Dual Management Issue of ECS Task Definition in Terraform and Github actions

In a typical setup, task definitions of ECS are managed in two places:

• When creating ECS resources using Terraform
• When setting up continuous integration and continuous delivery (CI/CD) pipelines using GitHub Actions

This duality can cause complexities in management and potential inconsistencies in task definitions across Terraform and GitHub, raising challenges for the teams managing these processes.

Implementing CI/CD with GitHub Actions

For ECS deployments, the task-definition.json file is placed in the repository and referenced in the GitHub Actions workflows.

The following snippet is a common implementation where GitHub Actions uses the task-definition.json to render an Amazon ECS task definition, and then deploys it to an Amazon ECS service:

.
.
.
      - name: Render Amazon ECS task definition
        id: render-container
        uses: aws-actions/amazon-ecs-render-task-definition@v1
        with:
          task-definition: task-definition.json
          container-name: container_name
          image: 123456789012.dkr.ecr.ap-northeast-1.amazonaws.com/repo:latest

      - name: Deploy to Amazon ECS service
        uses: aws-actions/amazon-ecs-deploy-task-definition@v1
        with:
          task-definition: ${{ steps.render-container.outputs.task-definition }}
          service: sample-service
          cluster: sample-cluster

This setup forms the basis of the dual management problem, where task definitions are managed in both Terraform and GitHub Actions, causing potential difficulties and inconsistencies.

Solution Approach

A solution to this problem is proposed in the AWS documentation for the amazon-ecs-deploy-task-definition GitHub Action.

https://github.com/aws-actions/amazon-ecs-deploy-task-definition

If you do not wish to store your task definition as a file in your git repository, your GitHub Actions workflow can download the existing task definition.

The task definition does not need to be stored as a file in the Git repository. Instead, the existing task definition can be downloaded directly from AWS ECS using the AWS CLI in a GitHub Actions workflow:

- name: Download task definition
  run: |
    aws ecs describe-task-definition --task-definition my-task-definition-family --query taskDefinition > task-definition.json

Modification in GitHub Actions

Consequently, the modification in GitHub Actions would look like this:

.
.
.
      - name: Download task definition
        run: |
          aws ecs describe-task-definition --task-definition sample-definition --query taskDefinition > task-definition.json

      - name: Deploy to Amazon ECS service
        uses: aws-actions/amazon-ecs-deploy-task-definition@v1
        with:
          task-definition: task-definition.json
          service: sample-service
          cluster: sample-cluster

With this change, task definition management becomes simpler. You no longer need to manage the task-definition.json file in the GitHub repository. Task definitions can now be managed solely through Terraform, eliminating the risk of inconsistent definitions between Terraform and GitHub.

References

https://github.com/aws-actions/amazon-ecs-deploy-task-definition