Create deployment pipeline

2025-08-24 20:08:55 +02:00 · 2021-11-14 22:11:54 +02:00
parent a175aaa976
commit a7e3dbf04a
2 changed files with 103 additions and 108 deletions
--- a/README.md
+++ b/README.md
@@ -25,6 +25,45 @@ cd microservices
 docker-compose up
 ```

+## Deploy to Amazon ECS/AWS Fargate
+
+`cd deployments` and create the CI/CD pipeline stack. Once finished, visit the `ExternalUrl` available in the load balancer's Outputs tab in CloudFormation.
+
+```bash
+aws cloudformation deploy \
+    --stack-name Microservices \
+    --template-file pipeline.yml \
+    --parameter-overrides \
+        EnvironmentName=msprod \
+        LaunchType=Fargate \
+        GitHubRepo=<github_repo_name> \
+        GitHubBranch=<github_branch> \
+        GitHubToken=<github_token> \
+        GitHubUser=<github_user> \
+    --capabilities CAPABILITY_NAMED_IAM
+```
+
+### Github repo setup
+
+Fork this repo to have a copy in your Github account.
+
+Then, on the [Github access token page](https://github.com/settings/tokens), generate a new token with the following access:
+
+* `repo`
+* `admin:repo_hook`
+
+### Deleting stacks
+
+When deleting the ECS cluster stack (`cluster-ecs.yml`) in CloudFormation, the auto scaling group needs to be manually deleted. You can do it from the Auto Scaling Groups section in the AWS EC2 console.
+
+With capacity providers, container instances need to be protected from scale-in. This interferes with the automatic deletion process in CloudFormation. 
+
+### References
+
+Deployment is based on these templates: https://github.com/nathanpeck/ecs-cloudformation
+
+## Inspect local resources
+
 ### Database

 To inspect the database, launch a new container that will connect to our Postgres database. Then enter the password `demopsw` (see the `.env` file).
@@ -72,57 +111,6 @@ To access the back end service, attach to its docker container from a separate t
 docker attach microservices_backend
 ```

-## Deployment to Amazon ECS/AWS Fargate
-
-`cd deployments` and create the CI/CD pipeline stack. Once finished, visit the `ExternalUrl` available in the load balancer's Outputs tab in CloudFormation.
-
-```bash
-aws cloudformation deploy \
-    --stack-name Microservices \
-    --template-file pipeline.yml \
-    --parameter-overrides \
-        EnvironmentName=msprod \
-        LaunchType=Fargate \
-        GitHubRepo=<github_repo_name> \
-        GitHubBranch=<github_branch> \
-        GitHubToken=<github_token> \
-        GitHubUser=<github_user> \
-    --capabilities CAPABILITY_NAMED_IAM
-```
-
-```bash
-aws cloudformation create-stack \
-	--stack-name MicroservicesFargate \
-	--template-body file://pipeline.yml \
-	--parameters \
-		ParameterKey=DeploymentType,ParameterValue=fargate \
-		ParameterKey=EnvironmentName,ParameterValue=microservices-fargate \
-		ParameterKey=GitHubRepo,ParameterValue=<github_repo_name> \
-		ParameterKey=GitHubBranch,ParameterValue=<github_branch> \
-		ParameterKey=GitHubToken,ParameterValue=<github_token> \
-		ParameterKey=GitHubUser,ParameterValue=<github_user> \
-	--capabilities CAPABILITY_NAMED_IAM
-```
-
-### Github repo setup
-
-Fork this repo to have a copy in your Github account.
-
-Then, on the [Github access token page](https://github.com/settings/tokens), generate a new token with the following access:
-
-* `repo`
-* `admin:repo_hook`
-
-### Deleting stacks
-
-When deleting the ECS cluster stack (`cluster-ecs.yml`) in CloudFormation, the auto scaling group needs to be manually deleted. You can do it from the Auto Scaling Groups section in the AWS EC2 console.
-
-With capacity providers, container instances need to be protected from scale-in. This interferes with the automatic deletion process in CloudFormation. 
-
-### References
-
-Deployment is based on these templates: https://github.com/nathanpeck/ecs-cloudformation
-
 ## Local development

 For development, run the RabbitMQ and Postgres containers with Docker Compose.
--- a/deployments/cluster.yml
+++ b/deployments/cluster.yml
@@ -50,20 +50,22 @@ Resources:
      DesiredCapacity: 1
    CreationPolicy:
      ResourceSignal:
-        Timeout: PT5M
+        Timeout: PT15M
    UpdatePolicy:
-      AutoScalingRollingUpdate:
-        MinSuccessfulInstancesPercent: 100
-        WaitOnResourceSignals: true
-        PauseTime: PT5M
-        SuspendProcesses:
-          # Suspend everything except Launch and Terminate.
-          - AddToLoadBalancer
-          - AlarmNotification
-          - AZRebalance
-          - HealthCheck
-          - ReplaceUnhealthy
-          - ScheduledActions
+      AutoScalingReplacingUpdate:
+        WillReplace: true
+      # AutoScalingRollingUpdate:
+      #   MinSuccessfulInstancesPercent: 100
+      #   WaitOnResourceSignals: true
+      #   PauseTime: PT5M
+      #   SuspendProcesses:
+      #     # Suspend everything except Launch and Terminate.
+      #     - AddToLoadBalancer
+      #     - AlarmNotification
+      #     - AZRebalance
+      #     - HealthCheck
+      #     - ReplaceUnhealthy
+      #     - ScheduledActions

