This topic describes how to install and configure GitLab.

Introduction

GitLab CE edition is a free open-source tool that helps you host Git repositories and run your CI/CD pipeline.

To keep it simple, you can install GitLab on an ECS instance with a direct access to Internet. Although the servers will be protected via encryption and restrictive security group rules, you might also want to isolate your virtual machines from Internet by using a VPN Gateway.

The following diagram illustrates the architecture for GitLab.



Create cloud resources

The first step is to buy a domain name. This is necessary if you want to enable security on your servers:

  1. Log on to the Domain console.
  2. Click Purchase.
  3. Choose a domain, such as my-sample-domain.xyz and follow the instructions to buy it.
  4. Return to the console and refresh the page in order to see your new domain.
Note Due to a limitation in Direct Mail, choose a domain name with less than 28 characters.

The second step is to create ECS instances and related resources:

  1. Log on to the VPC console.
  2. Select the region where you want to create the VPC on top of the page, for example, Singapore.
  3. Click Create VPC.
  4. Fill in the new form with the following information:
    • VPC name = devops-simple-app-vpc
    • VPC destination CIDR Block = “192.168.0.0/16”
    • VSwitch name = devops-simple-app-vswitch
    • VSwitch zone = first zone of the list
    • VSwitch destination CIDR Block = “192.168.0.0/24”
  5. Click OK to create the VPC and the VSwitch.
  6. In the VPC list, click the VPC you have just created.
  7. Scroll down and click 0 at the right of Security Group.
  8. In the new page, click Create Security Group.
  9. Fill in the new form with the following information:
    • Template = Web Server Linux
    • Security Group Name = devops-simple-app-security-group
    • Network Type = VPC
    • VPC = select the VPC you just created (with the name devops-simple-app-vpc)
  10. Click OK to create the security group and the rules from the template. Note that the rules open the ports for SSH, HTTP, HTTPS and ICMP to any computer on Internet.
  11. Log on to the ECS console.
  12. Click Create Instance.
  13. If needed, select Advanced Purchase (also named Custom).
  14. Fill in the wizard with the following information:
    • Billing Method = Pay-As-You-Go
    • Region = same as your VPC and the same availability zone as the VSwitch
    • Instance Type = filter by vCPU = 2, Memory = 4 GiB, Current Generation tab, and select a remaining type such as ecs.n4.large
    • Image = Ubuntu 18.04 64bit
    • System Disk = Ultra Disk 40 GiB
    • Network = VPC, select the VPC and VSwitch you have just created
    • Do NOT assign a public IP (we will create an EIP instead, which is more flexible)
    • Security Group = select the group you have just created
    • Log on Credentials = select Password and choose one
    • Instance Name = devops-simple-app-gitlab
    • Host = devops-simple-app-gitlab
    • Read and accept the terms of service
  15. Finish the instance creation by clicking Create Instance.
  16. Go back to the console, click Instances from the left-side navigation pane, and select a region. Your new instance is displayed.
  17. Click EIP in the left-side navigation pane.
  18. On the new page, click Create EIP.
  19. Fill in the wizard with the following information:
    • Region = the region where you have created your ECS
    • Max Bandwidth = 1 Mbps
    • Quantity = 1
  20. Click Buy Now, check the agreement of service, and click Activate.
  21. Go back to the console and check your new EIP.
  22. Next to your new EIP, click Bind.
  23. Fill in the new form with the following information:
    • Instance Type = ECS Instance
    • ECS Instance = devops-simple-app-gitlab/i-generatedstring
    • Click OK to bind the EIP to your ECS instance.
  24. Copy the IP address of your EIP (for example, 47.88.155.70).

The ECS instance is ready for GitLab. Now register a sub-domain for this machine:

  1. Log on to the Domain console.
  2. On the row corresponding to your domain (for example, my-sample-domain.xyz), click Resolve.
  3. Click Add Record.
  4. Fill in the new form with the following information:
    • Type = A- IPV4 address
    • Host = gitlab
    • ISP Line = Outside mainland China
    • Value = The EIP IP Address (for example, 47.88.155.70)
    • TTL = 10 minute(s)
  5. Click OK to add the record.

