AWS CodeDeploy Operations

From NovaOrdis Knowledge Base
Revision as of 18:05, 28 February 2019 by Ovidiu (talk | contribs) (→‎Service Role)
Jump to navigation Jump to search

Internal

Create an Application

Application Configuration

Application name

Compute platform

Amazon ECS.

Crete a Deployment Group

Application

Deployment Group Name

Service Role

First create a service role with CodeDeploy permissions that grants AWS CodeDeploy access to the target instances. This is how to crate a Service Role:

Create an IAM Role

Name: "themyscira-unity-codedeploy-role"

After creation, which can be done through a standard IAM wizard, it contains an AWSCodeDeployRoleForECS policy that looks like this: 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "ecs:DescribeServices",
                "ecs:CreateTaskSet",
                "ecs:UpdateServicePrimaryTaskSet",
                "ecs:DeleteTaskSet",
                "elasticloadbalancing:DescribeTargetGroups",
                "elasticloadbalancing:DescribeListeners",
                "elasticloadbalancing:ModifyListener",
                "elasticloadbalancing:DescribeRules",
                "elasticloadbalancing:ModifyRule",
                "lambda:InvokeFunction",
                "cloudwatch:DescribeAlarms",
                "sns:Publish",
                "s3:GetObject",
                "s3:GetObjectMetadata",
                "s3:GetObjectVersion"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "iam:PassRole"
            ],
            "Effect": "Allow",
            "Resource": "*",
            "Condition": {
                "StringLike": {
                    "iam:PassedToService": [
                        "ecs-tasks.amazonaws.com"
                    ]
                }
            }
        }
    ]
}
Retrieved from "https://kb.novaordis.com/index.php?title=AWS_CodeDeploy_Operations&oldid=55460"