We need to disconnect Bamboo CI from ECS deployments. It is to make deployments more secure by not storing ECS deployment credentials in Bamboo and restricting deployments to OCL team members only.
CodeDeploy will also provide faster deployments as it coordinates deployments with ALB more closely and gives a way to manually or automatically rollback to a previous version of an application given defined alarms e.g. exceeding application errors threshold.
The flow I'm envisioning is to continue to have CI push images to Dockerhub, tag releases and push those releases to ECR (with permissions restricted to ECR only), but do not update ECS services from CI. In order to actually deploy to ECS one would need to go to CodeDeploy and trigger deployment to a specific environment using the released version from ECR and roll it out to ECS.
We would still be able to see in CI, which build is connected to the given release, but to see which version is deployed to an environment we would go to CodeDeploy.
If feasible I would also like to have CodeDeploy fetch images from Dockerhub and put them in ECR to disconnect AWS entirely from Bamboo, but it's not clear to me, if this is supported.
We need to disconnect Bamboo CI from ECS deployments. It is to make deployments more secure by not storing ECS deployment credentials in Bamboo and restricting deployments to OCL team members only.
CodeDeploy will also provide faster deployments as it coordinates deployments with ALB more closely and gives a way to manually or automatically rollback to a previous version of an application given defined alarms e.g. exceeding application errors threshold.
The flow I'm envisioning is to continue to have CI push images to Dockerhub, tag releases and push those releases to ECR (with permissions restricted to ECR only), but do not update ECS services from CI. In order to actually deploy to ECS one would need to go to CodeDeploy and trigger deployment to a specific environment using the released version from ECR and roll it out to ECS.
We would still be able to see in CI, which build is connected to the given release, but to see which version is deployed to an environment we would go to CodeDeploy.
If feasible I would also like to have CodeDeploy fetch images from Dockerhub and put them in ECR to disconnect AWS entirely from Bamboo, but it's not clear to me, if this is supported.
CodeDeploy is free to use for us.
@snyaggarwal any thoughts? concerns?