AWS Partner Network (APN) Blog

Using Solano CI with Amazon ECS and Amazon ECR Services to Automatically Build and Deploy Docker Containers

by Joseph Fontes | on | in Amazon ECR, Amazon ECS, AWS Competencies, AWS Partner Solutions Architect (SA) Guest Post, DevOps on AWS | | Comments

Joseph Fontes is a Partner Solutions Architect at AWS. 

Solano Labs, an AWS DevOps Competency Partner and APN Technology Partner, provides a continuous integration and deployment (CI/CD) solution called Solano CI.  This solution provides a build, deployment, and test suite focused on performance, with support for multiple programming languages and application frameworks, numerous build and test frameworks, and many database and backend frameworks, in addition to third-party tool integrations.  Solano Labs provides a software as a service (SaaS) offering with their Solano Pro CI and Solano Enterprise CI products along with a private installation offering known as Solano Private CI.  In this blog post, we’ll demonstrate a CI/CD deployment that uses the Solano CI SaaS offering for build and test capabilities.  This implementation integrates with Amazon EC2 Container Service (Amazon ECS) and Amazon EC2 Container Registry (Amazon ECR), creating a build and deployment pipeline from source code to production deployment.  Recently, Solano Labs announced the release of a new AWS feature integration, the ability to use the AWS AssumeRole API within a Solano CI build pipeline.  This feature, used in this demonstration deployment, supports AWS security best practices by using AWS cross-account roles to replace AWS access keys and secret keys for authentication with AWS services from within Solano CI.

Overview

The examples in this blog post demonstrate how you can integrate Amazon ECR with the Solano CI platform in order to automate the deployment of Docker images to Amazon ECS.  Once you’ve completed the integration, you’ll be able to automate the deployment of a new codebase to a production environment by simply committing your application changes to a GitHub repository. The following diagram illustrates the workflow.
Image_1_Solano_CI_JF

To deploy this pipeline, we’ll explain how you can perform the following tasks.

  • Create a new GitHub repository
  • Install and configure Docker
  • Create an AWS Identity and Access Management (IAM) role for Solano CI
  • Create an Amazon ECR repository
  • Set Amazon ECS registry repository policy
  • Build a Docker image and push it to Amazon ECR
  • Create an Elastic Load Balancing load balancer
  • Create an Amazon ECS cluster
  • Install Solano CI CLI and set environment variables
  • Integrate Solano CI with your GitHub repository

Requirements

These examples will make use of the Solano CI Docker capabilities.  For more information about these features, see the Solano CI documentation.

You’ll need a source code versioning system that will allow Solano CI to process your source code, as updates are committed.  In our examples, we will be using GitHub.  You can also choose any Git or Mercurial compatible service.

Configuring GitHub

We will be using GitHub as our managed source code versioning system.  If you do not already have a GitHub account, you can find instructions for creating a new account on the GitHub website.

You’ll want to create a new repository to follow along with the examples.  Once your GitHub repository is available, you can import the code for the examples we’re using from the repository:

https://github.com/awslabs/aws-demo-php-simple-app.git

Once you import the code, the contents of your new GitHub repository should mirror the contents of the example repository.  You should now be able to clone your repository to your development environment:

git clone your-github-repo-location

NEW-SC-07

In your local GitHub repository, there will be two files named solano.yml and solano-docker.yml.  These files contain the build and deployment instructions for use by Solano CI.  You’ll need to update the instructions for use with Docker.  Within your repository root directory, run the commands:

rm –f solano.yml
cp solano-docker.yml solano.yml
git add solano.yml

Configuring Docker

To build the initial Docker image you’ll use to populate the Amazon ECS service, you’ll need to install the Docker utilities and service.  Instructions for installing and starting the service can be found in the AWS documentation.

Solano CI Account Creation

To use Solano CI, you’ll either need to have an active account with Solano Labs or use your GitHub credentials to log in.  The account creation and the Solano CI platform management console can be found on the Solano Labs website:

Solano_CI_Website_JF

Creating the AWS IAM Role

You’ll now need to configure the IAM role used by Solano CI to automate Amazon ECS integration.  From your Solano CI console, navigate to the Organization Settings page, and then choose AWS AssumeRole.

NEW-SC-49-2 NEW-SC-50 NEW-SC-51-2

You’ll need to copy the AWS account ID and external ID from the AWS AssumeRole Settings screen—you’ll use these when you create the IAM role.  Copy the contents of this Github Gist to the file solano-role-policy-doc.json on your local development environment, replacing AWSACCOUNTIDTMP with the AWS account ID provided from Solano and replacing SOLANOEXTERNALIDTMP with the external ID provided.

aws iam create-role --role-name solano-ci-role --assume-role-policy-document file://solano-role-policy-doc.json
aws iam attach-role-policy --role-name solano-ci-role --policy-arn arn:aws:iam::aws:policy/AmazonEC2ContainerServiceFullAccess
aws iam attach-role-policy --role-name solano-ci-role --policy-arn arn:aws:iam::aws:policy/AmazonEC2Container