Install GitLab

Open a terminal on your computer and type:

# Connect to the ECS instance
ssh root@gitlab.my-sample-domain.xyz # Use the password you set when you have created the ECS instance

# Update the machine
apt-get update
apt-get upgrade

# Add the GitLab repository for apt-get
cd /tmp
curl -LO https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh
bash /tmp/script.deb.sh

# Install GitLab
apt-get install gitlab-ce

# Open GitLab configuration
nano /etc/gitlab/gitlab.rb
Note If you use MAC OSX, you must first disable the setting Set locale environment variables on startup in Preferences > Profiles > Advanced.

In the GitLab configuration file, replace the value of external_url by http://gitlab.my-sample-domain.xyz (the domain you have just purchased and configured), and then save and quit by pressing Ctrl+X.

Now start GitLab and try it. In your terminal, run the following command:

gitlab-ctl reconfigure

Open your web browser on http://gitlab.my-sample-domain.xyz. The following figure is displayed.



If the preceding figure is not displayed, first make sure you did not miss a step, and then raise an issue if the problem persists.

Do not enter your new password because you are using an unencrypted connection. Now fix this problem.

Configure HTTPS

Open your terminal and enter the following commands:

# Connect to the ECS instance
ssh root@gitlab.my-sample-domain.xyz # Use the password you set when you have created the ECS instance

# Install dependencies
apt-get install ca-certificates openssh-server
apt-get install postfix # During the installation, select "Internet Site" and set your domain (for example, gitlab.my-sample-domain.xyz)

# Open GitLab configuration
nano /etc/gitlab/gitlab.rb

The last command allows you to edit GitLab configuration:

  1. Modify the value of external_url by adding an s to http:// into https:// (for example, https://gitlab.my-sample-domain.xyz).
  2. Scroll to Let’s Encrypt integration and insert the following lines:
    letsencrypt['enable'] = true
    letsencrypt['contact_emails'] = ["john.doe@your-company.com"] # Your email address
    letsencrypt['auto_renew'] = true
    letsencrypt['auto_renew_hour'] = 11
    letsencrypt['auto_renew_minute'] = 42
    letsencrypt['auto_renew_day_of_month'] = "*/14"

    Quit and save the file by pressing Ctrl+X, and then apply the configuration change and restart GitLab:

    gitlab-ctl reconfigure

    Check it worked by opening your web browser and visit https://gitlab.my-sample-domain.xyz (with the s in https).

You can now enter your new password and sign in with the username root and your new password. You can now access the GitLab dashboard.

Before going further, you still need to configure:

  • An email server so that GitLab can send emails.
  • Automatic backup to avoid losing data.

Configure the mail server

Note Direct Mail is not available in all regions, but you can configure it in a different one from where you have created your ECS instance. Direct Mail is available in China (Hangzhou), Singapore, and Australia (Sydney). Contact us if you need it in another region.

Go back to the Alibaba Cloud web console and perform the following steps:

  1. Log on to the Direct Mail console.
  2. Select the region on top of the page.
  3. Click Email Domains in the left-side navigation pane.
  4. Click New Domain.
  5. In the new form, set the domain name to mail.my-sample-domain.xyz (the domain you chose earlier with the prefix mail).
  6. The page must be refreshed with your new email domain. Click the Configure link on its right side.
  7. The new page explains you how to configure your domain. Keep this web browser tab opened, open a new one, and go to the Domain console.
  8. Click the Resolve link next to your domain.
  9. Click Add Record.
  10. Fill in the new form with the following information:
    • Type = TXT- Text
    • Host = the Host record column under 1,Ownership verification in the Direct Mail tab (for example, aliyundm.mail)
    • ISP Line = Outside mainland China
    • Value = the Record value column under 1,Ownership verification in the Direct Mail tab (for example, 3cdb41a3351449c2af6f)
    • TTL = 10 minute(s)
  11. Click OK and click Add Record again.
  12. Fill in the new form with the following information:
    • Type = TXT- Text
    • Host = the Host record column under 2,SPF verification in the Direct Mail tab (for example, mail)
    • ISP Line = Outside mainland China
    • Value = the Record value column under 2,SPF verification in the Direct Mail tab (for example, v=spf1 include:spfdm-ap-southeast-1.aliyun.com -all)
    • TTL = 10 minute(s)
  13. Click OK and click Add Record again.
  14. Fill in the new form with the following information:
    • Type = MX- Mail exchange
    • Host = the Host record column under 3,MX Record Verification in the Direct Mail tab (for example, mail)
    • ISP Line = Outside mainland China
    • Value = the Record value column under 3,MX Record Verification in the Direct Mail tab (for example, mxdm-ap-southeast-1.aliyun.com)
    • MX Priority = 10
    • TTL = 10 minute(s)
    • Synchronize the Default Line = checked
  15. Click OK and click Add Record again.
  16. Fill in the new form with the following information:
    • Type = CNAME- Canonical name
    • Host = the Host record column under 4,CNAME Record Verification in the Direct Mail tab (for example, dmtrace.mail)
    • ISP Line = Outside mainland China
    • Value = the Record value column under 4,CNAME Record Verification in the Direct Mail tab (for example, tracedm-ap-southeast-1.aliyuncs.com)
    • TTL = 10 minute(s)
  17. Click OK.

