DEV-3798 Document the new ECS Strategy #856
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…o ecs-atmos-deployment * 'ecs-atmos-deployment' of github.com:cloudposse/docs: Fix release versioning by storing library docs in draft releases (#854) docs: Add RunsOn regional availability guidance to primary region decision (#851) Add redirects for all Spacelift tutorials (#853) Add redirect for Spacelift tutorial (#850)
milldr
requested changes
Jan 26, 2026
Member
milldr
left a comment
milldr
left a comment
There was a problem hiding this comment.
please fix build (broken links)
milldr
reviewed
Jan 26, 2026
milldr
reviewed
Jan 26, 2026
docs/jumpstart/action-items.mdx
Outdated
Comment on lines
207
to
212
| ### <StepNumber/> PATs for ECS with `ecspresso` (Deprecated) | ||
|
|
||
| :::note | ||
| This step can likely be skipped. The ecspresso-based ECS deployment approach is deprecated in favor of [ECS with Atmos](/layers/software-delivery/ecs-atmos/), which does not require these PATs. | ||
| ::: | ||
|
|
Member
There was a problem hiding this comment.
Let's just remove this whole section from this page and move all requirements for ecspresso to that ecspresso page, docs/layers/software-delivery/ecs-ecspresso/ecs-ecspresso.mdx
milldr
reviewed
Jan 26, 2026
milldr
reviewed
Jan 26, 2026
Comment on lines
39
to
60
| ### <StepNumber/> Deploy Platform Infrastructure | ||
|
|
||
| Deploy the foundational infrastructure components in your `infra` repository. | ||
|
|
||
| Ensure the following components are deployed in your target AWS accounts: | ||
|
|
||
| ```bash | ||
| # Deploy VPC | ||
| atmos terraform deploy vpc -s plat-use1-dev | ||
| atmos terraform deploy vpc -s plat-use1-staging | ||
| atmos terraform deploy vpc -s plat-use1-prod | ||
|
|
||
| # Deploy ECS Cluster | ||
| atmos terraform deploy ecs/cluster -s plat-use1-dev | ||
| atmos terraform deploy ecs/cluster -s plat-use1-staging | ||
| atmos terraform deploy ecs/cluster -s plat-use1-prod | ||
|
|
||
| # Deploy Github OIDC Provider | ||
| atmos terraform deploy github-oidc-provider -s plat-gbl-dev | ||
| atmos terraform deploy github-oidc-provider -s plat-gbl-staging | ||
| atmos terraform deploy github-oidc-provider -s plat-gbl-prod | ||
| ``` |
Member
There was a problem hiding this comment.
Instead of asking the user to redeploy these specific three components, we should have a task list that lists what is required for the ECS app. (see the "TaskList" component).
Phrasing like we have in now implies that the user has to redeploy a VPC, EKS cluster, and GitHub OIDC, but in reality, those are already all deployed by this point.
milldr
reviewed
Jan 26, 2026
milldr
reviewed
Jan 26, 2026
milldr
reviewed
Jan 26, 2026
Comment on lines
108
to
112
| The template includes: | ||
| - Sample Go application with Dockerfile | ||
| - GitHub Actions workflows for CI/CD | ||
| - Terraform/OpenTofu components for ECS task definitions | ||
| - Atmos stack configurations for each environment |
Member
There was a problem hiding this comment.
Fix formatting. Use one of the existing components. For example, TaskList, or Steps.
milldr
reviewed
Jan 26, 2026
milldr
reviewed
Jan 26, 2026
| tfstate-backend-apps: | ||
| vars: | ||
| privileged_principal_arns: | ||
| - !terraform.state example-app/iam-role .role.arn |
Member
There was a problem hiding this comment.
milldr
reviewed
Jan 26, 2026
milldr
reviewed
Jan 26, 2026
milldr
requested changes
Jan 28, 2026
Comment on lines
+74
to
+118
| ### ECS with Atmos (Recommended) | ||
|
|
||
| The [app-on-ecs-v2](https://github.com/cloudposse-examples/app-on-ecs-v2) example demonstrates a self-contained approach where workflows are defined directly in the application repository. This approach uses Atmos for configuration orchestration and OpenTofu for infrastructure management. | ||
|
|
||
| With this approach, you need only a few workflows in your application repository: | ||
|
|
||
| 1. `feature-branch.yml` - Build and deploy to preview environments | ||
| 2. `preview-cleanup.yml` - Clean up preview environments when PRs close | ||
| 3. `main-branch.yaml` - Build, deploy to dev, and create draft release | ||
| 4. `release.yaml` - Promote and deploy to staging/production | ||
| 5. (optional) `validate.yml` - Run validation checks | ||
| 6. (optional) `labeler.yaml` - Auto-label PRs | ||
|
|
||
| ```console | ||
| app-on-ecs-v2/ | ||
| ├── .github/ | ||
| │ └── workflows/ | ||
| │ ├── feature-branch.yml | ||
| │ ├── preview-cleanup.yml | ||
| │ ├── main-branch.yaml | ||
| │ ├── release.yaml | ||
| │ ├── validate.yml | ||
| │ └── labeler.yaml | ||
| ├── app/ | ||
| │ ├── main.go | ||
| │ └── Dockerfile | ||
| ├── terraform/ | ||
| │ ├── components/ | ||
| │ │ └── ecs-task/ | ||
| │ └── stacks/ | ||
| │ ├── dev.yaml | ||
| │ ├── staging.yaml | ||
| │ ├── prod.yaml | ||
| │ └── preview.yaml | ||
| └── .opentofu-version | ||
| ``` | ||
|
|
||
| ### ECS with Ecspresso (Deprecated) | ||
|
|
||
| :::warning | ||
| The ecspresso-based approach is deprecated. For new projects, use [ECS with Atmos](/layers/software-delivery/ecs-atmos/) instead. | ||
| ::: | ||
|
|
||
| <details> | ||
| <summary>View deprecated ecspresso workflow structure</summary> |
Member
There was a problem hiding this comment.
