aws-cloudformation-task-ecs-deploy-gh_skill

This skill guides deploying ECS tasks and services via GitHub Actions with CloudFormation, enabling secure OIDC authentication and multi-environment pipelines.
  • Python

99

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill giuseppe-trisciuoglio/developer-kit --skill aws-cloudformation-task-ecs-deploy-gh

  • SKILL.md25.9 KB

Overview

This skill provides production-ready patterns to deploy Amazon ECS tasks and services using GitHub Actions and AWS CloudFormation. It covers secure authentication (OIDC or IAM keys), building and pushing Docker images to ECR, rendering task definitions, and orchestrating rolling or blue/green deployments. The goal is repeatable, secure CI/CD for multi-environment container workloads.

How this skill works

Workflows authenticate GitHub Actions to AWS (OIDC recommended), log in to ECR, build and push container images, render task definitions with the new image, and deploy updated task definitions to ECS. CloudFormation templates manage infrastructure (ECR, IAM roles, OIDC provider, ECS cluster, services, and CodeDeploy configuration) so deployments are repeatable and environment-specific. Optional steps include image scanning, lifecycle policies, and wait-for-service-stability checks.

When to use it

  • Deploy Docker containers to ECS from GitHub Actions
  • Set up CI/CD that builds, tags, and pushes images to ECR
  • Update ECS task definitions and deploy services automatically
  • Implement blue/green or rolling deployment strategies
  • Manage infrastructure with CloudFormation from CI/CD
  • Support multi-environment pipelines (dev/stage/prod) with secure auth

Best practices

  • Prefer OIDC for GitHub→AWS authentication to avoid long-lived secrets
  • Use immutable image tags (commit SHA) and ECR image scanning on push
  • Keep task definitions parameterized and render images at deploy time
  • Set deployment circuit breakers, health checks, and wait-for-stability in workflows
  • Use CloudFormation for IAM, OIDC provider, and CodeDeploy resources to enforce least privilege
  • Configure lifecycle policy on ECR and enable image tag immutability

Example use cases

  • CI pipeline that builds with Buildx, pushes multi-arch images to ECR, and deploys an updated task definition
  • Blue/green production deployment via CodeDeploy with CloudFormation-managed deployment groups and alarms
  • Multi-environment stacks where workflows choose CloudFormation parameters per environment
  • Quickstart workflow that uses aws-actions/configure-aws-credentials with OIDC to assume a deploy role and run aws cloudformation deploy
  • Pipeline that updates container secrets from Secrets Manager and redeploys services after image push

FAQ

Use OIDC to assume an AWS role from GitHub Actions. It eliminates long-lived keys and enforces repo/branch trust conditions. IAM access keys are supported only as a fallback.

How do I ensure a new image is used by ECS tasks?

Render the task definition in the workflow with the ECR image tag (commit SHA), then deploy the rendered task definition to the service; enable wait-for-service-stability to verify successful rollout.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
aws-cloudformation-task-ecs-deploy-gh skill by giuseppe-trisciuoglio/developer-kit | VeilStrat