You probably have a domain configuration that looks like the following figure.



Continue with the email server configuration:

  1. Go back to the Direct Mail console (the web browser tab you kept opened).
  2. Click Cancel to go back to the email domain list.
  3. Click Verify next to your new domain, and confirm when the prompt appears.
  4. Refresh the page after 20 seconds. If the status of your domain is still To Be Verified, click Configure and check which step is still in the To Be Verified status, fix your domain configuration, and re-do the previous step (Verify). Sometimes the verification step is a bit slow and you need to retry several times. When the email domain status is Verification successful, you can go to the next step.
  5. Click Sender Addresses in the left-side navigation pane.
  6. Click Create Sender Address.
  7. Fill in the new form with the following information:
    • Email Domains = mail.my-sample-domain.xyz (the email domain you just configured)
    • Account = gitlab
    • Reply-To Address = your email address (for example, john.doe@your-company.com)
    • Mail Type = Triggered Emails
  8. Click OK to close the form.
  9. Your new sender address must be added to the list. Click Set SMTP password next to it.
  10. Set the SMTP password and click OK.
  11. Click Verify the reply-to address next to your new sender address, and confirm when the prompt appears.
  12. Check your mailbox corresponding to the address you set in the Reply-To Address field. You should have received an email from directmail.
  13. Click the link in this email to check a confirmation message.
  14. Go back to the sender addresses page and save the SMTP address and port at the end of the description. It should be something like SMTP service address: smtpdm-ap-southeast-1.aliyun.com . SMTP service ports: 25, 80 or 465(SSL encryption).

Now that the email server is ready. Configure GitLab to use it. Open a terminal on your computer and enter the following commands:

# Connect to the ECS instance
ssh root@gitlab.my-sample-domain.xyz # Use the password you set when you have created the ECS instance

# Open GitLab configuration
nano /etc/gitlab/gitlab.rb

Scroll down to ### Email Settings and insert the following lines:

gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = 'gitlab@mail.my-sample-domain.xyz' # The sender address you have just created
gitlab_rails['gitlab_email_display_name'] = 'GitLab'
gitlab_rails['gitlab_email_reply_to'] = 'gitlab@mail.my-sample-domain.xyz'

Scroll down to ### GitLab email server settings and insert the following lines:

gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtpdm-ap-southeast-1.aliyun.com"   # SMTP address written in the Direct Mail console
gitlab_rails['smtp_port'] = 465                                     # SMTP port written in the Direct Mail console
gitlab_rails['smtp_user_name'] = "gitlab@mail.my-sample-domain.xyz" # Sender address
gitlab_rails['smtp_password'] = "HangzhouMail2018"                  # SMTP password for the sender address
gitlab_rails['smtp_domain'] = "mail.my-sample-domain.xyz"           # Your email domain
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = false
gitlab_rails['smtp_tls'] = true

Apply the configuration change and restart GitLab:

gitlab-ctl reconfigure

You can test the configuration like this:

  1. Go to GitLab and sign in as root: https://gitlab.my-sample-domain.xyz/
  2. Click Admin area in the top menu (the wrench icon).
  3. Click Users in the left-side navigation pane.
  4. Click Administrator.
  5. Click Edit.
  6. Change the Email field to your personal email address.
  7. Click Save changes.
  8. Sign out by clicking your profile picture on the upper-right corner of the page and by selecting Sign out.
  9. Click the Forgot your password? link.
  10. Set your personal email address and click Reset password.
  11. Check your personal mailbox and verify you have received an email (it may be in the spam folder).

