►
From YouTube: Automating Deployments to ECS with GitLab CI/CD
Description
Contents:
0:48 - Steps overview
1:26 - Adding the CI/CD template to deploy to ECS
2:58 - Getting the project image URI
3:38 - Creating an ECS task definition
4:51 - [For private projects] Giving AWS access to the project's container registry
9:30 - Creating a service from the project's latest image
11:55 - Creating a GitLab service account in AWS
13:37 - Pointing GitLab to the ECS cluster and service
16:51 - Testing automatic deployments to ECS
18:18 - Enabling automatic deployments to a review app
22:01 - Closing summary
Resources:
Deploy to Amazon ECS: https://docs.gitlab.com/ee/ci/cloud_deployment/ecs/deploy_to_aws_ecs.html
A
A
What
you'll
have
is
a
web
app
project
where
we'll
leverage
gitlab's
pipeline
templates
to
automatically
build
an
image
out
of
your
project
and
then
push
it
to
your
ECS
cluster,
either
in
production
or
review,
depending
on
whether
it's
on
a
marine
Branch
or
in
a
review
or
feature
branch
on
the
Amazon
side
of
things.
We'll
have
a
cluster
with
a
couple
different
Services
one
for
your
Production
service
and
then
one
review
service.
A
So
that
gitlab
knows
where
to
point
to
so,
let's
get
started
now
for
the
purposes
of
this
tutorial
I'm
using
the
Ruby
on
Rails
template
that
gitlab
provides,
as
it
provides
a
pretty
simple
and
straightforward
web
app
for
me
to
work
with
what
I'm
going
to
do
now
is
I'm
going
to
go
over
into
the
CI
CD
pipelines
editor
and
we're
going
to
replace
all
the
spoilerplate
text
with
a
very
simple
template.
So
I'm
going
to
include
a
template
called
AWS,
slash,
deploy,
ECS
dot,
gitlab.ci
dot,
and
you
should
see
that
it
says
pipelines.
A
We
can
see
here
that
we
have
two
jobs:
a
build
job
and
a
production,
ECS
job,
and
this
job
is
going
to
fail
here,
because
we
haven't
really
configured
anything
on
the
ECS
side
of
things
for
this
project
just
yet.
But
let's
check
this
build
job
just
to
see.
What's
going
on,
this
is
going
to
build
an
image
for
US,
based
on
the
code
that
I
have
in
my
repo
here
and
once
that's
done.
I'll
have
a
container
image
in
our
package
and
Registries
continue
to
registry
to
be
able
to
use
within
ECS.
A
If
your
gitlab
project
is
public,
then
this
these
images
should
be
public
as
well,
but
if
these
images
are
not
accessible
publicly,
what
we
can
do
is
go
into
settings
access
tokens
and
we'll
create
a
new
access
token
here,
I'll
call
it
ECS
cluster
token
optionally.
You
can
set
an
expiration
date
and
I'll
set
the
role
as
reporter,
since
we
want
it
to
be
able
to
read
the
registry.
A
A
This
will
be
an
other
type
of
secret
and
we're
going
to
add
two
key
value
pairs.
Here.
One
is
going
to
be
my
username
for
gitlab
and
then
the
other
one
is
going
to
be
password
and
the
value
is
going
to
be
that
access
token
that
I
just
created
in
gitlab
once
we
have
that
I
can
click
next,
give
this
a
name
so
I'll
call
it
demo.
A
Where
we'll
specify
the
secret
errand
that
we
just
made
so
I'll
create
a
new
revision
with
Json
this
time
and
Below,
where
we
specify
the
image
or
the
task
I'm
going
to
create
a
new
section,
a
new
key
value
pair
here
and
the
key
will
be
Repository
credentials
and
the
value
will
actually
be
another
section.
So
put
some
curly
braces
there
and
inside
those
curly
braces,
we'll
add
a
key
value
pair.
A
And
the
value
in
quotes
will
be
the
secret
area
that
we
just
copied
once
we
have
that
and
I'll
add
a
comma
right
there,
we're
now
good
to
go
and
I'll
click
create,
and
we
should
now
see
that
a
new
version
of
our
task
definition
has
just
been
created
this
time
with
the
secret
Arn,
which
points
to
our
gitlab
access
token.
That
way,
when
it's
calling
this
image
it's
able
to
access
it
now.
A
So
I'll
click
on
this
ECS
task,
execution
role
and
that'll.
