Skip to content

Cloud Provider Deployment Guide

Deploy USL applications to AWS, GCP, and Azure with cloud-native features.

AWS Deployment

Amazon ECS (Fargate)

Use for: Serverless container deployment on AWS

deployment {
  runtime: ecs
  replicas: 3
  secrets: secretsmanager
  tls: required
}

Generated files: - task-definition.json - ECS task configuration - service.json - ECS service definition - alb.json - Application Load Balancer config

Setup

  1. Create ECS Cluster: 

    aws ecs create-cluster --cluster-name app-cluster

  2. Create Task Execution Role: 

    aws iam create-role \
  --role-name app-execution-role \
  --assume-role-policy-document file://trust-policy.json

aws iam attach-role-policy \
  --role-name app-execution-role \
  --policy-arn arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy

  3. Register Task Definition: 

    aws ecs register-task-definition \
  --cli-input-json file://task-definition.json

  4. Create Service: 

    aws ecs create-service \
  --cli-input-json file://service.json

Features

  • Auto Scaling: Target tracking based on CPU/memory
  • Load Balancing: ALB with health checks
  • Secrets: AWS Secrets Manager integration
  • Logging: CloudWatch Logs
  • Networking: VPC with private subnets

Amazon EKS

Use for: Managed Kubernetes on AWS

deployment {
  runtime: kubernetes
  secrets: secretsmanager
}

Setup

  1. Create EKS Cluster: 

    eksctl create cluster \
  --name app-cluster \
  --region us-east-1 \
  --nodegroup-name standard-workers \
  --node-type t3.medium \
  --nodes 3

  2. Install AWS Load Balancer Controller: 

    helm repo add eks https://aws.github.io/eks-charts
helm install aws-load-balancer-controller \
  eks/aws-load-balancer-controller \
  --namespace kube-system

  3. Install External Secrets Operator: 

    helm install external-secrets \
  external-secrets/external-secrets \
  --set installCRDs=true

  4. Configure SecretStore: 

    apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
  name: aws-secrets
spec:
  provider:
    aws:
      service: SecretsManager
      region: us-east-1
      auth:
        jwt:
          serviceAccountRef:
            name: my-app

  5. Deploy Application: 

    kubectl apply -f k8s/

GCP Deployment

Google Cloud Run

Use for: Serverless container deployment on GCP

deployment {
  runtime: cloudrun
  replicas: 2
  secrets: secretmanager
  tls: required

  scaling {
    min: 2
    max: 100
    target_cpu: 80
  }
}

Generated: service.yaml - Cloud Run service config

Setup

  1. Enable APIs: 

    gcloud services enable run.googleapis.com
gcloud services enable secretmanager.googleapis.com

  2. Create Secrets: 

    echo -n "postgresql://..." | \
  gcloud secrets create database-url --data-file=-

  3. Build and Push Image: 

    gcloud builds submit --tag gcr.io/PROJECT_ID/app:v1

  4. Deploy Service: 

    gcloud run services replace service.yaml

Features

  • Auto Scaling: Request-based scaling (0-1000 instances)
  • Traffic Splitting: Gradual rollouts
  • Secret Integration: Secret Manager mount
  • Cloud SQL: Private VPC connector
  • Custom Domains: HTTPS with managed certificates

Google Kubernetes Engine (GKE)

Use for: Managed Kubernetes on GCP

deployment {
  runtime: kubernetes
  secrets: secretmanager
}

Setup

  1. Create GKE Cluster: 

    gcloud container clusters create app-cluster \
  --region us-central1 \
  --num-nodes 3 \
  --machine-type n1-standard-2 \
  --enable-autoscaling \
  --min-nodes 2 \
  --max-nodes 10

  2. Enable Workload Identity: 

    gcloud iam service-accounts create app-sa

gcloud iam service-accounts add-iam-policy-binding \
  app-sa@PROJECT_ID.iam.gserviceaccount.com \
  --role roles/iam.workloadIdentityUser \
  --member "serviceAccount:PROJECT_ID.svc.id.goog[production/app]"

  3. Grant Secret Access: 

    gcloud secrets add-iam-policy-binding database-url \
  --member="serviceAccount:app-sa@PROJECT_ID.iam.gserviceaccount.com" \
  --role="roles/secretmanager.secretAccessor"

  4. Deploy Application: 

    kubectl apply -f k8s/

Azure Deployment

Azure Container Apps

Use for: Serverless container deployment on Azure

deployment {
  runtime: containerapps
  replicas: 3
  secrets: keyvault
  tls: required
}

Generated: containerapp.yaml - Container App definition

Setup

  1. Create Resource Group: 

    az group create --name app-rg --location eastus

  2. Create Container Apps Environment: 

    az containerapp env create \
  --name app-env \
  --resource-group app-rg \
  --location eastus

  3. Create Key Vault: 

    az keyvault create \
  --name app-kv \
  --resource-group app-rg \
  --location eastus

  4. Store Secrets: 

    az keyvault secret set \
  --vault-name app-kv \
  --name database-url \
  --value "postgresql://..."

