一、准备工作和先决条件
(1)被部署的实例,需要安装codedeploy-agent,安装方法
git clone https://github.com/aws/aws-codedeploy-agent.git cd aws-codedeploy-agent/bin ./install auto
或者用我从安装过程中截获的rpm包安装也行,分享给大家wget即可
http://cypay-filesharing.s3.amazonaws.com/public/wangfei/codedeploy-agent-1.0-1.643.noarch.rpm
(2)创建一个存放代码包的S3 bucket,此例中叫s3://CYPayCodeDeployBucket
,美东地区
(3)创建一个Instance Profile,并使新创建的EC2实例使用该Instance Profile,这个过程中还需要创建个IAM Role,并让Role与Profile关联,该过程授权EC2实例内部的CodeDeploy-Agent能从S3下载版本包。然后再创建一个Service Role给Codedeploy服务用,该服务需要一些EC2权限
大概创建过程:创建个IAM Role,授权AssumeRole和访问版本存放S3,再创建个Instance Profile,然后将之前的Role关联到Profile上;再创建个Role给CodeDeploy服务用;
具体过程:
创建文件 CodeDeployInstanceProfile-Trust.json
{ "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }
再创建一个文件CodeDeployInstanceProfile-Permissions.json
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:Get*", "s3:List*" ], "Effect": "Allow", "Resource":"arn:aws:s3:::CYPayCodeDeployBucket/*" } ] }
然后创建角色叫CodeDeployInstanceRole,并给Role加策略
aws iam create-role \ --role-name CodeDeployInstanceRole \ --assume-role-policy-document file://CodeDeployInstanceProfile-Trust.json aws iam put-role-policy \ --role-name CodeDeployInsta