  ContainerInstances:
    Type: AWS::AutoScaling::LaunchConfiguration
@@ -157,7 +159,8 @@ Resources:
          Action: [sts:AssumeRole]
      Path: /
      Policies:
-      - PolicyName: AmazonEC2ContainerServiceforEC2Role
+      # AmazonEC2ContainerServiceforEC2Role
+      - PolicyName: ecs-service
        PolicyDocument:
          Statement:
          - Effect: Allow
@@ -180,7 +183,7 @@ Resources:
            Resource: '*'

  #-----------------------------------------------------------------------------#
-  # Role ECS Tasks
+  # Role for ECS Tasks
  #-----------------------------------------------------------------------------#
  ECSTaskExecutionRole:
    Type: AWS::IAM::Role
@@ -209,44 +212,48 @@ Resources:
                - logs:PutLogEvents
              Resource: '*'

-  # # This is an IAM role which authorizes ECS to manage resources on your
-  # # account on your behalf, such as updating your load balancer with the
-  # # details of where your containers are, so that traffic can reach your
-  # # containers.
-  # ECSRole:
-  #   Type: AWS::IAM::Role
-  #   Properties:
-  #     AssumeRolePolicyDocument:
-  #       Statement:
-  #       - Effect: Allow
-  #         Principal:
-  #           Service: [ecs.amazonaws.com]
-  #         Action: ['sts:AssumeRole']
-  #     Path: /
-  #     Policies:
-  #     - PolicyName: ecs-service
-  #       PolicyDocument:
-  #         Statement:
-  #         - Effect: Allow
-  #           Action:
-  #             # Rules which allow ECS to attach network interfaces to instances
-  #             # on your behalf in order for awsvpc networking mode to work right
-  #             - 'ec2:AttachNetworkInterface'
-  #             - 'ec2:CreateNetworkInterface'
-  #             - 'ec2:CreateNetworkInterfacePermission'
-  #             - 'ec2:DeleteNetworkInterface'
-  #             - 'ec2:DeleteNetworkInterfacePermission'
-  #             - 'ec2:Describe*'
-  #             - 'ec2:DetachNetworkInterface'
+  #-----------------------------------------------------------------------------#
+  # Role for ECS
+  #
+  # This is an IAM role which authorizes ECS to manage resources on your
+  # account on your behalf, such as updating your load balancer with the
+  # details of where your containers are, so that traffic can reach your
+  # containers.
+  #-----------------------------------------------------------------------------#
+  ECSRole:
+    Type: AWS::IAM::Role
+    Properties:
+      AssumeRolePolicyDocument:
+        Statement:
+        - Effect: Allow
+          Principal:
+            Service: [ecs.amazonaws.com]
+          Action: ['sts:AssumeRole']
+      Path: /
+      Policies:
+      - PolicyName: ecs-service
+        PolicyDocument:
+          Statement:
+          - Effect: Allow
+            Action:
+              # Rules which allow ECS to attach network interfaces to instances
+              # on your behalf in order for awsvpc networking mode to work right
+              - 'ec2:AttachNetworkInterface'
+              - 'ec2:CreateNetworkInterface'
+              - 'ec2:CreateNetworkInterfacePermission'
+              - 'ec2:DeleteNetworkInterface'
+              - 'ec2:DeleteNetworkInterfacePermission'
+              - 'ec2:Describe*'
+              - 'ec2:DetachNetworkInterface'

-  #             # Rules which allow ECS to update load balancers on your behalf
-  #             # with the information sabout how to send traffic to your containers
-  #             - 'elasticloadbalancing:DeregisterInstancesFromLoadBalancer'
-  #             - 'elasticloadbalancing:DeregisterTargets'
-  #             - 'elasticloadbalancing:Describe*'
-  #             - 'elasticloadbalancing:RegisterInstancesWithLoadBalancer'
-  #             - 'elasticloadbalancing:RegisterTargets'
-  #           Resource: '*'
+              # Rules which allow ECS to update load balancers on your behalf
+              # with the information sabout how to send traffic to your containers
+              - 'elasticloadbalancing:DeregisterInstancesFromLoadBalancer'
+              - 'elasticloadbalancing:DeregisterTargets'
+              - 'elasticloadbalancing:Describe*'
+              - 'elasticloadbalancing:RegisterInstancesWithLoadBalancer'
+              - 'elasticloadbalancing:RegisterTargets'
+            Resource: '*'

 Outputs:
  ClusterName:
@@ -259,11 +266,11 @@ Outputs:
    Value: !GetAtt AutoscalingRole.Arn
    Export:
      Name: !Sub ${EnvironmentName}:AutoscalingRole
-  # ECSRole:
-  #   Description: The ARN of the ECS role
-  #   Value: !GetAtt 'ECSRole.Arn'
-  #   Export:
-  #     Name: !Sub ${EnvironmentName}:ECSRole
+  ECSRole:
+    Description: The ARN of the ECS role
+    Value: !GetAtt ECSRole.Arn
+    Export:
+      Name: !Sub ${EnvironmentName}:ECSRole
  ECSTaskExecutionRole:
    Description: The ARN of the ECS role
    Value: !GetAtt ECSTaskExecutionRole.Arn