Search code examples
javaamazon-web-servicesamazon-ec2github-actionsamazon-ecs

The service and task in aws are not created and always have the status "Provisioning"

Help me please solve the problem of deploying my spring java application to AWS (EC2, ECS) using GitHub Action.

So, I am following the recommendations provided in the default workflow file for "Deploy to Amazon ECS" on GitHub Actions.

First, I created a private repository on AWS and built an image using the "View push commands" in AWS. enter image description here enter image description here

Also, I created the Task definition and claster. You can see that the next.

enter image description here enter image description here

My docker file: enter image description here

My workflow life:

name: Deploy to Amazon ECS

on:
push:
branches: \[ "master" \]
pull_request:
branches: \[ "master" \]

env:
AWS_REGION: eu-north-1                   # set this to your preferred AWS region, e.g. us-west-1
ECR_REPOSITORY: techtask           # set this to your Amazon ECR repository name
ECS_SERVICE: techtaskservice               # set this to your Amazon ECS service name
ECS_CLUSTER: techtask-claster               # set this to your Amazon ECS cluster name
ECS_TASK_DEFINITION: ./td-test.json # set this to the path to your Amazon ECS task definition
\# file, e.g. .aws/task-definition.json
CONTAINER_NAME: container           # set this to the name of the container in the
\# containerDefinitions section of your task definition

permissions:
contents: read

jobs:
deploy:
name: Deploy
runs-on: ubuntu-latest
environment: production

    steps:
    - name: Checkout
      uses: actions/checkout@v4
    - name: Set up JDK 21
      uses: actions/setup-java@v3
      with:
        java-version: '21'
        distribution: 'temurin'
        cache: maven
    
    - name: run compile
      run: mvn clean install -DskipTests
    
    - name: Configure AWS credentials
      uses: aws-actions/configure-aws-credentials@v1
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: ${{ env.AWS_REGION }}
    
    - name: Login to Amazon ECR
      id: login-ecr
      uses: aws-actions/amazon-ecr-login@v1
    
    - name: Build, tag, and push image to Amazon ECR
      id: build-image
      env:
        ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
        IMAGE_TAG: ${{ github.sha }}
      run: |
        # Build a docker container and
        # push it to ECR so that it can
        # be deployed to ECS.
        docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
        docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
        echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
    
    - name: Fill in the new image ID in the Amazon ECS task definition
      id: task-def
      uses: aws-actions/amazon-ecs-render-task-definition@v1
      with:
        task-definition: ${{ env.ECS_TASK_DEFINITION }}
        container-name: ${{ env.CONTAINER_NAME }}
        image: ${{ steps.build-image.outputs.image }}
    
    - name: Deploy Amazon ECS task definition
      uses: aws-actions/amazon-ecs-deploy-task-definition@v1
      with:
        task-definition: ${{ steps.task-def.outputs.task-definition }}
        service: ${{ env.ECS_SERVICE }}
        cluster: ${{ env.ECS_CLUSTER }}
        wait-for-service-stability: true

However, when I tried to create the service, I encountered a problem. The task and service are not created and always have the status "Provisioning" (for the task) and "CREATE_IN_PROGRESS" (for the service).

My user and roles have next permissions:

AdministratorAccess
AmazonEC2ContainerRegistryFullAccess
AmazonEC2ContainerServiceRole
AmazonEC2FullAccess
AmazonEC2RoleforAWSCodeDeploy
AmazonECS_FullAccess
AWSCodeDeployRoleForECS
EC2InstanceConnect

And, when I run workflow file in Hithub Action (deploy my app to the AWS), process stops at the step "Deploy Amazon ECS task definition" and does not complete.

Also I can not connect to Instance:

Failed to connect to your instance
EC2 Instance Connect is unable to connect to your instance. Ensure your instance network settings are configured correctly for EC2 Instance Connect. For more information, see EC2 Instance Connect Prerequisites at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-connect-prerequisites.html.

I tried setting a HEALTHCHECK in the Dockerfile with:
HEALTHCHECK --interval=5s --timeout=10s --retries=3 
CMD curl --silent --fail http://localhost:8080 || exit 1

I also tried creating the HEALTHCHECK when I created the task definition file, but it is not working. I tried creating the repository without using the "View push commands" (manual build and push image), but it is not working either.

Please help me find the problem.

Solution

  • The problem was that there wasn't enough memory to run the task. I used an instance type with higher capacity (t3.small) and increased the limits in the task definition. After that, everything worked perfectly! Thank Mark B for his answer.