A Buildkite plugin for deploying to Amazon ECS.
- Requires both
awsandjqcli tools to be installed - Registers a new task definition based on a given JSON file (
register-task-definition) - Updates the ECS service to use the new task definition (
update-service) - Waits for the service to stabilize (
wait services-stable)
steps:
- label: ":ecs: :rocket:"
concurrency_group: "my-service-deploy"
concurrency: 1
plugins:
- ecs-deploy#v3.1.0:
cluster: "my-ecs-cluster"
service: "my-service"
container-definitions: "examples/hello-world.json"
task-family: "hello-world"
image: "${ECR_REPOSITORY}/hello-world:${BUILDKITE_BUILD_NUMBER}"The name of the ECS cluster.
Example: "my-cluster"
Experimental: Since version 3.0.0 you can skip this parameter and the container definitions will be obtained off the existing (latest) task definition. If this does not work for you, please open an issue in this repository.
The file path to the ECS container definition JSON file. This JSON file must be an array of objects, each corresponding to one of the images you defined in the image parameter.
Example: "ecs/containers.json"
[
{
"essential": true,
"image": "amazon/amazon-ecs-sample",
"memory": 100,
"name": "sample",
"portMappings": [
{
"containerPort": 80,
"hostPort": 80
}
]
},
{
"essential": true,
"image": "amazon/amazon-ecs-sample",
"memory": 100,
"name": "sample",
"portMappings": [
{
"containerPort": 80,
"hostPort": 80
}
]
}
]The Docker image to deploy. This can be an array to substitute multiple images in a single container definition.
Examples:
"012345.dkr.ecr.us-east-1.amazonaws.com/my-service:123"
image:
- "012345.dkr.ecr.us-east-1.amazonaws.com/my-service:123"
- "012345.dkr.ecr.us-east-1.amazonaws.com/nginx:123"The name of the ECS service.
Example: "my-service"
The name of the task family.
Example: "my-task"
An array of environment variables to add to every image's task definition in the NAME=VALUE format
The Execution Role ARN used by ECS to pull container images and secrets.
Example: "arn:aws:iam::012345678910:role/execution-role"
Requires the iam:PassRole permission for the execution role.
The region we deploy the ECS Service to.
CPU Units to assign to the task (1024 constitutes a whole CPU). Example: 256 (1/4 of a CPU).
Amount of GBs to assign in ephemeral storage to the task. Example: 25.
IPC resource namespace to use in the task. If specified, should be one of host, task or none.
Amount of memory (in Mbs) to allocate for the task. Example: 1024 (1Gb).
Docker networking mode for the containers running in the task. If specified, should be one of bridge, host, awsvpc or none.
Process namespace to use for containers in the task. If specified, should be one of host or task.
An IAM ECS Task Role to assign to tasks.
Requires the iam:PassRole permission for the ARN specified.
The following fields are automatically carried over from the latest active task definition and forwarded to register-task-definition. They are never reset to AWS defaults on deploy:
volumesβ task volumesplacementConstraintsβ task placement constraintsrequiresCompatibilitiesβ launch type requirements (e.g.FARGATE)runtimePlatformβ CPU architecture and OS family; particularly important for ARM64/Graviton Fargate services, where omitting it causes AWS to silently revertcpuArchitecturetoX86_64on every deploy
At a minimum this plugin requires the following AWS permissions to be granted to the agent running this step:
Policy:
Statement:
- Action:
- ecr:DescribeImages
- ecs:DescribeServices
- ecs:DescribeTaskDefinition
- ecs:RegisterTaskDefinition
- ecs:UpdateService
Effect: Allow
Resource: '*'To run testing, shellchecks and plugin linting use use bk run with the Buildkite CLI.
bk runOr if you want to run just the tests, you can use the docker Plugin Tester:
docker run --rm -ti -v "${PWD}":/plugin buildkite/plugin-tester:latestMIT (see LICENSE)