Getting Started
Prerequisites:
IAM User
-
Create IAM User
For more information, see Creating an IAM User in IAM User Guide.
-
Grant the IAM user access to AWS CodeDeploy
Copy the following policy and attach it to the IAM user.
To learn how to attach a policy to an IAM user, see Working with Policies. To learn how to restrict users to a limited set of AWS CodeDeploy actions and resources, see Authentication and Access Control for AWS CodeDeploy.
Install or Upgrade and Then Configure the AWS CLI
Installing the AWS Command Line Interface. If you’re on a Mac, I would suggest installing via Brew.
Configuring the AWS CLI. You will need to setup your security credentials.
Create a Service Role for AWS CodeDeploy
NOTE we will be doing this through the CLI. The ability to do this through the console has been removed(?).
Create a Service Role
- On your development machine, create a text file named, for example, CodeDeploy-Trust.json. This file will be used to allow AWS CodeDeploy to work on your behalf. Do one of the following:
- To grant access to all supported regions, save the following content in the file:
- To grant access to only some supported regions, type the following content into the file, and remove the lines for the regions to which you want to exclude access:
-
From the same directory, call the create-role command to create a service role named CodeDeployServiceRole based on the information in the text file you just created:
Important
Be sure to include
file://
before the file name. It is required in this command.aws iam create-role --role-name CodeDeployServiceRole --assume-role-policy-document file://CodeDeploy-Trust.json
In the command’s output, note the value of the Arn entry under the Role object. You will need it later when you create deployment groups. If you forget the value, follow the instructions in Get the Service Role ARN (CLI)
-
Call the attach-role-policy command to give the service role named CodeDeployServiceRole the permissions based on the IAM managed policy named AWSCodeDeployRole. For example:
aws iam attach-role-policy --role-name CodeDeployServiceRole --policy-arn arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole
Get the Service Role ARN
To use the AWS CLI to get the ARN of the service role, call the get-role command against the service role named CodeDeployServiceRole:
aws iam get-role --role-name CodeDeployServiceRole --query "Role.Arn" --output text
Create an IAM Instance Profile for Your Amazon EC2 Instances
NOTE we will be doing this through the CLI. The ability to do this through the console has been removed(?).
- On your development machine, create a text file named CodeDeploy-EC2-Trust.json. Paste the following content, which allows Amazon EC2 to work on your behalf:
- In the same directory, create a text file named CodeDeploy-EC2-Permissions.json. Paste the following content:
-
From the same directory, call the create-role command to create an IAM role named CodeDeploy-EC2-Instance-Profile, based on the information in the first file:
Important
Be sure to include
file://
before the file name. It is required in this command.aws iam create-role --role-name CodeDeploy-EC2-Instance-Profile --assume-role-policy-document file://CodeDeploy-EC2-Trust.json
-
From the same directory, call the put-role-policy command to give the role named CodeDeploy-EC2-Instance-Profile the permissions based on the information in the second file:
Important Be sure to include
file://
before the file name. It is required in this command.aws iam put-role-policy --role-name CodeDeploy-EC2-Instance-Profile --policy-name CodeDeploy-EC2-Permissions --policy-document file://CodeDeploy-EC2-Permissions.json
-
Call the create-instance-profile command followed by the add-role-to-instance-profile command to create an IAM instance profile named CodeDeploy-EC2-Instance-Profile.
The instance profile allows Amazon EC2 to pass the IAM role named CodeDeploy-EC2-Instance-Profile to an Amazon EC2 instance when the instance is first launched:
-
aws iam create-instance-profile --instance-profile-name CodeDeploy-EC2-Instance-Profile
-
aws iam add-role-to-instance-profile --instance-profile-name CodeDeploy-EC2-Instance-Profile --role-name CodeDeploy-EC2-Instance-Profile
You’ve now created an IAM instance profile to attach to your Amazon EC2 instances.
