AWS CodeDeploy Operations: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
No edit summary
 
(10 intermediate revisions by the same user not shown)
Line 4: Line 4:


=Create an Application=
=Create an Application=
An AWS CodeDeploy application can be automatically created when defining an ECS service and selecting a [[Amazon_ECS_Operations#Deployment_type|Blue/Green deployment type]].


==Application Configuration==
==Application Configuration==
Line 13: Line 15:
Amazon ECS.
Amazon ECS.


=Crete a Deployment Group=
=Create a Deployment Group=
 
{{External|[https://docs.aws.amazon.com/codedeploy/latest/userguide/deployment-groups-create.html Create a Deployment Group with CodeDeploy]}}
 
{{Internal|AWS CodeDeploy Concepts#Deployment_Group|Deployment Group}}
 
==Prerequisites==
 
If this deployment group is intended to serve an ECS cluster service, the service must be creates in advance and the fact that AWS CodeDeploy will handle deployments must be known to the service at creation time. Capability of a service to use AWS CodeDeploy deployments is defined at the service deployment configuration phase, as shown here: "[[Amazon_ECS_Operations#Deployment_type|ECS Operations - Service Configuration]]".


==Application==
==Application==


==Deployment Group Name==
==Deployment Group Name==
themyscira-unity-deployment-group


==Service Role==
==Service Role==


First create a service role with CodeDeploy permissions that grants AWS CodeDeploy access to the target instances. This is how to crate a Service Role: {{Internal|AWS_Security_Operations#Create_an_IAM_Role|Create an IAM Role}}
First create a service role with CodeDeploy permissions that grants AWS CodeDeploy access to the target instances. This is how to crate a Service Role: {{Internal|AWS_Security_Operations#Create_an_IAM_Role|Create an IAM Role}}
Name: "themyscira-unity-codedeploy-role"
After creation, which can be done through a standard IAM wizard, it contains an AWSCodeDeployRoleForECS policy that looks like this:
<syntaxhighlight lang='json'>
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "ecs:DescribeServices",
                "ecs:CreateTaskSet",
                "ecs:UpdateServicePrimaryTaskSet",
                "ecs:DeleteTaskSet",
                "elasticloadbalancing:DescribeTargetGroups",
                "elasticloadbalancing:DescribeListeners",
                "elasticloadbalancing:ModifyListener",
                "elasticloadbalancing:DescribeRules",
                "elasticloadbalancing:ModifyRule",
                "lambda:InvokeFunction",
                "cloudwatch:DescribeAlarms",
                "sns:Publish",
                "s3:GetObject",
                "s3:GetObjectMetadata",
                "s3:GetObjectVersion"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "iam:PassRole"
            ],
            "Effect": "Allow",
            "Resource": "*",
            "Condition": {
                "StringLike": {
                    "iam:PassedToService": [
                        "ecs-tasks.amazonaws.com"
                    ]
                }
            }
        }
    ]
}
</syntaxhighlight>
==Environment Configuration==
====Chose an ECS cluster name====
====Chose an ECS service name====
==Load balancers==
====Chose a load balancer====
====Production listener port====
====Test listener port====
====Target group 1 name====
{{Internal|AWS_CodeDeploy_Concepts#Target_Group|AWS CodeDeploy Concepts - Target Group}}
====Target group 2 name====
==Deployment Settings==
====Traffic rerouting====
Reroute the traffic immediately.
====Deployment Configuration====
====Original revision termination====

Latest revision as of 19:46, 28 February 2019

Internal

Create an Application

An AWS CodeDeploy application can be automatically created when defining an ECS service and selecting a Blue/Green deployment type.

Application Configuration

Application name

Compute platform

Amazon ECS.

Create a Deployment Group

Create a Deployment Group with CodeDeploy
Deployment Group

Prerequisites

If this deployment group is intended to serve an ECS cluster service, the service must be creates in advance and the fact that AWS CodeDeploy will handle deployments must be known to the service at creation time. Capability of a service to use AWS CodeDeploy deployments is defined at the service deployment configuration phase, as shown here: "ECS Operations - Service Configuration".

Application

Deployment Group Name

themyscira-unity-deployment-group

Service Role

First create a service role with CodeDeploy permissions that grants AWS CodeDeploy access to the target instances. This is how to crate a Service Role:

Create an IAM Role

Name: "themyscira-unity-codedeploy-role"

After creation, which can be done through a standard IAM wizard, it contains an AWSCodeDeployRoleForECS policy that looks like this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "ecs:DescribeServices",
                "ecs:CreateTaskSet",
                "ecs:UpdateServicePrimaryTaskSet",
                "ecs:DeleteTaskSet",
                "elasticloadbalancing:DescribeTargetGroups",
                "elasticloadbalancing:DescribeListeners",
                "elasticloadbalancing:ModifyListener",
                "elasticloadbalancing:DescribeRules",
                "elasticloadbalancing:ModifyRule",
                "lambda:InvokeFunction",
                "cloudwatch:DescribeAlarms",
                "sns:Publish",
                "s3:GetObject",
                "s3:GetObjectMetadata",
                "s3:GetObjectVersion"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "iam:PassRole"
            ],
            "Effect": "Allow",
            "Resource": "*",
            "Condition": {
                "StringLike": {
                    "iam:PassedToService": [
                        "ecs-tasks.amazonaws.com"
                    ]
                }
            }
        }
    ]
}

Environment Configuration

Chose an ECS cluster name

Chose an ECS service name

Load balancers

Chose a load balancer

Production listener port

Test listener port

Target group 1 name

AWS CodeDeploy Concepts - Target Group

Target group 2 name

Deployment Settings

Traffic rerouting

Reroute the traffic immediately.

Deployment Configuration

Original revision termination