Deploying To AWS

3 minute read

This article is about deploying to AWS using CodeShip Pro. If you are unfamiliar with CloudBees CodeShip Pro, we recommend our getting started guide or the features overview page. You can find a sample repo for deploying to AWS with CloudBees CodeShip Pro on GitHub.

To make it easy for you to deploy your application to AWS we’ve built a container that has the AWSCLI installed. We will set up a simple example showing you how to configure any deployment to AWS.

CodeShip AWS deployment container

The AWS deployment container lets you plugin your deployment tools without the need to include that in the testing or even production container. That keeps your containers small and focused on the specific task they need to accomplish in the build. By using the AWS deployment container you get the tools you need to deploy to any AWS service and still have the flexibility to adapt it to your needs.

The container configuration is open source and can be found in the codeship-library/aws-deployment project on GitHub. It includes a working example that uses the AWSCLI as part of an integration test before we push a new container to the Docker Hub.

We will use the codeship/aws-deployment container throughout the documentation to interact with various AWS services.

Using other tools

While the container we provide for interacting with AWS gives you an easy and straight forward way to run your deployments it is not the only way you can interact with AWS services. You can install your own dependencies, write your own deployment scripts, talk to the AWS API directly or bring 3rd party tools to do it for you. By installing those tools into a Docker container and running them you have a lot of flexibility in how to deploy to AWS.


Before setting up the codeship-services.yml and codeship-steps.yml file we’re going to create an encrypted environment file that contains the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY.

Take a look at our encrypted environment files documentation and add a aws-deployment.env.encrypted file to your repository. The file needs to contain an encrypted version of the following file:


You can get the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY from the IAM settings in your AWS Console. Do not use the admin keys provided to your main AWS account and make sure to limit the access to what is necessary for your deployment through IAM.

It is advised that you review AWS’ IAM documentation to find the correct policies for your account.

Service Definition

Before reading through the documentation please take a look at the Services and Steps documentation page so you have a good understanding how services and steps on CodeShip work.

The codeship-services.yml file uses the codeship/aws-deployment container and sets the encrypted environment file. Additionally it sets the AWS_DEFAULT_REGION through the environment config setting. We set up a volume that shares ./ (the repository folder) to /deploy. This gives us access to all files in the repository in /deploy/…​ for the following steps.

awsdeployment: image: codeship/aws-deployment encrypted_env_file: - aws-deployment.env.encrypted environment: - AWS_DEFAULT_REGION=us-east-1 volumes: - ./:/deploy

Deployment Examples

Once you have used the above instructions to set up your AWS deployment service and authenticate with AWS, we provide specific documentation for deploying to the most popular AWS services.

Combining Various AWS Services In A Script

If you want to interact with multiple AWS services simultaneously, in a more complex deployment or orchestration chain, you can set up a deployment script to be called from your AWS deployment service.

Below is one example, which will upload files into S3 buckets and then trigger a redeployment on ECS. In the following example we’re putting the script into scripts/aws_deployment.

#!/bin/bash # Fail the build on any failed command set -e aws s3 sync /deploy/assets s3://my_assets_bucket aws s3 sync /deploy/downloadable_resources s3://my_resources_bucket # Register a new version of the task defined in tasks/backend.json and update # the currently running instances aws ecs register-task-definition --cli-input-json file:///deploy/tasks/backend.json aws ecs update-service --service my-backend-service --task-definition backend # Register a task to process a Queue aws ecs register-task-definition --cli-input-json file:///deploy/tasks/process_queue.json aws ecs run-task --cluster default --task-definition process_queue --count 5

And the corresponding codeship-steps.yml:

- service: awsdeployment command: /deploy/scripts/aws_deployment