Skip to content

Commit c3ae8c7

Browse files
committed
Updates.
1 parent 865a374 commit c3ae8c7

File tree

1 file changed

+134
-11
lines changed

1 file changed

+134
-11
lines changed

README.md

Lines changed: 134 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ the [AWS CLI API](http://docs.aws.amazon.com/cli/latest/reference/deploy/index.h
2525
"techpivot/aws-code-deploy": "dev-master"
2626
}
2727
```
28-
* The file can then be executed from the /vendor/bin directory: `bash ./vendor/bin/aws-code-deploy.sh`
28+
* The file can then be executed from the /vendor/bin directory: `bash vendor/bin/aws-code-deploy.sh`
2929

3030
2. Git Submodule
3131

@@ -59,15 +59,130 @@ AWS_CODE_DEPLOY_DEPLOYMENT_DESCRIPTION
5959

6060
### CircleCI
6161

62+
**circle.yml**
63+
```
64+
machine:
65+
66+
environment:
67+
DEPLOY_DIR: $HOME/deploy
68+
69+
# We are defining the $AWS_CODE_DEPLOY_KEY and $AWS_CODE_DEPLOY_SECRET in the CircleCI Project Settings >
70+
# AWS Permissions which automatically configure these for use via aws cli and are automatically read
71+
# via aws-code-deploy.sh. Alternatively, these could be specified securely (not via project code) using
72+
# the CircleCI Environment Variables CircleCI control panel.
73+
AWS_CODE_DEPLOY_REGION: us-west-2
74+
AWS_CODE_DEPLOY_APPLICATION_NAME: "Company Website"
75+
AWS_CODE_DEPLOY_DEPLOYMENT_CONFIG_NAME: CodeDeployDefault.AllAtOnce
76+
AWS_CODE_DEPLOY_DEPLOYMENT_GROUP_NAME: "www.my-company.com"
77+
AWS_CODE_DEPLOY_SERVICE_ROLE_ARN: "arn:aws:iam::XXXXXXXXXXXXX:role/my-company-codedeploy"
78+
AWS_CODE_DEPLOY_EC2_TAG_FILTERS: "Key=Type,Value=www,Type=KEY_AND_VALUE"
79+
AWS_CODE_DEPLOY_APP_SOURCE: $HOME/deploy
80+
AWS_CODE_DEPLOY_S3_FILENAME: "${CIRCLE_BUILD_NUM}#${CIRCLE_SHA1:0:7}.zip"
81+
AWS_CODE_DEPLOY_S3_BUCKET: my-company-codedeploy-us-west-2
82+
AWS_CODE_DEPLOY_S3_KEY_PREFIX: /www
83+
AWS_CODE_DEPLOY_S3_LIMIT_BUCKET_FILES: 10
84+
AWS_CODE_DEPLOY_S3_SSE: true
85+
AWS_CODE_DEPLOY_REVISION_DESCRIPTION: "${CIRCLE_BRANCH} (#${CIRCLE_SHA1:0:7})"
86+
AWS_CODE_DEPLOY_DEPLOYMENT_DESCRIPTION: "Deployed via CircleCI on $(date)"
87+
88+
# ...
89+
90+
deployment:
91+
production:
92+
branch: master
93+
commands:
94+
- bash vendor/bin/aws-code-deploy.sh
95+
```
96+
6297
### TravisCI
6398

6499
### Manual
65100

66101

67102
## IAM Requirements
68103

104+
In order for the script to execute successfully, the specified AWS credentials must be granted the required
105+
IAM privileges for the corresponding actions. Since various steps of this script are optional it allows for
106+
flexibility in creating policies that apply the principle of least privilege. Two common examples are described
107+
below. In general, the script needs access to the following (depending on parameters):
69108

70-
## AWS Code Deploy Workflow with Detailed Variable Information
109+
1. Code Deploy - Verifying Application, Creating Application, Creating Revisions
110+
2. Code Deploy Deployment - Creating Deployment, Creating Deployment Group, Listing Instances
111+
3. S3 - Uploading bundle to S3, Deleting Old Revisions
112+
113+
114+
#### Wildcard Access
115+
This may be best for first time users with
116+
117+
118+
#### Explicit Access with Full Functionality
119+
*
120+
```
121+
{
122+
"Version": "2012-10-17",
123+
"Statement": [
124+
{
125+
"Effect": "Allow",
126+
"Action": [
127+
"codedeploy:CreateApplication",
128+
"codedeploy:GetApplication",
129+
"codedeploy:GetApplicationRevision",
130+
"codedeploy:RegisterApplicationRevision"
131+
],
132+
"Resource": [
133+
"arn:aws:codedeploy:us-west-2:XXXXXXXXXXXX:application:TechPivot"
134+
]
135+
},
136+
{
137+
"Effect": "Allow",
138+
"Action": [
139+
"codedeploy:CreateDeployment",
140+
"codedeploy:GetDeployment",
141+
"codedeploy:GetDeploymentGroup",
142+
"codedeploy:GetDeploymentInstance",
143+
"codedeploy:ListDeploymentInstances"
144+
],
145+
"Resource": [
146+
"arn:aws:codedeploy:us-west-2:XXXXXXXXXXXX:deploymentgroup:TechPivot/*"
147+
]
148+
},
149+
{
150+
"Effect": "Allow",
151+
"Action": [
152+
"codedeploy:GetDeploymentConfig"
153+
],
154+
"Resource": [
155+
"arn:aws:codedeploy:us-west-2:XXXXXXXXXXXX:deploymentconfig:CodeDeployDefault.OneAtATime",
156+
"arn:aws:codedeploy:us-west-2:XXXXXXXXXXXX:deploymentconfig:CodeDeployDefault.HalfAtATime",
157+
"arn:aws:codedeploy:us-west-2:XXXXXXXXXXXX:deploymentconfig:CodeDeployDefault.AllAtOnce"
158+
]
159+
},
160+
{
161+
"Effect": "Allow",
162+
"Action": [
163+
"s3:DeleteObject",
164+
"s3:GetObject",
165+
"s3:PutObject"
166+
],
167+
"Resource": [
168+
"arn:aws:s3:::techpivot-codedeploy-us-west-2/*"
169+
]
170+
},
171+
{
172+
"Effect": "Allow",
173+
"Action": [
174+
"s3:ListBucket",
175+
"s3:ListObjects"
176+
],
177+
"Resource": [
178+
"arn:aws:s3:::techpivot-codedeploy-us-west-2"
179+
]
180+
}
181+
]
182+
}
183+
```
184+
185+
## Detailed Workflow & Variable Information
71186

72187
#### Step 1: Checking Dependencies
73188

@@ -102,6 +217,7 @@ Environment Variables:
102217
* `AWS_CODE_DEPLOY_DEPLOYMENT_CONFIG_NAME` (optional): Deployment config name. By default: _CodeDeployDefault.OneAtATime_. Built-in options:
103218
* CodeDeployDefault.OneAtATime
104219
* CodeDeployDefault.AllAtOnce
220+
* CodeDeployDefault.HalfAtATime
105221
* `AWS_CODE_DEPLOY_MINIMUM_HEALTHY_HOSTS` (optional): The minimum number of healthy instances during deployment. By default: _type=FLEET_PERCENT,value=75_
106222

107223
#### Step 5: [Deployment Group](http://docs.aws.amazon.com/cli/latest/reference/deploy/create-deployment-group.html)
@@ -137,14 +253,17 @@ This step consists to push the application to S3.
137253
Environment Variables:
138254

139255
* `AWS_CODE_DEPLOY_S3_BUCKET` (required): The name of the S3 bucket to deploy the revision
140-
* `AWS_CODE_DEPLOY_S3_KEY_PREFIX` (optional): A prefix to use for the file key. It's highly recommended to structure a bucket with a prefix per deployment group. This allows to limit stored revisions per deployment group. Note: A leading or trailing slash is not required. For example:
141-
```
142-
AWS_CODE_DEPLOY_S3_BUCKET="my-bucket-test"
143-
AWS_CODE_DEPLOY_S3_KEY_PREFIX="production-www"
144-
AWS_CODE_DEPLOY_S3_FILENAME="100#c3a5fea.zip"
256+
* `AWS_CODE_DEPLOY_S3_KEY_PREFIX` (optional): A prefix to use for the file key. It's highly recommended to structure a bucket with a prefix per deployment group. This allows to limit stored revisions per deployment group. Note: A leading or trailing slash is not required.
145257

