AWS CodeDeploy Operations: Difference between revisions
No edit summary |
|||
(10 intermediate revisions by the same user not shown) | |||
Line 4: | Line 4: | ||
=Create an Application= | =Create an Application= | ||
An AWS CodeDeploy application can be automatically created when defining an ECS service and selecting a [[Amazon_ECS_Operations#Deployment_type|Blue/Green deployment type]]. | |||
==Application Configuration== | ==Application Configuration== | ||
Line 13: | Line 15: | ||
Amazon ECS. | Amazon ECS. | ||
= | =Create a Deployment Group= | ||
{{External|[https://docs.aws.amazon.com/codedeploy/latest/userguide/deployment-groups-create.html Create a Deployment Group with CodeDeploy]}} | |||
{{Internal|AWS CodeDeploy Concepts#Deployment_Group|Deployment Group}} | |||
==Prerequisites== | |||
If this deployment group is intended to serve an ECS cluster service, the service must be creates in advance and the fact that AWS CodeDeploy will handle deployments must be known to the service at creation time. Capability of a service to use AWS CodeDeploy deployments is defined at the service deployment configuration phase, as shown here: "[[Amazon_ECS_Operations#Deployment_type|ECS Operations - Service Configuration]]". | |||
==Application== | ==Application== | ||
==Deployment Group Name== | ==Deployment Group Name== | ||
themyscira-unity-deployment-group | |||
==Service Role== | ==Service Role== | ||
First create a service role with CodeDeploy permissions that grants AWS CodeDeploy access to the target instances. This is how to crate a Service Role: {{Internal|AWS_Security_Operations#Create_an_IAM_Role|Create an IAM Role}} | First create a service role with CodeDeploy permissions that grants AWS CodeDeploy access to the target instances. This is how to crate a Service Role: {{Internal|AWS_Security_Operations#Create_an_IAM_Role|Create an IAM Role}} | ||
Name: "themyscira-unity-codedeploy-role" | |||
After creation, which can be done through a standard IAM wizard, it contains an AWSCodeDeployRoleForECS policy that looks like this: | |||
<syntaxhighlight lang='json'> | |||
{ | |||
"Version": "2012-10-17", | |||
"Statement": [ | |||
{ | |||
"Action": [ | |||
"ecs:DescribeServices", | |||
"ecs:CreateTaskSet", | |||
"ecs:UpdateServicePrimaryTaskSet", | |||
"ecs:DeleteTaskSet", | |||
"elasticloadbalancing:DescribeTargetGroups", | |||
"elasticloadbalancing:DescribeListeners", | |||
"elasticloadbalancing:ModifyListener", | |||
"elasticloadbalancing:DescribeRules", | |||
"elasticloadbalancing:ModifyRule", | |||
"lambda:InvokeFunction", | |||
"cloudwatch:DescribeAlarms", | |||
"sns:Publish", | |||
"s3:GetObject", | |||
"s3:GetObjectMetadata", | |||
"s3:GetObjectVersion" | |||
], | |||
"Resource": "*", | |||
"Effect": "Allow" | |||
}, | |||
{ | |||
"Action": [ | |||
"iam:PassRole" | |||
], | |||
"Effect": "Allow", | |||
"Resource": "*", | |||
"Condition": { | |||
"StringLike": { | |||
"iam:PassedToService": [ | |||
"ecs-tasks.amazonaws.com" | |||
] | |||
} | |||
} | |||
} | |||
] | |||
} | |||
</syntaxhighlight> | |||
==Environment Configuration== | |||
====Chose an ECS cluster name==== | |||
====Chose an ECS service name==== | |||
==Load balancers== | |||
====Chose a load balancer==== | |||
====Production listener port==== | |||
====Test listener port==== | |||
====Target group 1 name==== | |||
{{Internal|AWS_CodeDeploy_Concepts#Target_Group|AWS CodeDeploy Concepts - Target Group}} | |||
====Target group 2 name==== | |||
==Deployment Settings== | |||
====Traffic rerouting==== | |||
Reroute the traffic immediately. | |||
====Deployment Configuration==== | |||
====Original revision termination==== |
Latest revision as of 19:46, 28 February 2019
Internal
Create an Application
An AWS CodeDeploy application can be automatically created when defining an ECS service and selecting a Blue/Green deployment type.
Application Configuration
Application name
Compute platform
Amazon ECS.
Create a Deployment Group
Prerequisites
If this deployment group is intended to serve an ECS cluster service, the service must be creates in advance and the fact that AWS CodeDeploy will handle deployments must be known to the service at creation time. Capability of a service to use AWS CodeDeploy deployments is defined at the service deployment configuration phase, as shown here: "ECS Operations - Service Configuration".
Application
Deployment Group Name
themyscira-unity-deployment-group
Service Role
First create a service role with CodeDeploy permissions that grants AWS CodeDeploy access to the target instances. This is how to crate a Service Role:
Name: "themyscira-unity-codedeploy-role"
After creation, which can be done through a standard IAM wizard, it contains an AWSCodeDeployRoleForECS policy that looks like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ecs:DescribeServices",
"ecs:CreateTaskSet",
"ecs:UpdateServicePrimaryTaskSet",
"ecs:DeleteTaskSet",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:ModifyListener",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:ModifyRule",
"lambda:InvokeFunction",
"cloudwatch:DescribeAlarms",
"sns:Publish",
"s3:GetObject",
"s3:GetObjectMetadata",
"s3:GetObjectVersion"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"iam:PassRole"
],
"Effect": "Allow",
"Resource": "*",
"Condition": {
"StringLike": {
"iam:PassedToService": [
"ecs-tasks.amazonaws.com"
]
}
}
}
]
}
Environment Configuration
Chose an ECS cluster name
Chose an ECS service name
Load balancers
Chose a load balancer
Production listener port
Test listener port
Target group 1 name
Target group 2 name
Deployment Settings
Traffic rerouting
Reroute the traffic immediately.