Setting-up AWS CodeDeploy
Bellow is what I used to succesfully deploy my Web Application via AWS Code Deploy. This came from my notes, thought I’d share it. I hope it will help you guys get started faster with your deployement.
- Create a bucket in AWS Console under S3 -> “Create Bucket” blue buttton.
- Enter a unique name for your S3 bucket: carlofontanos-cd
- Region: “US Standard”
- Click “Create”
- Create a new Role. Go to IAM -> Roles -> “Create New Role” button.
- Set role name for EC2: carlofontanos-ec2-role then clck “Next step”
- On the next screen “Select Role Type” = select “Amazon EC2”
- On the next screen “Attach Policy” just click “Next Step” button without touching anything.
- On the next screen “Review” click “Create Role” button
- On the list of roles, click on the newly created role “carlofontanos-ec2-role”.
- Under “Permissions” tab, expand “inline policy” then click on the “click here” link
- On the next screen expand “Custom Policy” then click on “Select” button
- Fill up the boxes using the following:
- Policy Name: carlofontanos-policy-ec2-s3
- Policy Document (make sure to change the line “carlofontanos-cd” under “Resource” in the code bellow):
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":[
"s3:Get*",
"s3:List*"
],
"Resource":[
"arn:aws:s3:::carlofontanos-cd/*",
"arn:aws:s3:::aws-codedeploy-us-east-1/*"
]
}
]
}
- Under the same role, go to “Trust Relationships” tab then clik on the
“Edit Trust Relationship” button then replace everything with the code bellow then click “Update Trust Policy” button:1
2
3
4
5
6
7
8
9
10
11
12{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Principal":{
"Service":"ec2.amazonaws.com"
},
"Action":"sts:AssumeRole"
}
]
} - Create another role by navigating to the IAM -> Roles then click on “Create New Role” button
Role Name: carlofontanos-service-role - On the next screen “Select Role Type” = select “AWS Code Deploy”
- On the next screen “Attach Policy”, check the box for “AWSCodeDeployRole”
- On the next screen “Review” click “Create Role” button
- Go to AWS Console -> IAM -> Users, click on the “Add User” button
- User Name: carlofontanos-user
- Then make sure to check the box “Programmatic access” under “Access type”
- On the next screen, click “Attach Existing Policies directly” then from the list – check the boxes of the following then Click “Next review” button when you’re done.
- AmazonEC2FullAccess
- AWSCodeDeployFullAccess
- On the next screen, click on “Create User” button
- Save the “Access key ID” and “Secret access key” in a txt file for your reference later on.
- Click Close buttton when you are done.
- Next is we are going to create 3 inline custom policies for our user. On the list of users, click on the newly
created user “carlofontanos-user” then under “Permissions” tab click on “Add inline policy” link. - On the new screen select “Custom Policy” radio button then under it click “Select” button
- Create the follwing 3 roles:
- Policy Name: carlofontanos-s3-bucket-full
Policy Document (make sure to change the line “carlofontanos-cd” under “Resource” in the code bellow):1
2
3
4
5
6
7
8
9
10
11
12
13
14{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":[
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource":"arn:aws:s3:::carlofontanos-cd/*"
}
]
} - Policy Name: carlofontanos-cloud-formation
Policy Document:1
2
3
4
5
6
7
8
9
10
11
12{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":[
"cloudformation:*"
],
"Resource":"*"
}
]
} - Policy Name: carlofontanos-iam-role
Policy Document:1
2
3
4
5
6
7
8
9
10
11
12
13{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":[
"iam:PassRole",
"iam:ListInstanceProfiles"
],
"Resource":"*"
}
]
}
- Policy Name: carlofontanos-s3-bucket-full
- Now we need to create a key pair. Go to EC2 -> Network & Security -> Key Pairs then click on “Create Key Pair” button
- Key Pair Name: carlofontanos-key-pair
– Note: after you click on “Create” button, a file PEM will automatically be downloaded into your disk.
