[DOCKER] [AWS] How to automatically deploy a Web application created with Rails 6 to ECR / ECS using CircleCI ① Preparation [Container deployment]

We have succeeded in container-deploying the Rails application created by personal development using CircleCI, so I will write it here as a memorandum. (Also, as soon as the Readme etc. are ready, we will introduce the actual application in another article.)

Also, I am currently using windows10, and if you are a mac, please replace it as needed. However, I think that the other things are the same except that the installation method of aws-ecs-cli is different. (It took a little time to install on windows.)

Also, since the author dares to set the AWS console language in English, I think that it is easier to proceed with this article if you set it in English. (It is recommended because the name of the command in AWS CLI matches the English notation of the console.)

Target person

--People who have an AWS account --People who already have Rails apps that have been converted to Docker and want to take on the challenge of incorporating AWS and CI / CD tools into their infrastructure. --People who want to incorporate the above technology into their job hunting portfolio --People who are interested in AWS --People who are in trouble because there is no article on windows on mac

Prerequisite knowledge

--Basic knowledge about infrastructure such as VPC and subnet --Basic knowledge of CircleCI and Docker

Configuration aimed at in this article

Aim for the above configuration.

To explain the actual flow in words,

① Push to Github (Only automatic test and Rubocop are executed except for the master branch.) (2) CircleCI detects push and starts building. ③ After passing RSpec and Rubocop, the docker image will be built and pushed to ECR. (4) Use the latest Docker image to update the ECS task definition (which almost defines how to start the docker container, like docker-compose.yml). ⑤ EC2 instance is started and deployment is completed.

Also, of course, the personally developed application that I actually created is SSL-enabled using Route53 and ACM, and I had a lot of trouble here, so I will write it again as a separate article. Be sure to do SSL because it is indispensable for actual operation.

environment

• windows10 Pro
• Rails: 6.0.3.2
• ruby: 2.7.1p83 (2020-03-31 revision a0c7c23c9c) [x86_64-linux]
• Docker for windows
• MySQL 5.7
• nginx:1.15.8
• puma:4.3.5

Preparation

In the preparation section, we will do four main things.

--Installing tools --Create an IAM user and grant execute permission (called a policy) --aws configure settings --Creating a key pair

Install the tool

Install the following two.

• awscli
• aws-ecs-cli

If you are using windows, you can install it by referring to this article. I was able to install it this way.

With these tools, you can create VPCs, subnets, clusters, push to ECR, redefine tasks, etc. from your terminal without having to mess around with the console.

Create IAM

Log in to the console, select service, search for IAM and click. Click Users, then click Add user Click Attach existing policies on the far right and attach the following two policies.

• AmazonECS_FullAccess
• AmazonEC2ContainerRegistryFullAccess

If you can confirm that it is attached as set on the confirmation screen, click Create user Then, the access key and secret key will be created on the next screen. I think that a button like download will be displayed in csv, so click it and save the information.

** It seems that there are cases where you accidentally pushed your secret access key to git and received millions of bills from Amazon, so be careful when handling it. ** **

Add policy (authorization)

• AmazonECS_FullAccess
• AmazonEC2ContainerRegistryFullAccess

Earlier, I added this policy, but this alone will cause an error around the authority when executing the ecs-cli command, so I will add it separately.

From the IAM console, select Policies and then Create Policies. Click the Json tab on the screen and enter the code below.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "iam:AttachRolePolicy",
                "iam:AddRoleToInstanceProfile",
                "iam:CreateInstanceProfile",
                "iam:CreateRole",
                "iam:DeleteInstanceProfile",
                "iam:DeleteRole",
                "iam:DetachRolePolicy",
                "iam:PassRole",
                "iam:RemoveRoleFromInstanceProfile",
                "ec2:DeleteInternetGateway",
                "ec2:DeleteSecurityGroup",
                "ec2:DeleteRouteTable"
            ],
            "Resource": "*"
        }
    ]
}

After entering, click Review policy. Enter a name and description of your choice and click Create policy.

Next, give the created IAM user the newly created policy in ↑. Click Users, then click Add permissions Click Attach existing policies directly and select the policy you just created On the confirmation screen, click Add permissions if you have selected the correct policy.

Run "aws configure" in the terminal

Run aws configure in your terminal with the --profile option. When you execute it, you will be asked interactively, so enter it correctly one by one.

$ aws configure --profile Created user name

AWS Access Key ID #Access key when created
AWS Secret Access Key #Secret access key when created
Default region name # ap-northeast-1 
Default output format # json 

When you execute aws configure, the .aws directory is automatically generated under your home directory, and information such as access keys is stored there as shown below, so please check it. (May not be completely together)

~/.aws/credentials

[username]
aws_access_key_id=AKIAIOSFODNN7AJDIFK
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/gkjkAKJDKJ
[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

~/.aws/config

[profile username]
region = ap-northeast-1
output = json
[default]
region = ap-northeast-1
output = json

Creating a key pair

Next, we will create a key pair.

Select Service → EC2 Console → key pair → Create key pair and enter an appropriate key pair name. Select .pem as the file extension and click Create key pair.

When completed, the .pem file will be downloaded automatically. Execute the following command to move to the ".ssh" directory and change the permissions.

$ mv Downloads/sample-app.pem .ssh/
$ chmod 600 ~/.ssh/sample-app.pem

** This completes the preparation! Thank you for your hard work! ** ** The continuation is (2) I am currently writing an article for infrastructure construction! We will post it here as soon as the creation is completed, so please continue to support us! (I think I can raise it tomorrow)

Thank you for reading to the end!

It's been a long article, so if you have any suggestions, such as mistakes in the description, I would appreciate it if you could comment.