How do I create a GitHub Actions workflow to update an AWS ECS service on push?
In this guide, we’ll set up a GitHub Actions workflow that triggers an update to an AWS ECS service upon each push to the source repository. We will define the necessary infrastructure in code, which includes creating an ECS cluster, task definition, and service. Additionally, we will set up GitHub Actions to handle the continuous deployment process.
We’ll be using AWS as our cloud provider and the following steps will help you automate the deployment process.
Explanation:
- AWS Provider Configuration: Connect to your AWS account.
- VPC Setup: Create a VPC to host the ECS cluster.
- ECS Cluster: Define the ECS cluster that will run your services.
- ECS Task Definition: Specify how the tasks should be run, including the Docker image and resource requirements.
- ECS Service: Set up the ECS service that will manage running tasks within the cluster.
- IAM Role and Policies: Create the necessary IAM roles for ECS tasks and services.
- GitHub Actions Configuration: Setup GitHub Actions to trigger updates to the ECS service on code changes.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const main = new aws.ec2.Vpc("main", {cidrBlock: "10.0.0.0/16"});
const mainSubnet = new aws.ec2.Subnet("main", {
vpcId: main.id,
cidrBlock: "10.0.1.0/24",
});
const mainCluster = new aws.ecs.Cluster("main", {name: "my-ecs-cluster"});
const ecsTaskExecution = new aws.iam.Role("ecs_task_execution", {
name: "ecsTaskExecutionRole",
assumeRolePolicy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: "sts:AssumeRole",
Effect: "Allow",
Principal: {
Service: "ecs-tasks.amazonaws.com",
},
}],
}),
});
const ecsTaskExecutionAttachment = new aws.iam.PolicyAttachment("ecs_task_execution_attachment", {
name: "ecs-task-execution-policy",
policyArn: "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
roles: [ecsTaskExecution.name],
});
const mainTaskDefinition = new aws.ecs.TaskDefinition("main", {
family: "my-task-family",
executionRoleArn: ecsTaskExecution.arn,
containerDefinitions: JSON.stringify([{
name: "my-app",
image: "amazon/amazon-ecs-sample",
memory: 512,
cpu: 256,
essential: true,
portMappings: [{
containerPort: 80,
hostPort: 80,
}],
}]),
});
const mainService = new aws.ecs.Service("main", {
name: "my-ecs-service",
cluster: mainCluster.id,
taskDefinition: mainTaskDefinition.arn,
desiredCount: 1,
launchType: "FARGATE",
networkConfiguration: {
subnets: [mainSubnet.id],
assignPublicIp: true,
},
});
export const clusterName = mainCluster.name;
export const serviceName = mainService.name;
export const taskDefinition = mainTaskDefinition.family;
Summary:
We have created a setup for an AWS ECS cluster and service, along with the necessary IAM roles. This infrastructure is defined in code and ready to be automated using GitHub Actions for continuous deployment on push events to the repository. This setup ensures that our application is automatically updated with each code change, enabling rapid and reliable delivery.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.