Setting-up AWS CodeDeploy

Bellow is what I used to succesfully deploy my Web Application via AWS Code Deploy. This came from my notes, thought I’d share it. I hope it will help you guys get started faster with your deployement.

  1. Create a bucket in AWS Console under S3 -> “Create Bucket” blue buttton.
    1. Enter a unique name for your S3 bucket: carlofontanos-cd
    2. Region: “US Standard”
    3. Click “Create”
  2. Create a new Role. Go to IAM -> Roles -> “Create New Role” button.
    1. Set role name for EC2: carlofontanos-ec2-role then clck “Next step”
    2. On the next screen “Select Role Type” = select “Amazon EC2”
    3. On the next screen “Attach Policy” just click “Next Step” button without touching anything.
    4. On the next screen “Review” click “Create Role” button
  3. On the list of roles, click on the newly created role “carlofontanos-ec2-role”.
    1. Under “Permissions” tab, expand “inline policy” then click on the “click here” link
    2. On the next screen expand “Custom Policy” then click on “Select” button
    3. Fill up the boxes using the following:
      • Policy Name: carlofontanos-policy-ec2-s3
      • Policy Document (make sure to change the line “carlofontanos-cd” under “Resource” in the code bellow):
        1
        2
        3
        4
        5
        6
        7
        8
        9
        10
        11
        12
        13
        14
        15
        16
        {
          "Version":"2012-10-17",
          "Statement":[
            {
              "Effect":"Allow",
              "Action":[
                "s3:Get*",
                "s3:List*"
              ],
              "Resource":[
                "arn:aws:s3:::carlofontanos-cd/*",
                "arn:aws:s3:::aws-codedeploy-us-east-1/*"
              ]
            }
          ]
        }
  4. Under the same role, go to “Trust Relationships” tab then clik on the
    “Edit Trust Relationship” button then replace everything with the code bellow then click “Update Trust Policy” button:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    {
      "Version":"2012-10-17",
      "Statement":[
        {
          "Effect":"Allow",
          "Principal":{
            "Service":"ec2.amazonaws.com"
          },
          "Action":"sts:AssumeRole"
        }
      ]
    }
  5. Create another role by navigating to the IAM -> Roles then click on “Create New Role” button
    Role Name: carlofontanos-service-role
  6. On the next screen “Select Role Type” = select “AWS Code Deploy”
  7. On the next screen “Attach Policy”, check the box for “AWSCodeDeployRole”
  8. On the next screen “Review” click “Create Role” button
  9. Go to AWS Console -> IAM -> Users, click on the “Add User” button
    • User Name: carlofontanos-user
    • Then make sure to check the box “Programmatic access” under “Access type”
  10. On the next screen, click “Attach Existing Policies directly” then from the list – check the boxes of the following then Click “Next review” button when you’re done.
    1. AmazonEC2FullAccess
    2. AWSCodeDeployFullAccess
  11. On the next screen, click on “Create User” button
  12. Save the “Access key ID” and “Secret access key” in a txt file for your reference later on.
  13. Click Close buttton when you are done.
  14. Next is we are going to create 3 inline custom policies for our user. On the list of users, click on the newly
    created user “carlofontanos-user” then under “Permissions” tab click on “Add inline policy” link.
  15. On the new screen select “Custom Policy” radio button then under it click “Select” button
  16. Create the follwing 3 roles:
    1. Policy Name: carlofontanos-s3-bucket-full
      Policy Document (make sure to change the line “carlofontanos-cd” under “Resource” in the code bellow):

      1
      2
      3
      4
      5
      6
      7
      8
      9
      10
      11
      12
      13
      14
      {
        "Version":"2012-10-17",
        "Statement":[
          {
            "Effect":"Allow",
            "Action":[
              "s3:PutObject",
              "s3:GetObject",
              "s3:DeleteObject"
            ],
            "Resource":"arn:aws:s3:::carlofontanos-cd/*"
          }
        ]
      }
    2. Policy Name: carlofontanos-cloud-formation
      Policy Document:

      1
      2
      3
      4
      5
      6
      7
      8
      9
      10
      11
      12
      {
        "Version":"2012-10-17",
        "Statement":[
          {
            "Effect":"Allow",
            "Action":[
              "cloudformation:*"
            ],
            "Resource":"*"
          }
        ]
      }
    3. Policy Name: carlofontanos-iam-role
      Policy Document:

