├── .gitignore
├── clean.sh
├── terraform.tfvars
├── Dockerrun.aws.json
├── variables.tf
├── README.md
├── main.tf
└── deploy.sh


/.gitignore:
--------------------------------------------------------------------------------
1 | *.zip
2 | *=
3 | *.backup
4 | *.tfstate
5 | *.tfplan
6 | 


--------------------------------------------------------------------------------
/clean.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | # Cleans directory
3 | 
4 | rm -fr *.tfstate
5 | rm -fr *.tfstate.*
6 | rm -fr *.tfplan
7 | rm -fr *.zip
8 | rm -fr Dockerrun.aws.json=
9 | 


--------------------------------------------------------------------------------
/terraform.tfvars:
--------------------------------------------------------------------------------
1 | # You can place variables from `variables.tf` here instead of defining them in CLI
2 | #
3 | # E.g.
4 | # aws_secret_key=thisIsSuperSecret
5 | #
6 | 
7 | 


--------------------------------------------------------------------------------
/Dockerrun.aws.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "AWSEBDockerrunVersion": "1",
 3 |   "Image": {
 4 |     "Name": "<ACCOUNT_ID>.dkr.ecr.<REGION>.amazonaws.com/<NAME>:<VERSION>",
 5 |     "Update": "true"
 6 |   },
 7 |   "Ports": [
 8 |     {
 9 |       "ContainerPort": "8080"
10 |     }
11 |   ]
12 | }
13 | 


--------------------------------------------------------------------------------
/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "profile" {
 2 |   description = "Name of your profile inside ~/.aws/credentials"
 3 | }
 4 | 
 5 | variable "application_name" {
 6 |   description = "Name of your application"
 7 | }
 8 | 
 9 | variable "application_description" {
10 |   description = "Sample application based on Elastic Beanstalk & Docker"
11 | }
12 | 
13 | variable "application_environment" {
14 |   description = "Deployment stage e.g. 'staging', 'production', 'test', 'integration'"
15 | }
16 | 
17 | variable "region" {
18 |   default     = "us-east-1"
19 |   description = "Defines where your app should be deployed"
20 | }
21 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # AWS Elastic Beanstalk + Docker Deploy Setup
 2 | 
 3 | Purpose of this repo is to document and simplify deployment & setup process of Docker-based applications on AWS Elastic Beanstalk.
 4 | 
 5 | ### Prerequisities
 6 | - AWS IAM Role with access to IAM, EC2, Beanstalk & Elastic Container Registry/Engine and it's access & secret keys. Profile must be set inside `~/.aws/credentials` directory.
 7 | - Terraform
 8 | 
 9 | ### Contents of repo
10 |  - ```Dockerrun.aws.json``` - AWS Beanstalk standard task definition. Tells Beanstalk which image from ECR it should use
11 |  - ```deploy.sh``` - script for deploying applications. App must be first set up
12 |  - ```*.tf``` files - Terraform infrastructure definition written in HCL (HashiCorp Configuration Language)
13 |  - ```clean.sh``` - script for cleaning temporary files
14 | 
15 | ### Setup
16 | 1. Run ```terraform plan -out plan.tfplan```
17 |   - Fill out Name, Description & environment
18 |   - Profile is name of your profile inside `~/.aws/credentials` file (Standard AWS way). Default profile is called `default`. You can insert many profiles inside `credentials` file.
19 | 2. Run ```terraform apply plan.tfplan``` - this may take up to 15 minutes
20 | 
21 | Alternatively you can place variables inside `terraform.tfvars` file instead of pasting them into CLI input.
22 | 
23 | ### Rollbacking setup
24 | ```
25 | terraform destroy
26 | ```
27 | 
28 | ### Manual deployment
29 | ```
30 | ./deploy.sh <appname> <environment> <region> <commit_sha>
31 | ```
32 | For example:
33 | ```
34 | ./deploy.sh my-app-name staging us-east-1 f0478bd7c2f584b41a49405c91a439ce9d944657
35 | ```
36 | 
37 | If you don't have your AWS credentials set as ENV variables:
38 | ```
39 | AWS_ACCOUNT_ID=XX677677XXXX \
40 | AWS_ACCESS_KEY_ID=AKIAIXEXIX5JW5XM6XXX \
41 | AWS_SECRET_ACCESS_KEY=XXXxmxxXlxxbA3vgOxxxxCk+uXXXXOrdmpC/oXxx \
42 | ./deploy.sh my-app-name staging us-east-1 f0478bd7c2f584b41a49405c91a439ce9d944657
43 | ```
44 | 
45 | ### Automatic deployment
46 | Edit your `circle.yml` file to invoke `deploy.sh` script in `post.test` or `deploy` hook. Don't forget to fill out ENV variables in CircleCI setup.
47 | 


