Amazon EC2 Code Deploy with Git Hub -Part 1

Step 1:

Create an IAM Instance Profile for Your Amazon EC2 Instances

Your Amazon EC2 instances need permission to access the Amazon S3 buckets or GitHub repositories where the applications that will be deployed by AWS CodeDeploy are stored. To launch Amazon EC2 instances that are compatible with AWS CodeDeploy, you must create an additional IAM role, an instance profile.

Which we will create later

You can create an IAM instance profile with the AWS CLI, the IAM console, or the IAM APIs.

Note

You can attach an IAM instance profile to an Amazon EC2 instance as you launch it or to a previously launched instance later.

From some of the forum they insisted you cannot create and add roles to an instance which may be true for older versions but I tested its works fine to attach new Roles.

Lets Start:

Create an IAM Instance Profile for Your Amazon EC2 Instances (Console)

Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.

In the IAM console, in the navigation pane, choose Policies, and then choose Create policy. (If a Get Started button appears, choose it, and then choose Create Policy.)

On the Create policy page, paste the following in the JSON tab:

{
“Version”: “2012-10-17”,
“Statement”: [
{
“Action”: [
“s3:Get*”,
“s3:List*”
],
“Effect”: “Allow”,
“Resource”: “*”
}
]
}

Note:recommend that you restrict this policy to only those Amazon S3 buckets your Amazon EC2 instances must access. Make sure to give access to the Amazon S3 buckets that contain the AWS CodeDeploy agent. Otherwise, an error may occur when the AWS CodeDeploy agent is installed or updated on the instances. To grant the IAM instance profile access to only some AWS CodeDeploy resource kit buckets in Amazon S3, use the following policy but remove the lines for buckets you want to prevent access to:

{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: [
“s3:Get*”,
“s3:List*”
],
“Resource”: [
“arn:aws:s3:::codedeploydemobucket/*”,
“arn:aws:s3:::aws-codedeploy-us-east-2/*”,
“arn:aws:s3:::aws-codedeploy-us-east-1/*”,
“arn:aws:s3:::aws-codedeploy-us-west-1/*”,
“arn:aws:s3:::aws-codedeploy-us-west-2/*”,
“arn:aws:s3:::aws-codedeploy-ca-central-1/*”,
“arn:aws:s3:::aws-codedeploy-eu-west-1/*”,
“arn:aws:s3:::aws-codedeploy-eu-west-2/*”,
“arn:aws:s3:::aws-codedeploy-eu-west-3/*”,
“arn:aws:s3:::aws-codedeploy-eu-central-1/*”,
“arn:aws:s3:::aws-codedeploy-ap-northeast-1/*”,
“arn:aws:s3:::aws-codedeploy-ap-northeast-2/*”,
“arn:aws:s3:::aws-codedeploy-ap-southeast-1/*”,
“arn:aws:s3:::aws-codedeploy-ap-southeast-2/*”,
“arn:aws:s3:::aws-codedeploy-ap-south-1/*”,
“arn:aws:s3:::aws-codedeploy-sa-east-1/*”
]
}
]
}

Note: keep only appropriate zone are required

Choose Review policy.

On the Create policy page, type CodeDeployDemo-EC2-Permissions in the Policy Name box.

(Optional) For Description, type a description for the policy.

Choose Create Policy.

In the navigation pane, choose Roles, and then choose Create role.

On the Select role type page, choose AWS service, and from the Choose the service that will use this role list, choose EC2.

From the Select your use case list, choose EC2.

Choose Next: Permissions.

On the Attached permissions policy page, if there is a box next to CodeDeployDemo-EC2-Permissions, select it, and then choose Next: Review.

On the Review page, in Role name, type a name for the service role (for example CodeDeployDemo-EC2-Instance-Profile), and then choose Create role.

You can also type a description for this service role in the Role description box.

You’ve now created an IAM instance profile to attach to your Amazon EC2 instances.

Step 2:Launch an Amazon EC2 Instance (Console)

Sign in to the AWS Management Console and open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

In the navigation pane, choose Instances, and then choose Launch Instance.

On the Step 1: Choose an Amazon Machine Image (AMI) page, from the Quick Start tab, locate the operating system and version you want to use, and then choose Select.

On the Step 2: Choose an Instance Type page, choose any available Amazon EC2 instance type, and then choose Next: Configure Instance Details.

On the Step 3: Configure Instance Details page, in the IAM role list, choose the IAM instance role you created in on earlier step.

On the Step 4: Add these security policy for your instance

HTTP TCP 80 0.0.0.0/0

HTTP TCP 80 ::/0

SSH TCP 22 (YOUR IP ADDRESS)

HTTPS TCP 443 0.0.0.0/0

HTTPS TCP 443 ::/0

Expand Advanced Details.

Next to User data, with the As text option selected, type the following to install the AWS CodeDeploy agent as the Amazon EC2 instance is launched.

For Amazon Linux and RHEL

#!/bin/bash
yum -y update
yum install -y ruby
cd /home/ec2-user
curl -O https://bucket-name.s3.amazonaws.com/latest/install
chmod +x ./install
./install auto

Note: Here is a note for bucket list based on location:

Region name bucket-name replacement Region identifier

US East (Ohio) aws-codedeploy-us-east-2 us-east-2

In my scenario my region is US East (Ohio)

You can find your bucket name list from this URL:
https://docs.aws.amazon.com/codedeploy/latest/userguide/resource-kit.html#resource-kit-bucket-names

Step 3:
Now instance is running – you need to make sure your instance is ready for code deploy agent and require few extra works.

Extra works summary: Create Key pair and download to connect to instance. Once connected you can perform below task :

Connect Command line of Amazon Linux AMI

a. When server is booted

1. Create IAM Roles
CodeDeploy & EC2CodeDeploy
2. Create EC2 instance with following categories

a. Choose AMI: Amazon Linux AMI

b. Choose Instance type: t2.micro

c. Configure Instance: Choose EC2CodeDeploy IAM role

d. Tag Instance: Name it what you please

e. Configure Security Group:

HTTP TCP 80 0.0.0.0/0

HTTP TCP 80 ::/0

SSH TCP 22 (YOUR IP ADDRESS)

HTTPS TCP 443 0.0.0.0/0

HTTPS TCP 443 ::/0

f. LAUNCH INSTANCE

3. Login to EC2 instance

4. Command line of Amazon Linux AMI

a. When server is booted

sudo su

yum -y update

yum install -y aws-cli

cd /home/ec2-user

b. Here you will setup your AWS access, secret, and region.

aws configure

aws s3 cp s3://aws-codedeploy-us-east-1/latest/install . –region us-east-1 (if in east AWS)

aws s3 cp s3://aws-codedeploy-us-west-2/latest/install . –region us-west-2 (if in west AWS)

chmod +x ./install

c. This is simply a quick hack to get the agent running faster.

sed -i “s/sleep(.*)/sleep(10)/” install

./install auto

d. Verify it is running.

service codedeploy-agent status

 

d. Verify it is running.

service codedeploy-agent status

Now this should display if the agent is Running.

Result should be as :

The AWS CodeDeploy agent is running as PID 8316

Check the Next Post ON the Wiki