Intro
AWS code build is a tool that helps on the process of building docker images and push them to
the docker registry. It uses a manifest file buildspec.yml (you can rename it if you want to)
as a specification on how to build, tag, and push the image to the registry.
Create Build Project
In order to start with code build you need to login into your AWS account. Once you are there you need to go to “Services” and then search for “Code Build”
There you need to click on “Create build project” to start the journey
The first step of the build is to type the name of the project you can also type a description as shown on the image bellow.
Code Build - Source
Then you need to connect the “Source” in this example I will use github but you can use any of the available options.
Select “Github” in the “Source provider” then “Repository in my github account” and connect using Oauth, once you connect AWS with your github account you can find the project on the “Github repository” typeahead look at the image for an example
The next step is to select an event on which the images are going to be built, in the previous image
you can see that is going to build the image every time a push is done to the branch develop.
You can use different regex to build the images in different scenarios for example you can use the
following regex to build the image if a PUSH is done to either develop or master
refs/heads/(develop|master)
Code Build - Environment
Ok we have the “Source” in place now it time to configure the environment used for building the image, the first thing is to select the image we are going to use, select “Managed Images” from Environment image and then select “Ubuntu” as operating system, for “Runtime(s)” select “Standard”, and use the latest image available on the list. Important note: select elevated privileges this is important to build the image on the environment.
Finally create a new “Service role”, remember the name that you use we are going to use it later.
Also you might need to fill environment variables to do that open “Additional configurations”, the
following variables are going to be used on the buildspec.yml
- AWS_ACCOUNT_ID (the value is the id shown on the docker registry)
- IMAGE_REPO_NAME (the name that you use for the docker registry)
See the following image for reference:
Code Build - buildspec
Select Use a buildspec file as shown bellow and then click on Create build project
Give role necessary rights
Last step is to give the necessary rights to the role we created on the previous step to do that go to “Services”, then search for “IAM” and click on it.
Click on Roles and search for the role you just created
Click on “Attach policies” and add the following policies
- AmazonEC2ContainerRegistryFullAccess
- AmazonS3FullAccess
Then you are ready to use the buildspec.yml on your project just make sure to include the following file in the root of your project and you will start building your docker images.
1version: 0.223phases:4 pre_build:5 commands:6 - echo Logging in to Amazon ECR...7 - aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com8 - echo Generating tag...9 - COMMIT_HASH=$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | cut -c 1-7)10 - IMAGE_TAG=${COMMIT_HASH:=latest}11 build:12 commands:13 - echo Build started on `date`14 - echo Building the Docker image...15 - docker build -t $IMAGE_REPO_NAME:$IMAGE_TAG . -f Dockerfile16 - docker tag $IMAGE_REPO_NAME:$IMAGE_TAG $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG17 - docker tag $IMAGE_REPO_NAME:$IMAGE_TAG $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$DEPLOY_TAG18 post_build:19 commands:20 - echo Build completed on `date`21 - echo Pushing the Docker image...22 - docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$IMAGE_TAG23 - docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:$DEPLOY_TAG
NOTE:
This script assumes that the Dockerfile is in the root of your application if that is not the case please change the line 15 where the dockerfile is build.
