---
title: Automate Your AWS Deployments with GitHub Actions
slug: automate-aws-deployments-with-github-actions
date: 2024-08-10
category: Automation & Tools
description: A step-by-step guide to setting up CI/CD for AWS deployments using GitHub Actions — from zero to automated deploys.
---

Manual deployments are a liability. Every time someone [SSHs](/blog/how-to-ssh-into-aws-ec2-instance) into a production server and runs commands by hand, you're one typo away from an outage.

Let's fix that with GitHub Actions.

## What We're Building

A CI/CD pipeline that:

1. Runs tests on every pull request
2. Builds a Docker image on merge to `main`
3. Pushes to Amazon ECR
4. Deploys to ECS (or App Runner)

## Step 1: Configure AWS Credentials

Use OIDC federation instead of long-lived access keys. It's more secure and doesn't require rotating secrets. You'll need an [IAM](/blog/aws-explained-what-is-iam) role configured for GitHub Actions.

```yaml
- name: Configure AWS credentials
  uses: aws-actions/configure-aws-credentials@v4
  with:
    role-to-assume: arn:aws:iam::123456789:role/GitHubActionsRole
    aws-region: us-east-1
```

## Step 2: Build and Push

```yaml
- name: Login to ECR
  uses: aws-actions/amazon-ecr-login@v2

- name: Build and push
  run: |
    docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$GITHUB_SHA .
    docker push $ECR_REGISTRY/$ECR_REPOSITORY:$GITHUB_SHA
```

## Step 3: Deploy

For App Runner, the deploy happens automatically when a new image lands in ECR — you just need to configure the service to watch for new images.

For ECS, update the task definition with the new image tag and trigger a service update.

## The Payoff

Once this is set up, every merge to `main` results in a production deployment — tested, built, and deployed without anyone touching a terminal.

Your future self will thank you.

---

*Want to learn more about AWS fundamentals? Check out my [AWS Essentials book](/aws-essentials).*