-
-
Attach IAM Role to EC2
Navigate to the IAM console
Choose Running Instances
Choose Actions > Instance Settings > Attach/Replace IAM role
From the IAM role dropdown, choose CodeDeploy-EC2-Instance-Profile
Choose Apply
Set Up CodeDeploy
Navigate to the CodeDeploy Console
Choose Get Started Now if you see it
Choose Custom deployment
Choose Skip Walkthrough
Fill in Application name, for simplicity, I’m going to use CodeDeploy
Fill in Deployment group name, for simplicity, I’m going to use CodeDeploy
Choose In-place deployment
Under Add instance Choose the Value dropdown, choose CodeDeploy
Under Deployment configuration, choose the Deployment configuration dropdown, Choose CodeDeployDefault.AllAtOnce
Under Serice Role, Choose Service role ARN dropdown, choose arn:aws:iam::ID:role/CodeDeployServiceRole
Choose Create application
AppSpec File
Create a file in the root of your application named appspec.yml
This is the configuration file for your CodeDeploy. You must have this file for CodeDeploy to work
For more information on AppSpec File
Install AWS CodeDeploy Agent on the server
If you’re not sure how to connect to your EC2 instance see Connect to Your Instance
These instructions are for an Ubuntu Server. For other OS instructions Click Here
sudo apt-get update
sudo apt-get install ruby
sudo apt-get install wget
cd /home/ubuntu
wget https://<bucket-name See Below>.s3.amazonaws.com/latest/install
chmod +x ./install
sudo ./install auto
Type y if prompted.
bucket-name represents one of the following:
aws-codedeploy-us-east-2
for instances in the US East (Ohio) regionaws-codedeploy-us-east-1
for instances in the US East (N. Virginia) regionaws-codedeploy-us-west-1
for instances in the US West (N. California) regionaws-codedeploy-us-west-2
for instances in the US West (Oregon) regionaws-codedeploy-ca-central-1
for instances in the Canada (Central) regionaws-codedeploy-eu-west-1
for instances in the EU (Ireland) regionaws-codedeploy-eu-west-2
for instances in the EU (London) regionaws-codedeploy-eu-central-1
for instances in the EU (Frankfurt) regionaws-codedeploy-ap-northeast-1
for instances in the Asia Pacific (Tokyo) regionaws-codedeploy-ap-northeast-2
for instances in the Asia Pacific (Seoul) regionaws-codedeploy-ap-southeast-1
for instances in the Asia Pacific (Singapore) regionaws-codedeploy-ap-southeast-2
for instances in the Asia Pacific (Sydney) regionaws-codedeploy-ap-south-1
for instances in the Asia Pacific (Mumbai) regionaws-codedeploy-sa-east-1
for instances in the South America (São Paulo) regionaws-codedeploy-cn-north-1
for instances in the China (Beijing) region
sudo service codedeploy-agent start
sudo service codedeploy-agent status
Push code to S3 bucket
If you forgot your application name CodeDeploy Console
Choose AWS CodeDeploy dropdown, choose Applications
Under Applications is a list of your applications
AWS CLI
In your terminal, navigate to the root of your application
aws deploy push --application-name <application-name> --description "This is a revision for the application code_deploy" --s3-location s3://<your-bucket-name>/bundle.zip --source .
If there were no errors, it should return:
To deploy with this revision, run:
aws deploy create-deployment --application-name <application-name> --s3-location bucket=<your-bucket-name>,key=bundle.zip,bundleType=zip,eTag=36b322ef06925e79eab39180c0bedb64-5 --deployment-group-name <deployment-group-name> --deployment-config-name <deployment-config-name> --description <description>
Push bundle to CodeDeploy
If you forgot your deployment group name CodeDeploy Console
Choose AWS CodeDeploy dropdown, choose Applications
Choose the application name
Under Deployment groups is a list of your deployment groups
AWS CLI
aws deploy create-deployment --application-name <application-name> --s3-location bucket=<your-bucket-name>,key=bundle.zip,bundleType=zip --file-exists-behavior OVERWRITE --deployment-group-name <deployment-group-name> --description revision
Check status of deploy
Navigate to CodeDeploy
Choose your application
Choose the arrow next to your application name
It will either show In-progress, Succeeded, or Failed
That’s it!
If you’re having errors or your deploy is failing, see Troubleshooting AWS CodeDeploy
Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away.