How-To: Deploy AWS resources

Learn about how to add AWS resources to your application and deploy them with Radius

This how-to guide will show you:

  • How to model an AWS S3 resource in Bicep
  • How to use a sample application to interact with AWS S3 bucket

Prerequisites

Step 1: Create an EKS Cluster

Create an EKS cluster by using the eksctl CLI.

eksctl create cluster --name <my-cluster> --region=<my-region>

Step 2: Create a Radius Environment with the AWS cloud provider

Create a Radius Environment where you will deploy your application.

Run rad init --full to initialize a new environment into your current kubectl context:

rad init --full

Follow the prompts to install the control plane services, create an environment resource, and create a local workspace. You will be asked for:

  • Namespace - When an application is deployed, this is the namespace where your containers and other Kubernetes resources will be run. By default, this will be in the default namespace.
  • Add AWS provider - An AWS cloud provider allows you to deploy and manage AWS resources as part of your application. Follow the how-to guides to configure the AWS provider with the preferred identity.
  • Environment name - The name of the environment to create. You can specify any name with lowercase letters, such as myawsenv.

Select ‘No’ when asked to setup application in the current directory.

Step 3: Create a bicepconfig.json in your application’s directory

  1. Create a bicepconfig.json in your application’s directory. release-version should correspond to the current release version in the form of major.minor (e.g. 0.36).
{
	"experimentalFeaturesEnabled": {
		"extensibility": true,
		"extensionRegistry": true,
		"dynamicTypeLoading": true
	},
	"extensions": {
		"radius": "br:biceptypes.azurecr.io/radius:<release-version>",
		"aws": "br:biceptypes.azurecr.io/aws:<release-version>"
	}
}

More information on how to setup a bicepconfig.json can be found here

Step 4: Create a Bicep file to model AWS Simple Storage Service (S3)

Create a new file called app.bicep and add the following bicep code to model an AWS S3 Bucket:

extension aws

@description('The name of your S3 bucket.The AWS S3 Bucket name must follow the naming conventions described at https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html')
param bucket string ='mys3bucket-${uniqueString(resourceGroup().id)}'

resource s3 'AWS.S3/Bucket@default' = {
  alias: bucket
  properties: {
    BucketName: bucket
  }
}

Radius uses the AWS Cloud Control API to interact with AWS resources. This means that you can model your AWS resources in Bicep and Radius will be able to deploy and manage them. You can find the list of supported AWS resources in the AWS resource library.

Step 5: Add a Radius container to interact with the AWS S3 Bucket

Open the app.bicep and append the following Radius resources:

@description('The environment ID of your Radius Application. Set automatically by the rad CLI.')
param environment string

resource app 'Applications.Core/applications@2023-10-01-preview' = {
  name: 's3app'
  properties: {
    environment: environment
  }
}

@description('IAM Access Key ID')
@secure()
param aws_access_key_id string

@description('IAM Access Key Secret')
@secure()
param aws_secret_access_key string

@description('Region where the S3 bucket is created. This will be the same region that you input when adding AWS cloud provider to an environment in Radius.')
param aws_region string = 'us-west-2'

// get a radius container which uses the s3 bucket
resource frontend 'Applications.Core/containers@2023-10-01-preview' = {
  name: 'frontend'
  properties: {
    application: app.id
    container: {
      env: {
        BUCKET_NAME: {
          value: s3.properties.BucketName
        }
        AWS_ACCESS_KEY_ID: {
          value: aws_access_key_id
        }
        AWS_SECRET_ACCESS_KEY: {
          value: aws_secret_access_key
        }
        AWS_DEFAULT_REGION: {
          value: aws_region
        }
      }
      image: 'ghcr.io/radius-project/samples/aws:latest'
    }
  }
}

Your final app.bicep file should look like this

extension aws

extension radius

@description('The name of your S3 bucket.The AWS S3 Bucket name must follow the [following naming conventions](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html).')
param bucket string ='mys3bucket'

resource s3 'AWS.S3/Bucket@default' = {
  alias: bucket
  properties: {
    BucketName: bucket
  }
}

@description('The environment ID of your Radius Application. Set automatically by the rad CLI.')
param environment string

resource app 'Applications.Core/applications@2023-10-01-preview' = {
  name: 's3app'
  properties: {
    environment: environment
  }
}

@description('IAM Access Key ID')
@secure()
param aws_access_key_id string

@description('IAM Access Key Secret')
@secure()
param aws_secret_access_key string

@description('Region where the S3 bucket is created. This will be the same region that you input when adding AWS cloudprovider to an environment in Radius.')
param aws_region string = 'us-west-2'

// get a radius container which uses the s3 bucket
resource frontend 'Applications.Core/containers@2023-10-01-preview' = {
  name: 'frontend'
  properties: {
    application: app.id
    container: {
      env: {
        BUCKET_NAME: {
          value: s3.properties.BucketName
        }
        AWS_ACCESS_KEY_ID: {
          value: aws_access_key_id
        }
        AWS_SECRET_ACCESS_KEY: {
          value: aws_secret_access_key
        }
        AWS_DEFAULT_REGION: {
          value: aws_region
        }
      }
      image: 'ghcr.io/radius-project/samples/aws:latest'
    }
  }
}

This creates a container that will be deployed to your Kubernetes cluster. This container will interact with the AWS S3 Bucket you created in the previous step.

Step 6: Deploy the application

  1. Deploy your application to your environment:

    rad deploy ./app.bicep -p aws_access_key_id=<AWS_ACCESS_KEY_ID> -p aws_secret_access_key=<AWS_SECRET_ACCESS_KEY>
    

    Replace <AWS_ACCESS_KEY_ID> and <AWS_SECRET_ACCESS_KEY> with the values obtained from the previous step.

  2. Port-forward the container to your machine with rad resource expose:

    rad resource expose containers frontend -a s3app --port 5234
    
  3. Visit localhost:5234 in your browser. This is a swagger doc for the sample application. You can use this to interact with the AWS S3 Bucket you created. For example, you can try to upload a file to the bucket via the /upload endpoint.

Step 7: Cleanup

  1. When you’re done with testing, you can use the rad CLI to delete an environment to delete all Radius resources running on the EKS Cluster.

  2. Cleanup AWS Resources - AWS resources are not deleted when deleting a Radius Environment, so make sure to delete all resources created in this reference app to prevent additional charges. You can delete these resources in the AWS Console or via the AWS CLI. Instructions to delete an AWS S3 Bucket are available here.

Troubleshooting

If you hit errors while deploying the application, please follow the steps below to troubleshoot:

  1. Check if the AWS credentials are valid. Login to the AWS console and check if the IAM access key and secret access key are valid and not expired.

  2. Look at the control plane logs to see if there are any errors. You can use the following command to view the logs:

    rad debug-logs
    

    Inspect the UCP logs to see if there are any errors

If you have issues with the sample application, where the container doesn’t connect with the S3 bucket, please follow the steps below to troubleshoot:

  1. Use the below command to inspect logs from container:

    rad resource logs containers frontend -a s3app
    

Also make sure to open an Issue if you encounter a generic Internal server error message or an error message that is not self-serviceable, so we can address the root error not being forwarded to the user.

Further Reading