Skip to content

kunduso/add-aws-ecr-ecs-fargate

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

166 Commits

.github/workflows

.github/workflows

 
 

app

app

 
 

deploy

deploy

 
 

infra

infra

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

healthcheck.js

healthcheck.js

 
 

Repository files navigation

License: Unlicense GitHub pull-requests closed GitHub pull-requests GitHub issues-closed GitHub issues terraform-infra-provisioning checkov-scan docker-build-deploy

Introduction

This repository contains code and resources related to various use cases involving Amazon Elastic Container Service (ECS), Docker, and infrastructure provisioning using Terraform and GitHub Actions.

Table of Contents

Image

Use Case 1: Create Infrastructure for Amazon ECS

This use case covers the creation of all necessary infrastructure components required to host an Amazon Elastic Container Service (ECS) using Terraform and GitHub Actions. Image The components include:

  • Amazon Virtual Private Cloud (VPC): A logically isolated virtual network where your resources are deployed.
  • Security Groups: Virtual firewalls that control inbound and outbound traffic to your resources.
  • VPC Endpoints: Gateways that enable secure and private connections between your VPC and AWS services.
  • ECS Cluster: A group of EC2 instances or Fargate tasks that run your containerized applications.
  • Elastic Container Registry (ECR): A fully-managed Docker container registry for storing and retrieving Docker images.
  • Application Load Balancer (ALB): A load balancer that distributes incoming traffic across your ECS tasks.
  • AWS Key Management Service (KMS) Key: A secure and managed key for encrypting sensitive data.
  • CloudWatch Log groups: A monitoring service that collects and stores logs from your containerized applications.

The Terraform configurations and GitHub Actions workflow automate the provisioning and configuration of these components, ensuring a consistent and repeatable deployment process. Here is a detailed note explaining the same - create-infrastructure-to-host-an-amazon-ecs-service-using-terraform.

Use Case 2: Build, Scan, and Push Docker Images to Amazon ECR

This use case demonstrates how to build, scan, and push Docker images to Amazon Elastic Container Registry (ECR) using GitHub Actions. Image The steps involved include:

  1. Building a Docker image from a Dockerfile
  2. Scanning the Docker image for vulnerabilities
  3. Pushing the Docker image to Amazon ECR

The provided GitHub Actions workflows automate the entire process, enabling continuous integration and delivery of Docker images to Amazon ECR. Here is a detailed note explaining the same - push-docker-image-to-amazon-ecr-using-github-actions.

Use Case 3: Deploy to Amazon ECS Services

This use case focuses on deploying Amazon ECS services using Terraform and GitHub Actions. It includes the following steps:

  1. Provisioning the necessary infrastructure components (as covered in Use Case 1)
  2. Creating the ECS execution role and the ECS task role
  3. Creating the ECS task definition
  4. Creating an ECS Service
  5. Configuring Load Balancing
  6. Deploying the Docker image to the ECS Service (using the image pushed in Use Case 2)

The Terraform configurations and GitHub Actions workflows handle the deployment and management of the ECS services, ensuring a streamlined and automated process. Here is a detailed note explaining the same - continuous-deployment-of-amazon-ecs-service-using-terraform-and-github-actions.

Additionally, this repository includes:
- a Checkov pipeline for scanning the Terraform code for security and compliance issues.

The entire setup and deployment process is automated via the GitHub Actions pipelines, eliminating the need for manual steps.

Prerequisites

For this code to function without errors, create an OpenID connect identity provider in Amazon Identity and Access Management that has a trust relationship with your GitHub repository. You can read about it here to get a detailed explanation with steps.
Store the ARN of the IAM Role as a GitHub secret which is referred in the terraform.yml and app-cd-cd.yml file.
For the Infracost integration, create an INFRACOST_API_KEY and store that as a GitHub Actions secret. You can manage the cost estimate process using a GitHub Actions variable INFRACOST_SCAN_TYPE where the value is either hcl_code or tf_plan, depending on the type of scan desired.
You can read about that at - integrate-Infracost-with-GitHub-Actions.

Usage

Ensure that the policy/ies attached to the IAM role whose credentials are being used in this repository has permission to create and manage all the resources that are included in this repository and push the Docker image to Amazon ECR repository.


If you want to check the pipeline logs, click on the Build Badges above the image in this ReadMe.

Contributing

If you find any issues or have suggestions for improvement, feel free to open an issue or submit a pull request. Contributions are always welcome!

License

This code is released under the Unlicense License. See LICENSE.

About

This repository contains code and resources related to various use cases involving Amazon Elastic Container Service (ECS), Docker, and infrastructure provisioning using Terraform and GitHub Actions.

skundunotes.com/2024/05/06/continuous-deployment-of-amazon-ecs-service-using-terraform-and-github-actions/

Topics

aws terraform load-balancer amazon-ecr amazon-ecs amazon-cloudwatch github-actions

Resources

Readme

License

Unlicense license
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages