How Do I Create a GitHub Actions Workflow to Update an AWS ECS Service on Push?

Introduction

This guide aims to assist you in setting up a GitHub Actions workflow that automatically updates an AWS ECS service whenever there’s a push to the source repository. By defining the necessary infrastructure in code, you will be able to create an ECS cluster, task definition, and service. The guide will also cover configuring GitHub Actions to manage the continuous deployment process, ensuring your application is up-to-date with every code change.

Step-by-Step Explanation

1. AWS Provider Configuration: Begin by connecting to your AWS account to access the necessary resources.
2. VPC Setup: Create a Virtual Private Cloud (VPC) to provide a network environment for your ECS cluster.
3. ECS Cluster: Define the ECS cluster where your services will run.
4. ECS Task Definition: Specify the details of how tasks should run, including the Docker image and resource allocations.
5. ECS Service: Configure the ECS service to manage the running tasks within your cluster.
6. IAM Role and Policies: Establish IAM roles and attach policies required for ECS tasks and services to operate securely.
7. GitHub Actions Configuration: Set up GitHub Actions to trigger updates to your ECS service whenever changes are pushed to the code repository.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const main = new aws.ec2.Vpc("main", {cidrBlock: "10.0.0.0/16"});
const mainSubnet = new aws.ec2.Subnet("main", {
    vpcId: main.id,
    cidrBlock: "10.0.1.0/24",
});
const mainCluster = new aws.ecs.Cluster("main", {name: "my-ecs-cluster"});
const ecsTaskExecution = new aws.iam.Role("ecs_task_execution", {
    name: "ecsTaskExecutionRole",
    assumeRolePolicy: JSON.stringify({
        Version: "2012-10-17",
        Statement: [{
            Action: "sts:AssumeRole",
            Effect: "Allow",
            Principal: {
                Service: "ecs-tasks.amazonaws.com",
            },
        }],
    }),
});
const ecsTaskExecutionAttachment = new aws.iam.PolicyAttachment("ecs_task_execution_attachment", {
    name: "ecs-task-execution-policy",
    policyArn: "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
    roles: [ecsTaskExecution.name],
});
const mainTaskDefinition = new aws.ecs.TaskDefinition("main", {
    family: "my-task-family",
    executionRoleArn: ecsTaskExecution.arn,
    containerDefinitions: JSON.stringify([{
        name: "my-app",
        image: "amazon/amazon-ecs-sample",
        memory: 512,
        cpu: 256,
        essential: true,
        portMappings: [{
            containerPort: 80,
            hostPort: 80,
        }],
    }]),
});
const mainService = new aws.ecs.Service("main", {
    name: "my-ecs-service",
    cluster: mainCluster.id,
    taskDefinition: mainTaskDefinition.arn,
    desiredCount: 1,
    launchType: "FARGATE",
    networkConfiguration: {
        subnets: [mainSubnet.id],
        assignPublicIp: true,
    },
});
export const clusterName = mainCluster.name;
export const serviceName = mainService.name;
export const taskDefinition = mainTaskDefinition.family;

Key Points

• The guide outlines how to automate AWS ECS updates using GitHub Actions.
• It includes setting up a VPC, ECS cluster, task definition, and service.
• IAM roles and policies are crucial for secure ECS task execution.
• GitHub Actions are configured to ensure continuous deployment with every code push.

Conclusion

By following this guide, you have established a robust setup for automating AWS ECS service updates using GitHub Actions. This infrastructure, defined in code, ensures that your application is continuously deployed and updated with each change in the source code. This approach not only accelerates deployment but also enhances the reliability and efficiency of your development workflow.