Shulou(Shulou.com)06/01 Report--

How to deploy AWS's automatic deployment tool codedeploy, aiming at this problem, this article introduces the corresponding analysis and answer in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible method.

Start deploying codedeploy:1. Preset IAM users first:

Create an IAM user or use a user associated with AWS

Copy the following policy attached to the IAM user, giving the IAM user access to codedeploy (and the AWS services and operations on which codedeploy depends):

{

"Version": "2012-10-17"

"Statement": [

{

"Effect": "Allow"

"Action": [

"autoscaling:*"

"codedeploy:*"

"ec2:*"

"lambda:*"

"ecs:*"

"elasticloadbalancing:*"

"iam:AddRoleToInstanceProfile"

"iam:CreateInstanceProfile"

"iam:CreateRole"

"iam:DeleteInstanceProfile"

"iam:DeleteRole"

"iam:DeleteRolePolicy"

"iam:GetInstanceProfile"

"iam:GetRole"

"iam:GetRolePolicy"

"iam:ListInstanceProfilesForRole"

"iam:ListRolePolicies"

"iam:ListRoles"

"iam:PassRole"

"iam:PutRolePolicy"

"iam:RemoveRoleFromInstanceProfile"

"S3RV *"

]

Resource: "*"

}

]

}

You can use the provided AWS cloudformation template to start codedeploy-compatible EC2 instances; if you use the AWS cloudformation template to create applications, deployment groups, and deployment configurations, you need to give IAM users access to AWS services and operations that AWS cloudformation and AWS cloudformation depend on, for example:

{

"Version": "2012-10-17"

"Statement": [

{

"Effect": "Allow"

"Action": [

"cloudformation:*"

]

Resource: "*"

}

]

}

two。 Install or upgrade AWS CLI or upgrade:

To call codedeploy from your local computer, AWS CLI must be installed.

The CodeDeploy command was first provided in version 1.6.1 of AWS CLI. Version 1.7.19 of AWS CLI provides CodeDeploy commands for handling local instances

If you are installing an older version of AWS CLI, you must upgrade it to make the CodeDeploy command available. Call aws-- version to view the version

Install AWS CLI using the bundle installer: (this is to install the AWS CLI command for the current user)

Curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip"-o" awscli-bundle.zip

Unzip awscli-bundle.zip

. / awscli-bundle/install-b ~ / bin/aws

This installs AWS CLI to the default location (~ / .local / lib/aws) and creates a symbolic link (symlink) in ~ / bin/aws. Make sure your ~ / bin environment variable contains PATH for the symbolic link to take effect.

$echo $PATH | grep ~ / bin$ export PATH=~/bin:$PATH

Ensure that the $PATH setting is retained between multiple sessions and add export lines to the shell configuration file (~ / .profile, ~ / .bash_profile, etc.)

Uninstall AWS CLI:

Except for the optional symbolic links, the bundle installer will not put anything outside the installation directory, so uninstalling is as simple as deleting these two items directly.

Sudo rm-rf / usr/local/aws

Sudo rm / usr/local/bin/aws

Configuration is required after installation:

The aws config command is the fastest way to configure AWS CLI:

$aws configureAWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLEAWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEYDefault region name [None]: us-west-2Default output format [None]: json

When you type the command, AWS CLI prompts you for four pieces of information (access key, secret access key, AWS area, and output format) and stores them in a configuration file named default (a collection of settings). This profile is used whenever the AWS CLI command you run does not explicitly specify which profile to use.

AWS Access Key ID and AWS Secret Access Key it is associated with an IAM or role.

When you configure AWS CLI, you will be prompted to specify the AWS area. Select the zone in the AWS General Reference and one of the support areas listed in the terminal node

To confirm installation or upgrade: you can use (aws deploy help)

3. Create a service role for codedeploy:

The service role created for codedeploy must grant the necessary permissions to the computing platform, deploy multiple platforms, it is recommended to create a role for each platform, to add permissions, add the policies provided by one or more of the following AWS:

For EC2/ local deployments, attach the AWSCodeDeployRole policy. This policy provides the following permissions for your service role:

Read the label on your instance or identify your Amazon EC2 Auto Scaling instance by the Amazon EC2 group name.

Read, create, update, and delete Amazon EC2 Auto Scaling groups, lifecycle hooks, and extension policies.

Publish the information to the Amazon SNS topic.

