In the first post of this series, we discussed how to set up continuous deployment to AWS for your Docker apps using Codeship. We'll continue with a quick tutorial on deploying new Docker images to Amazon's EC2 Container Service.
Over the past few years, the use of container technology like Docker has grown dramatically within organizations of all sizes, which has led popular cloud providers like Google and Amazon to build in tools to better support this. Like I said, if there is a feature you need, AWS probably has it, and Docker support is no exception.
But just because AWS supports it doesn't mean getting it all up and running is a simple and intuitive process. Having a large number of products means that important information inevitably gets lost in the noise.
For Docker support, the three most important products to be aware of are the Amazon Elastic Compute Cloud (EC2), the Amazon EC2 Container Service (ECS), and the Amazon EC2 Container Registry (ECR).
Amazon EC2 Container Service
EC2 is one of the most popular product offerings on AWS, providing affordable and scalable virtual servers in the cloud. Because of EC2's simple web interface, developers can easily increase or decrease computing resources in minutes while only paying for the resources they use.
In the same vein as Kubernetes and Docker Swarm, ECS is Amazon's solution for running and managing Docker containers across a cluster of Amazon EC2 instances. Should you be interested in learning more about Kubernetes and Docker Swarm, I would recommend checking out this ebook about continuous deployment for Docker apps to Kubernetes and this one about working with Docker Machine, Compose, and Swarm.
ECS allows you to easily manage and scale your application without any additional complexity in how you design, build, and run your product. The greatest thing about Amazon ECS (in my opinion) is that there is no additional charge to use it, which means that you only pay for EC2 usage and nothing else.
Similar to Docker Hub and the Google Cloud Container Registry, Amazon ECR is a Docker image registry that makes it "easy for developers to store, manage, and deploy Docker container images." Generally, the best Docker registry to use will be the one that integrates best with the rest of your infrastructure; when paired with Amazon ECS, ECR simplifies the Docker container deployment workflow by providing highly available hosting of Docker images from directly within the AWS ecosystem.
If you want to learn more about Docker hosting, you should check out this ebook: The Shortlist of Docker Hosting.
While the details of actually getting started with Amazon's EC2 Container technology and Codeship are both out of the scope of this article (you can find a great ECS tutorial here and Codeship tutorial here), deploying new Docker images to it with Codeship is a straightforward process.
Configuration
The most complicated piece of the Codeship/ECR integration puzzle is authentication. While we could see above that the AWS access keys can be encrypted and added to the repository for interaction with AWS services, the Docker registry authorization is only temporarily valid.
Because of this, we need to define a custom service in the codeship-services.yml
file to generate one-off dockercfg
files for each deploy.
This section sets up a Docker container based on Codeship's aws-ecr-dockercfg-generator
Docker image (you can check out a great guide to using this image here) using your AWS credentials. This allows you to run any necessary AWS commands in an authenticated and preconfigured environment.
Deployment
Now that we have an authenticated AWS environment with auto-generated dockercfg
files, we need to set up our deployment steps to use it in the codeship-steps.yml
file.
Let's say, for example, that we have a Docker image (defined as app in the codeship-services.yml
file) that we want to push to ECR. To accomplish this, add the following to your codeship-steps.yml
file:
This step tells Codeship to push the app
service image up to our Docker registry using the defined aws_dockercfg
service. Behind the scenes, this Codeship image is doing a few things to facilitate the push to ECR.
The first thing that happens in the aws_dockercfg
service is that it is generating a login command that can be used to authenticate the Docker command line tool with AWS:
Once the returned Docker login command is run, the aws_dockercfg
service has 12 hours to use it before it expires. Next, the image is pushed up to ECR using the standard docker push command (which is what the push step does regardless of the registry):
It is important to note that, at this point, these configuration changes only push up the new Docker image to the registry. They do not automatically update any currently running services that are utilizing previous versions of the Docker image.
While I won't get into the specifics of that in this article (there are a multitude of ways ECR could be set up to facilitate it), the AWS CLI tool does provide functionality for programmatic management of ECS services and tasks.
This has been Part Two of a series about how to set up continuous deployment to AWS for your Docker apps using Codeship. Can't wait for Part Three? Download our free ebook, Deploying Docker Apps to AWS.