Dear DevOps Abby

My cloud doesn’t love me, and Container CI/CD

As promised, I’m working my way through all your great questions!  Here we go.

“Dear AWS Abby,
I think my cloud doesn’t like me anymore.
It keeps telling me that I’ve reached my limit, and sometimes even goes as far as to tell me to back off.
What should I do?”


Oh man. First, and most importantly, we ALWAYS love you. It sounds like you’re hitting some service limits. Service limits exist to protect you!  You might have a process that’s scaling out of control and triggering your autoscaling group, or you might have a job that’s stuck taking all of your CPU and triggering your rules.  If you need those limits lifted, though, we can help! Your best bet here is to contact support, but here is a pro tip FOR FREE- when speaking with support for anything (including limit increases!) the more info, the better. So something like “hey I need the limit increased to X because Y reasons” is always better than “I need more EC2 instances”. Saves a roundtrip to support, and you get your increase faster!


“Dear AWS Abby,

What tools do you use for CI/CD deployment of containers?”

This is a great question, and I think it’s a personal one! I always think the best tool is the one that you can maintain. So if Jenkins makes you happy, use Jenkins! If you prefer Travis, that’s cool, too! I think one of the big issues around CI/CD for containers is caching (or lack thereof).

My personal choice would be CodePipeline. Here’s why. There are _tons_ of things that I’m happy to spend time playing with and customizing myself. I don’t think that (for me), my CI/CD platform is one of them. I just kind of want it to work. In my case, that means it should build my container, run tests (both unit and integration), push my container with two tags (one with the SHA of the commit, and one with a friendly tag like dev/prod/latest), update my ECS Task Definition with the new image, and update the service. I also want it to be a closely integrated with AWS as possible- I don’t want to manage keys/integrations, so I’ll use something that just let’s IAM deal with the identity piece.

When I ran ECS as a customer, there wasn’t CodePipeline support for ECS, so I used something called CircleCI, after trying out quite a few hosted solutions. CircleCI was also fine, but it required a) a bit more work to play nicely with my AWS resources and b) had not quite solved the caching issues.

Here’s the thing: I’m lazy. So use whatever you can maintain with the smallest amount of effort (which is CodePipeline for me), but you do you. The key is: “with the smallest amount of effort”. Hopefully you have better/more exciting things to focus on than your CI/CD, so pick something that works and that you’re happy with the performance of, and stick with it.