How to Deploy Application Code From S3 Using AWS CodeDeploy

In a previous post, we discussed the top 5 deployment tools for AWS. Out of them, AWS CodeDeploy is a tool which is especially designed for AWS. It is a new service by Amazon Web Services which was launched during the Re:Invent 2014 conference held in Las Vegas last November. The primary focus of AWS CodeDeploy is to automate the deployment process, minimize downtime, easy adoption, and centralized control.

In this post, we will see how you can leverage AWS CodeDeploy to deploy your latest application code to your EC2 instances. AWS CodeDeploy deploys applications from Amazon S3 or GitHub. We will focus on deploying the application using Amazon S3 here.

Before starting, please go through the terminology used across this post which is specific to AWS CodeDeploy:

  • Application: Unique name provided to your application.
  • Revision: A combination of archive files with Application Specification File (AppSec). The archive file comprises source code, deployment scripts, web pages, executables, etc. Revisions are stored in S3 or GitHub repositories.
  • Deployment Configuration: a set of deployment rules and deployment success and failure conditions that AWSCodeDeploy uses during a deployment.
  • Deployment Group: a set of deployment targets, i.e.: individual instances or autoscaled instances. Deployment on individual instances works based on tags.

Deploying code from S3 to CodeDeploy: application prerequisites

Operating System: Amazon Linux 2014.09.1
Application Type: Simple HTML, CSS, JS application
Region: N. Virginia (us-east-1)

Pre-requisites

We need to have two IAM roles: a Service Role and an Instance Profile Role.

Service Role: Service Role access will be granted to AWS CodeDeploy to read through your EC2 instance tags. For auto-scaled instances, it looks for your autoscaling name tags. Service Role Policy is as follows:

{
"Version": "2012-10-17",
"Statement": [
   {
     "Action": [
       "autoscaling:PutLifecycleHook",
       "autoscaling:DeleteLifecycleHook",
       "autoscaling:RecordLifecycleActionHeartbeat",
       "autoscaling:CompleteLifecycleAction",
       "autoscaling:DescribeAutoscalingGroups",
       "autoscaling:PutInstanceInStandby",
       "autoscaling:PutInstanceInService",
       "ec2:Describe*"
     ],
     "Effect": "Allow",
     "Resource": "*"
   }
]
}

Once the IAM role is created, you need to establish a trusted relationship for this role with AWSCodeDeploy. Modify trust relationship policy for this particular role and set it to below mentioned policy :

{
"Version": "2012-10-17",
"Statement": [
    {
    "Sid": "",
    "Effect": "Allow",
    "Principal": {
    "Service": [
        "codedeploy.us-east-1.amazonaws.com",
        "codedeploy.us-west-2.amazonaws.com"
    ]
    },
    "Action": "sts:AssumeRole"
    }
]
}

Instance Profile Role: EC2 instances needs to be launched with proper permissions to access files from S3 buckets.

{
    "Version": "2012-10-17",
    "Statement": [
    {
        "Action": [
            "s3:Get*",
            "s3:List*"
        ],
        "Effect": "Allow",
        "Resource": "*"
    }
    ]
}

Building Deployment Revision

To build a deployment revision for S3, you need to create a compressed archive file with your application code and an application specification file (AppSpec). AppSpec is the heart of CodeDeploy and is written in YAML. AppSpec defines how the application code will be deployed on deployment targets and which deployment lifecycle event hooks to run in response to various deployment lifecycle events. It should be in the root of an application source code’s directory structure.

High-Level Structure of AppSpec File:

version: 0.0
os: operating-system-name
files: source-destination-files-mappings
permissions: permissions-specifications
hooks: deployment-lifecycle-event-mappings

In the structure above, you can find the following fields:
Version:  the version of your application
OS: Operating system of your deployment targets, i.e.: Linux or Windows
Files: name of the files copied to the deployment target
Permissions: how permissions are applied to files copied to the deployment target
Hooks: scripts to run at specific deployment lifecycle events during the deployment. The available event hooks are:

  • ApplicationStop: events to be performed when the application is stopped
  • DownloadBundle: occurs when CodeDeploy agent downloads bundle from S3 bucket
  • BeforeInstall: occurs before AWSCodeDeploy starts deployment of application code to the deployment target
  • Install: AWSCodeDeploy copies files to deployment targets
  • AfterInstall: occurs once files are copied and installed to deployment targets
  • ApplicationStart: occurs just before your application revision is started on the deployment target
  • ValidateService: occurs after the service has been validated

The sample AppSpec File used for this example deployment is as below:

version: 0.0
os: linux
files:
   - source: /
     destination: /var/www/html
permissions:
   - object: /var/www/html
     pattern: "**"
     owner: apache
     group: apache
     mode: 755
     type:
       - file
hooks:
   BeforeInstall:
   - location: Scripts/installapache.sh
     runas: root
   - location: Scripts/startapache.sh
     runas: root
   AfterInstall:
   - location: Scripts/restartapache.sh
     runas: root

The Sample AWSCodeDeploy application used for this blog post is available over here.

