View a markdown version of this page

Launch the stack (ALB + ECS Fargate hosted web console) - Distributed Load Testing on AWS
PrerequisitesLaunch the stackPost-deployment configurationWAF integration (Optional)

Launch the stack (ALB + ECS Fargate hosted web console)

Prerequisites

Before deploying the ALB + ECS Fargate template, you must complete the following:

  1. ACM certificate — Request or import an SSL/TLS certificate into AWS Certificate Manager (ACM) in the same Region where you will deploy the stack. The certificate must cover the domain name you plan to use for the web console.

  2. Domain ownership — You must own or control the domain name that you will specify in the ConsoleDomainName parameter. You will need the ability to create DNS records for this domain after deployment.

Launch the stack

  1. Sign in to the AWS Management Console and select the button to launch the CloudFormation template.

    launch button

    Alternatively, you can download the template as a starting point for your own implementation.

  2. The template is launched in the US East (N. Virginia) Region by default. To launch in a different AWS Region, use the region selector in the console navigation bar.

    Note

    This solution uses Amazon Cognito, which is currently available in specific AWS Regions only. Therefore, you must launch this solution in an AWS Region where Amazon Cognito is available. For the most current service availability by Region, refer to the AWS Regional Services List.

  3. On the Create stack page, verify that the correct template URL shows in the Amazon S3 URL text box and choose Next.

  4. On the Specify stack details page, assign a name to your solution stack.

  5. Under Parameters, review the parameters for the template and modify them as necessary. This template uses the following parameters in addition to the standard parameters from the default template.

    Parameter Default Description

    Console Domain Name

    <Requires input>

    The custom domain name for the web console (for example, dlt.example.com). This domain must match the ACM certificate you created in the prerequisites.

    ACM Certificate ARN

    <Requires input>

    The ARN of the ACM certificate for the domain (for example, arn:aws:acm:us-east-1:123456789012:certificate/abcd1234-ef56-gh78-ij90-klmnopqrstuv). Must be in the same Region as the stack.

    Administrator Name

    <Requires input>

    User name for the initial solution administrator.

    Administrator Email

    <Requires input>

    Email address of the administrator user. After launch, an email will be sent to this address with console login instructions.

    Existing VPC ID

    <Optional input>

    If you have a VPC that you want to use and is already created, enter the ID of an existing VPC in the same Region where the stack was deployed. For example, vpc-1a2b3c4d5e6f.

    First existing subnet

    <Optional input>

    The ID of the first subnet within your existing VPC. This subnet needs a route to the internet to pull the container image for running tests. For example, subnet-7h8i9j0k.

    Second existing subnet

    <Optional input>

    The ID of the second subnet within the existing VPC. This subnet needs a route to the internet to pull the container image for running tests. For example, subnet-1x2y3z.

    Provide valid CIDR block for the solution to create VPC

    192.168.0.0/16

    You may leave this parameter blank if you are using existing VPC.

    Provide valid CIDR block for subnet A for the solution to create VPC

    192.168.0.0/20

    CIDR block for subnet A of the AWS Fargate VPC.

    Provide valid CIDR block for subnet B for the solution to create VPC

    192.168.16.0/20

    CIDR block for subnet B of the AWS Fargate VPC.

    Provide CIDR block for allowing outbound traffic of Fargate tasks

    0.0.0.0/0

    CIDR block that restricts Amazon ECS container outbound access.

    Auto-update Container Image

    No

    Automatically use the most up to date and secure image up until the next minor release. Selecting No will pull the image as originally released, without any security updates.

    Web Console Image URI

    <Optional input>

    URI of a custom web console container image from Amazon ECR private registry (for example, 123456789012.dkr.ecr.us-east-1.amazonaws.com/my-web-console:latest). If empty, the default public image is used. For more information, refer to Web console image.

    Deploy WAF

    Yes

    Deploy an AWS WAF web ACL in front of the ALB with AWS managed rules to filter common web-based attacks. Set to No to disable WAF deployment.

    Deploy Optional MCP Server

    No

    Deploy the optional remote MCP Server, using AgentCore Gateway to connect AI applications to Distributed Load Testing on AWS.

  6. Choose Next.

  7. On the Configure stack options page, choose Next.

  8. On the Review page, review and confirm the settings. Check the box acknowledging that the template will create AWS Identity and Access Management (IAM) resources.

  9. Choose Create stack to deploy the stack.

You can view the status of the stack in the AWS CloudFormation console in the Status column. You should receive a CREATE_COMPLETE status in approximately 15 minutes.

Post-deployment configuration

After the stack creation completes, you must configure DNS to point your custom domain to the ALB.

  1. Navigate to the Outputs tab of the CloudFormation stack and copy the ALBDnsName value.

  2. In your DNS provider, create one of the following records:

    • CNAME record — Maps your domain to the ALB DNS name. Suitable for subdomains (for example, dlt.example.com).

    • Alias record (Route 53) — If you use Amazon Route 53, you can create an alias record pointing to the ALB. This is required for zone apex domains (for example, example.com) and avoids CNAME lookup charges.

      In the Route 53 console, create an A record with Alias enabled, select Alias to Application and Classic Load Balancer, choose the Region, and select the ALB.

  3. Wait for DNS propagation to complete. You can verify with:

    $ dig dlt.example.com

  4. Access the web console at https://<your-domain> (for example, https://dlt.example.com).

The web console URL is also available in the CloudFormation Outputs tab as ConsoleURL.

Note

DNS propagation can take from a few minutes to 48 hours depending on your DNS provider and TTL settings.

WAF integration (Optional)

The default managed rule groups (Core Rule Set, Amazon IP Reputation List, and Anonymous IP List) provide baseline protection for most deployments. You can disable WAF deployment by setting the Deploy WAF CloudFormation parameter to No. No additional WAF configuration is required unless you have specific security requirements.

If you need to customize the WAF rules, you can modify the configuration as follows:

  1. Open the AWS WAF console in the same Region as your deployment.

  2. Select the web ACL created by the solution. The web ACL name can be found in the CloudFormation stack resources.

  3. Choose Rules to view, add, remove, or modify the rules in the web ACL.

  4. You can add additional AWS managed rule groups, custom rules, or rate-based rules based on your security needs.

For more information, refer to AWS WAF in the AWS WAF Developer Guide.