DEV Community

Budiono Santoso for AWS Community Builders

Posted on • Updated on

Infrastructure as Code on AWS — AWS CloudFormation and CI/CD with GitHub Actions


Hello everyone. I want to share my experience using AWS CloudFormation and GitHub Actions. Infrastructure as Code is a DevOps process of provisioning and managing cloud resources with only writing template files as JSON or YAML. Infrastructure as Code also can decrease time when creating manual resources to automate resources.

In Infrastructure as Code, AWS has a service — AWS CloudFormation. AWS CloudFormation can help automation manage AWS resources. Example, you have a task — create App Runner service. With AWS CloudFormation, need one JSON or YAML file to create App Runner service.

Before creating a YAML file, learn CloudFormation template formats. For this tutorial, create an AWS CloudFormation template with a scenario when want to create App Runner service.

Search and click AWS CloudFormation, click Create stack, choose Template is ready and choose upload a template file. Then upload your template file and click Next. Fill in the stack name and click Next. Step 3 and step 4 is skip. Click Create submit to create CloudFormation stack.

Template file.

While waiting for the CloudFormation stack is progress, I want to explain the CloudFormation template about creating AWS App Runner on my GitHub:

learnaws/cloudformation.yaml at main · budionosan/learnaws · GitHub

    AWSTemplateFormatVersion: "2010-09-09"
    Description: Create AWS AppRunner with AWS CloudFormation
        Type: AWS::AppRunner::Service
Enter fullscreen mode Exit fullscreen mode

Description — describe the CloudFormation template for creating AWS services.

Resources — define AWS services that want to the template.

App Runner — logical ID name.

Type — AWS services. For example, AWS App Runner means AWS::AppRunner::Service or Amazon EC2 means AWS::EC2::Instance and many more.

Properties — configuration from AWS services (for this tutorial, AWS App Runner)

CloudFormation stack in progress.

CloudFormation stack detail.

Go to AWS App Runner and check App Runner service is already created or not. This service is in progress and has a default domain.

App Runner.

Back to CloudFormation, the stack that was already created is complete.

CloudFormation stack is complete.

          ServiceName: <YOUR_APPRUNNER_SERVICE>
              AccessRoleArn: "arn:aws:iam::<YOUR_AWS_ACCOUNT>:role/service-role/<YOUR_IAM_ROLE>"
            AutoDeploymentsEnabled: true
              ImageIdentifier: <YOUR_ECR_REPOSITORY>
              ImageRepositoryType: ECR
                Port: 8080
            Cpu: 1 vCPU
            Memory: 2 GB
Enter fullscreen mode Exit fullscreen mode

Service Name — App Runner service name.

Source Configuration — App Runner configuration from source code or container image.

Authentication Configuration (Access Role Arn)— IAM role for AWS App Runner that associate with Amazon ECR.

Auto Deployments Enabled — enable automation deployment (CI/CD needed).

Image Repository — ECR private name and image configuration port.

Instance Configuration — vCPU and GB that needed to deploy web application.

CloudFormation stack events detail.

CloudFormation stack resources.

Back to AWS App Runner, the App Runner service is already created and now running. Then click the service name.

App Runner

The App Runner service has a source from Amazon ECR private. Try opening the App Runner domain.

App Runner detail

Yes! My web application is successful and running. But I want to execute CI/CD with GitHub Actions to update this web application faster.

CI/CDcontinuous integration and continuous delivery are DevOps processes that help developers and operations to integrate and deliver your application source code or container image, also automatically build, test and deploy the application to the cloud (AWS and many more). CI/CD has a pipeline or workflow that can build, test and deploy to the cloud.

In CI/CD, GitHub has a feature for CI/CD — GitHub Actions. GitHub Actions can automate pipelines or workflows from a development environment to a production environment. For example, you want to update your application and need automation deployment to deploy to the cloud. With GitHub Actions, need one YML file only to run the automation deployment to the cloud.

Before creating a YML file, learn GitHub Action formats. For this tutorial, create a GitHub Actions workflow with a scenario when updating the App Runner service and add ECR private image.