Automatically back up configuration

Backups are important because they prevent data loss in case of accident and allow you to migrate to another ECS instance if you need.

To run backups automatically, open a terminal and run the following commands:

Note The GitLab documentation requires TAR version of 1.30 or later.

Create an OSS bucket for you to store your backups:

  1. Log on to the OSS console.
  2. Click Create Bucket.
  3. Fill in the new form with the following information:
    • Bucket Name = gitlab-my-sample-domain-xyz (you can set the name you want, but it must be unique)
    • Region = the same as your ECS instance (for example, Asia Pacific SE 1 (Singapore))
    • Storage Class = Standard
    • Access Control List (ACL) = Private
  4. Click OK.
  5. The page must show the bucket you have created. Save the last Endpoint for VPC Network Access (something like oss-ap-southeast-1-internal.aliyuncs.com). It contains your bucket name and the region ID, for example, ap-southeast-1.

You will also need an access key id and secret:

  1. Log on to the user management center by clicking on your profile on the upper-right corner of the page and by selecting AccessKey.
  2. Click Create Access Key.
  3. Note the AccessKeyID and the AccessKeySecret, and click Save AccessKey Information.

In your terminal, mount your OSS bucket as a folder:

# Save your bucket name, access key id and access key secret in the file /etc/passwd-ossfs
# The format is my-bucket:my-access-key-id:my-access-key-secret
echo gitlab-my-sample-domain-xyz:LTAI********ujwZ:rc15yggaCX08A********X49wNUGpk > /etc/passwd-ossfs
chmod 640 /etc/passwd-ossfs

# Create a folder where we will mount the OSS bucket
mkdir /mnt/gitlab-bucket

# Mount the OSS bucket
# The -ourl come from the last "Endpoint" for VPC Network Access
ossfs gitlab-my-sample-domain-xyz /mnt/gitlab-bucket -ourl=http://oss-ap-southeast-1-internal.aliyuncs.com

# Check it works
echo "It works" > /mnt/gitlab-bucket/test.txt

# Unmount the OSS bucket
umount /mnt/gitlab-bucket

Check that the test file is present in your bucket:

  1. Log on to the OSS console.
  2. Click your bucket name in the left-side navigation pane.
  3. Select Files from the top menu.
  4. The file test.txt should be present and should contain It works.
  5. Delete this file.

Configure the OSS bucket so that it is automatically mounted when the ECS instance starts. Create the following file:

Adapt and copy the following content:

Make sure you set the right bucket name and endpoint. Quit and save by pressing CTRL+X. Configure Systemd to run this script at startup.

Log on to the OSS console, and check that the test2.txt file is present in your bucket and delete it.

Configure GitLab to store its backup files in the mounted folder. Open the terminal and run the following command:

# Open GitLab configuration
nano /etc/gitlab/gitlab.rb

Scroll to ### Backup Settings and insert the following line:

gitlab_rails['backup_path'] = "/mnt/gitlab-bucket/backup/"

Quit and save by pressing CTRL+X, and then check if it works:

# Apply GitLab configuration
gitlab-ctl reconfigure

# Manually launch a first backup
gitlab-rake gitlab:backup:create

The last command should have created a backup. Log on to the OSS console and check you have a file with a path like backup/1540288854_2018_10_23_11.3.6_gitlab_backup.tar.

Configure automatic backup so that it is started automatically every night. For that we will create two types of cron jobs: one to execute the preceding backup command and the other to save the GitLab configuration files.

Open your terminal and run the following command:

# Edit the CRON configuration file. Select nano as the editor.
crontab -e

Add the following lines into this file:

0 2 * * * /opt/gitlab/bin/gitlab-rake gitlab:backup:create CRON=1
0 2 * * * /bin/cp /etc/gitlab/gitlab.rb "/mnt/gitlab-bucket/backup/$(/bin/date '+\%s_\%Y_\%m_\%d')_gitlab.rb"
0 2 * * * /bin/cp /etc/gitlab/gitlab-secrets.json "/mnt/gitlab-bucket/backup/$(/bin/date '+\%s_\%Y_\%m_\%d')_gitlab-secrets.json"

Save and quit by pressing CTRL+X.

