Implementing CI/CD Pipelines with Docker and AWS

I'm Samuel Fajreldines

I am a specialist in the entire JavaScript and TypeScript ecosystem (including Node.js, React, Angular and Vue.js)

I am expert in AI and in creating AI integrated solutions

I am expert in DevOps and Serverless Architecture (AWS, Google Cloud and Azure)

I am expert in PHP and its frameworks (such as Codeigniter and Laravel).

Chat with me on WhatsApp

Message me on LinkedIn

Send me an E-mail

Samuel Fajreldines

I am a specialist in the entire JavaScript and TypeScript ecosystem.

I am expert in AI and in creating AI integrated solutions.

I am expert in DevOps and Serverless Architecture

I am expert in PHP and its frameworks.

+55 (51) 99226-5039

samuelfajreldines@gmail.com

Home Page

Implementing CI/CD Pipelines with Docker and AWS

In today's competitive software landscape, delivering applications rapidly without compromising quality is crucial. Implementing robust Continuous Integration and Continuous Deployment (CI/CD) pipelines is essential for teams aiming to accelerate delivery cycles, enhance product quality, and maintain operational efficiency. By leveraging Docker and Amazon Web Services (AWS), developers can create scalable, efficient, and secure CI/CD pipelines.

In this post, we'll explore how to implement a CI/CD pipeline using Docker containers and AWS services like AWS CodePipeline, AWS CodeBuild, Amazon Elastic Container Registry (ECR), and Amazon Elastic Container Service (ECS). This guide provides a step-by-step approach, highlighting best practices to ensure your pipeline is optimized for speed and reliability.

Why Docker and AWS for CI/CD?

Combining Docker and AWS offers numerous benefits:

Portability: Docker containers ensure consistency across environments.
Scalability: AWS services scale seamlessly with your application's needs.
Efficiency: Automate repetitive tasks, reducing manual intervention.
Security: AWS provides robust security features and compliance certifications.

Prerequisites

An AWS account with administrative privileges.
Basic knowledge of Docker and containerization concepts.
Familiarity with AWS services, particularly ECS and ECR.
A sample application (we'll use a Node.js application for demonstration).

Overview of the Architecture

Our CI/CD pipeline will include the following stages:

Source Stage: Code is pushed to a version control system (e.g., AWS CodeCommit, GitHub).
Build Stage: CodeBuild builds the Docker image and runs tests.
Deploy Stage: The image is pushed to ECR, and ECS deploys it to a cluster.

CI/CD Pipeline Architecture

Step 1: Setting Up the Source Repository

First, host your application's code in a repository. For seamless AWS integration, AWS CodeCommit is recommended.

Using AWS CodeCommit

Navigate to the AWS CodeCommit console.
Create a new repository named my-app-repo.

Clone the repository to your local machine:

git clone https://git-codecommit.us-east-1.amazonaws.com/v1/repos/my-app-repo

Add your application code to the repository and commit the changes:

git add .
git commit -m "Initial commit"
git push origin master

Step 2: Containerizing the Application with Docker

Create a Dockerfile to define how your application is containerized.

Sample Dockerfile for Node.js Application

# Use Node.js LTS version as the base image
FROM node:18-alpine

# Set the working directory in the container
WORKDIR /usr/src/app

# Copy package.json and package-lock.json
COPY package*.json ./

# Install dependencies
RUN npm install --production

# Copy the rest of the application code
COPY . .

# Expose the application port
EXPOSE 3000

# Start the application
CMD ["node", "app.js"]

Best Practices:

Use a minimal base image to reduce the image size.
Copy only necessary files to optimize build caching.
Run container-specific user permissions for enhanced security.

Step 3: Creating a Build Specification for CodeBuild

AWS CodeBuild requires a buildspec.yml file to define build commands.

