search

OpenConceptLab / ocl_issues

Issues for all OCL repos. NOTE: Install ZenHub Browser Extension and request access to the OCL Roadmap board to view all issues and to contribute
4 stars 1 forks source link

Use AWS CodeDeploy to deploy OCL #1425

Open rkorytkowski opened 1 year ago

rkorytkowski commented 1 year ago

We need to disconnect Bamboo CI from ECS deployments. It is to make deployments more secure by not storing ECS deployment credentials in Bamboo and restricting deployments to OCL team members only.

CodeDeploy will also provide faster deployments as it coordinates deployments with ALB more closely and gives a way to manually or automatically rollback to a previous version of an application given defined alarms e.g. exceeding application errors threshold.

The flow I'm envisioning is to continue to have CI push images to Dockerhub, tag releases and push those releases to ECR (with permissions restricted to ECR only), but do not update ECS services from CI. In order to actually deploy to ECS one would need to go to CodeDeploy and trigger deployment to a specific environment using the released version from ECR and roll it out to ECS.

We would still be able to see in CI, which build is connected to the given release, but to see which version is deployed to an environment we would go to CodeDeploy.

If feasible I would also like to have CodeDeploy fetch images from Dockerhub and put them in ECR to disconnect AWS entirely from Bamboo, but it's not clear to me, if this is supported.

CodeDeploy is free to use for us.

@snyaggarwal any thoughts? concerns?

snyaggarwal commented 1 year ago

@rkorytkowski This is a good plan.