You now have configured automatic backup every night at 02:00. If you want to test this configuration, you can replace 0 2 * * * by the current time plus 2 minutes. For example, if the current time is 14:24, then set 26 14 * * *. After that, you need to wait about 2 minutes and check whether new files have been created in your OSS bucket.

The restoration process is well described in the official documentation (section Restore for Omnibus installations). Note that it is considered as a best practice to test your backups from time to time.

Install and configure GitLab runner

It is a best practice to run CI/CD jobs (including code compilation, unit tests execution, and application packing) on a different machine from the one that runs GitLab.

Thus, we need to set up one runner on a new ECS instance. Follow these steps:

  1. Log on to the VPC console.
  2. Select the region of the GitLab ECS instance (on the top of the page).
  3. Click the VPC devops-simple-app-vpc.
  4. Click 1 next to Security Group.
  5. Click Create Security Group.
  6. Fill in the new form with the following information:
    • Template = Customize
    • Security Group Name = devops-simple-app-security-group-runner
    • Network Type = VPC
    • VPC = select the VPC devops-simple-app-vpc
  7. Click OK to create the group. We will not add any rule in order to be as restrictive as possible (to improve security).
  8. Log on to the ECS console.
  9. Click Create Instance.
  10. If needed, select Advanced Purchase (also named Custom).
  11. Fill in the wizard with the following information:
    • Billing Method = Pay-As-You-Go
    • Region = the same as the ECS instance where you have installed GitLab
    • Instance Type = filter by vCPU = 2, Memory = 4 GiB, Current Generation tab, and select a remaining type such as ecs.n4.large
    • Image = Ubuntu 18.04 64bit
    • System Disk = Ultra Disk 40 GiB
    • Network = VPC, select the VPC and VSwitch of the GitLab ECS instance
    • Assign a public IP (no need of an EIP this time)
    • Security Group = select devops-simple-app-security-group-runner
    • Log on Credentials = select Password and choose one
    • Instance Name = devops-simple-app-gitlab-runner
    • Host = devops-simple-app-gitlab-runner
    • Read and accept the terms of service
  12. Finish the instance creation by clicking Create Instance.
  13. Go back to the ECS console, click Instances in the left-side navigation pane, and choose your region on top of the page. You should be able to see your new instance devops-simple-app-gitlab-runner.
  14. Click Connect on the right of your ECS instance, copy the VNC Password (something like 667078) and enter it immediately.
  15. You can see a terminal in your web browser inviting you to log in. Authenticate as root with the password you have just created.

Run the following commands in this web-terminal:

# Update the machine
apt-get update
apt-get upgrade

# Add a new repository for apt-get for GitLab Runner
curl -L https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh | sudo bash

# Add a new repository for apt-get for Docker
apt-get install software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
add-apt-repository \
   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
   $(lsb_release -cs) \
   stable"

# Update the machine
apt-get update

# Install GitLab runner
apt-get install gitlab-runner

# Install dependencies for Docker
apt-get install apt-transport-https ca-certificates curl software-properties-common

# Install Docker
apt-get install docker-ce

As you can see we set up two applications: GitLab Runner and Docker. We will keep things very simple with Docker: it is a verypowerful tool, but for the moment we will just use it as a super installer, for example we will not set up any tool, compiler or SDK on this machine. Instead, we will be lazy and let Docker download the right images for us. Things will become clearer later in this tutorial when we will configure our CI/CD pipeline.

Connect to the runner with GitLab:

  1. Open GitLab on another web browser tab (the URL must be like https://gitlab.my-sample-domain.xyz/).
  2. Sign in if necessary.
  3. Choose Admin area from the top (the wrench icon).
  4. Choose Runners from the left.

