DEV Community

Atsushi Miyamoto
Atsushi Miyamoto

Posted on

Deploy Your Application to ECS via CI/CD with Ecspresso

Are you interested in deploy your application to ECS via CI/CD?
if so, ecspresso is tool for you!

What is ecspresso?

ecspresso is a tool that helping to deploy your application to ECS,
And easy to integrate it into your CI/CD easily.



Why you should consider using ecspresso for the deployment of your application to ECS rather than another deployment tool?
Because ecspresso can manage your ECS resource as code. Why is that useful?
Imagine, your team deploy frequently your application and there is a moment to change ECS configuration relates to the application such as memory or CPU, etc.. If you could manage your ECS resources as code, possible to change the configuration in every deployment easily.
Just remain, this tool is for you who manage infra resources using Terraform or a tool such as CloudFormation.


Usage: ecspresso <command>

  -h, --help                      Show context-sensitive help.
      --envfile=ENVFILE,...       environment files
      --debug                     enable debug log
      --ext-str=KEY=VALUE;...     external string values for Jsonnet
      --ext-code=KEY=VALUE;...    external code values for Jsonnet
      --config="ecspresso.yml"    config file
      --assume-role-arn=""        the ARN of the role to assume


  - deploy
    - deploy service
  - diff
    - show diff between task definition, service definition with current running service and task definition
  - exec
    - execute command on task
  - init --service=SERVICE
    - create configuration files from existing ECS service
  - register
    - register task definition
  - rollback
    - rollback service
  - run
    - run task
  - wait
    - wait until service stable

Enter fullscreen mode Exit fullscreen mode

How to Integrate ecspresso into CI/CD?

I will explain to you step by step!

You need to set your aws credential (~/.aws/credentials)
Assume your ECS is already running on AWS


// brew
brew install kayac/tap/ecspresso


// asdf
asdf plugin add ecspresso
asdf install ecspresso 2.0.0
Enter fullscreen mode Exit fullscreen mode

Init to generate yml file

Import your current ECS service setting to yml file.

ecspresso init --region ap-northeast-1 --cluster your-cluster-name --service your-service-name --config ecspresso.yml
Enter fullscreen mode Exit fullscreen mode

After running the above command, you can see below generated files.

- ecspresso.yml
- ecs-service-def.json
- ecs-task-def.json.
Enter fullscreen mode Exit fullscreen mode

Import your tfstate

Possible to write some external resource information such as VPC, security group Id and etc...
However, it will decrease maintainability and readability. ecspresso allows to read tfstate to solve this problem!

You can set your file path to tfstate in ecspresso.yml and then able to read it inside .json file.
prefer set func_prefix.


region: ap-northeast-1
cluster: your-cluster-name
service: your-service-name
service_definition: ecs-service-def.json
task_definition: ecs-task-def.json
timeout: "10m0s"
  - name: tfstate
      url: s3://path-to-terraform.tfstate
    func_prefix: sg
  - name: tfstate
      url: s3://path-to-terraform.tfstate
    func_prefix: network
Enter fullscreen mode Exit fullscreen mode


  "networkConfiguration": {
    "awsvpcConfiguration": {
      "assignPublicIp": "DISABLED",
      "securityGroups": [
        "{{ sg_tfstate `` }}"
      "subnets": [
        "{{ network_tfstate `aws_subnet.private['private'].id` }}",
Enter fullscreen mode Exit fullscreen mode

Setup ci/cd

It is simple but one important thing is that most cases, want to set the latest image for ECS task so
need to set the latest image dynamically.

I define IMAGE_TAG. It will be key.
In ecs-task-def.json you can use must_env and IMAGE_TAG will dynamically load!


  "image": "{{ must_env `IMAGE_TAG` }}",
Enter fullscreen mode Exit fullscreen mode


    runs-on: ubuntu-latest
    timeout-minutes: 10
      - name: checkout
        uses: actions/checkout@v3

      - name: configure aws credentials
        uses: aws-actions/configure-aws-credentials@v1-node16
          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/role
          aws-region: ap-northeast-1

      - name: login to ecr
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v1

      - uses: actions/checkout@v3
      - uses: kayac/ecspresso@v2
          version: v2.0.0 # or latest
          # version-file: .ecspresso-version

      - name: deploy
          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
          ECR_REPOSITORY: dev
          IMAGE_TAG: api-${{ github.sha }}
        run: |
            ecspresso deploy --config ecspresso/ecspresso.yal
Enter fullscreen mode Exit fullscreen mode


ecspresso is helpful to manage and deploy your application to ECS.
You can manage your ECS resources as code and easy to integrate your deployment flow into CI/CD

Thank you for reading my article, Happy Coding!


kayac/ecspresso: ecspresso is a deployment tool for Amazon ECS

Top comments (0)