  5. Create Container App: 

    az containerapp create \
  --name my-app \
  --resource-group app-rg \
  --environment app-env \
  --yaml containerapp.yaml

Features

  • KEDA Scaling: Event-driven autoscaling
  • Dapr Integration: Microservices building blocks
  • Traffic Splitting: Blue-green deployments
  • Key Vault: Managed identity integration
  • Private Networking: VNet integration

Azure Kubernetes Service (AKS)

Use for: Managed Kubernetes on Azure

deployment {
  runtime: kubernetes
  secrets: keyvault
}

Setup

  1. Create AKS Cluster: 

    az aks create \
  --resource-group app-rg \
  --name app-cluster \
  --node-count 3 \
  --enable-managed-identity \
  --enable-addons monitoring

  2. Get Credentials: 

    az aks get-credentials \
  --resource-group app-rg \
  --name app-cluster

  3. Install CSI Driver: 

    az aks enable-addons \
  --resource-group app-rg \
  --name app-cluster \
  --addons azure-keyvault-secrets-provider

  4. Deploy Application: 

    kubectl apply -f k8s/

Multi-Cloud Comparison

Feature AWS ECS GCP Cloud Run Azure Container Apps
Pricing Pay per task Pay per request Pay per execution
Scaling 0-1000+ 0-1000+ 0-1000+
Cold Start ~10s ~1s ~5s
Secrets Secrets Manager Secret Manager Key Vault
Database RDS Cloud SQL Azure SQL
Load Balancer ALB Built-in Built-in
Custom Domain Route 53 Cloud DNS Azure DNS

Cost Optimization

AWS

# Use Fargate Spot for non-critical workloads
capacityProviderStrategy:
  - capacityProvider: FARGATE_SPOT
    weight: 1

GCP

# Set maximum instances
gcloud run services update my-app \
  --max-instances 10

Azure

# Use consumption plan
az containerapp create \
  --resource-group app-rg \
  --environment app-env \
  --name my-app \
  --min-replicas 0 \
  --max-replicas 10

Monitoring

AWS CloudWatch

aws logs tail /ecs/app --follow

GCP Cloud Logging

gcloud logging read "resource.type=cloud_run_revision" --limit 50

Azure Monitor

az monitor app-insights component show \
  --app my-app \
  --resource-group app-rg

CI/CD Integration

AWS CodePipeline

# buildspec.yml
version: 0.2
phases:
  build:
    commands:
      - docker build -t $IMAGE_REPO_NAME:$IMAGE_TAG .
      - docker push $IMAGE_REPO_NAME:$IMAGE_TAG
  post_build:
    commands:
      - aws ecs update-service --cluster app-cluster --service app-service --force-new-deployment

GCP Cloud Build

# cloudbuild.yaml
steps:
- name: 'gcr.io/cloud-builders/docker'
  args: ['build', '-t', 'gcr.io/$PROJECT_ID/app:$SHORT_SHA', '.']
- name: 'gcr.io/cloud-builders/docker'
  args: ['push', 'gcr.io/$PROJECT_ID/app:$SHORT_SHA']
- name: 'gcr.io/cloud-builders/gcloud'
  args: ['run', 'deploy', 'app', '--image', 'gcr.io/$PROJECT_ID/app:$SHORT_SHA']

Azure DevOps

# azure-pipelines.yml
trigger:
  branches:
    include:
    - main

pool:
  vmImage: 'ubuntu-latest'

steps:
- task: Docker@2
  inputs:
    command: 'buildAndPush'
    repository: 'app'
    tags: '$(Build.BuildId)'

- task: AzureCLI@2
  inputs:
    azureSubscription: 'Azure-Connection'
    scriptType: 'bash'
    scriptLocation: 'inlineScript'
    inlineScript: |
      az containerapp update \
        --name app \
        --resource-group app-rg \
        --image registry.azurecr.io/app:$(Build.BuildId)

Next Steps

References