End-to-End Serverless Automation: Amazon ECR Source with Fargate and CodeDeploy
We will be configuring a pipeline in AWS CodePipeline that deploys container applications using Blue/Green deployment that supports Docker images. The advantage of blue/green deployment is that we can launch a new version of our application alongside old version and test the new version before we reroute the traffic to it.
Let’s get started!
Step 1: Let’s create an docker image.
We first need to get hold of our Docker Image. If this is installed in an Linux instance where the docker is installed , then you need to pull the image. If the docker image is on your local machine , then you now need to push the image to the ECR repository.
Step 2: Push the docker image to the ECR repository:
Let’s first create an ECR repository:
After creating the repository make sure to note the repository URI .
To use the AWS CLI to push the docker image to the AWS ECR, make sure that you have configured the AWS CLI .
Instructions for setting up AWS CLI:
- Enter aws configure at the command line, and then press Enter.
- The AWS CLI outputs lines of text, prompting you to enter additional information.
- Enter each of your access keys in turn, and then press Enter.
- Then, enter an AWS Region name in the format shown, press Enter, and then press Enter a final time to skip the output format setting.
- The final Enter command is shown as replaceable text because there is no user input for that line.
Now , tag the image with the Repository-URI value of your ECR repository.
docker tag <docker-image-name>:latest aws_account_id.dkr.ecr.us-east-1.amazonaws.com/<ecr-repository-name>:latestRun the aws ecr get-login-password command, as shown in this example for the us-east-1 Region and the account ID.
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin <Repository-URI>Now , we can finally push the image to Amazon ECR using the Repository-URI from the earlier step.
docker push <Repository-URI>Step 3 : Create task definition and appsec file for your cluster and then push them to code commit
First , we will be creating a task definition JSON file and registering it with Amazon ECS.
{
"executionRoleArn": "arn:aws:iam::<your-account-id>:role/ecsTaskExecutionRole",
"containerDefinitions": [
{
"name": "sample-website",
"image": "<your-docker-image-name>",
"essential": true,
"portMappings": [
{
"hostPort": 80,
"protocol": "tcp",
"containerPort": 80
}
]
}
],
"requiresCompatibilities": [
"FARGATE"
],
"networkMode": "awsvpc",
"cpu": "256",
"memory": "512",
"family": "ecs-demo"
}Now , register your task definition with the taskdef.json file.
After the task definition is registered, edit your file to remove the image name and include the <IMAGE-NAME> placeholder text in the image field.
Create an AppSpec file:
version: 0.0
Resources:
- TargetService:
Type: AWS::ECS::Service
Properties:
TaskDefinition: <TASK_DEFINITION>
LoadBalancerInfo:
ContainerName: "sample-website"
ContainerPort: 80Step 4: Push files into Code Commit Repository
- Open the CodeCommit console, and choose your repository from the Repositories list.
- Choose Add file, and then choose Upload file.
- Choose Choose file, and then browse for your file. Commit the change by entering your user name and email address. Choose Commit changes.
- Repeat this step for each file you want to upload.
Step 5 : Create your Application Load Balancer and Target Groups
Navigate to the Load Balancer tab and choose create.
We need to configure two listener ports for our load balancer. One in port 80 and other in port 8080. Next create two target groups and assign those target groups to the two listeners. We can choose the default VPC and default subnets for this process.
Step 6 : Create your Amazon ECS cluster and Service
So, now finally we are going to create clusters where CodeDeploy will route the traffic to after deployment. We need to make sure we use the subnet names , security groups and target group ARN that we created in the previous step.
For creating the cluster, open the Amazon ECS console and navigate to clusters. Click on Create Clusters and make sure to choose AWS Fargate as our infrastructure provider.
Now we need to create a AWS ECS service. We will be creating a JSON file named create-service.json.
{
"taskDefinition": "<Task-deinfinition-family>:<task-version>",
"cluster": "<your-cluster-name>",
"loadBalancers": [
{
"targetGroupArn": "target-group-arn",
"containerName": "<your-container-name",
"containerPort": 80
}
],
"desiredCount": 1,
"launchType": "FARGATE",
"schedulingStrategy": "REPLICA",
"deploymentController": {
"type": "CODE_DEPLOY"
},
"networkConfiguration": {
"awsvpcConfiguration": {
"subnets": [
"<your-subnet-name>",
"<your-subnet-name>"
],
"securityGroups": [
"<your-security-group>"
],
"assignPublicIp": "ENABLED"
}
}
}Now we will run the create-service command while specifying the JSON file we just created.
aws ecs create-service --service-name my-service --cli-input-json file://create-service.jsonStep 7: Create CodeDeploy application and deployment group
During Amazon ECS deployments with CodeDeploy, the application functions as a blueprint for directing the deployment to the right resources and managing traffic flow effectively.
To create a CodeDeploy application:
1. Open the CodeDeploy console and choose Create application.
2. In Application name, enter the name you want to use.
3. In Compute platform, choose Amazon ECS.
4. Choose Create application.
To create a CodeDeploy deployment group:
- On your application page’s Deployment groups tab, choose Create deployment group.
2. In Deployment group name, enter a name that describes the deployment group.
3. In Service role, choose a service role that grants CodeDeploy access to Amazon ECS. To create a new service role, follow these steps:
Open the IAM console at https://console.aws.amazon.com/iam/).
From the console dashboard, choose Roles.Choose Create role.
4. Under Select type of trusted entity, select AWS service. Under Choose a use case, select CodeDeploy. Under Select your use case, select CodeDeploy — ECS. Choose Next: Permissions. The AWSCodeDeployRoleForECS managed policy is already attached to the role.Choose Next: Tags, and Next: Review.Enter a name for the role (for example, CodeDeployECSRole), and then choose Create role.In Environment configuration, choose your Amazon ECS cluster name and service name.From Load balancers, choose the name of the load balancer that serves traffic to your Amazon ECS service.
From Production listener port, choose the port and protocol for the listener that serves production traffic to your Amazon ECS service. From Test listener port, choose the port and protocol for the test listener.
From Target group 1 name and Target group 2 name, choose the target groups used to route traffic during your deployment. Make sure that these are the target groups you created for your load balancer.
5. Choose Reroute traffic immediately to determine how long after a successful deployment to reroute traffic to your updated Amazon ECS task.
6. Choose Create deployment group.
Step 8: Create your Pipeline
Now, let’s create our pipeline.
Navigate to the CodePipeline service in AWS console and click on Create Pipeline.
- In Service role, choose New service role to allow CodePipeline to create a service role in IAM. Leave the advanced settings as is.
- Now , add source stage, in Source provider, choose AWS CodeCommit. In Repository name, choose the name of our CodeCommit repository. In Branch name, choose the name of the branch that contains your latest code update.
3. Skip the build stage for now.
4. In the Deploy stage , add Deploy provider. Choose Amazon (Blue/Green) . In Application name , we need to choose our application and then choose our Deployment group.
5. Under Amazon ECS task definition, we will select SourceArtifact and add taskdef.json file. Then under AWS CodeDeploy App Sec file,choose Source Artifact and appspec.yaml file.
6. Finally, create the pipeline.
Hope this helps!!
