Skip to content
Rollback ECS deployments
Go
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.circleci Cache modules in CI Dec 9, 2018
internal Fix automatic region retrieving Dec 9, 2018
.gitignore Init Dec 1, 2018
LICENSE Init Dec 1, 2018
README.md Add CI conf Dec 9, 2018
go.mod
go.sum Init Dec 1, 2018
main.go Init Dec 1, 2018

README.md

ecsundo

Go Report Card CircleCI

ecsundo is cli tool able to rollback ECS services in a given cluster to their previous or to specific task versions.

It is capable of making and restoring "snapshots" of service versions.

Motivations

Probably your code is automatically deployed by a CI/CD pipeline. If something goes wrong it may take several minutes to bring a rollback commit in production, with ecsundo this time is cut to seconds.

Prerequisites

To use this tool, the deploy procedure must involve creating a new task version with a new image tag. A great way to tag container images is to include the commit hash of the code that they contain, doing so it will be possible to find the task version you want to come back to if problems arise. Learn more about this.

Usage examples

Rollback all services in a cluster to previous version:

$ ecsundo cluster <cluster-name>

Rollback a service to the previous version:

$ ecsundo service -c <cluster-name> <service-name>

Make a snapshot of all services versions in a cluster:

$ ecsundo cluster snapshot <cluster-name>

Restore a snapshot of a versions of all services in a cluster:

$ ecsundo cluster restore <cluster-name>

To learn more, use on line help:

$ ecsundo help

Configuration

To avoid to specify cluster name, an environment variable can be used:

ECSUNDO_CLUSTER=<cluster-name>

or a configuration file (default path ~/.ecsundo.yml):

cluster: <cluster-name>

Proper permissions must be granted for the tool to operate properly. If you install this tool inside AWS, the best way, from a security standpoint, is to use an IAM role that lets you avoid copying around AWS_SECRETS. The role should have at least this permissions:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "ecs:ListAttributes",
                "ecs:DescribeTaskDefinition",
                "ecs:DescribeClusters",
                "ecs:ListServices",
                "ecs:UpdateService",
                "ecs:ListTasks",
                "ecs:ListTaskDefinitionFamilies",
                "ecs:RegisterTaskDefinition",
                "ecs:DescribeServices",
                "ecs:ListContainerInstances",
                "ecs:DescribeContainerInstances",
                "ecs:DescribeTasks",
                "ecs:ListTaskDefinitions",
                "ecs:ListClusters"
            ],
            "Resource": "*"
        }
    ]
}

Use from local shell

A prerequisite is that aws-cli is installed and configured, this is true if credentials file exists (e.g. ls ~/.aws/credentials). To use these credentials:

AWS_SDK_LOAD_CONFIG=1 ecsundo cluster snapshot <my-cluster>

Your credentials must have at least same permissions of the role above.

Installation

To install the latest (unstable) version:

go get -u github.com/eraclitux/ecsundo
You can’t perform that action at this time.