Sample buildspec.yml

version: 0.2

phases:
  pre_build:
    commands:
      - echo Logging into Amazon ECR...
      - $(aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin <AWS_ACCOUNT_ID>.dkr.ecr.us-east-1.amazonaws.com)
      - REPOSITORY_URI=<AWS_ACCOUNT_ID>.dkr.ecr.us-east-1.amazonaws.com/my-app-repo
  build:
    commands:
      - echo Building the Docker image...
      - docker build -t $REPOSITORY_URI:latest .
  post_build:
    commands:
      - echo Pushing the Docker image...
      - docker push $REPOSITORY_URI:latest
artifacts:
  files:
    - '**/*'

Note: Replace <AWS_ACCOUNT_ID> with your actual AWS account ID.

Step 4: Setting Up Amazon Elastic Container Registry (ECR)

Amazon ECR is a fully-managed Docker container registry.

Navigate to the Amazon ECR console.
Create a new repository named my-app-repo.
Note the repository URI; you'll need it for the buildspec.yml.

Step 5: Configuring AWS CodeBuild Project

AWS CodeBuild automates the build and test phases.

Navigate to the AWS CodeBuild console.
Create a new build project named my-app-build.
Configure the following settings:
- Source Provider: AWS CodeCommit.
- Repository: my-app-repo.
- Environment:
  - Managed image: Ubuntu Standard.
  - Runtime(s): Docker.
  - Privileged: Enabled (required for Docker build).
- Buildspec: Use the buildspec.yml in the source code.

Step 6: Setting Up AWS CodePipeline

AWS CodePipeline automates the CI/CD workflow.

Navigate to the AWS CodePipeline console.
Create a new pipeline named my-app-pipeline.
Source Stage:
- Provider: AWS CodeCommit.
- Repository: my-app-repo.
- Branch: master.
Build Stage:
- Provider: AWS CodeBuild.
- Project: my-app-build.
Deploy Stage:
- Provider: AWS ECS.
- Cluster Name: my-ecs-cluster.
- Service Name: my-app-service.

Step 7: Configuring Amazon Elastic Container Service (ECS)

Amazon ECS orchestrates Docker container deployment.

Create an ECS Cluster

Navigate to the Amazon ECS console.
Create a new cluster named my-ecs-cluster.
- Choose the appropriate launch type (e.g., Fargate for serverless).

Define a Task Definition

In the ECS console, go to Task Definitions.
Create a new task definition named my-app-task.
- Task Role: Create a new IAM role with necessary permissions.
- Network Mode: awsvpc (for Fargate).
- Container Definitions:
  - Container Name: my-app-container.
  - Image: <AWS_ACCOUNT_ID>.dkr.ecr.us-east-1.amazonaws.com/my-app-repo:latest.
  - Port Mappings: Container port 3000 to host port 80.

Create a Service

In the ECS console, go to Services.
Create a new service named my-app-service.
- Launch Type: Fargate.
- Task Definition: my-app-task.
- Cluster: my-ecs-cluster.
- Number of Tasks: Set desired count.
- Deployments: Enable rolling updates.

Step 8: Testing the CI/CD Pipeline

With the pipeline set up, it's time to test it.

Make a code change in your local repository.

Push the changes to the master branch:

git add .
git commit -m "Updated application"
git push origin master

Monitor the pipeline in the AWS CodePipeline console.
Wait for the pipeline to complete all stages.
Verify the deployment in the ECS console.

Enhancing the Pipeline

Implementing Automated Testing

Add testing commands to the buildspec.yml:

phases:
  build:
    commands:
      - echo Running unit tests...
      - npm test
      - echo Building Docker image...
      - docker build -t $REPOSITORY_URI:latest .

Using Infrastructure as Code

Leverage AWS CloudFormation or Terraform to manage AWS resources.

Define all AWS resources in templates.
Version control your infrastructure code.
Enable consistent and repeatable deployments.

Integrating with AWS CodeArtifact

Manage dependencies with AWS CodeArtifact.

Store software packages securely.
Share dependencies across teams.

Security Best Practices

IAM Roles: Assign least-privilege permissions.
Secrets Management: Use AWS Secrets Manager for sensitive data.
Network Security: Implement VPCs, subnets, and security groups appropriately.
Logging and Monitoring: Enable AWS CloudTrail and AWS CloudWatch.

Monitoring and Logging

AWS CloudWatch Logs: Collect and analyze logs from ECS tasks.
AWS X-Ray: Trace and debug distributed applications.
Alerts and Notifications: Configure Amazon SNS for notifications on pipeline failures.

