I am trying to define a devops flow for creating and updating an ECS cluster using Cloud Formation templates, however I'm not sure what the high level steps should be and in what order.
For example, I have a CF template for creating the ECS service, but this references a task definition, which itself references a docker image.
So the implied order seems to be:
Is that the right approach? When I build the next version of the docker image how should this be published to ECS? Do I create a new service and destroy the previous one? How would I do a rolling update in this case?
Make the docker image tag an input parameter of your CloudFormation template. Have the task definition and service definition in your CloudFormation template.
After you push a new version of the docker image to ECR, perform a CloudFormation update stack, with the updated input parameters, and CloudFormation will create a new task definition version, and then trigger the existing ECS service to deploy the new version.
When triggered to deploy a new version, the ECS service will spin up the new task, notify the load balancer to start sending connections to the new task and drain connections from the old task, and then after the connections are drained it will shut down the old task. The exact behavior of this ECS service deployment can be modified via several settings on the ECS service.
If you want more control over this, and the ability to do things like blue/green deployments, you would need to stop using CloudFormation for task/service updates and use AWS CodeDeploy instead.