First commit

Author: NicolasRitouet

.gitignore

@@ -0,0 +1 @@
+.DS_Store

Dockerfile

@@ -0,0 +1,10 @@
+FROM python:alpine
+
+ARG CLI_VERSION=1.16.110
+
+RUN apk -uv add --no-cache groff jq less && \
+    pip install --no-cache-dir awscli==$CLI_VERSION
+
+ADD ecs-cf-deploy /usr/local/bin/
+
+CMD ["ecs-cf-deploy"]

ecs-cf-deploy

@@ -0,0 +1,198 @@
+#!/bin/sh
+
+
+VERSION="0.1.0"
+AWS_CLI=$(which aws)
+AWS_ECS="$AWS_CLI --output json ecs"
+AWS_DEFAULT_REGION=${AWS_DEFAULT_REGION:-eu-west-1}
+AWS_ASSUME_ROLE=true
+
+
+function usage() {
+cat <<EOM
+-- ecs-cf-deploy --
+Simple script to force a deployement of an ECS service based on a clouformation stack.
+
+Required arguments:
+    -c | --cluster-name          Name of Name of cloudformation stack containing the ecs cluster to deploy
+    -s | --service-name          Name of cloudformation stack containing the service to deploy
+    -k | --aws-access-key        AWS Access Key ID. May also be set as environment variable AWS_ACCESS_KEY_ID
+    -s | --aws-secret-key        AWS Secret Access Key. May also be set as environment variable AWS_SECRET_ACCESS_KEY
+    -r | --region                AWS Region Name. May also be set as environment variable AWS_DEFAULT_REGION
+    -p | --profile               AWS Profile to use - If you set this aws-access-key, aws-secret-key and region are needed
+
+Requirements:
+    aws:  AWS Command Line Interface
+    jq:   Command-line JSON processor
+
+EOM
+
+    exit 3
+}
+
+
+# Check requirements
+function require() {
+    command -v "$1" > /dev/null 2>&1 || {
+        echo "Some of the required software is not installed:"
+        echo "    please install $1" >&2;
+        exit 4;
+    }
+}
+
+function assumeRole() {
+
+    temp_role=$($AWS_CLI sts assume-role --role-arn "arn:aws:iam::${ACCOUNT_ID}:role/${CROSS_ACCOUNT_ROLE}" --role-session-name "$(date +"%s")")
+
+    export AWS_ACCESS_KEY_ID=$(echo $temp_role | jq .Credentials.AccessKeyId | xargs)
+    export AWS_SECRET_ACCESS_KEY=$(echo $temp_role | jq .Credentials.SecretAccessKey | xargs)
+    export AWS_SESSION_TOKEN=$(echo $temp_role | jq .Credentials.SessionToken | xargs)
+}
+
+function assumeRoleClean() {
+    unset AWS_ACCESS_KEY_ID
+    unset AWS_SECRET_ACCESS_KEY
+    unset AWS_SESSION_TOKEN
+}
+
+function getClusterName() {
+    export CLUSTER=$($AWS_CLI cloudformation describe-stacks \
+              --stack-name ${ECS_CLUSTER_STACK} \
+              --query 'Stacks[0].Outputs[?OutputKey==`Cluster`].OutputValue' \
+              --output text --region ${AWS_DEFAULT_REGION}
+              )
+}
+
+function getServiceName() {
+    export SERVICE=$($AWS_CLI cloudformation describe-stacks \
+              --stack-name ${ECS_SERVICE_STACK} \
+              --query 'Stacks[0].Outputs[?OutputKey==`Service`].OutputValue' \
+              --output text --region ${AWS_DEFAULT_REGION}
+              )
+}
+
+
+function updateService() {
+    echo "Deploying on cluster $CLUSTER service $SERVICE"
+    `$AWS_ECS update-service --cluster $CLUSTER --service $SERVICE --force-new-deployment`
+}
+
+
+
+
+# Check that all required variables/combinations are set
+function assertRequiredArgumentsSet() {
+
+    # AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_DEFAULT_REGION and AWS_PROFILE can be set as environment variables
+    if [ -z ${AWS_ACCESS_KEY_ID+x} ]; then unset AWS_ACCESS_KEY_ID; fi
+    if [ -z ${AWS_SECRET_ACCESS_KEY+x} ]; then unset AWS_SECRET_ACCESS_KEY; fi
+    if [ -z ${AWS_DEFAULT_REGION+x} ];
+      then unset AWS_DEFAULT_REGION
+      else
+              AWS_ECS="$AWS_ECS --region $AWS_DEFAULT_REGION"
+    fi
+    if [ -z ${AWS_PROFILE+x} ];
+      then unset AWS_PROFILE
+      else
+              AWS_ECS="$AWS_ECS --profile $AWS_PROFILE"
+    fi
+
+    if [ $ECS_SERVICE_STACK == false ]; then
+        echo "SERVICE is required. You can pass the value using -s or --service-name"
+        exit 5
+    fi
+    if [ $ECS_SERVICE_STACK != false ] && [ $ECS_CLUSTER_STACK == false ]; then
+        echo "CLUSTER is required. You can pass the value using -c or --cluster"
+        exit 6
+    fi
+
+}
+
+######################################################
+# When not being tested, run application as expected #
+######################################################
+set -o errexit
+set -o pipefail
+set -u
+set -e
+
+# If no args are provided, display usage information
+if [ $# == 0 ]; then usage; fi
+
+# Check for AWS, AWS Command Line Interface
+require aws
+# Check for jq, Command-line JSON processor
+require jq
+
+# Loop through arguments, two at a time for key and value
+while [[ $# -gt 0 ]]
+do
+    key="$1"
+
+    case $key in
+        -k|--aws-access-key)
+            AWS_ACCESS_KEY_ID="$2"
+            shift # past argument
+            ;;
+        -s|--aws-secret-key)
+            AWS_SECRET_ACCESS_KEY="$2"
+            shift # past argument
+            ;;
+        -r|--region)
+            AWS_DEFAULT_REGION="$2"
+            shift # past argument
+            ;;
+        -p|--profile)
+            AWS_PROFILE="$2"
+            shift # past argument
+            ;;
+        --aws-instance-profile)
+            echo "--aws-instance-profile is not yet in use"
+            AWS_IAM_ROLE=true
+            ;;
+        -c|--cluster-name)
+            ECS_CLUSTER_STACK="$2"
+            shift
+            ;;
+        -s|--service-name)
+            ECS_SERVICE_STACK="$2"
+            shift # past argument
+            ;;
+        -v|--verbose)
+            VERBOSE=true
+            ;;
+        --version)
+            echo ${VERSION}
+            exit 0
+            ;;
+        *)
+            usage
+            exit 2
+        ;;
+    esac
+    shift # past argument or value
+done
+
+if [ $VERBOSE == true ]; then
+    set -x
+fi
+
+# Check that required arguments are provided
+assertRequiredArgumentsSet
+
+if [[ "$AWS_ASSUME_ROLE" != false ]]; then
+    assumeRole
+fi
+
+updateService
+
+
+if [[ "$AWS_ASSUME_ROLE" != false ]]; then
+    assumeRoleClean
+fi
+
+exit 0
+
+#############################
+# End application run logic #
+#############################