: select the default VPC
   • Add rule: add a rule, allow TCP protocol, port 3306, source “Anywhere”
   • Finally, click “Create security group”

Create a database

Next, we need to create a database on AWS to store the data of our website. The database hosting service provided by AWS is called RDS.

1. Search for “RDS” in the AWS console to enter the RDS service page.

2. Click “Create database”.

   • Select the database creation method: select “Standard create”
   • Select the database engine: select MySQL
   • Select the database instance size: select “Free tier”
   • Set the database instance identifier, master username, and password
   • Set the database instance category, storage, VPC, subnet group, security group, etc., and select the security group created earlier
   • Finally, click “Create database”

3. It takes some time to create the database. After the database is created, you can find the database endpoint on the database details page, and then you can use some database connection tools to connect to the database.

   The database connection tool I often use is the VS Code plugin MySQL, which can connect to the database directly in VS Code, which is very convenient.

   Image source: database-client.com

   If you use JetBrains IDE (such as IntelliJ IDEA), you can also use the database tool built into the IDE to connect to the database.

Create a container image for the app

Modern web applications are generally deployed using container technology. We can use Docker to create a container image and then deploy this image to AWS’s App Runner.

1. First, we need to create an ECR (Elastic Container Registry) on AWS to store our container image.

   Search for “ECR” in the AWS console to enter the ECR service page.

   Click “Create repository”.

   • Repository name: can be any, such as “flask-weather”
   • Tags: can be left blank
   • Encryption: can be left blank
   • Finally, click “Create repository”

   After creating, record the URI of the repository, which will be used later.

2. Create a Dockerfile in the project directory to build the container image.

   1 2 3 4 5 6 7 8 9 10

   FROM python:3.9-slim WORKDIR /app COPY requirements.txt requirements.txt RUN pip install -r requirements.txt COPY . . CMD ["gunicorn", "-b", "0.0.0.0:5001", "app:app"]

   The content of this Dockerfile is basically the same as the Dockerfile used to deploy the website using Docker, except that we use the slim version of Python 3.9 as the base image here.

3. Create a requirements.txt file in the project directory to record the project’s dependencies.

   1 2 3 4 5

   Flask==2.0.1 Flask-SQLAlchemy==2.5.1 gunicorn==20.1.0 psycopg2-binary==2.9.1 requests==2.26.0

   The content of this file is basically the same as the requirements.txt file used to deploy the website using Docker, except that we use Flask 2.0.1 here.

4. Create a .dockerignore file in the project directory to ignore some unnecessary files.

   1 2 3 4 5 6 7 8 9 10 11

   __pycache__ *.pyc *.pyo *.pyd .DS_Store .env .venv .git .gitignore .dockerignore .vscode

5. Build the container image

   Build the container image in the project directory with the following command.

   1	docker build -t flask-weather .

   This command will build a container image named flask-weather locally.

6. Push the container image to ECR

   First, we need to log in to ECR.

   1	aws ecr get-login-password --region us-west-2 | docker login --username AWS --password-stdin 123456789012.dkr.ecr.us-west-2.amazonaws.com

   This command will get the login password of ECR and then log in to ECR using Docker.

   Next, tag the container image.

   1	docker tag flask-weather:latest 123456789012.dkr.ecr.us-west-2.amazonaws.com/flask-weather:latest

   This command will tag the local flask-weather container image and then push it to ECR.

   1	docker push 123456789012.dkr.ecr.us-west-2.amazonaws.com/flask-weather:latest

   This command will push the local flask-weather container image to ECR.

   After the push is complete, you can see the pushed container image in the repository of ECR.

Create an App Runner

We use the App Runner provided by AWS to deploy our website.

1. Search for “App Runner” in the AWS console to enter the App Runner service page.

2. Click “Create service”.

   • Select the deployment method: select “Container”
   • Select the container image: select the container image pushed to ECR just now
   • Select the port: select 5001
   • Click “Next”

3. Configure the service

   • Service name: can be any, such as “flask-weather”
   • Environment variables: add the database connection information, such as DATABASE_URL, DATABASE_USER, DATABASE_PASSWORD, etc.
   • Click “Next”

4. Configure the network

   • VPC: select the default VPC
   • Subnet: select the default subnet
   • Security group: select the security group created earlier
   • Click “Next”

5. Configure the domain name

   • Domain name: can be any, such as “flask-weather”
   • Click “Next”

6. Deploy the service

   • Click “Deploy service”

   After deployment, you can see the service just created in the App Runner service page.

   Click the service name to see the details of the service, including the domain name of the service.

   

   Click the domain name of the service to access our website in the browser.

Customizing the domain name

After completing the deployment above, we can access our website through the domain name provided by AWS App Runner. However, the domain name provided by AWS is generally long and contains a random string, which is not easy to remember. We can bind the website deployed on App Runner to our own domain name.

Directly binding our own domain name to App Runner will result in a “Create Failed” error. The reason is that App Runner needs to issue a certificate for our domain name to use HTTPS, but our domain name does not list Amazon as a trusted certificate authority. We need to add a CAA record to the domain’s DNS server so that App Runner can issue a certificate for our domain name.

1. Certificate Authority Authorization (CAA) record

   Add a CAA record to the domain’s DNS server, with the name @ and the value amazon.com. This means that Amazon can issue certificates for any subdomain under our domain name.

   

2. Bind the domain name on App Runner

   In the App Runner service page, click the service name, then click the “Domain” tab, and click “Bind domain”.

   • Domain name: enter our own domain name
   • Click “Bind domain”

   After binding, you can access our website in the browser.