How to deploy a Docker image from GitLab CI registry to Amazon ECS?

Question

The only documentation I could find is with an Amazon registry (ECR) but nothing with a GitLab registry.

Here is my .gitlab-ci.yml that includes the steps build and push to the GitLab registry:

image: docker:19

services:
  - docker:dind

stages:
  - build
  - registry-update

.build-template: &buildTemplate
  stage: build
  script:
    - docker build --build-arg VERSION=$BUILD_VERSION --target $BUILD_TARGET -t $BUILD_IMAGE:$BUILD_TARGET -f $BUILD_DOCKERFILE $BUILD_CONTEXT
  after_script:
    - mkdir -p build/$BUILD_IMAGE
    - docker save $BUILD_IMAGE:$BUILD_TARGET -o build/$BUILD_IMAGE/$BUILD_TARGET.tar
  artifacts:
    name: $CI_JOB_NAME-${CI_COMMIT_SHORT_SHA}
    expire_in: 1 day
    paths:
      - build/$BUILD_IMAGE
  dependencies: []

build-php-fpm-test:
  <<: *buildTemplate
  variables:
    BUILD_IMAGE: myproject-php-fpm
    BUILD_TARGET: dev
    BUILD_DOCKERFILE: docker/php/Dockerfile
    BUILD_CONTEXT: .
  before_script:
    - source .env && export BUILD_VERSION=$PHP_TAG

.registry-update-template: &registryUpdateTemplate
  stage: registry-update
  before_script:
    - docker load -i build/$BUILD_IMAGE/$BUILD_TARGET.tar
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
  script:
    - docker tag $BUILD_IMAGE:$BUILD_TARGET $IMAGE_TAG
    - docker push $IMAGE_TAG

registry-update-php-fpm-test:
  <<: *registryUpdateTemplate
  variables:
    BUILD_IMAGE: myproject-php-fpm
    BUILD_TARGET: dev
    IMAGE_TAG: $CI_REGISTRY_IMAGE/$BUILD_IMAGE:$CI_COMMIT_REF_SLUG
  dependencies:
    - build-php-fpm-test

But now I need to deploy to Amazon ECS. I checked the documentation but it does not mention how to define the image name for the task definition. I also found this issue but there is no mention about how to use the related feature.

What is the correct way to define a deploy step from GitLab registry to Amazon ECS?

Answer 1

Checkout ecs-deploy tool: https://github.com/fabfuel/ecs-deploy You can deploy your task using any registry (quay, dockerhub etc.), eg:

ecs deploy <ecs_cluster> <ecs_service> --image <container_name> <container_repo>:<container_tag>

If you want to deploy a specific task you can also add parameter --task <task_family>:<task_revision> to ecs deploy . Of course it should be in another step in your.gitlab-ci.yml

Answer 2

I managed to do it with deploy token from Gitlab + task role for private registry on Amazon:

1. Create deploy token in Settings -> Repository with read_registry scope
2. Follow the guide to create 1) a secret holding the token, 2) a task role with access to the secret
3. Now create a task definition with new role:
   • One setting
   • And another below
4. Then add container with auth using the secret:

Both AWS and Gitlab docs are incredibly confusing to me. Try following AWS docs literally , eg make sure you add secrets access to new role as Inline as the docs say. Trying to do what I thought I need to do instead of just following the docs lost me couple of hours..