Creating the CodeDeploy Application and Performing Deployment

1. Launch an EC2 instance with the Instance Profile role created before, a tag that you like (e.g. Environment = Production or Name = CodeDeployDemo) and with the following user data :

sudo yum update
sudo yum install aws-cli
cd /home/ec2-user
aws s3 cp s3://aws-codedeploy-us-east-1/latest/install . --region us-east-1
chmod +x ./install
sudo ./install auto

2. Go back to the AWS Management Console and select the “CodeDeploy” service.
AWSCodeDeploy Getting Started

Click on Get Started Now to create your first application and deployment group. It provides you two options:

  • Sample Deployment allows you to deploy a sample WordPress application on EC2 instances.
  • Custom Deployment allows you to deploy your application on existing EC2 instances.

AWSCodeDeploy Welcome Screen
We will pick with the Custom Deployment model.
3. Create your application
A CodeDeploy application helps you to create deployment groups and to identify deployment targets (EC2 instances) on which a particular revision is applied.
To create an application, you need to provide:

  • Application Name: suitable name for your CodeDeploy application
  • Deployment Group Name: name provided to your deployment group on which you will be deploying your application
  • Amazon EC2 tags: specified key-value pair basis on which deployment targets are identified. For auto-scaling, you need to provide an auto-scaling group name.
  • Deployment Configuration: Desired deployment configuration. This determines how the application will be deployed on EC2 instances. There are three possible options i.e., CodeDeployDefault.AllAtOnce, CodeDeployDefault.HalfAtOnce, CodeDeployDefault.OnceAtOnce.
  • Service Role: This is the service role created by you during pre-requisites step 1.
AWS CodeDeploy Application Creation

AWS CodeDeploy Application Search by Amazon EC2 TagsOnce all the necessary details are filled up, click on “Create Application” and move towards creating new deployments and publishing new revisions.
4. Create new deployment
Once the application is created, it is time to create a new deployment which will deploy a revision to deployment targets.
To create a deployment, go to that application and select deploy new revision.
AWSCodeDeploy How to Deploy your Application Screen

For a new deployment, we need to pass:

  • Application Name: name of the application you created in a previous step.
  • Deployment Group: select the deployment group you created in a previous step.
  • Revision Type: whether deployment code is available at S3 or GitHub
  • Revision Location: S3/GitHub path of the deployment code
  • Deployment Description: Description of this deployment
  • Deployment Config: Desired deployment configuration. This determines how the application will be deployed on EC2 instances. There are three possible options: CodeDeployDefault.AllAtOnce, CodeDeployDefault.HalfAtOnce, CodeDeployDefault.OnceAtOnce.
AWSCodeDeploy Create New Deployment Screen

AWSCodeDeploy Deployment Creation File Type Drop Down
That’s it. Deployment process has started and you can monitor the deployment process on the next screen.
AWSCodeDeploy Deployments Creation Progress
The deployment process goes from Created to In Progress to Succeeded.
AWSCodeDeploy Successful Completion
Once the deployment process is completed, you can go back and view your application.
If you used the above application, you will see something like this:
Sample AWSCodeDeploy Application

Re-Deploying Application with the latest revision

Deploying your latest revision is very easy. All you need to do is to build a compressed archive file (sample new build archive file) and put it into S3 bucket. Once done, go back to your application and create new deployment where you need to pass the latest S3 archive file path as revision location.

A new revision of sample application used for this post is available over here.
New AWSCodeDeploy Deployment Creation
Now, initiate the deployment procedure and new application code will be deployed to your instances.
AWSCodeDeploy Successful Deployment
Once done, go back to your browser and browse the application using the public IP address of your instance.
Updated AWSCodeDeploy Application

Limitations of AWS CodeDeploy

  • Only available for N.Virginia and Oregon region.
  • Existing running instances without IAM roles cannot use AWS CodeDeploy. You need to re-launch them using Instance Profile IAM role created above under Pre-requisites section.

Avatar

Written by

Sanket Dangi

Head of Managed Services at REAN Cloud. Before joining REAN Cloud, I was CEO and Founder of StraightArc Solutions which was later acquired by REAN Cloud. I started my career working on cloud computing. Loves to talk about DevOps, System Administration, Scalability, High Availability, Disaster Recovery and Cloud Security. Apart from work, I love to meet people, travel and watch sports.


Related Posts

Albert Qian
Albert Qian
— November 13, 2019

Microservices Architecture: Advantages and Drawbacks

What are microservices? Let's start our discussion by setting a foundation of what microservices are. Microservices are a way of breaking large software projects into loosely coupled modules, which communicate with each other through simple Application Programming Interfaces (APIs). ...