--------------------------------------------------------------------------------
/main.tf:
--------------------------------------------------------------------------------
  1 | # Configure AWS Credentials & Region
  2 | provider "aws" {
  3 |   profile = "${var.profile}"
  4 |   region  = "${var.region}"
  5 | }
  6 | 
  7 | # S3 Bucket for storing Elastic Beanstalk task definitions
  8 | resource "aws_s3_bucket" "ng_beanstalk_deploys" {
  9 |   bucket = "${var.application_name}-deployments"
 10 | }
 11 | 
 12 | # Elastic Container Repository for Docker images
 13 | resource "aws_ecr_repository" "ng_container_repository" {
 14 |   name = "${var.application_name}"
 15 | }
 16 | 
 17 | # Beanstalk instance profile
 18 | resource "aws_iam_instance_profile" "ng_beanstalk_ec2" {
 19 |   name  = "ng-beanstalk-ec2-user"
 20 |   roles = ["${aws_iam_role.ng_beanstalk_ec2.name}"]
 21 | }
 22 | 
 23 | resource "aws_iam_role" "ng_beanstalk_ec2" {
 24 |   name = "ng-beanstalk-ec2-role"
 25 | 
 26 |   assume_role_policy = <<EOF
 27 | {
 28 |   "Version": "2012-10-17",
 29 |   "Statement": [
 30 |     {
 31 |       "Action": "sts:AssumeRole",
 32 |       "Principal": {
 33 |         "Service": "ec2.amazonaws.com"
 34 |       },
 35 |       "Effect": "Allow",
 36 |       "Sid": ""
 37 |     }
 38 |   ]
 39 | }
 40 | EOF
 41 | }
 42 | 
 43 | # Beanstalk EC2 Policy
 44 | # Overriding because by default Beanstalk does not have a permission to Read ECR
 45 | resource "aws_iam_role_policy" "ng_beanstalk_ec2_policy" {
 46 |   name = "ng_beanstalk_ec2_policy_with_ECR"
 47 |   role = "${aws_iam_role.ng_beanstalk_ec2.id}"
 48 | 
 49 |   policy = <<EOF
 50 | {
 51 |   "Version": "2012-10-17",
 52 |   "Statement": [
 53 |     {
 54 |       "Action": [
 55 |         "cloudwatch:PutMetricData",
 56 |         "ds:CreateComputer",
 57 |         "ds:DescribeDirectories",
 58 |         "ec2:DescribeInstanceStatus",
 59 |         "logs:*",
 60 |         "ssm:*",
 61 |         "ec2messages:*",
 62 |         "ecr:GetAuthorizationToken",
 63 |         "ecr:BatchCheckLayerAvailability",
 64 |         "ecr:GetDownloadUrlForLayer",
 65 |         "ecr:GetRepositoryPolicy",
 66 |         "ecr:DescribeRepositories",
 67 |         "ecr:ListImages",
 68 |         "ecr:DescribeImages",
 69 |         "ecr:BatchGetImage",
 70 |         "s3:*"
 71 |       ],
 72 |       "Effect": "Allow",
 73 |       "Resource": "*"
 74 |     }
 75 |   ]
 76 | }
 77 | EOF
 78 | }
 79 | 
 80 | # Beanstalk Application
 81 | resource "aws_elastic_beanstalk_application" "ng_beanstalk_application" {
 82 |   name        = "${var.application_name}"
 83 |   description = "${var.application_description}"
 84 | }
 85 | 
 86 | # Beanstalk Environment
 87 | resource "aws_elastic_beanstalk_environment" "ng_beanstalk_application_environment" {
 88 |   name                = "${var.application_name}-${var.application_environment}"
 89 |   application         = "${aws_elastic_beanstalk_application.ng_beanstalk_application.name}"
 90 |   solution_stack_name = "64bit Amazon Linux 2016.09 v2.5.1 running Docker 1.12.6"
 91 |   tier                = "WebServer"
 92 | 
 93 |   setting {
 94 |     namespace = "aws:autoscaling:launchconfiguration"
 95 |     name      = "InstanceType"
 96 | 
 97 |     # Todo: As Variable
 98 |     value = "t2.micro"
 99 |   }
100 | 
101 |   setting {
102 |     namespace = "aws:autoscaling:asg"
103 |     name      = "MaxSize"
104 | 
105 |     # Todo: As Variable
106 |     value = "2"
107 |   }
108 | 
109 |   setting {
110 |     namespace = "aws:autoscaling:launchconfiguration"
111 |     name      = "IamInstanceProfile"
112 |     value     = "${aws_iam_instance_profile.ng_beanstalk_ec2.name}"
113 |   }
114 | }
115 | 


