Sunday 19 August 2018

Deploying docker images on elastic beanstalk

Elastic Beanstalk is an Amazon Web Services service that allows you to quickly deploy and manage a web app, it takes a lot of the overhead out of monitoring and configuration. However EB seems to want to build your app for itself, such that it wants you to upload a tarball of your code structured in a generic way and it will try and pick up the source code to build or pre-built binaries it finds.

In the pursuit of reproducable builds I prefer to have aws run a pre-built containerised build that I can examine or run myself on my own machine also. This article is designed to help the reader do this by getting Elastic Beanstalk set up to use Elastic Container Service.

Push a built image to ECR, see ECR for how to do this, you will need to authenticate your aws client to do so. You need to use a properly qualified image name corresponding to your repository URI in order to do this successfuly.

To enable EB to pull from ECR you need to give your EB role (in this case aws-elasticbeanstalk-ec2-role) the policy AmazonEC2ContainerRegistryReadOnly via the IAM service.

To have EB pull from ECR rather than having it try to build your code itself you need to upload a file in the 'Upload and Deploy' step where you normally upload a tarball, this seems incredibly non-obvious from the wording of the dialogue (see below).

An example file (with an example image name) exposing port 1234 follows:

Documentation for the is found here, note Version 2 is required for multi-container builds.