these should be on the given page for the implementation. For instance move ECS with Atmos (Recommended) to the ecs-atmos.mdx and ECS with Ecspresso to ecs-ecspresso.mdx
Or if it's a high-level description, it should be included in the tab content.
Member
There was a problem hiding this comment.
did you add this to refarch-scaffold?
Comment on lines
+228
to
+261
| ```yaml title="terraform/stacks/deps/vpc.yaml" | ||
| components: | ||
| terraform: | ||
| vpc: | ||
| metadata: | ||
| component: vpc | ||
| type: abstract | ||
| terraform_workspace: "{{ .vars.tenant }}-{{ .vars.environment }}-{{ .vars.deps_stage }}" | ||
| backend_type: s3 | ||
| backend: | ||
| s3: | ||
| bucket: "acme-core-gbl-root-tfstate" | ||
| region: "us-east-1" | ||
| encrypt: true | ||
| key: terraform.tfstate | ||
| acl: bucket-owner-full-control | ||
| assume_role: | ||
| role_arn: "arn:aws:iam::111111111111:role/acme-core-gbl-root-tfstate-ro" | ||
| ``` | ||
|
|
||
| ```yaml title="terraform/stacks/deps/ecs-cluster.yaml" | ||
| components: | ||
| terraform: | ||
| vpc: | ||
| metadata: | ||
| component: vpc | ||
| type: abstract | ||
| terraform_workspace: "{{ .vars.tenant }}-{{ .vars.environment }}-{{ .vars.deps_stage }}" | ||
| backend_type: s3 | ||
| backend: | ||
| s3: | ||
| bucket: "acme-core-gbl-root-tfstate" | ||
| region: "us-east-1" | ||
| encrypt: true |
Member
There was a problem hiding this comment.
The second YAML example appears to have a copy-paste error—it defines vpc: instead of ecs-cluster::
components:
terraform:
ecs-cluster: # <-- Should be ecs-cluster, not vpc
metadata:
component: ecs-cluster # <-- And here
...
| - [ ] Container definitions configured in `terraform/stacks/default/app.yaml` | ||
| - [ ] `atmos terraform plan app -s preview` runs successfully | ||
| </TaskList> | ||
|
|
Member
There was a problem hiding this comment.
Add call to action for trigger workflows. See the CTA component
Comment on lines
+18
to
+29
| ### <StepNumber/> Create a Pull Request | ||
|
|
||
| Create a PR and add the `deploy` label to deploy a preview environment: | ||
|
|
||
| ```bash | ||
| git checkout -b feature/test-preview | ||
| # Make changes | ||
| git push origin feature/test-preview | ||
| ``` | ||
|
|
||
| Then add the `deploy` label to the PR in GitHub. | ||
| </Step> |
Member
There was a problem hiding this comment.
- Where can the user see this preview environment? (github ui has deployment link)
- What are the different CI or CD steps that are being run for a preview environment? (add simple explanation)
- What cluster is this deployed to by default? (dev)
|
|
||
| Then add the `deploy` label to the PR in GitHub. | ||
| </Step> | ||
|
|
Comment on lines
+32
to
+45
| ### <StepNumber/> Merge PR into Main Branch | ||
|
|
||
| Push any change to the `main` branch to trigger the main branch workflow: | ||
|
|
||
| ```bash | ||
| git add . | ||
| git commit -m "Initial setup" | ||
| git push origin main | ||
| ``` | ||
|
|
||
| This will: | ||
| - Build and push a Docker image to ECR | ||
| - Deploy to the `dev` environment | ||
| - Create a draft release |
Member
There was a problem hiding this comment.
- What CI or CD steps are being run now?
- Where can the engineer see the deployment?
- What ECS cluster is this deployed to? How is that determined?
Comment on lines
+49
to
+58
| <Step> | ||
| ### <StepNumber/> Publish a Release | ||
|
|
||
| Edit the draft release created by the main branch workflow and click "Publish release". This will: | ||
| - Promote the Docker image tag | ||
| - Deploy to `staging` | ||
| - Wait for approval (if configured) | ||
| - Deploy to `prod` | ||
| </Step> | ||
| </Steps> |
Member
There was a problem hiding this comment.
- Again, now what CI / CD steps are being run?
- Where can the engineer see the deployment?
- How do we configure approval?
Co-authored-by: Dan Miller <miller0daniel@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
what
why