This document contains a comprehensive visual overview of the entire deployment pipeline and the final AWS ECS architecture we have built together for the Global PRS API.
Note
All resource names, account IDs, and specific naming conventions have been anonymized in this repository for security and privacy reasons while maintaining the functional architecture.
- You make a change to the CDK code on your laptop (e.g., resizing to a larger EC2 instance).
- You run
git pushto upload the code to GitHub. - GitHub Actions triggers
cdk-deploy.yml - It secretly logs into AWS without passwords using the
OIDCtrust relationship. - It runs
cdk deploysafely on AWS CloudFormation to update your subnets, ASG, Load Balancer, or Security Groups in the background.
- The developer writes code for the actual Python API and commits it.
- GitHub Actions triggers
continuous-integration.ymlto build the Docker Image. - The image is saved in AWS ECR.
- The pipeline triggers
continuous-deployment.yml, which talks strictly to the ECS Service. - ECS gracefully restarts the 4 existing tasks using the Zero-Downtime strategy to pull down the newly updated image.
- When the new tasks start up, they dynamically pull the database passwords seamlessly out of AWS Secrets Manager using the
ecs-userIAM Access Keys we secretly injected into the Task Definition environment!