The bottom of the page contains an URL and a token:



Go back to the web-terminal connected to the runner machine, and type:

gitlab-runner register

This tool needs several information to register the runner. Enter the following responses:

  1. Enter the gitlab-ci coordinator URL (for example, https://gitlab.com): copy the URL from the GitLab page above (for example, https://gitlab.my-sample-domain.xyz/)
  2. Enter the gitlab-ci token for this runner: copy the token from the GitLab page above (for example, gXppo8ZyDgqdFb1vPG-w)
  3. Enter the gitlab-ci description for this runner: devops-simple-app-gitlab-runner
  4. Enter the gitlab-ci tags for this runner (comma separated): (keep it empty)
  5. Enter the executor: docker
  6. Enter the default Docker image (for example, ruby:2.1): alpine:latest

After the tool gives you back the hand, you should be able to see this runner on the GitLab web browser tab. Refresh the page and check at the bottom, you should see something like this.



Our GitLab is now ready to be used! But there are few more points to consider before creating our first project:

Manage users

As administrator, you can follow these steps to improve your GitLab account:

  1. Open GitLab in your web browser (the URL must be like https://gitlab.my-sample-domain.xyz/).
  2. Click your avatar on the upper-right corner of the page and select Settings.
  3. Correctly set the Full name and Email fields and click Edit profile settings.
  4. Click Account from the left.
  5. Change your username and click Update username, and then confirm it again when the prompt appears (this step improves security as attackers would have to guess your username in addition to your password).

You may also want to control who can register on your GitLab server (the default configuration allows anyone on the Internet to register):

  1. Click Admin area from the top (the wrench icon).
  2. Click Settings from the left.
  3. Expand the Sign-up restrictions section.
  4. Uncheck the Sign-up enabled field.
  5. Click Save changes.

Now only administrators can create new users. This can be done by navigating to the Overview > Users in the Admin area.

Maintain the GitLab

Linux servers need to be upgraded from time to time: security patches must be installed as soon as possible and applications should be updated to their latest versions.

On Ubuntu instances, the following commands allow you to safely update your server:

apt-get update
apt-get upgrade

Other commands such as apt-get dist-upgrade or do-release-upgrade are less safe, especially the last one because it can update Ubuntu to a later LTS version that is not yet supported by Alibaba Cloud.

For more complex upgrade, it may be more practical to replace the ECS instance:

  1. Create a backup of the existing GitLab data.
  2. Create a new ECS instance and install GitLab.
    Note The GitLab version on the new ECS instance must be the same as the old one, if not the backup-restore process fails.
  3. Restore the backups to the new machine.
  4. Check whether the new instance works.
  5. Unbind the EIP from the old ECS instance and bind it to the new one.
  6. Release the old ECS instance.

Security updates can be automatically installed thanks to unattended-upgrades. For each ECS instance (GitLab and its runner), open a terminal (using SSH or the web-terminal console) and enter the following commands:

# Install unattended-upgrades
apt-get install unattended-upgrades

# Check the default configuration is fine for you. Press CTRL+X to quit.
nano /etc/apt/apt.conf.d/50unattended-upgrades

# Enable automatic upgrades
dpkg-reconfigure --priority=low unattended-upgrades

# Edit the related configuration
nano /etc/apt/apt.conf.d/20auto-upgrades

The last configuration file can be modified and the result looks like this:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";

Save and quit by pressing CTRL+X. You can launch unattended-upgrades manually for testing:

unattended-upgrade -d

The logs of unattended-upgrades are printed in /var/log/unattended-upgrades.

More information about automatic update can be found here.

Upgrade the GitLab

The described architecture for GitLab is fine as long as the number of users is not too large. However, there are several solutions when things start to get slow:

  • If pipeline jobs take too much time to run, maybe adding more runners or using ECS instances with higher specifications can help.
  • If GitLab itself becomes slow, the simplest solution is to migrate it to an ECS instance of a higher instance type.

If a single GitLab instance becomes unavailable due to performance issues or high-availability requirements, the architecture can evolve into a distributed system involving the following cloud resources:

  • Additional ECS instances.
  • A server load balancer to distribute the load across ECS instances.
  • A NAS to let multiple ECS instances share a common file storage system.
  • An external database.

As you can see the complexity can quickly increase. Tools such as Packer (virtual machine image builder), Terraform (infrastructure as code software) or Chef / Puppet / Ansible / SaltStack(configuration management) can greatly help managing it: they require an initial investment but allow organizations to better manage their systems.

Another solution is to let other companies manage this complexity for you. There are many SaaS vendors such as GitLab.com or GitHub. Alibaba Cloud offers Codepipeline, but it is currently only available in China.