Ideally I'd like to automate building container images, AMIs (using Image Builder), and ECS services/tasks in a single git repository.
What are the best practices for trying this? Should container/ami builds be separate? I'm trying to build a full stack application and would like to keep everything in a single repository to handle cross-cutting changes. Mainly, if I'm adding a security check to an AMI build, I want a single git push to update the entire application and redeploy ecs services on the new AMI. Same with a container image change, a single git push to update the ecs task definition to use the new container.
I'm new to CDK, and mainly trying to figure out the best practices to start with.
My current thoughts are to have a directory structure like this:
/containers/{a,b,c} /stacks/{ecs,image1,image2}
Then having my CI/CD tooling do these steps:
- container builds in parallel (if those directories or upstream containers changed since last build)
- Update image pipeline stacks
- Update ecs stack with associated AMIs
Thoughts?