Implementing A Modern CI/CD Pipeline with GitHub Actions & AWS
In this article, we will be walking through the steps of setting up a CI/CD pipeline that builds a docker image and deploys it to Amazon ECR(Elastic Container Registry) anytime changes are made to the main branch of our GitHub repository. This project was inspired by a hands-on project from AWS User Group Yaounde, so we will be working with the resources they provided.
Also, this is just an overview of the different steps involved in creating the pipeline not necessarily an in-depth walkthrough.
Requirements
These are some things you need to have in order to complete this project;
AWS account.
GitHub account
Git installed on your computer
Any code editor of your choice. Personally, I use Visual Studio Code
This project uses Python and Docker, but you don't need those installed on your computer as the aim is to create a working pipeline not necessarily build and run the code locally. With that out of the way, let us start building!!๐
Steps
1) Getting the Project's Source Code
First of all, visit this link https://github.com/jordybayo/github-cicd to fork the project and create a copy in your GitHub account. Once that is done, you can now clone the project locally to your computer.
2) Create an AWS IAM user.
We need to create an IAM user for this project because that will grant GitHub actions programmatic access to perform actions in our AWS account. And that cannot be done by using the root user only.
You can still use any IAM user you already have, but make sure you add a policy that gives them access to the AWS ECR service.
3) Generate Access Keys
As mentioned in the previous step, access keys will enable GitHub actions to perform actions(no pun intended) in our AWS account. These are the steps to follow in order to generate your access keys:
In your IAM dashboard, click on
Users
You will be taken to a page that lists all the users in your account, you want to click on the IAM user you are creating access keys for.
Now click on
Security Credentials
and scroll down to where you seeAccess Keys
.Click on
Create Access key
and you will be asked to select the type of Access key you want; selectThird-party service
.Once that is done, you can create the key and download it for later use.
4) Add Access Keys to GitHub
Now that we have our access keys, we have to provide them to our GitHub project for it to use when running the actions. To do so:
Go to the project you forked and navigate to
Settings
.Under settings, scroll down and expand
Secrets and Variables
then click onactions
.Click on
New repository secret
and give it the name "AWS_ACCESS_KEY_ID" and under secret, provide the value to your access key ID you created earlier.Follow the same procedure to create a secret for your secret access key, by giving the name "AWS_SECRET_ACCESS_KEY".
5) Enable GitHub Actions
For this project, you may have to enable GitHub actions if you haven't already. This can easily be done by:
Navigating to the forked project in your GitHub account.
Click on
Actions
and then click onEnable GitHub Actions For This Project
. We are doing this for GitHub actions to run automatically anytime we push changes to our main branch.
6) Create an ECR Repository and Update the GitHub Action File
We need to create an ECR repository where Github actions will deploy our docker image to. Make sure you are creating this repository in the "us-east-1" or "N. Virginia" region.
Once that is done, we have to update our GitHub actions file with the name of our ECR repository. This file can be found in the project we cloned, in the directory .github/workflows/main.yml
. Inside the main.yml
file, look for the key that says "ECR_REPOSITORY" and update its value with the name of your ECR repository.
7) Push and Deploy
Now if everything was configured well, we should be able to push the current changes to our GitHub repository, and GitHub actions will run and deploy our image successfully.
You can go to the actions tab in GitHub to make sure everything ran successfully, and also check your Amazon ECR Repository to make sure that you see the docker image.
Subscribe to my newsletter
Read articles from Ajimsimbom Bong M directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Ajimsimbom Bong M
Ajimsimbom Bong M
I'm Ajim, a Cloud DevOps Engineer from Cameroon. I'm really into Cloud Native Solutions involving Microservices, Containers, and Kubernetes. Feel free to reach out to me if you wish to connect or collaborate on a project.