Cost Optimization

Use Spot Instances: Reduce compute costs with Amazon ECS Spot.
Right-Sizing Resources: Adjust resource allocation based on usage metrics.
Cleanup: Remove unused resources regularly.

Conclusion

Implementing a CI/CD pipeline with Docker and AWS empowers development teams to deliver applications faster and with greater confidence. By automating the build, test, and deployment processes, you minimize errors and enhance productivity. AWS provides a comprehensive suite of tools that integrate seamlessly, offering scalability, security, and flexibility.

Start leveraging Docker and AWS for your CI/CD pipelines today to streamline your development workflows and stay ahead in the competitive software landscape.

Keywords: CI/CD, Docker, AWS, Continuous Integration, Continuous Deployment, DevOps, AWS CodePipeline, AWS CodeBuild, Amazon ECR, Amazon ECS, Infrastructure as Code, Security Best Practices, Monitoring, Cost Optimization

See More Posts

About Me

Samuel Fajreldines

Since I was a child, I've always wanted to be an inventor. As I grew up, I specialized in information systems, an area which I fell in love with and live around it. I am a full-stack developer and work a lot with devops, i.e., I'm a kind of "jack-of-all-trades" in IT. Wherever there is something cool or new, you'll find me exploring and learning... I am passionate about life, family, and sports. I believe that true happiness can only be achieved by balancing these pillars. I am always looking for new challenges and learning opportunities, and would love to connect with other technology professionals to explore possibilities for collaboration. If you are looking for a dedicated and committed full-stack developer with a passion for excellence, please feel free to contact me. It would be a pleasure to talk with you!

Chat with me on WhatsApp

Message me on LinkedIn

Send me an E-mail

Resume

Experience

SecurityScoreCard

Nov. 2023 - Present

New York, United States

Senior Software Engineer

I joined SecurityScorecard, a leading organization with over 400 employees, as a Senior Full Stack Software Engineer. My role spans across developing new systems, maintaining and refactoring legacy solutions, and ensuring they meet the company's high standards of performance, scalability, and reliability.

I work across the entire stack, contributing to both frontend and backend development while also collaborating directly on infrastructure-related tasks, leveraging cloud computing technologies to optimize and scale our systems. This broad scope of responsibilities allows me to ensure seamless integration between user-facing applications and underlying systems architecture.

Additionally, I collaborate closely with diverse teams across the organization, aligning technical implementation with strategic business objectives. Through my work, I aim to deliver innovative and robust solutions that enhance SecurityScorecard's offerings and support its mission to provide world-class cybersecurity insights.

Technologies Used:
Node.js Terraform React Typescript AWS Playwright and Cypress

SecurityScoreCard

Nov. 2023 - Present

New York, United States

Senior Software Engineer

I joined SecurityScorecard, a leading organization with over 400 employees, as a Senior Software Engineer, focusing primarily on frontend development. My role involves designing and building user-centric interfaces, optimizing performance, and ensuring seamless user experiences across our web applications.

I specialize in modern frontend technologies, crafting scalable and maintainable codebases while integrating them efficiently with backend systems. I also contribute to UI/UX improvements, enhancing usability and accessibility to align with industry best practices.

Beyond development, I collaborate closely with designers, product managers, and backend engineers to ensure cohesive and intuitive applications. By leveraging my expertise in frontend architecture and performance optimization, I help SecurityScorecard deliver high-quality cybersecurity insights through fast, responsive, and visually compelling interfaces.

Technologies Used:
Node.js Terraform React Typescript AWS Playwright and Cypress
Mahisoft Inc

Dec. 2022 - Present

New York, United States

Senior Software Engineer

I joined Mahisoft as a Senior Software Engineer, where I serve as the lead technologist responsible for all the technology and systems related to the projects under my charge.

I specialize in translating the directives from the board members of Top Trader League into functional, scalable code. My work often involves architecting backend systems, optimizing database queries, and building responsive, user-friendly front-end interfaces to convert the leadership team's vision into tangible results that drive business impact.

