Deploying a Service
Overview
Deploy containerized services to ECS Fargate with automatic routing via {service}.api.autom8y.io.
What you get:
- Container orchestration via ECS Fargate
- HTTPS routing via ALB with Cloudflare edge
- CloudWatch logging
- Health monitoring
Prerequisites
Your service must have:
- A
Dockerfile - A
/healthendpoint returning HTTP 200 - Listen on a configurable port (default: 8000)
Suggested repo structure
- Dockerfile
Directorysrc/
- …
Directory.github/
Directoryworkflows/
- deploy.yml
Directoryterraform/
- service.tf
Step 1: Create ECR Repository
Add to your service’s Terraform:
module "ecr" { source = "github.com/autom8y/autom8y_platform//terraform/modules/ecr-repo?ref=main"
name = "my-service" scan_on_push = true retention_count = 30}Step 2: Configure ECS Service
module "service" { source = "github.com/autom8y/autom8y_platform//terraform/modules/ecs-service?ref=main"
# Required name = "my-service" image = "696318035277.dkr.ecr.us-east-1.amazonaws.com/autom8y/my-service:latest" host_header = "my-service.api.autom8y.io"
# Optional cpu = 256 memory = 512 port = 8000 health_path = "/health" desired_count = 1
# Environment environment = { LOG_LEVEL = "INFO" }
# Secrets (SSM Parameter Store paths) secrets = { DATABASE_URL = "/autom8y/my-service/database-url" }
# Infrastructure (from platform data sources) cluster_arn = data.aws_ecs_cluster.autom8.arn vpc_id = data.aws_vpc.autom8.id subnet_ids = data.aws_subnets.private.ids security_group_id = data.aws_security_group.ecs_tasks.id alb_listener_arn = data.aws_lb_listener.https.arn task_execution_role_arn = data.aws_iam_role.ecs_task_execution.arn task_role_arn = data.aws_iam_role.ecs_task.arn}Step 3: Set Up GitHub Workflow
Create .github/workflows/deploy.yml in your service repository:
name: Deploy
on: push: branches: [main]
jobs: build: uses: autom8y/autom8y_platform/.github/workflows/service-build.yml@main with: service_name: my-service secrets: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
deploy: needs: build uses: autom8y/autom8y_platform/.github/workflows/service-deploy.yml@main with: service_name: my-service image_tag: ${{ needs.build.outputs.image_tag }} secrets: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}Step 4: Deploy
-
Apply Terraform to create infrastructure:
Terminal window terraform apply -
Push code to trigger the workflow
Step 5: Verify
# Test endpointcurl https://my-service.api.autom8y.io/health
# View logsaws logs tail /ecs/autom8y-my-service --follow
# Check ECS serviceaws ecs describe-services --cluster autom8-cluster --services autom8y-my-serviceModule Reference
ecr-repo Variables
| Variable | Type | Default | Description |
|---|---|---|---|
name | string | required | Service name |
scan_on_push | bool | true | Enable image scanning |
retention_count | number | 30 | Images to retain |
ecs-service Variables
| Variable | Type | Default | Description |
|---|---|---|---|
name | string | required | Service name |
image | string | required | ECR image URI |
host_header | string | required | DNS hostname |
cpu | number | 256 | CPU units |
memory | number | 512 | Memory in MB |
port | number | 8000 | Container port |
health_path | string | /health | Health check path |
desired_count | number | 1 | Task count |
log_retention | number | 30 | Log retention days |
environment | map | {} | Environment variables |
secrets | map | {} | SSM parameter paths |
Troubleshooting
Image Pull Failures
- Verify ECR repository exists:
aws ecr describe-repositories - Check task execution role has ECR permissions
Health Check Failures
- Ensure
/healthreturns 200 - Check security group allows ALB traffic
- View logs:
aws logs tail /ecs/autom8y-{service}
Service Not Accessible
- Verify DNS:
dig {service}.api.autom8y.io - Check ALB listener rules:
aws elbv2 describe-rules