      1
      2
      3
      4
      5
      6
      7
      8
      9
      10
      11
      12
      13
      {
        "Version":"2012-10-17",
        "Statement":[
          {
            "Effect":"Allow",
            "Action":[
              "iam:PassRole",
              "iam:ListInstanceProfiles"
            ],
            "Resource":"*"
          }
        ]
      }
  17. Now we need to create a key pair. Go to EC2 -> Network & Security -> Key Pairs then click on “Create Key Pair” button
  18. Key Pair Name: carlofontanos-key-pair
    – Note: after you click on “Create” button, a file PEM will automatically be downloaded into your disk.
    Example PEM name is: carlofontanos-key-pair.pem
    – You need to convert this file into a PPK using PuTTYGen, you can use instructions bellow:
    1. Open PuTTYGen then go to “Conversion” tab -> select “Import key”
    2. Browse for the file, then select “Save Private key” button
    3. Enter a unique name for your private key then click save.
  19. Go to EC2 -> Instance then click “Launch Instance” button.
  20. On the new screen, select “Amazon Linux AMI”
  21. Select the “Free tier eligible” type then click “Review and Launch” button.
  22. Then on the next screen, review everything then click “Launch” button. A popup will show
    up, select the key-pair we created earlier then make sure to check the “I acknowledge that I have access….” checkbox.
  23. Click “View Instance” button to preview your newly created EC2 instance, make sure the Instance state is “running” before proceeding with the next steps of this tutorial.
  24. Now that our new instance is up and running, we now need to SSH to it. For this part I will be using PuTTY
    1. Copy the public IP of our new Instance then paste it on the “Host name (or IP address)” text field on PuTTY
    2. On the left side bar of PuTTY, go to: Connection -> SSH -> Auth then browse the Key Pair PPK file we generated earlier (ex. carlofontanos-key-pair.ppk).
    3. Click open to launch the SSH Command Line, if a PuTTY secruity alert shows up – just click “Yes”
    4. On the SSH command line, Enter the following information:
      • Login as: ec2-user
    5. Ok now that we’re logged-in, let’s configure AWS by running the command:
      • aws configure
    6. Supply the following:
    7. A. AWS Access Key: YOUR_KEY
      B. AWS Secret access key: YOUR_SECRET_KEY
      C. Default Region Name: us-east-1
      D. Default ouput format: json
    8. Login to your FTP client, if you are using FileZilla, you can follow the tutorial bellow:
      1. Open FileZilla then go to File -> Site Manager then click on “New Site” button then name it anything you want
      2. Under the General Tab, fill up / select the follwing:
        Host: [public IP of your EC2 instance]
        Protocol: SFTP – SSH File Transfer Protocol
        Login Type: Normal
        User: ec2-user
        Password: [leave blank or enter it if you have]
      3. From the menu, go to Edit -> Settings, from the left tab go to Connection -> SFTP then click on the “Add key file” button. Select the PPK file we generated earlier then click the “OK” button when you’re done
      4. Click “Connect” button to start listing the directoy files.
    9. Download this zip file and save it to your computer: default-app.zip
    10. Using your FTP client – upload the file “default-app.zip” to the root folder “/home/ec2-user” of your EC2 instance.
    11. Go back to the SSH command line then enter: “unzip default-app.zip” to start unzipping the conents.
    12. From the SSH command line, cd to the “default-app” using the command:
      • cd default-app
    13. Now go back to your FTP client open the file: /home/ec2-user/default-app/cfTemplate.json using your favorite editor then locate the following keys:
      A. “KeyName” – change its value to the name of the key-pair we generated in AWS earlier. In my case it is: “carlofontanos-key-pair”
      B. “IamInstanceProfile” – change its value to the name of the IAM Role we generated in AWS earlier. In my case it is: “carlofontanos-ec2-role”
      – When you’re done, save the file then upload it via FTP.
    14. From you FTP client, open the file: /home/ec2-user/default-app/deploy.sh then locate the following keys:
      A. Under line 26, change “cdtutorial-uwf” to “carlofontanos-cd”
      B. Under line 38, change the value of “KEY_AND_VALUE –service-role-arn” to the value listed under AWS Console ->
      AIM -> Roles -> carlofontanos-service-role -> Role ARN
      C. Under line 40, change the value of –s3-location bucket to “carlofontanos-cd”
    15. From the SSH command line, enter “chmod +x cleanup.sh” then press enter.
    16. From the SSH command line, enter “chmod +x deploy.sh”
    17. From the SSH command line, enter “ls” – which will display cleanup.sh and deploy.sh in green text color, which means it will work.
    18. Finally, run “./deploy.sh” to start deploying – this should take about 6 minutes to complete.
  25. Open your browser then navigate to [public IP of your EC2 instance]:8000. Ex. 54.164.193.11:8000