Why does CodePipeline require an `imagedefinitions.json` when ECS task definitions already have this?

Asked 17/10, 2019 at 6:43 Answered 3/9 at 18:0

Solved amazon-ecs aws-code-deploy aws-codepipeline

OK, so I have a CodePipeline which does a very vanilla

CodeCommit -> Build Docker images -> CodeDeploy to ECS

In the buildspec.yml file, AWS requires outputting imagedefinitions.json as an artifact that CodePipeline can use for mapping the container name to the ECR image URL.

Here's the oft-cited example for how to do this in your buildspec.yml:

printf '[{"name":"MyService","imageUri":"%s"}]' $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/myservice/app:latest > imagedefinitions.json

But this seems totally redundant to me. In an ECS task definition, we can have the following under our containerDefinitions:

"containerDefinitions": [
    {
      "name": "MyService",
      "image": "123456789.dkr.ecr.us-east-1.amazonaws.com/myservice/app:latest"
     }, 
     ...
]

Why, in order to use CodePipeline to CodeDeploy an ECS task, do we have to provide information already specified in the ECS task definition? It would be so much cleaner to remove the need for an artifact (and the S3 bucket to store said artifact) here!

Perhaps there are some fundamentals of CodeDeploy/ECS I do not understand.

Cowie answered 17/10, 2019 at 6:43 Comment(1)

To this day, it is still unclear to me. Using ECR as a source and CodePipeline to deploy to ECS, I don't understand why I need to provide imagedefinitions.json. – Bawdy 8/9, 2022 at 8:32

You have a good point, however using ":latest" in production systems to identify/retrieve images is usually not a good idea mainly because the tag is not deterministic and can result in surprises. There are many articles on the internet that discuss this anti-pattern, e.g. [1].

To answer your question, the idea for the "imagedefinitions.json" is to identify the updated image for a container in the task definition. It was not intended to be using ':latest' tag all the time.

[1] https://vsupalov.com/docker-latest-tag/

Hughes answered 17/10, 2019 at 8:34 Comment(4)

any best practice suggestions for how to name tags when working with CodePipekine and you’re just git pushing to trigger new deploys? – Cowie 17/10, 2019 at 16:57

Then the question is why codepipeline ask image tag during the setup, it says mage tag - optional Choose the image tag that triggers your pipeline when a change occurs in the image repository. If an image tag is not selected, defaults to latest Why do we need to specify the tag (or ask to take latest if not at all? – Disunion 13/2, 2020 at 6:21

When CodePipeline is doing a rolling ECS deployment (not B/G), it creates a new Task Definition. It needs to put an image and a tag in this Task Definition. The tag is optional only because if not provided CodePipeline will use 'latest' as the tag. Most of the times, new image pushes to Image repos are tagged with latest so this works, but it is anti-pattern anyway. – Hughes 13/2, 2020 at 13:5

Where do I upload said imageDefinitions.json file if I'm using ECR as my source, and not using a build stage? – Blackbird 24/8, 2020 at 18:38

A bit late, but hopefully this is helpful to future readers.

The Image URI is not supposed to be in the taskdef.json file that is part of your code. (Refer https://docs.aws.amazon.com/codepipeline/latest/userguide/tutorials-ecs-ecr-codedeploy.html).

So it's not a duplication of specification. It's just that you are mentioning it in taskdef.json explicitly (instead of referring to it as <IMAGE1_NAME>) and AWS isn't really raising an issue with it. The actual value is still taken from the imageDetail.json file.

Bis answered 3/9 at 18:0 Comment(0)

Recommended topics

Hot tags