146-
# The resulting stored file would exist at s3://my-bucket-test/production-www/100#c3a5fea.zip
147-
```
258+
For example:
259+
260+
```
261+
AWS_CODE_DEPLOY_S3_BUCKET="my-bucket-test"
262+
AWS_CODE_DEPLOY_S3_KEY_PREFIX="production-www"
263+
AWS_CODE_DEPLOY_S3_FILENAME="100#c3a5fea.zip"
264+
265+
# The resulting stored file would exist at s3://my-bucket-test/production-www/100#c3a5fea.zip
266+
```
148267

149268
#### Step 8: Limiting Deploy Revisions per Bucket/Key
150269

@@ -153,13 +272,17 @@ old revisions to help limit the size of the container. Large teams can quickly f
153272
TBs/day depending on the projects. Since deployments typically don't need to store that many versions
154273
backwards, this step will ensure that only N revisions exist, removing oldest revisions upon deploy.
155274

156-
> Note: If a limit is specified, the `ListObjects` IAM permission will need to be granted for the
275+
> Note: If a limit is specified, the IAM permissions described below will need to be granted for the
157276
specific s3://bucket/(key).
158277

159278
Environment Variables:
160-
161279
* `AWS_CODE_DEPLOY_S3_LIMIT_BUCKET_FILES` (optional): Number of revisions to limit. If 0, unlimited. By default: 0
162280

281+
Required IAM Access:
282+
* Wildcard: `s3:DeleteObject`, `s3:GetObject`
283+
* Bucket Policy: `s3:ListBucket`, `s3:ListObjects`
284+
285+
163286
#### Step 9: [Registering Revision](http://docs.aws.amazon.com/cli/latest/reference/deploy/register-application-revision.html)
164287

165288
This step registers a code deploy revision for the uploaded file to the specified application/deployment group.

0 commit comments

Comments
 (0)