-
Notifications
You must be signed in to change notification settings - Fork 0
The AWS Document
Kenton Lam edited this page Sep 24, 2020
·
7 revisions
- CodePipeline has a webhook which is fired by pushes to a branch.
- This triggers CodeDeploy which deploys it on the EC2 instance according to appspec.yml and scripts in deploy/ of the repo.
- This makes use of the secrets repo which contains the required tokens.
- Along the way, everything needs to be tied together with IAM roles, applications, pipelines, deployment groups, and deployments.
- CloudWatch will let you view the logs for CodeDeploy actions and scripts and Docker.
- Systems Manager has a Parameter Store which stores the secret key used by git-crypt to unlock the secret tokens.
- An Elastic IP is used to provide a static IP address to the EC2 instance (they normally change per reboot).
- Create new IAM role with these policies applied: AmazonEC2FullAccess, AmazonS3FullAccess, AWSCodeDeployFullAccess, AmazonSSMManagedInstanceCore, CloudWatchLogsFullAccess.
- Create a new EC2 instance with the previous IAM role.
- Login to the EC2 using SSH. Note the IP is not static.
Somewhat tested. Paste this into a script before running.
sudo yum update -y
sudo yum install -y ruby wget
cd /home/ec2-user
wget https://aws-codedeploy-ap-southeast-2.s3.ap-southeast-2.amazonaws.com/latest/install
chmod +x ./install
sudo ./install auto
sudo yum install -y amazon-cloudwatch-agent
wget https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py
wget https://s3.amazonaws.com/aws-codedeploy-us-east-1/cloudwatch/codedeploy_logs.conf
chmod +x ./awslogs-agent-setup.py
sudo python awslogs-agent-setup.py -n -r ap-southeast-2 -c s3://aws-codedeploy-us-east-1/cloudwatch/awslogs.conf
sudo mkdir -p /var/awslogs/etc/config
sudo cp codedeploy_logs.conf /var/awslogs/etc/config/
sudo service awslogs restart
sudo yum update -y
sudo amazon-linux-extras install docker
sudo service docker start
sudo usermod -a -G docker ec2-user
sudo systemctl enable docker
sudo curl -L "https://github.com/docker/compose/releases/download/1.27.3/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
sudo yum install -y git
sudo yum install -y gcc-c++ openssl-devel openssl
git clone https://github.com/AGWA/git-crypt.git
cd git-crypt
make
sudo make install
cd ..
curl -sL https://rpm.nodesource.com/setup_14.x | sudo bash -
sudo yum install -y nodejs
curl --silent --location https://dl.yarnpkg.com/rpm/yarn.repo | sudo tee /etc/yum.repos.d/yarn.repo
sudo yum install -y yarnCRA uses excessive amounts of RAM so we need to create a swap file. See https://aws.amazon.com/premiumsupport/knowledge-center/ec2-memory-swap-file/
- Install CodeDeploy: https://docs.aws.amazon.com/codedeploy/latest/userguide/codedeploy-agent-operations-install-linux.html
- Install CloudWatch:
sudo yum install amazon-cloudwatch-agent - Modify the /etc/issue to have "Amazon Linux AMI" on the first line.
- Install CloudWatch logger for CodeDeploy:
wget https://s3.amazonaws.com/aws-cloudwatch/downloads/latest/awslogs-agent-setup.py wget https://s3.amazonaws.com/aws-codedeploy-us-east-1/cloudwatch/codedeploy_logs.conf chmod +x ./awslogs-agent-setup.py sudo python awslogs-agent-setup.py -n -r ap-southeast-2 -c s3://aws-codedeploy-us-east-1/cloudwatch/awslogs.conf sudo mkdir -p /var/awslogs/etc/config sudo cp codedeploy_logs.conf /var/awslogs/etc/config/ sudo service awslogs restart - Install Docker: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/docker-basics.html
- Install Docker Compose: https://docs.docker.com/compose/install/. Use the instructions for "Linux".
- Install Git:
sudo yum install -y git - Install git-crypt: https://wwsean08.com/2018/05/git-crypt/
- Add Node repo: https://github.com/nodesource/distributions/blob/master/README.md#installation-instructions-1. Use the Enterprise Linux instructions.
- Install Node:
sudo yum install -y nodejs - Install Yarn: https://classic.yarnpkg.com/en/docs/install/#centos-stable
OnBoard © 2020