如何使用AWS CodePipeline更新ECS上的容器服务

Question

I have a cluster on ECS with a container service. I've setup CodePipeline to build a new container on an update and push this to ECR. How can I trigger an update to my cluster to use the newly updated container?

Answer 1

AWS CodePipeline supports to deploy to ECS directly now. You can use the new ECS deploy action to update your ECS service to use the new container image you created. You need to modify your build step to output a configuration file which contains the image URL of the new image you built. More details can be found here https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-cd-pipeline.html

Answer 2

I thought i would add my solution with bitbucket-pipelines, which i know technically does not directly answer the question BUT the commands in the bitbucket pipelines steps are practically identical to the buildspec.yml (check docs though for buildspec.yml) for Code Pipeline.

I feel i should add that aws have done a great Job with the GUI in aws control panel for codepiplines it is really straight forward now days and handles deployment and task definition creation for you.

People looking to integrate tools like JIRA and its deployment features with JIRA tasks, would need to go with bitbucket pipelines!

options:
  docker: true
  size: 2x

pipelines:
  tags:
    build-*:
      - step: 
          name: build app
          image: node:10.15.0
          script:
            - npm i
            - npm run build
          artifacts:
            - node_modules/** 
            - dist/**



     - step:
       name: push to aws staging
       # integrate with JIRA <3
       deployment: staging
       image: atlassian/pipelines-awscli:latest
       services:
         - docker
       script:
         # command line JSON processor plugin (important)
         - apk add jq          

         # standard docker login and build
         - eval $(aws ecr get-login --no-include-email)
         - docker build --build-arg notProduction=true -t app:staging .
         - docker tag app:staging ${secretUrl}.amazonaws.com/app:staging
         - docker push ${secretUrl}.amazonaws.com/app:staging

         # gets the latest task definition
         - export TASK_DEF=$(aws ecs describe-task-definition --task-definition "app-staging")

         # gets the specific containerDefinitions array and exports to a json format which is needed for the register-task-definition function
         - export CONTAINER_DEFS=$(echo $TASK_DEF | jq '.taskDefinition.containerDefinitions' | awk -v ORS= -v OFS= '{$1=$1}1')

         # creates a new task definition from the previous definition details
         - aws ecs register-task-definition --family "app-staging" --container-definitions $CONTAINER_DEFS

         # updates ecs
         - aws ecs update-service --cluster "toolkit" --service "app-staging" --task-definition "app-staging"
       artifacts:
         - node_modules/**
         - dist/**

Answer 3

Since you are using CodePipeline you may trigger an CloudFromation stack after your new image is built. Then CloudFormation stack will create a new task definition and update your ECS service. Here is a reference architecture.

You can use this reference architecture for Continuous Deployment. CloudFormation templates are attached in the above Github repo.

Answer 4

If you're ok with updating containers to new :latest image, stopping ECS cluster's tasks before deploy works just fine.

In buildspec.yml of AWS CodeBuild stage add

aws ecs list-tasks --cluster "ECS_CLUSTER_NAME" --output text | awk '{print $2}' | while read line ; do aws ecs stop-task --task "$line" --cluster "ECS_CLUSTER_NAME" ; done

with the name of your ECS Cluster instead of ECS_CLUSTER_NAME, to post_build commands section just after your docker push... commands.

Containers will be stopped. And ECS will fulfill desired tasks amount with your newly created docker image.

PS Don't forget to check IAM so your CodeBuild user role has permissions to perform ecs:* commands.