Provide gitlab-ci.yml Template for Deploying to ECS

Problem to solve

Users want to deploy to AWS ECS: the way you achieve this is the same amongst different companies and could easily be templatized. Users could then customize the template if they have specific needs/use cases.

Additional context in product scaling agenda at https://docs.google.com/document/d/1nMJzrDfG7C14WP5v7P226oPFuXkwqIk7bdIT8ai0DNU/edit?ts=5d84fb07&skip_itp2_check=true&pli=1#bookmark=id.46hyirfrtqak

Intended users

Users deploying to AWS ECS

Why build a .gitlab-ci.yml template before an Auto DevOps template

Following the iteration value:

• Having a gitlab-ci.yml template that users can use and customize is valuable on it's own, even if they never use Auto DevOps.
• It will allow us to receive feedback before offering it as part of Auto DevOps.
• In addition, there is a risk that connecting it to Auto DevOps might break the Kubernetes flow which needs coordination and careful consideration which may span over a single milestone

This is the issue to add this as an Auto DevOps composable template #208132 (closed)

Proposal

Create a new template (https://gitlab.com/gitlab-org/gitlab/-/tree/master/lib/gitlab/ci/templates) named deploy to ECS.

All of the process described below uses our pre-built image (#31167 (closed)) as the image: in order to login to AWS (using the AWS typed environment variables). Any container that is created in order to deploy to ECS will be stored in the cloud-deploy project and published for any other use. TODO - we need to ask the Configure team how they manage these kinds of container dependencies between containers and templates within Auto DevOps and do it the same way.

This iteration assumes a pre-existing cluster, we don't create one on the fly for them. The customer provides us this info via variables.

Iteration:

• Create a stand-alone gitlab-ci.yml template that deploys to ECS
  • Build the customer's Docker image
  • Tag and push the built (customer) docker image to Gitlab's package registry (we will add documentation to add support to ECR, but ECR configuration will not be done automatically by our template). TODO - add what we with digest here.
  • Create AWS Task to be used for the Docker deploy
  • Register AWS Task definition with the ECS cluster
  • Grab revision # of the Task definition using regular bash and grep
  • Deploy revision using the Docker deploy
• Documentation

Main variables to modify for your account (for reference see here)

• AWS_ACCOUNT_ID=XXXXXXXXXXXXXXX
• REGION='us-east-1'
• CLUSTER='test-app'
• FAMILY='test-app'
• DOCKER_IMAGE='test-app'
• TASK='test-app'
• SERVICE='app-service

*Secrets needed: *

• AWS_ACCESS_KEY_ID
• AWS_ACCOUNT_ID
• AWS_REGION

Reference

We will use Gitlab's container registry and not Amazon ECR.

You'll then need to setup ECS.

An ECS cluster

A Task Definition - variable in the yml here

A Service within the cluster - variable in the yml here

See the EC2 Container Service Resources Page if you need more help on the above.

You'll need AWS credentials for the step below that have access to ECS.

Permissions and Security

Documentation

Availability & Testing

(for testing we will use: auto build, auto test and add to that auto deploy to ECS)

What does success look like, and how can we measure that?

We need to measure the amount of times that this template is used

What is the type of buyer?

Links / references

• https://github.com/ricktbaker/docker-circleci-ecr-ecs/blob/master/.circleci/config.yml
• https://gitlab.com/gitlab-org/gitlab/tree/master/lib/gitlab/ci/templates
• https://docs.aws.amazon.com/AmazonECS/latest/developerguide/clusters.html