CI/CD with Github Actions and AWS in 3 steps
This guide is aimed at those who are building a web application and want to bring it to a productive environment, so that it is accessible to others, enjoying the benefits of integrating and deploying it in every small step.
Important: There are many ways and combinations of different products to achieve a similar result; this is neither the best nor the worst, just one more way.
1. Dockerize your app
I’m guessing if you got here, you already have a project up and running on your machine, so your next step should be to let “others” (as GitHub workflows 😎) do the same easily, by packaging all the source code and all the necessary dependencies and stuff in one place: a docker image (if you don’t know what im talking about, you may take a look here).
What you need to do on this step basically is to write your Dockerfile, a text document that contains all the commands to assemble your app image (if you don’t know how, there are a lot of guides/articles to do this on the internet).
The following Dockerfile example builds a gradle project into a jar file first, and then, copies it to a thinner image with Java 11 installed; when the built image is run in a container, it runs and exposes the application on port 8080.
Once you have your Dockerfile, you should build your image and run the container locally to verify that everything works ok; the following Makefile allows you to do it easily, simply by running “make up” every time you want to try it out.
Important: Remember to run your app on 0.0.0.0 to be reached, as it will listen on every available network interface (not only on loopback)
2. AWS Setup
As you are going to need some AWS services to store your image and run it (ECR, S3 and Elastic Beanstalk), so you must create an AWS account first.
When you already have the AWS account, create a user on “Identity and Access Management (IAM)” to be used by GitHub actions to execute all the CI/CD tasks; this user should have at least the following policies associated: “AmazonEC2ContainerRegistryFullAccess” , “AmazonS3FullAccess”, “AdministratorAccess-AWSElasticBeanstalk”.
Then, create a private repository on “Elastic Container Registry (ECR)” to store your app images.
Create your “Elastic Beanstalk (EB)” app, indicating that you will be run it via a docker image. (EB is an AWS easy-to-use service for deploying and scaling web applications).
After initialization (5–10 min.), a sample app should be running on an EB environment, and you can access it through a public domain, available on the the site
Important: You can terminate the created environment (named yourAppName-env) and create a new one, setting a custom (and better) name, as “production”.
To allow your EB instances to pull your images from ECR, you must modify the automatically created role “aws-elasticbeanstalk-ec2-role” on IAM and associate the policy “AmazonEC2ContainerRegistryReadOnly” to it.
Finally, add a file named “Dockerrun.aws.json” to your project root to indicate EB which image and where it should pull from when the deployment is triggered.
3. Create your Github Workflow
Before creating your workflow, add your GitHub’s AWS user credentials (access key id and secret access key) to Github secrets, so you can inject those variables into the workflow execution without storing them on the descriptor file (you can obtain those credentials directly from the user on IAM, on AWS Console)
Important: You have to create an “environment” and associate the secrets to it; in this example the env is called “prod”
Now you can create your workflow from the “actions” sections on your repository.
Choose “ set up a workflow yourself” instead of using a template, and then add copy the following to finally setup the ci-cd process.
Important: Replace your-app-name, your-app-environment, your-aws-region and your-github-environment with the proper values
After the last step, on every commit on the main branch, a workflow will be triggered, running the build and deploy jobs; you can see all the details from the “actions” section, clicking on the commit.
Hope you enjoy!
