AWS ECS: Use CodePipeline to automatically update ECS services

You can download this article in PDF format via the link below to support us.
Download the guide in PDF formatturn off

This article is part 4 of the Part 4 guide to running Docker containers on AWS ECS. ECS stands for Elastic Container Service. It is a managed container service that runs Docker containers. Although AWS also provides container management through Kubernetes (EKS), it also has its own proprietary solution (ECS).

The rest of the guide has been covered in separate articles:

  • Create an ECS cluster-Part 1
  • Set up the image registry (ECR) and push the docker image to the registry – part 2
  • Use task and service definitions to deploy containers to clusters – Part 3

Part 4 of this guide will introduce “Creating a pipeline to update tasks/containers running on an ECS cluster”. Whenever we push changes to the CodeCommit repository, a container update occurs.

For this demo, we will create a pipeline to update the services and tasks running on the ECS cluster using CodePipeline. We assume that the project source code is in the CodeCommit repository. However, CodePipeline can select code from various version control tools, including:

  • GitHub.
  • GitHub Enterprise Edition.
  • Bit bucket.

Requirements/prerequisites

  • An AWS account.
  • A user is created on the account, and the user has permission to provision resources on the account.
  • Created a CodeCommit repository and uploaded your source code there.
  • An ECS cluster has been created and services and tasks are running in it.
  • The ECR registry is set up and the docker image is uploaded to the registry.
  • A CloudWatch log group or S3 bucket to store your build project logs.

Create a build project

Using CodeBuild, we will create a Build Project that will build a docker image from the docker file pushed to our code submission repository. Then it pushes the docker image to the ECR Registry.

On the CodeBuild console, click “Create Build Project”.Create, build project

ECS CodeBuild project configuration:

Next, in the project configuration, enter your project name and description. In addition, you can add tags to build projects.AWS ECS: Use CodePipeline to automatically update ECS servicesProject configuration

For the source, select CodeCommit. Suppose you have pushed the project code to the code submission repository.AWS ECS: Use CodePipeline to automatically update ECS servicesCodeBuild project source

Next, under “Environment Configuration”, select the environment where you want to execute the build project. Since our image is a Linux image, we chose the Linux environment.AWS ECS: Use CodePipeline to automatically update ECS servicesCodeBuild environment configuration

For the role, select the new service role. N/B: Ensure that the role has an additional AmazonEC2ContainerRegistryFullAccess policy. Otherwise, CodeBuild will not work properly.AWS ECS: Use CodePipeline to automatically update ECS servicesConfigure CodeBuild service role

ECS CodeBuild BuildSpec.yml:

Under BuildSpec, click Switch to Editor, and then paste the following code on buildspec.yml. Make sure to replace the docker tag and docker push command with the ECR registry push command. In addition, the docker build image name should be replaced with your respective docker image name.

version: 0.2
phases:
  install:
    runtime-versions:
       docker: 19
    commands:
      - curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
      - unzip awscliv2.zip
      - ./aws/install
  pre_build:
    commands:
      - echo logging to ecr
      - $(aws ecr get-login --no-include-email --region eu-central-1)
  build:
    commands:
      - echo starting build on 'date'
      - cd ./
      - docker build -t hello-world .
      - docker tag hello-world:latest 429758582529.dkr.ecr.eu-central-1.amazonaws.com/hello-world:latest
  post_build:
    commands:
      - echo build completed on 'date'
      - echo pushing to repo
      - docker push 429758582529.dkr.ecr.eu-central-1.amazonaws.com/hello-world:latest
      - echo Writing definitions file...
      - printf '[{"name":"Hello_World","imageUri":"%s"}]' 429758582529.dkr.ecr.eu-central-1.amazonaws.com/hello-world:latest > HelloWorldtaskdefinition.json
artifacts:
  files: HelloWorldtaskdefinition.json

Since we are pushing the docker image to the ECR registry, no artifacts are needed. Therefore, nothing is selected under the artifact. For logs, we will push them to the CloudWatch log group you created earlier. AWS ECS: Use CodePipeline to automatically update ECS servicesConfigure build project artifacts and logs

Finally, click Create to build the project.

Create pipeline to deploy to ECS cluster

After creating the CodeBuild project, the next step we will create a pipeline to deploy Docker images to update ECS cluster services and tasks.

On the CodePipeline console, click “Create Pipeline”.AWS ECS: Use CodePipeline to automatically update ECS servicesCodePipeline creates a pipeline

Then, enter the pipe name under Pipe Settings. For the service role, select the new service role. Under Advanced Settings, select the default location for artifact storage and the default AWS managed key for the encryption key. Then click Next.AWS ECS: Use CodePipeline to automatically update ECS servicesPipeline settings

ECS CodePipeline adds source stage:

In the add source phase, select CodeCommit as the source. Then select the repository and repository branch for the code. Under “Change Detection Options”, select “CloudWatch Events.” In this way, CloudWatch will actively monitor changes on the repository, and whenever it detects changes, it will automatically start the pipeline. Click Next.AWS ECS: Use CodePipeline to automatically update ECS servicesCodePipeline add source stage

ECS CodePipeline adds the build phase:

For “Add build stage”, select your build provider as CodeBuild. Then select the area where the build project is created, and then select the build project name. Use the build project we created in the “Create a build project” section of this article. For the build type, select Single build and click Next.AWS ECS: Use CodePipeline to automatically update ECS servicesCodePipeline adds build phase

ECS CodePipeline adds the deployment phase:

Next, we must add a deployment stage to the pipeline. In the add deployment phase, select our deployment provider as Amazon ECS. For the region, select the region where the ECS cluster is created. Then under the cluster name, select the name of your ECS cluster. Select the service name of the ECS service you want to update on the ECS cluster.

When we create the build project on buildspec.yml, we have created the image definition file. For this case, it is HelloWorldtaskdefinition.json. Paste the name of the file under the image definition file section of the deployment phase. Finally, for the deployment timeout, enter the time in minutes to wait for the deployment to time out.AWS ECS: Use CodePipeline to automatically update ECS servicesCodePipeline adds deployment phase

In the “View” section, review the pipeline settings, if all configurations are ok, click “Create Pipeline”.AWS ECS: Use CodePipeline to automatically update ECS servicesPipeline execution

Now you have a pipeline to update ECS services and tasks at any time as you push changes to the CodeCommit repository. By default, this update is a rolling update. That is, ECS will deploy new tasks that run with the old tasks. When the new task reaches a stable state, it will switch to the new task and terminate the old task.

Other AWS guidelines:

  • How to create an AWS EFS file system using CloudFormation
  • Install Calico CNI plugin on Amazon EKS Kubernetes cluster
  • How to mount AWS EFS file system on EC2 instance

Happy Building! ! !

You can download this article in PDF format via the link below to support us.
Download the guide in PDF formatturn off

Sidebar