FL8: Configure CodeDeploy Agent

Task: Configure the AWS CodeDeploy Agent

Note: The CodeDeploy Agent can be deployed & work on any supported environment, as long as outbound internet access is available.

To get started, first, create an IAM user and generate CLI credentials with the respective permissions for CodeDeploy, S3 & IAM. Also add a statement for AWS Secrets Manager as follows - make sure to match the respective <Secret ARN> for your secret:

Node

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "secretsmanager:GetSecretValue"
            ],
            "Resource": "<Secret ARN>"
        },
        {
            "Effect": "Allow",
            "Action": [
                "codedeploy:*",
                "iam:CreateAccessKey",
                "iam:CreateUser",
                "iam:DeleteAccessKey",
                "iam:DeleteUser",
                "iam:DeleteUserPolicy",
                "iam:ListAccessKeys",
                "iam:ListUserPolicies",
                "iam:PutUserPolicy",
                "iam:GetUser",
                "tag:GetTags",
                "tag:GetResources"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:Get*",
                "s3:List*"
            ],
            "Resource": [
                "arn:aws:s3:::aws-codedeploy-us-east-2/*",
                "arn:aws:s3:::aws-codedeploy-us-east-1/*",
                "arn:aws:s3:::aws-codedeploy-us-west-1/*",
                "arn:aws:s3:::aws-codedeploy-us-west-2/*",
                "arn:aws:s3:::aws-codedeploy-ca-central-1/*",
                "arn:aws:s3:::aws-codedeploy-eu-west-1/*",
                "arn:aws:s3:::aws-codedeploy-eu-west-2/*",
                "arn:aws:s3:::aws-codedeploy-eu-west-3/*",
                "arn:aws:s3:::aws-codedeploy-eu-central-1/*",
                "arn:aws:s3:::aws-codedeploy-ap-east-1/*",
                "arn:aws:s3:::aws-codedeploy-ap-northeast-1/*",
                "arn:aws:s3:::aws-codedeploy-ap-northeast-2/*",
                "arn:aws:s3:::aws-codedeploy-ap-southeast-1/*",
                "arn:aws:s3:::aws-codedeploy-ap-southeast-2/*",
                "arn:aws:s3:::aws-codedeploy-ap-south-1/*",
                "arn:aws:s3:::aws-codedeploy-sa-east-1/*"
            ]
        }
    ]
}

For more info on the registration process, see here.

Now logon to your designated system to host the CodeDeploy Agent (e.g. via ssh).

Install the AWS CLI and assign the previously generated credentials.

$ aws configure ...

Create a new folder to temporarily store any deployment artifacts (matches destination inside appspec.yml)

$ mkdir /codedeploy
$ mkdir /codedeploy/sapfioriapp

Install latest Node.js (used to run deployment script)

Install Node.js on Linux or other OS
Install Node.js on SLES (inofficial)

Install AWS CodeDeploy Agent

Install Agent on SLES (inofficial)

Go ahead and register the agent (Help)

Specify instance <NAME> (arbitrary) & <AWS REGION> and run the following command

$ aws deploy register --instance-name <NAME> --tags Key=Name,Value=CodeDeployDemo-OnPrem --region <AWS REGION>

Copy resulting config file to the agent directory

$ cp codedeploy.onpremises.yml /etc/codedeploy-agent/conf/codedeploy.onpremises.yml

Restart Agent

$ sudo service codedeploy-agent stop
$ sudo service codedeploy-agent start
$ sudo service codedeploy-agent status

The CodeDeploy Agent should now be visible inside the console:

Node

In case of troubleshooting, check the agent logs as follows:

$ cat /opt/codedeploy-agent/deployment-root/deployment-logs/codedeploy-agent-deployments.log

Note: Any deployment failure will also displayed inside AWS CodeDeploy console!