Automated Deployments to AWS (EC2/ECS/EKS) with CI/CD

AWS provides a wide range of services for deploying and scaling applications, including EC2, ECS, and EKS. Automating deployments to these services with CI/CD ensures faster delivery, improved consistency, and lower risk of manual errors. But with multiple AWS options, picking the right service, automating the deployment process, and ensuring secure configurations can feel overwhelming.

This guide will walk you through choosing the right AWS service, automating deployments with CI/CD pipelines using tools like AWS CLI or Terraform, implementing deployment strategies (such as blue-green and rolling), and managing IAM permissions for secure operations.

Table of Contents

1. Choosing the Right AWS Service for Deployment
   • EC2
   • ECS
   • EKS
2. Automating CI/CD for AWS Deployments
   • Build, Push, and Deploy with AWS CLI
   • Using Terraform for Infrastructure Automation
3. Deployment Strategies for AWS
   • Blue-Green Deployments
   • Rolling Deployments
4. IAM Permissions and Security
5. Best Practices
6. Final Thoughts

Choosing the Right AWS Service for Deployment

AWS offers a variety of compute services, each tailored for different needs. Here’s how to select between EC2, ECS, and EKS for your deployments:

EC2 (Elastic Compute Cloud)

What it is:
Amazon EC2 provides virtual servers in the cloud to run applications. With EC2, you manage the instances, operating systems, scaling, and networking.

Best for:

• Applications requiring full control over the server and runtime.
• Monolithic apps or legacy applications.
• Custom environments not supported by container orchestration platforms.

Example Use Case: Deploying a LAMP stack application where you need direct access to the underlying server.

ECS (Elastic Container Service)

What it is:
Amazon ECS is a fully managed container orchestration service for running Docker containers. It supports two launch types:

1. EC2 Launch Type: Runs containers on EC2 instances (you manage these instances).
2. Fargate Launch Type: Runs containers without managing infrastructure.

Best for:

• Stateless and containerized workloads.
• Applications that don’t need Kubernetes’ complexity.
• Teams primarily using Docker containers.

Example Use Case: Deploying a Node.js app packaged as a Docker container using ECS Fargate.

EKS (Elastic Kubernetes Service)

What it is:
Amazon EKS is a fully managed Kubernetes service for deploying, managing, and scaling containerized workloads using Kubernetes.

Best for:

• Applications requiring advanced Kubernetes features.
• Complex microservices architectures.
• Teams already experienced with Kubernetes.

Example Use Case: Deploying a multi-service architecture where Kubernetes is used for orchestration and scalability.

Comparison Table:

Automating CI/CD for AWS Deployments

Build, Push, and Deploy with AWS CLI

A simple CI/CD workflow integrates build, push, and deployment steps using the AWS CLI.

Sample Pipeline Workflow:

1. Build the Application
   For example, package a Spring Boot app: mvn clean package
2. Build a Docker Image Create a Docker image from a Dockerfile: docker build -t my-app .
3. Push to Amazon ECR Authenticate with ECR and push the image: aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin <account-id>.dkr.ecr.us-east-1.amazonaws.com docker tag my-app <account-id>.dkr.ecr.us-east-1.amazonaws.com/my-app docker push <account-id>.dkr.ecr.us-east-1.amazonaws.com/my-app
4. Deploy to ECS Update the ECS service to use the new image: aws ecs update-service --cluster my-cluster --service my-service --force-new-deployment

Using Terraform for Infrastructure Automation

Terraform allows you to define and provision infrastructure as code (IaC). Use it to automate AWS resource creation and deployments.

Example Terraform Config:

Setting up an ECS Cluster and Service

provider "aws" {
  region = "us-east-1"
}

resource "aws_ecs_cluster" "my_cluster" {
  name = "my-cluster"
}

resource "aws_ecs_service" "my_service" {
  name            = "my-service"
  cluster         = aws_ecs_cluster.my_cluster.id
  desired_count   = 2
  launch_type     = "FARGATE"
  
  task_definition = aws_ecs_task_definition.my_task.arn
}

resource "aws_ecs_task_definition" "my_task" {
  family                   = "my-task-family"
  network_mode             = "awsvpc"
  requires_compatibilities = ["FARGATE"]
  memory                   = "512"
  cpu                      = "256"

  container_definitions = <<DEFINITION
[
  {
    "name": "my-app",
    "image": "my-ecr-repo-url/my-app",
    "portMappings": [
      { "containerPort": 8080, "hostPort": 8080 }
    ]
  }
]
DEFINITION
}

Deploy with:

terraform init
terraform apply

Deployment Strategies for AWS

Blue-Green Deployments

Blue-Green deployment involves routing traffic between two environments:

• Blue (Current live environment)
• Green (New version)

Steps:

1. Deploy the new version to Green.
2. Run tests and warm-up Green.
3. Shift traffic to Green gradually.
4. Roll back if issues arise.

Tools for Blue-Green in AWS:

1. Elastic Load Balancer (ELB): Routes traffic between Blue and Green stacks.
2. CodeDeploy with ECS: Automates code updates and traffic shifting.

CodeDeploy Example for ECS:

deploymentController:
  type: ECS
blueGreenDeploymentConfiguration:
  terminationWaitTimeInMinutes: 5

Rolling Deployments

With Rolling Deployment, only a subset of instances are updated at a time:

1. Update one or multiple instances.
2. Test each batch before proceeding.
3. Continue until all instances are updated.

Rolling in ECS:
Set minimumHealthyPercent to ensure high availability during updates:

deploymentConfiguration {
  maximumPercent = 200
  minimumHealthyPercent = 75
}

IAM Permissions and Security

Secure IAM Roles

1. Principle of Least Privilege
   Only grant the permissions required for the pipeline: { "Action": [ "ec2:DescribeInstances", "ecs:RegisterTaskDefinition", "s3:GetObject" ], "Resource": "*", "Effect": "Allow" }
2. Use Service Roles for CI/CD Tools: Assign roles to Jenkins, GitLab Runners, or GitHub Actions with temporary permissions.
3. Enable Multi-Factor Authentication (MFA):
   Require MFA for sensitive actions.

Secrets Management

Avoid hardcoding credentials by:

1. Using AWS Secrets Manager.
2. Storing secrets in CI/CD tools (e.g., GitHub Secrets).

Example:
Retrieve credentials during deployment:

aws secretsmanager get-secret-value --secret-id prod/db_password

Best Practices

1. Monitor Pipeline Metrics: Use CloudWatch to monitor CI/CD health.
2. Automate Rollbacks: Trigger rollbacks for failed deployments with AWS CodeDeploy or Kubernetes health checks.
3. Tag Resources: Use tags to track environment-specific resources.
4. Test Your Pipelines: Validate changes to your CI/CD pipeline using mock environments or feature branches.

Final Thoughts

Automating deployments to AWS services like EC2, ECS, or EKS ensures faster, more consistent application delivery. By selecting the right service, implementing secure CI/CD workflows, and leveraging strategies like blue-green or rolling deployments, you can create robust pipelines that scale with your application.

Start small with your automation and build up gradually as confidence in your process increases. AWS’s flexibility and tools allow you to fine-tune each stage of the deployment pipeline for maximum efficiency and security.