--------------------------------------------------------------------------------
/deploy.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | # Script used to deploy applications to AWS Elastic Beanstalk
  3 | # Should be hooked to CircleCI post.test or deploy step
  4 | #
  5 | # Does three things:
  6 | # 1. Builds Docker image & pushes it to container registry
  7 | # 2. Generates new `Dockerrun.aws.json` file which is Beanstalk task definition
  8 | # 3. Creates new Beanstalk Application version using created task definition
  9 | #
 10 | # REQUIREMENTS!
 11 | # - AWS_ACCOUNT_ID env variable
 12 | # - AWS_ACCESS_KEY_ID env variable
 13 | # - AWS_SECRET_ACCESS_KEY env variable
 14 | #
 15 | # usage: ./deploy.sh name-of-application staging us-east-1 f0478bd7c2f584b41a49405c91a439ce9d944657
 16 | 
 17 | set -e
 18 | start=`date +%s`
 19 | 
 20 | # Name of your application, should be the same as in setup
 21 | NAME=$1
 22 | 
 23 | # Stage/environment e.g. `staging`, `test`, `production``
 24 | STAGE=$2
 25 | 
 26 | # AWS Region where app should be deployed e.g. `us-east-1`, `eu-central-1`
 27 | REGION=$3
 28 | 
 29 | # Hash of commit for better identification
 30 | SHA1=$4
 31 | 
 32 | if [ -z "$NAME" ]; then
 33 |   echo "Application NAME was not provided, aborting deploy!"
 34 |   exit 1
 35 | fi
 36 | 
 37 | if [ -z "$STAGE" ]; then
 38 |   echo "Application STAGE was not provided, aborting deploy!"
 39 |   exit 1
 40 | fi
 41 | 
 42 | if [ -z "$REGION" ]; then
 43 |   echo "Application REGION was not provided, aborting deploy!"
 44 |   exit 1
 45 | fi
 46 | 
 47 | if [ -z "$SHA1" ]; then
 48 |   echo "Application SHA1 was not provided, aborting deploy!"
 49 |   exit 1
 50 | fi
 51 | 
 52 | if [ -z "$AWS_ACCOUNT_ID" ]; then
 53 |   echo "AWS_ACCOUNT_ID was not provided, aborting deploy!"
 54 |   exit 1
 55 | fi
 56 | 
 57 | if [ -z "$AWS_ACCESS_KEY_ID" ]; then
 58 |   echo "AWS_ACCESS_KEY_ID was not provided, aborting deploy!"
 59 |   exit 1
 60 | fi
 61 | 
 62 | if [ -z "$AWS_SECRET_ACCESS_KEY" ]; then
 63 |   echo "AWS_SECRET_ACCESS_KEY was not provided, aborting deploy!"
 64 |   exit 1
 65 | fi
 66 | 
 67 | EB_BUCKET=$NAME-deployments
 68 | ENV=$NAME-$STAGE
 69 | VERSION=$STAGE-$SHA1-$(date +%s)
 70 | ZIP=$VERSION.zip
 71 | 
 72 | echo Deploying $NAME to environment $STAGE, region: $REGION, version: $VERSION, bucket: $EB_BUCKET
 73 | 
 74 | aws configure set default.region $REGION
 75 | aws configure set default.output json
 76 | 
 77 | # Login to AWS Elastic Container Registry
 78 | eval $(aws ecr get-login)
 79 | 
 80 | # Build the image
 81 | docker build -t $NAME:$VERSION .
 82 | # Tag it
 83 | docker tag $NAME:$VERSION $AWS_ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com/$NAME:$VERSION
 84 | # Push to AWS Elastic Container Registry
 85 | docker push $AWS_ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com/$NAME:$VERSION
 86 | 
 87 | # Replace the <AWS_ACCOUNT_ID> with your ID
 88 | sed -i='' "s/<AWS_ACCOUNT_ID>/$AWS_ACCOUNT_ID/" Dockerrun.aws.json
 89 | # Replace the <NAME> with the your name
 90 | sed -i='' "s/<NAME>/$NAME/" Dockerrun.aws.json
 91 | # Replace the <REGION> with the selected region
 92 | sed -i='' "s/<REGION>/$REGION/" Dockerrun.aws.json
 93 | # Replace the <TAG> with the your version number
 94 | sed -i='' "s/<TAG>/$VERSION/" Dockerrun.aws.json
 95 | 
 96 | # Zip up the Dockerrun file
 97 | zip -r $ZIP Dockerrun.aws.json
 98 | 
 99 | # Send zip to S3 Bucket
100 | aws s3 cp $ZIP s3://$EB_BUCKET/$ZIP
101 | 
102 | # Create a new application version with the zipped up Dockerrun file
103 | aws elasticbeanstalk create-application-version --application-name $NAME --version-label $VERSION --source-bundle S3Bucket=$EB_BUCKET,S3Key=$ZIP
104 | 
105 | # Update the environment to use the new application version
106 | aws elasticbeanstalk update-environment --environment-name $ENV --version-label $VERSION
107 | 
108 | end=`date +%s`
109 | 
110 | echo Deploy ended with success! Time elapsed: $((end-start)) seconds
111 | 


--------------------------------------------------------------------------------