Using Codedeploy to publish files from S3 to EC2 server
Preparing a POC application to use with Codedeploy
Create IAM policy and roles
----------------------------------------------------------
{
"Version": "xxxx",
"Statement": [
{
"Sid": "Stmtxxx",
"Effect": "Allow",
"Action": [
"s3:Get*",
"s3:List*"
],
"Resource": [
"arn:aws:s3:::myapp/*",
"arn:aws:s3:::aws-codedeploy-us-east-1/*",
"arn:aws:s3:::aws-codedeploy-us-west-2/*",
"arn:aws:s3:::aws-codedeploy-us-west-1/*"
]
}
]
}
----------------------------------------------------------
Preparing a POC application to use with Codedeploy
- Create index.html with some sample content
- Create appspec.yml with the following content
----------------------------------------------------------
version: 0.0
os: linux
files:
- source: /index.html
destination: /home/ec2-user/myapp/
----------------------------------------------------------
- Please note all other unused config has been stripped down from original appsec.yml. It is important to remove all unused syntax. Otherwise, the application will not deploy properly using Codedeploy.
- Zip just the files index.html and appspec.yml. Name the zip file as myapp-poc.zip
- Please note when the zip is open, appspec.yml should be at the root level without any sub directories
- Create S3 bucket myapp ( Left the default Grantee myaccount with all permissions)
- Upload myapp-poc.zip to S3 myapp S3 bucket ( Left the default Grantee myaccount with all permissions)
Create IAM policy and roles
- Create a policy myapp-codedeploy-ec2-policy S3 bucket myapp ( Left the default Grantee myaccount with all permissions)
- Upload myapp-poc.zip to S3 myapp S3 bucket ( Left the default Grantee myaccount with all permissions)
- Contents of myapp-codedeploy-policy
{
"Version": "xxxx",
"Statement": [
{
"Sid": "Stmtxxx",
"Effect": "Allow",
"Action": [
"s3:Get*",
"s3:List*"
],
"Resource": [
"arn:aws:s3:::myapp/*",
"arn:aws:s3:::aws-codedeploy-us-east-1/*",
"arn:aws:s3:::aws-codedeploy-us-west-2/*",
"arn:aws:s3:::aws-codedeploy-us-west-1/*"
]
}
]
}
----------------------------------------------------------
- Create a role myapp-codedeploy-service-role
- Choose AWSCodeDeploy from AWS Service Roles
- Attach the policy AWSCodeDeployRole (AWS managed) to myapp-codedeploy-service-role
- Edit trust relationship of myapp-codedeploy-service-role to read as
----------------------------------------------------------
{
"Version": "xxxx",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": [
"codedeploy.us-west-2.amazonaws.com",
"codedeploy.us-west-1.amazonaws.com",
"codedeploy.us-east-1.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
----------------------------------------------------------
- Create a role myapp-codedeploy-ec2-role
- Choose Amazon EC2 from AWS Service Roles
- Attach the policy myapp-codedeploy-ec2-policy (AWS managed) to myapp-codedeploy-ec2-role
- Edit trust relationship of myapp-codedeploy-ec2-role to read as
----------------------------------------------------------
{
"Version": "xxxx",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
----------------------------------------------------------
Create an EC2 instance
- Spin up an EC2 instance with desired instance type.
- In "Configure Instance Details" section, choose proper vpc, subnet. choose the IAM role as myapp-codedeploy-ec2-role
- Please note that if you use Codedeploy wizard, it creates EC2 in the default vpc. If the default vpc does not exist, it fails. That is the reason behind spinning up a custom ec2 instance,
- Create tags on the EC2 instance: Ex: Tag name: project Tag value: myapp
- Please note tags are used by Codedeploy to discover instances.
Deploy Codedeploy agent on EC2 instance
- Login into EC2 instance
- Run the following commands
- sudo yum update
- sudo yum install ruby
- sudo yum install wget
- cd /home/ec2-user
- wget https://bucket-name.s3.amazonaws.com/latest/install
- chmod +x ./install
- sudo ./install auto
- sudo service codedeploy-agent status
Create Codedeploy config
- Create new application
- Application name: myapp
- Deployment group name: myapp-deploy-stage
- Tags: Amazon EC2: Key: project Value: myapp (The no. of instances discovered will be displayed)
- Choose Service Role myapp-codedeploy-service-role
- Leave rest of them as default
- Create application
- In the deployment group, select the deployment myapp-deploy-stage
- Actions: Deploy new revision
- Create New Deployment
- Application: myapp
- Deployment Group: myapp-deploy-stage
- Revision Type: My application is stored in Amazon S3
- Revision Location:
- Go to S3 console, select myapp-poc.zip. Copy the complete https url link and ETag url
- Form the revision URL as follows as an example
- https://s3-us-west-2.amazonaws.com/myapp/myapp-poc.zip?etag=962c02cb729b2f36745acbf4102129e1
- Paste the above URL with ETag in the Revision Location field
- Deploy