Take
me
to
the
AWS
IAM
console
and
for
this
role,
you'll
see
that
I
have
a
policy
added
for
Secrets
manager
read
write,
but
you
might
not
have
this
in
your
case.
So
if
this
is
not
here,
you'll
need
to
go
into
add
permissions,
attach
policies
and
then
we'll
attach
our
policy
also
I'll
search
for
secrets
manage
your
read,
write
and
I
won't
see
here
because
I've
already
added
this
policy
to
my
role,
but
you'll
see
it
here.
A
A
A
A
I'll
click
on
that
task
name-
and
this
will
show
me
in
the
task
Details
page,
the
public
IP
address-
or
this
task
I'm
going
to
copy
this
public
IP
address
and
in
a
new
tab,
I'll
paste
that
IP
address
and
I'll
specify
Port
5000
and
once
it
loads
I
can
see.
Now
that
my
app
has
been
deployed
successfully.
A
Click
next
and
we're
going
to
select,
attach
policies
directly
in
here,
I'll
search
for
Amazon
ECS
underscore
full
access
and
I'll
select
that
policy
and
click.
Next
now,
I'll
click
create
user
and
I'll
go
into
my
user.
That
I
just
created
I'll
click
that
and
we're
going
to
go
over
to
Security
credentials.
A
Now
that
I
have
my
access
Keys,
it's
time
to
now
save
these
on
the
gitlab
side
of
things
in
our
CI
CD
variables
to
do
that.
I'm
going
to
copy
my
access
key
and
head
over
to
my
project,
I'll
go
into
the
cicd
settings
and
we'll
expand
the
variables
section,
I'm
going
to
add
a
variable
here,
and
this
variable
will
be
called
AWS
access.
Key
ID,
you
can
see.
Gitlab
here
actually
suggests
it
for
me
and
I'll
paste
the
value
that
I
just
copied.
A
In
this
case,
I'm
going
to
not
protect
this
variable
as
I
want
this
to
be
accessible
or
unprotected
branches
as
well,
and
if
you
want
to
use
review,
apps
you'll
want
to
uncheck
this
as
well,
and
we
can
click,
add
variable
next,
we're
going
to
add
our
AWS
secret
access.
Key
and
that'll,
be
the
secret
access
key
here,
I'll
paste
that
there
uncheck
protected
variable,
because
we
want
this
to
run
again
on
unprotected
branches
as
well.
A
So
you'll
specify
your
default
region
which
in
my
case,
is
Us
West,
one
and
again
I'll
uncheck,
protect
variable
here,
add
variable,
and
now
that
we've
specified
the
access
key
and
Secret.
We
need
to
add
some
variables
to
also
tell
gitlab
which
cluster
which
service
and
which
test
definition
to
deploy.
Using
so
I'll,
add
a
variable
here
called
CI
AWS
ECS
cluster,
and
this
will
be
the
name
of
my
ECS
cluster,
which
we
called
Ruby
dash
cluster.
A
A
A
A
I
can
now
do
the
same
thing
to
get
the
IP
address
for
this
going
into
configuration
and
tasks
clicking
on
the
task
that
was
created
for
this
and
then
copying
that
public
IP
address
and
I'll
go
to
that
IP
address
and
that
same
port
that
my
app
is
running
on
and
now
we'll
see.
It
says
the
same
thing,
because
we
haven't
really
made
any
changes
to
our
review
branches
yet,
but
you
will
see
that
a
review
service
has
successfully
now
deployed
now.
A
Ruby
service
review,
I'll,
set
the
environment
scope
to
review;
slash
asterisk,
create
a
wildcard
for
that
and
I'll
unprotect
this
variable
so
that
unprotected
branches
can
deploy
to
this
environment,
scope,
I'm
going
to
click,
add
variable,
and
now,
let's
test
this
out,
I'll
go
back
to
that
same
file.
I
edited
earlier.
A
A
A
So,
just
like
that,
we
have
now
leveraged
gitlab
cicd
templates
to
automatically
deploy
our
code
changes
in
gitlab
over
to
AWS
ECS.
All
we
had
to
do
was
configure
our
CI
CD
variables
to
point
to
our
ECS
cluster.
It
is
set
up
the
right
access
token
in
case
that
our
project
is
private
and
we
had
to
set
up
some
task
definitions
for
our
services
in
ECS
and
with
that
I'm
now
good
to
go
for
automated
code
changes
being
deployed
into
production
and
review.