- name: Deploy to Amazon ECS
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: task-definition.json
service: my-service
cluster: my-cluster
wait-for-service-stability: true
amazon-ecs-deploy-task-definition
Registers an Amazon ECS task definition and deploys it to an ECS service.
With aws-actions/amazon-ecs-deploy-task-definition
action for registering and deploying Amazon ECS Task Definitions. It involves configuring the required workflows, inputs, and outputs, understanding security considerations, and more.
Using GitHub Actions for deploying Amazon ECS task definitions fully automates our deployment process while ensuring that all of our ECS services always run with the latest task definition. And as before, we will include security best practices inside this configuration, ensuring our deployment process is secure.
ECS task definitions can be automated without error, leading to smooth operations and eliminating manual intervention mistakes. Security is also enhanced by meeting the security requirements of the AWS IAM, permissions, and tokens.
How would you keep the task definition file updated?
Treat Task Definition as Code
Check the Task Definition into your Git repository as a JSON file. Update the file with new Container Image Ids or other attributes, and push a new commit. And, since there is a definition for the Task as code, it should be commented so that the pushes to the Pull Request will also be controlled. These place controls over the changes that are being made to this artifact in a like manner such that deployments can be done and traced more quickly, just like at the level of the definition of the service.
Download Existing Task Definition:
aws ecs describe-task-definition --task-definition my-task-definition-family --query task definition > task-definition.json
When you download the existing task definition, you now can take and modify it, and then version it in your repository.
How do you update the container image values in a task definition?
Build and Push New Image:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-2
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build, tag, and push image to Amazon ECR
id: build-image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: my-ecr-repo
IMAGE_TAG: ${{ github.sha }}
run: |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
- name: Fill in the new image ID in the Amazon ECS task definition
id: task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: task-definition.json
container-name: my-container
image: ${{ steps.build-image.outputs.image }}
- name: Deploy Amazon ECS task definition
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.task-def.outputs.task-definition }}
service: my-service
cluster: my-cluster
wait-for-service-stability: true
How to set the credentials and the region
Setting Up AWS Credentials:
- name: Setting up AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-2
aws-actions/configure-aws-credentials
actually is the action used to have setup of your environment, filling in the required AWS credentials and region in an AWS-IAM best-practice compliant way.
Minimum Set of Permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "RegisterTaskDefinition",
"Effect": "Allow",
"Action": [
"ecs:RegisterTaskDefinition"
],
"Resource": "*"
},
{
"Sid": "PassRolesInTaskDefinition",
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": [
"arn:aws:iam:::role/",
"arn:aws:iam:::role/"
]
},
{
"Sid": "DeployService",
"Effect": "Allow",
"Action": [
"ecs:UpdateService",
"ecs:DescribeServices"
],
"Resource": [
"arn:aws:ecs:<region>:<aws_account_id>:service/<cluster_name>/<service_name>"
]
}
]
}
What's the way to support AWS CodeDeploy?
Deploy to ECS with CodeDeploy:
- name: Deploy to Amazon ECS
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: task-definition.json
service: my-service
cluster: my-cluster
wait-for-service-stability: true
codedeploy-appspec: appspec.json
codedeploy-application: my-codedeploy-application
codedeploy-deployment-group: my-codedeploy-deployment-group