Date: 2020-10-21
Accepted
We plan to use AWS as a development/staging environment and as a production environment, on ECS.
Use CircleCI for CI, and deploy docker images to AWS ECR for use in deployments. CircleCI will need to be configured with the following environmental variables in order to deploy docker images (using CircleCI's aws-ecr orb):
- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY
- AWS_REGION
- AWS_ECR_ACCOUNT_URL
This project's Dockerfile requires access to a privately hosted github project (openfido-utils). Use Buildkit on CircleCI to grant SSH access to the docker build processes.
Currently docker-compose only has rudimentary support for Buildkit - and does
not support passing the --ssh
option. Using
docker-compose locally builds images by explicitly passing the private key -
which is different than the Buildkit --ssh option (potentially less secure).
When docker-compose supports Buildkit more fully we should update our local dev
instructions.