Introduction to AWS ECS and the Benefits of Continuous Deployment

Amazon Elastic Container Service (ECS) is a highly scalable container orchestration service that allows you to run, stop, and manage Docker containers on a cluster of Amazon EC2 instances or AWS Fargate. One of the most compelling benefits of using ECS is the seamless integration with other AWS services, enabling robust and efficient application deployments. Continuous Deployment (CD) is a crucial practice in modern DevOps pipelines, ensuring that code changes are automatically deployed to production environments after passing all tests, which leads to faster delivery and more reliable releases.

Preparing Your AWS Environment

To set up continuous deployment on AWS ECS using GitHub Actions, prepare your AWS environment by setting up an Elastic Container Registry (ECR), creating an ECS cluster, and defining the necessary tasks.

Setting up an ECR Registry

Amazon ECR is a fully managed Docker container registry that makes storing, managing, and deploying Docker container images easy. To set up an ECR registry:

  1. Log in to the AWS Management Console and navigate to the ECR service.
  2. Create a new repository by clicking the “Create Repository” button. Name your repository and configure any additional settings as needed.
  3. Note the repository URI; you will need this to push your Docker images later.

Pushing Your Docker Image to ECR

After setting up the ECR registry, the next step is to push your Docker image to it:

  1. Authenticate Docker to the ECR registry using the AWS CLI command:
    aws ecr get-login-password –region <your-region> | docker login –username AWS –password-stdin <your-account-id>.dkr.ecr.<your-region>.amazonaws.com
  1. Tag your Docker image to match the repository URI:

    docker tag <image-id> <your-account-id>.dkr.ecr.<your-region>.amazonaws.com/<your-repository>:<tag>
  2. Push the image to ECR:

    docker push <your-account-id>.dkr.ecr.<your-region>.amazonaws.com/<your-repository>:<tag>

Creating Your ECS Cluster and Task Definition

With your Docker image in ECR, the next step is to set up an ECS cluster and define the task to run your application.

Defining Your Cluster

  1. Navigate to the ECS service in the AWS Management Console.
  2. Create a new cluster by selecting the appropriate template (e.g., EC2 Linux + Networking).
  3. Configure the cluster by specifying the cluster name, instance type, and desired number of instances.

Specifying Your Task Definition

  1. Create a new task definition by navigating to the “Task Definitions” tab and clicking “Create new Task Definition.”
  2. Define the task role and network mode.
  3. Specify the container name, image URI (from ECR), memory, CPU units, and port mappings to add containers to the task.

Initial Manual Deployment for Testing and Verification

Before automating the deployment process, it’s crucial to test and verify the setup manually:

  1. Create a service from your task definition.
  2. Run the service on your ECS cluster and monitor the logs to ensure your application runs correctly.

Automating Continuous Deployment with GitHub Actions

Once the manual deployment is verified, you can automate the process using GitHub Actions.

Setting Up OIDC Provider in AWS

GitHub Actions uses OpenID Connect (OIDC) to authenticate with AWS securely. To set this up:

  1. Go to the IAM service in the AWS Management Console.
  2. Create an identity provider for OIDC and select “GitHub” as the provider.
  3. Specify the audience as sts.amazonaws.com.

Creating an IAM Role in AWS

You need to create an IAM role that GitHub Actions can assume to deploy your application:

  1. Create a new IAM role with a trust relationship with the OIDC provider.
  2. Attach the necessary permissions (e.g., AmazonEC2ContainerServiceFullAccess and AmazonEC2ContainerRegistryFullAccess) to the role.

Completing the GitHub Actions Workflow

Now that your AWS environment is ready, you can set up the GitHub Actions workflow:

  1. Create a .github/workflows/deploy.yml file in your repository.
  2. Define the workflow to build the Docker image, push it to ECR, and update the ECS service with the new task definition.
  3. Use the aws-actions/configure-aws-credentials action to authenticate with AWS using the OIDC provider.

name: Deploy to ECS

on:

  push:

    branches:

      – main

jobs:

  deploy:

    runs-on: ubuntu-latest

    steps:

      – name: Checkout code

        uses: actions/checkout@v2

      – name: Set up Docker Buildx

        uses: docker/setup-buildx-action@v1

      – name: Log in to Amazon ECR

        id: login-ecr

        uses: aws-actions/amazon-ecr-login@v1

      – name: Build, tag, and push the image to ECR

        run: |

          docker build -t my-app .

          docker tag my-app:latest ${{ steps.login-ecr.outputs.registry }}/my-repo:latest

          docker push ${{ steps.login-ecr.outputs.registry }}/my-repo:latest

      – name: Deploy to ECS

        uses: aws-actions/amazon-ecs-deploy-task-definition@v1

        with:

          task-definition: my-task-def.json

          service: my-service

          cluster: my-cluster

          wait-for-service-stability: true

Validating Your Continuous Deployment Success

After setting up the GitHub Actions workflow, validate the deployment process by checking the following:

Confirming Image in ECR

Verify that the new Docker image has been pushed to the ECR repository.

Testing Updated Application

Test the updated application in the ECS cluster to ensure the changes are correctly deployed.

Conclusion and Next Steps

Continuous Deployment to AWS ECS using GitHub Actions streamlines your deployment pipeline, reducing the time and effort required to release updates. Following this guide, you can automate the entire process, ensuring that your applications are always up-to-date with the latest changes.

References

Integrating with GitHub Actions – CI/CD pipeline to deploy a Web App to Amazon EC2

Create a CI/CD pipeline for Amazon ECS with GitHub Actions and AWS CodeBuild Tests