A Buildkite plugin for deploying to Amazon ECS.

• Requires the aws cli tool be installed
• Registers a new task definition based on a given JSON file (register-task-definition)
• Updates the ECS service to use the new task definition (update-service)
• Waits for the service to stabilize (wait services-stable)

steps:
  - label: ":ecs: :rocket:"
    concurrency_group: "my-service-deploy"
    concurrency: 1
    plugins:
      - ecs-deploy#v2.0.1:
          cluster: "my-ecs-cluster"
          service: "my-service"
          container-definitions: "examples/hello-world.json"
          task-family: "hello-world"
          image: "${ECR_REPOSITORY}/hello-world:${BUILDKITE_BUILD_NUMBER}"

The name of the ECS cluster.

Example: "my-cluster"

The name of the ECS service.

Example: "my-service"

The file path to the ECS container definition JSON file. This JSON file must be an array of objects, each corresponding to one of the images you defined in the image parameter.

Example: "ecs/containers.json"

[
    {
        "essential": true,
        "image": "amazon/amazon-ecs-sample",
        "memory": 100,
        "name": "sample",
        "portMappings": [
            {
                "containerPort": 80,
                "hostPort": 80
            }
        ]
    },
    {
        "essential": true,
        "image": "amazon/amazon-ecs-sample",
        "memory": 100,
        "name": "sample",
        "portMappings": [
            {
                "containerPort": 80,
                "hostPort": 80
            }
        ]
    }
]

The file path to the ECS task definition JSON file. Parameters specified in this file will be overridden by other arguments if set. Setting the containers property in this file will have no effect, define those parameters in container-definitions

Example: "ecs/task.json"

{
  "networkMode": "awsvpc"
}

The file path to the ECS service definition JSON file. Parameters specified in this file will be overridden by other arguments if set, e.g. cluster, desired-count, etc. Note that currently this json input will only be used when creating the service, NOT when updating it.

Example: "ecs/service.json"

{
  "schedulingStrategy": "DAEMON",
  "propagateTags": "TASK_DEFINITION"
}

The name of the task family.

Example: "my-task"

The Docker image to deploy. This can be an array to substitute multiple images in a single container definition.

Examples: "012345.dkr.ecr.us-east-1.amazonaws.com/my-service:123"

image:
  - "012345.dkr.ecr.us-east-1.amazonaws.com/my-service:123"
  - "012345.dkr.ecr.us-east-1.amazonaws.com/nginx:123"

An IAM ECS Task Role to assign to tasks. Requires the iam:PassRole permission for the ARN specified.

The Target Group ARN to map the service to.

Example: "arn:aws:elasticloadbalancing:us-east-1:012345678910:targetgroup/alb/e987e1234cd12abc"

The Container Name to forward ALB requests to.

The Container Port to forward requests to.

The Execution Role ARN used by ECS to pull container images and secrets.

Example: "arn:aws:iam::012345678910:role/execution-role"

Requires the iam:PassRole permission for the execution role.

The minimum and maximum percentage of tasks that should be maintained during a deployment. Defaults to 100/200

Example: "0/100"

The region we deploy the ECS Service to.

An array of environment variables to add to every image's task definition

At a minimum this plugin requires the following AWS permissions to be granted to the agent running this step:

Policy:
  Statement:
  - Action:
    - ecr:DescribeImages
    - ecs:DescribeServices
    - ecs:RegisterTaskDefinition
    - ecs:UpdateService
    Effect: Allow
    Resource: '*'

This plugin will create the ECS Service if it does not already exist, which additionally requires the ecs:CreateService permission.

To run the tests:

docker-compose run tests

MIT (see LICENSE)