Retrieve information about CloudWatch alerts.

Read and update Elastic Load Balancing.

For Amazon ECS deployment, attach the AWSCodeDeployRoleForECS policy. This policy provides the following permissions for your service role:

Read, update, and delete Amazon ECS task sets.

Update Elastic Load Balancing target groups, listeners, and rules.

Call the AWS Lambda function.

Access the revision file in the Amazon S3 bucket.

Retrieve information about CloudWatch alerts.

Publish the information to the Amazon SNS topic.

For AWS Lambda deployment, attach the AWSCodeDeployRoleForLambda policy. This policy provides the following permissions for your service role:

Read, update, and call AWS Lambda functions and aliases.

Access the revision file in the Amazon S3 bucket.

Publish the information to the Amazon SNS topic.

Retrieve information about CloudWatch alerts.

During the setting up of the service role, you can also update its trust relationship to specify the end node to which you want to grant access.

4. Create an IAM instance profile for the EC2 instance:

IAM instance configuration files are not required for ECS and lambda platforms

ECS deployment will deploy an ECS service, and Lambda deployment will deploy a serverless version of Lambda function

Log in to the AWS Management console and open the IAM console https://console.aws.amazon.com/iam/ at the following URL.

"in the navigation pane of the IAM console, select Policy (Policy), and then select create Policy (create Policy)." (if the start button appears, select this button, and then select create Policy. )

Paste the following in the JSON tab on the create policies ³policy page:

{

"Version": "2012-10-17"

"Statement": [

{

"Action": [

"s3rig Get *"

"s3rig list *"

]

"Effect": "Allow"

Resource: "*"

}

]

}

It is recommended that you limit this policy to only S3 that must be accessed by the EC2 instance. Allow access to S3 that contains CodeDeploy agents. Otherwise, errors may occur when installing or updating the CodeDeploy agent on the instance. To grant the IAM instance profile access to only certain CodeDeploy Resource Kit buckets in S3, use the following policy, but delete the bucket lines that you want to block access:

{

"Version": "2012-10-17"

"Statement": [

{

"Effect": "Allow"

"Action": [

"s3rig Get *"

"s3rig list *"

]

"Resource": [

"arn:aws:s3:::replace-with-your-s3-bucket-name/*"

"arn:aws:s3:::aws-codedeploy-us-east-2/*"

"arn:aws:s3:::aws-codedeploy-us-east-1/*"

"arn:aws:s3:::aws-codedeploy-us-west-1/*"

"arn:aws:s3:::aws-codedeploy-us-west-2/*"

"arn:aws:s3:::aws-codedeploy-ca-central-1/*"

"arn:aws:s3:::aws-codedeploy-eu-west-1/*"

"arn:aws:s3:::aws-codedeploy-eu-west-2/*"

"arn:aws:s3:::aws-codedeploy-eu-west-3/*"

"arn:aws:s3:::aws-codedeploy-eu-central-1/*"

"arn:aws:s3:::aws-codedeploy-ap-northeast-1/*"

"arn:aws:s3:::aws-codedeploy-ap-northeast-2/*"

"arn:aws:s3:::aws-codedeploy-ap-southeast-1/*"

"arn:aws:s3:::aws-codedeploy-ap-southeast-2/*"

"arn:aws:s3:::aws-codedeploy-ap-south-1/*"

"arn:aws:s3:::aws-codedeploy-sa-east-1/*"

]

}

]

}

Select View Policy.

On the Create policy page, type CodeDeployDemo-EC2-Permissions in the Policy Name box.

(optional) for a description, type a description of the policy.

Select create policy.

"in the navigation pane, select a role, and then select create a role."

On the Create role (create role) page, select the AWS service (AWS service), and then select EC2 from the list of services that will use this role (select services that will use this role).

"from the Select your use case list, select EC2."

Select the next one: permissions.

On the attachment permission policy page, select the policy you just created, and then next: tags. If you use the suggested name, the name is CodeDeployDemo-EC2-Permissions.

"in the role name on the comments page, type the service role (for example, CodeDeployDemo-EC2-Instance-Profile), and then select create role."

You can also type a description of this service role in the deployment description box.

Now the IAM instance configuration file to be attached to the Amazon EC2 instance has been created.

This is the answer to the question on how to deploy codedeploy, an automatic deployment tool for AWS. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel for more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.