One of my key responsibilities is writing efficient and maintainable code that not only meets but exceeds the technical requirements, ensuring that our software solutions are robust and scalable.

Technologies Used:
Node.js PHP (Laravel) React Google Cloud AWS Terraform
Vagalume Midia

Aug. 2021 - Dec. 2022

Senior Software Engineer

I was privileged to join Vagalume as a Senior Full Stack Developer, brought on board by the company's owner, Daniel. At Vagalume, I was the go-to person for a wide array of tasks spanning both coding and DevOps.

As the largest enterprise I've worked for in terms of user base and visitor traffic, Vagalume provided a complex and stimulating environment where I honed my skills in DevOps and high-scalability systems. The guidance and mentorship from Daniel have been invaluable, shaping not only my professional development but also forging a lasting friendship.

One of my most notable contributions was the complete overhaul of Vagalume's radio systems. This involved rearchitecting the infrastructure and rewriting the codebase. The end result was a significant boost in system performance and a marked reduction in AWS operating costs.

Technologies Used:
Node.js PHP React Vue.js AWS Terraform Extensive use of SEO techniques
Anilha

Feb. 2019 - Dec. 2021

Side period

Founder

I believe that the best way to learn is by doing something with what you are learning.

So, during my free time, I started an app called Anilha. Anilha means dumbbell in Portuguese and the app was designed to help users with flexible diet and workouts.

I can say with 100% certainty that Anilha was the biggest factor in my learning process.

Technologies Used:
Node.js Ionic Angular AWS Lambda DynamoDB Terraform
Secretária Virtual

Sep. 2019 - Aug. 2021

Senior Software Engineer

I had the privilege of being recruited by Leonardo Leffa, a close friend and mentor, to oversee the technology initiatives across a diverse portfolio of enterprises under the umbrella of Secretaria Virtual. In this capacity, my responsibilities extended beyond mere code writing to shaping the development processes and workflows that governed how tasks were requested by users and collaborators within the company.

During my tenure at Secretaria Virtual, I led an array of complex development projects as directed by the company's senior leadership. My scope of work covered:

Infrastructure Development: Ensuring robust, scalable backend solutions.

System Development: Architecting and coding business-critical applications.

Monitoring & Testing: Establishing metrics and frameworks to ensure software reliability.

I was instrumental in ushering the company into a new technological era by advocating for and implementing cloud computing solutions and continuous integration practices. Moreover, I led the shift towards Agile development by introducing the Scrum methodology, fostering a more collaborative and efficient work environment.

Technologies Used:
Node.js PHP AngularJS Laravel CodeIgniter Ionic
E-TRUST

Sep. 2017 - Sep. 2019

Senior Software Engineer

Operating in the critical sphere of Information Security, E-trust necessitates the utmost safeguarding of data across all its platforms.

As a Senior Developer at E-trust, I was entrusted with a multi-faceted role that included not only coding but also shaping the development processes in collaboration with upper management. My primary mission was to innovate new features while modernizing both frontend and backend architectures of our Horacius system—all while maintaining rigorous security protocols.

In pursuit of code excellence and efficient workflows, I established clean coding practices based on Object-Oriented Programming (OOP) principles. I was also instrumental in introducing continuous integration processes, which included automated migrations and code validation through specialized robotic checks.

Among my proudest achievements was the complete revamping of the Horacius system's frontend. The challenge was not just to modernize it but also to ensure backward compatibility with legacy systems. The successful implementation resonated well with our client base, which includes some of Brazil's largest banks and corporations.

Being at the forefront of creating the company's code culture, I was exposed to substantial responsibilities and unparalleled learning experiences, particularly in the realms of security and DevOps.

Technologies Used:
PHP Microsoft SQL Server Windows Server

Education

UniRitter

2015 - 2018

UniRitter Laureate International Universities

Bachelor of Computer Science

Engaged in a rigorous program at UniRitter Laureate International Universities, renowned as one of the top institutions in the country. Excelled in System Analysis and Development, receiving accolades for academic excellence. Although I did not complete the degree due to career opportunities in the field, my foundational education and achievements at UniRitter have significantly contributed to my professional capabilities and expertise.