AWS CodeBuild to Build Images from Docker File push to ECR

Flow of Image creation and deployment to AWS infrastructure is as flow.

Note: There are three git repos, three AWS codebuild pipelines and three AWS ECR registries (Admin panel, Web portal and backend).

GitHub Webhook

Step 1: Create your GitHub access token.

In order for CodeBuild to communicate with GitHub, you need to set up an access token for GitHub in AWS CodeBuild. For GitHub, your personal access token must have the following scopes.

• repo: Grants full control of private repositories.
• repo:status: Grants access to commit statuses.
• admin:repo_hook: Grants full control of repository hooks.

Follow the below steps to get your GitHub access token.Login to your GitHub account and click on ‘Settings’. Navigate to ‘Developer settings’ and click on ‘Personal access tokens’ and finally click ‘New GitHub App’.

Provide a name and select the access scope and click on ‘Generate token’.

Your GitHub access token generated successfully. Copy and save the access token in a secure place.

AWS CodeBuild

AWS CodeBuild is a managed build service in the cloud. CodeBuild compiles your source code,runs unit tests, and produces artifacts that are ready to deploy.Each project has a buildspec.yml that is placed in the root of the project source folder containing the build settings for the project.

Buildspec.yml file for backend is given below

buildspec.yml

version: 0.2


phases:


  pre_build:


    commands:


      - echo Logging in to Amazon ECR...


      - aws --version


      - $(aws ecr get-login --region eu-west-1 --no-include-email)


      - REPOSITORY_URI=$ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com/aim-backend-repo


  build:


    commands:


      - echo Build started on `date`


      - echo Building the Docker image...


      - docker build --build-arg ENV_TYPE=$ENV_TYPE -t $REPOSITORY_URI:latest .


  post_build:


    commands:


      - echo Build completed on `date`


      - echo Pushing the Docker images...


      - docker push $REPOSITORY_URI:latest


      - echo Writing image definitions file...


      - printf '[{"name":"aim-frontend","imageUri":"%s"}]' $REPOSITORY_URI:$IMAGE_TAG > imagedefinitions.json


      - echo Initiating new deployment...


      - aws ecs update-service --cluster aim-cluster --service aim-backend-service --force-new-deployment --region ${REGION}

Buildspec.yml phases

The pre_build phase gets a ECR login so our build project can push it’s Docker image once it’s built.

The build phase run the docker build command and create image from it.
The post_build command tag the image create by docker build pushed into the ECR repo. Then deploy it on AWS ECS cluster.

Buildlogs

Logs from CodeBuild is pushed to CloudTrail.Developers can get the logs directly in their terminal using a small script.

AWS ECR

It is used to store the images that are produced in the pipeline by CodeBuild.

All ECS nodes are also authorized to pull images from the private repos created there.

The terraform module to create pipelines also sets a few lifecycle policy rules to clean out old un-used images. When CodeBuild builds and pushes images to ECR If it already exists the tag is simply just moved to the new image.