My GitHub Actions workflow for this tutorial in my GitHub:

serverlesshackathon/pipeline.yml at learncicdonaws · budionosan/serverlesshackathon (

    name: CI/CD to AWS AppRunner with GitHub Actions
        branches: [learncicdonaws] # Trigger workflow on git push to main branch
      workflow_dispatch: # Allow manual invocation of the workflow

        runs-on: ubuntu-latest

          - name: Checkout
            uses: actions/checkout@v3
              persist-credentials: false

          - name: Configure AWS credentials
            id: aws-credentials
            uses: aws-actions/configure-aws-credentials@v1
              aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
              aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
              aws-region: ${{ secrets.AWS_REGION }}     

          - name: Login to Amazon ECR
            id: login-ecr
            uses: aws-actions/amazon-ecr-login@v1        

          - name: Build, tag, and push image to Amazon ECR
            id: build-image
              ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
              ECR_REPOSITORY: firsteks
              IMAGE_TAG: ${{ github.sha }}
            run: |
              docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
              docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
              echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"

          - name: Deploy to App Runner Image
            id: deploy-apprunner
            uses: awslabs/amazon-app-runner-deploy@main
              service: apprunner-ecr-cloudformation-app
              image: ${{ }}
              access-role-arn: ${{ secrets.ROLE_ARN }}
              region: ${{ secrets.AWS_REGION }}
              cpu : 1
              memory : 2
              port: 8080
Enter fullscreen mode Exit fullscreen mode

Name — GitHub Actions workflow name.

Branches — destination push to the repository.

actions/checkout@v3 — Action for checking out a repo. You can read the reference.

aws-actions/configure-aws-credentials@v1 — configure AWS credential environment variables. You can read the reference.

aws-actions/amazon-ecr-login@v1 — Login into Amazon ECR. You can read the reference.

awslabs/amazon-app-runner-deploy@main — Deploys the application using source code or container image in AWS App Runner. You can read the reference.

Create GitHub Actions workflow like this.

Enter fullscreen mode Exit fullscreen mode

Then go to Settings, see Security, and see Secret and variables, click Actions.

Create a secret with click New repository secret. For this tutorial, create AWS Access Key ID and AWS Secret Access Key. To get the AWS access key, go to IAM and click Users. On the Users page, click Add users, fill in the username, set permissions — attach policy and click Create user.

After creating a user, click the user that has already been created and go to Security credentials. Scroll to Access Keys. Click the access key and see this instruction to get an access key. NOTE: Must require a download or copy of the access key to notepad. Then fill in the secret name and access key like below like this.

Go to Settings in your GitHub account then search Developer settings. Click personal access tokens and choose Fine-grained tokens. Then click Generate new token and follow the instructions. Token from your GitHub account is needed when pushing the repository because requires input username and password.

NOTE: Optional can use IDE tools anywhere. Then go to AWS Cloud9 (I use this service for my IDE). AWS Cloud9 has preinstalled tools and packages such as Git and Docker.

Clone the repository and update the code from the repository. After updating the code, add all code, commit and push to the repository. But when first commit, write like this.

git config --global "yourname"
git config --global youremail
Enter fullscreen mode Exit fullscreen mode

After configuration, when push, show input username and password that already created with Fine-grained tokens. If successful, see a screenshot like this and check GitHub Actions in the repository.


After push from git, automatically GitHub Actions workflow is now running like this and running one job from the workflow.

GitHub Actions process to ECR.

Check AWS App Runner service is already updated and is now in progress. See source from ECR also updated.

Check Amazon ECR and see the image tag — GitHub.SHA is same with the App Runner source.

Check GitHub Actions and see if the job is successful. These jobs need time 39 seconds only. Very faster.

Click Deploy to App Runner image step and explain App Runner service is updated. This step needs time 1 second only.

Go to AWS App Runner. See notifications that this service is successfully updated and click default domain.

Yes! I change the text on the front end side with CI/CD by GitHub Actions.

Web application is updated.

See two screenshots like this. BOTTOM — web application from App Runner service with ECR latest image. TOP — web application from App Runner service with ECR updated image.

Thank you very much :)

Top comments (0)