Pipeline github + ECS

by

Deploying to ECS by hand is fine once. After that, you need a pipeline. AWS CodePipeline with GitHub source and CodeBuild handles the full cycle: source change, build Docker image, push to ECR, deploy to ECS.

TL;DR: Set up a CI/CD pipeline for ECS using AWS CodePipeline with GitHub and CodeBuild.
Stack: AWS CodePipeline, CodeBuild, ECS, ECR, GitHub
Level: Intermediate
Reading time: ~8 min

Steps overview

  1. In CodePipeline, create a new pipeline and name it.
  2. Select GitHub (Version 2) as source and connect your account.
  3. Select repository and branch. Enable change detection for continuous delivery.
  4. For build stage, select AWS CodeBuild with Ubuntu managed image, Runtime Standard, new service role, and “Use a buildspec file.”
  5. For deploy stage, select Amazon ECS, your cluster and service.

buildspec.yml

version: 0.2

phases:
  pre_build:
    commands:
      - aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin ACCOUNT.dkr.ecr.us-east-1.amazonaws.com
      - REPOSITORY_URI=ACCOUNT.dkr.ecr.us-east-1.amazonaws.com/your-repo
      - COMMIT_HASH=$(echo CODEBUILD_RESOLVED_SOURCE_VERSION | cut -c 1-7)
      - IMAGE_TAG=latest
  build:
    commands:
      - docker build -t REPO:latest .
      - docker tag REPO:latest REPO:IMAGE_TAG
  post_build:
    commands:
      - docker push REPO:latest
      - docker push REPO:IMAGE_TAG
      - printf '[{"name":"your-container","imageUri":"REPO:IMAGE_TAG"}]' > imagedefinitions.json
artifacts:
  files: imagedefinitions.json
  discard-paths: yes

Enable privileged mode for Docker in CodeBuild

aws codebuild update-project --name your-project --environment type=LINUX_CONTAINER,computeType=BUILD_GENERAL1_SMALL,image=aws/codebuild/standard:5.0,privilegedMode=true

What you’ve built

A working CI/CD pipeline: push to GitHub, CodePipeline triggers, CodeBuild builds and pushes a Docker image to ECR, ECS deploys the new task definition.

Next steps

  • Add a manual approval action between build and deploy stages for production environments.
  • Store ECR URI and ECS cluster names as CodePipeline environment variables, not hardcoded in buildspec.yml.
  • Use CodeBuild phases correctly: pre_build for ECR login, build for Docker build, post_build for push and task definition update.

Questions or feedback? Find me on LinkedIn or GitHub.

Leave a Comment