Example PEM name is: carlofontanos-key-pair.pem
– You need to convert this file into a PPK using PuTTYGen, you can use instructions bellow:
1. Open PuTTYGen then go to “Conversion” tab -> select “Import key”
2. Browse for the file, then select “Save Private key” button
3. Enter a unique name for your private key then click save. - Go to EC2 -> Instance then click “Launch Instance” button.
- On the new screen, select “Amazon Linux AMI”
- Select the “Free tier eligible” type then click “Review and Launch” button.
- Then on the next screen, review everything then click “Launch” button. A popup will show
up, select the key-pair we created earlier then make sure to check the “I acknowledge that I have access….” checkbox. - Click “View Instance” button to preview your newly created EC2 instance, make sure the Instance state is “running” before proceeding with the next steps of this tutorial.
- Now that our new instance is up and running, we now need to SSH to it. For this part I will be using PuTTY
- Copy the public IP of our new Instance then paste it on the “Host name (or IP address)” text field on PuTTY
- On the left side bar of PuTTY, go to: Connection -> SSH -> Auth then browse the Key Pair PPK file we generated earlier (ex. carlofontanos-key-pair.ppk).
- Click open to launch the SSH Command Line, if a PuTTY secruity alert shows up – just click “Yes”
- On the SSH command line, Enter the following information:
- Login as: ec2-user
- Ok now that we’re logged-in, let’s configure AWS by running the command:
- aws configure
- Supply the following:
- A. AWS Access Key: YOUR_KEY
B. AWS Secret access key: YOUR_SECRET_KEY
C. Default Region Name: us-east-1
D. Default ouput format: json - Login to your FTP client, if you are using FileZilla, you can follow the tutorial bellow:
- Open FileZilla then go to File -> Site Manager then click on “New Site” button then name it anything you want
- Under the General Tab, fill up / select the follwing:
Host: [public IP of your EC2 instance]
Protocol: SFTP – SSH File Transfer Protocol
Login Type: Normal
User: ec2-user
Password: [leave blank or enter it if you have] - From the menu, go to Edit -> Settings, from the left tab go to Connection -> SFTP then click on the “Add key file” button. Select the PPK file we generated earlier then click the “OK” button when you’re done
- Click “Connect” button to start listing the directoy files.
- Download this zip file and save it to your computer: default-app.zip
- Using your FTP client – upload the file “default-app.zip” to the root folder “/home/ec2-user” of your EC2 instance.
- Go back to the SSH command line then enter: “unzip default-app.zip” to start unzipping the conents.
- From the SSH command line, cd to the “default-app” using the command:
- cd default-app
- Now go back to your FTP client open the file: /home/ec2-user/default-app/cfTemplate.json using your favorite editor then locate the following keys:
A. “KeyName” – change its value to the name of the key-pair we generated in AWS earlier. In my case it is: “carlofontanos-key-pair”
B. “IamInstanceProfile” – change its value to the name of the IAM Role we generated in AWS earlier. In my case it is: “carlofontanos-ec2-role”
– When you’re done, save the file then upload it via FTP. - From you FTP client, open the file: /home/ec2-user/default-app/deploy.sh then locate the following keys:
A. Under line 26, change “cdtutorial-uwf” to “carlofontanos-cd”
B. Under line 38, change the value of “KEY_AND_VALUE –service-role-arn” to the value listed under AWS Console ->
AIM -> Roles -> carlofontanos-service-role -> Role ARN
C. Under line 40, change the value of –s3-location bucket to “carlofontanos-cd” - From the SSH command line, enter “chmod +x cleanup.sh” then press enter.
- From the SSH command line, enter “chmod +x deploy.sh”
- From the SSH command line, enter “ls” – which will display cleanup.sh and deploy.sh in green text color, which means it will work.
- Finally, run “./deploy.sh” to start deploying – this should take about 6 minutes to complete.
- Open your browser then navigate to [public IP of your EC2 instance]:8000. Ex. 54.164.193.11:8000
Do you need help with a project? or have a new project in mind that you need help with?
Contact Me