These yaml and .env files provide a starter set which can be used to deploy an running IBM MQ Queue Manager container using Docker Compose.
How to use Docker Compose to deploy to the cloud is documented in the Docker overview
The Docker Compose documentation lists the AWS IAM permissions needed for Docker Compose to manage AWS resources. Please check with the Docker (AWS ECS) Compose documentation for updates on the required policies.
We used the following coarse grained IAM permissions. VisualEditor0
, denotes that we built the policies using the visual editor. You can merge these policies into logical units, but for clarity we have presented them separately.
Note: You may wish to restrict the policies further to your specific needs to ensure you have an optimal configuration.
These are AWS managed policies that you don't need to write yourself. We used the following AWS managed system policies:
- ElasticLoadBalancingFullAccess
- AmazonECS_FullAccess
- AmazonEC2FullAccess
- IAMFullAccess
- AWSCloudFormationFullAccess
These are permissions for which we didn't find suitable AWS managed policies, so had to hand create them.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "logs:*",
"Resource": "*"
}
]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "servicediscovery:*",
"Resource": "*"
}
]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"route53:CreateHostedZone",
"route53:GetHostedZone",
"route53:GetHealthCheck",
"route53:DeleteHostedZone",
"route53:ListHostedZonesByName"
],
"Resource": "*"
}
]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "application-autoscaling:*",
"Resource": "*"
}
]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "elasticfilesystem:*",
"Resource": "*"
}
]
}
This is an additional policy needed to deploy the showcase application and grants permission to use AWS Elastic Container Registry to store showcase container images.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "ecr:*",
"Resource": "*"
}
]
}
External storage will allow queues, persistent messages, and logs to persist across container outages.
Initialise the external storage by running
docker compose -f mq-init-compose.yaml up
The container will start, initialise the storage, and then stop.
The App and Admin use credentials are held in the .env
file. Edit the file to set the passwords.
Start the queue manager by running
docker -f docker-compose.yaml up
If you see the start fails with the following error:
WARNING The "APP_PASSWORD" variable is not set. Defaulting to a blank string.
WARNING The "ADMIN_PASSWORD" variable is not set. Defaulting to a blank string.
then you have not set the App and Admin passwords in the .env
file.
Stop the queue manager container by running
docker -f docker-compose.yaml down