Read more
  • AWS
  • Docker
  • Kubernetes
  • Microservices
Nisar Ahmad
Nisar Ahmad
— November 12, 2019

Kubernetes Services: AWS vs. Azure vs. Google Cloud

Kubernetes is a popular open-source container orchestration platform that allows us to deploy and manage multi-container applications at scale. Businesses are rapidly adopting this revolutionary technology to modernize their applications. Cloud service providers — such as Amazon Web Ser...

Read more
  • AWS
  • Azure
  • Google Cloud
  • Kubernetes
Avatar
Stuart Scott
— October 31, 2019

AWS Internet of Things (IoT): The 3 Services You Need to Know

The Internet of Things (IoT) embeds technology into any physical thing to enable never-before-seen levels of connectivity. IoT is revolutionizing industries and creating many new market opportunities. Cloud services play an important role in enabling deployment of IoT solutions that min...

Read more
  • AWS
  • AWS IoT Events
  • AWS IoT SiteWise
  • AWS IoT Things Graph
  • IoT
Avatar
Cloud Academy Team
— October 23, 2019

Which Certifications Should I Get?

As we mentioned in an earlier post, the old AWS slogan, “Cloud is the new normal” is indeed a reality today. Really, cloud has been the new normal for a while now and getting credentials has become an increasingly effective way to quickly showcase your abilities to recruiters and compan...

Read more
  • AWS
  • Azure
  • Certifications
  • Cloud Computing
  • Google Cloud Platform
Valery Calderón Briz
Valery Calderón Briz
— October 22, 2019

How to Go Serverless Like a Pro

So, no servers? Yeah, I checked and there are definitely no servers. Well...the cloud service providers do need servers to host and run the code, but we don’t have to worry about it. Which operating system to use, how and when to run the instances, the scalability, and all the arch...

Read more
  • AWS
  • Lambda
  • Serverless
Avatar
Stuart Scott
— October 16, 2019

AWS Security: Bastion Hosts, NAT instances and VPC Peering

Effective security requires close control over your data and resources. Bastion hosts, NAT instances, and VPC peering can help you secure your AWS infrastructure. Welcome to part four of my AWS Security overview. In part three, we looked at network security at the subnet level. This ti...

Read more
  • AWS
Avatar
Sudhi Seshachala
— October 9, 2019

Top 13 Amazon Virtual Private Cloud (VPC) Best Practices

Amazon Virtual Private Cloud (VPC) brings a host of advantages to the table, including static private IP addresses, Elastic Network Interfaces, secure bastion host setup, DHCP options, Advanced Network Access Control, predictable internal IP ranges, VPN connectivity, movement of interna...

Read more
  • AWS
  • best practices
  • VPC
Avatar
Stuart Scott
— October 2, 2019

Big Changes to the AWS Certification Exams

With AWS re:Invent 2019 just around the corner, we can expect some early announcements to trickle through with upcoming features and services. However, AWS has just announced some big changes to their certification exams. So what’s changing and what’s new? There is a brand NEW ...

Read more
  • AWS
  • Certifications
Alisha Reyes
Alisha Reyes
— October 1, 2019

New on Cloud Academy: ITIL® 4, Microsoft 365 Tenant, Jenkins, TOGAF® 9.1, and more

At Cloud Academy, we're always striving to make improvements to our training platform. Based on your feedback, we released some new features to help make it easier for you to continue studying. These new features allow you to: Remove content from “Continue Studying” section Disc...

Read more
  • AWS
  • Azure
  • Google Cloud Platform
  • ITIL® 4
  • Jenkins
  • Microsoft 365 Tenant
  • New content
  • Product Feature
  • Python programming
  • TOGAF® 9.1
Avatar
Stuart Scott
— September 27, 2019

AWS Security Groups: Instance Level Security

Instance security requires that you fully understand AWS security groups, along with patching responsibility, key pairs, and various tenancy options. As a precursor to this post, you should have a thorough understanding of the AWS Shared Responsibility Model before moving onto discussi...

Read more
  • AWS
  • instance security
  • Security
  • security groups
Avatar
Jeremy Cook
— September 17, 2019

Cloud Migration Risks & Benefits

If you’re like most businesses, you already have at least one workload running in the cloud. However, that doesn’t mean that cloud migration is right for everyone. While cloud environments are generally scalable, reliable, and highly available, those won’t be the only considerations dri...

Read more
  • AWS
  • Azure
  • Cloud Migration
Joe Nemer
Joe Nemer
— September 12, 2019

Real-Time Application Monitoring with Amazon Kinesis

Amazon Kinesis is a real-time data streaming service that makes it easy to collect, process, and analyze data so you can get quick insights and react as fast as possible to new information.  With Amazon Kinesis you can ingest real-time data such as application logs, website clickstre...

Read more
  • amazon kinesis
  • AWS
  • Stream Analytics
  • Streaming data