How to Deploy Application Code From S3 Using AWS CodeDeploy

In a previous post, we discussed the top 5 deployment tools for AWS. Out of them, AWS CodeDeploy is a tool which is especially designed for AWS. It is a new service by Amazon Web Services which was launched during the Re:Invent 2014 conference held in Las Vegas last November. The primary focus of AWS CodeDeploy is to automate the deployment process, minimize downtime, easy adoption, and centralized control.

In this post, we will see how you can leverage AWS CodeDeploy to deploy your latest application code to your EC2 instances. AWS CodeDeploy deploys applications from Amazon S3 or GitHub. We will focus on deploying the application using Amazon S3 here.

Before starting, please go through the terminology used across this post which is specific to AWS CodeDeploy:

  • Application: Unique name provided to your application.
  • Revision: A combination of archive files with Application Specification File (AppSec). The archive file comprises source code, deployment scripts, web pages, executables, etc. Revisions are stored in S3 or GitHub repositories.
  • Deployment Configuration: a set of deployment rules and deployment success and failure conditions that AWSCodeDeploy uses during a deployment.
  • Deployment Group: a set of deployment targets, i.e.: individual instances or autoscaled instances. Deployment on individual instances works based on tags.

Deploying code from S3 to CodeDeploy: application prerequisites

Operating System: Amazon Linux 2014.09.1
Application Type: Simple HTML, CSS, JS application
Region: N. Virginia (us-east-1)

Pre-requisites

We need to have two IAM roles: a Service Role and an Instance Profile Role.

Service Role: Service Role access will be granted to AWS CodeDeploy to read through your EC2 instance tags. For auto-scaled instances, it looks for your autoscaling name tags. Service Role Policy is as follows:

{
"Version": "2012-10-17",
"Statement": [
   {
     "Action": [
       "autoscaling:PutLifecycleHook",
       "autoscaling:DeleteLifecycleHook",
       "autoscaling:RecordLifecycleActionHeartbeat",
       "autoscaling:CompleteLifecycleAction",
       "autoscaling:DescribeAutoscalingGroups",
       "autoscaling:PutInstanceInStandby",
       "autoscaling:PutInstanceInService",
       "ec2:Describe*"
     ],
     "Effect": "Allow",
     "Resource": "*"
   }
]
}

Once the IAM role is created, you need to establish a trusted relationship for this role with AWSCodeDeploy. Modify trust relationship policy for this particular role and set it to below mentioned policy :

{
"Version": "2012-10-17",
"Statement": [
    {
    "Sid": "",
    "Effect": "Allow",
    "Principal": {
    "Service": [
        "codedeploy.us-east-1.amazonaws.com",
        "codedeploy.us-west-2.amazonaws.com"
    ]
    },
    "Action": "sts:AssumeRole"
    }
]
}

Instance Profile Role: EC2 instances needs to be launched with proper permissions to access files from S3 buckets.

{
    "Version": "2012-10-17",
    "Statement": [
    {
        "Action": [
            "s3:Get*",
            "s3:List*"
        ],
        "Effect": "Allow",
        "Resource": "*"
    }
    ]
}

Building Deployment Revision

To build a deployment revision for S3, you need to create a compressed archive file with your application code and an application specification file (AppSpec). AppSpec is the heart of CodeDeploy and is written in YAML. AppSpec defines how the application code will be deployed on deployment targets and which deployment lifecycle event hooks to run in response to various deployment lifecycle events. It should be in the root of an application source code’s directory structure.

High-Level Structure of AppSpec File:

version: 0.0
os: operating-system-name
files: source-destination-files-mappings
permissions: permissions-specifications
hooks: deployment-lifecycle-event-mappings

In the structure above, you can find the following fields:
Version:  the version of your application
OS: Operating system of your deployment targets, i.e.: Linux or Windows
Files: name of the files copied to the deployment target
Permissions: how permissions are applied to files copied to the deployment target
Hooks: scripts to run at specific deployment lifecycle events during the deployment. The available event hooks are:

  • ApplicationStop: events to be performed when the application is stopped
  • DownloadBundle: occurs when CodeDeploy agent downloads bundle from S3 bucket
  • BeforeInstall: occurs before AWSCodeDeploy starts deployment of application code to the deployment target
  • Install: AWSCodeDeploy copies files to deployment targets
  • AfterInstall: occurs once files are copied and installed to deployment targets
  • ApplicationStart: occurs just before your application revision is started on the deployment target
  • ValidateService: occurs after the service has been validated

The sample AppSpec File used for this example deployment is as below:

version: 0.0
os: linux
files:
   - source: /
     destination: /var/www/html
permissions:
   - object: /var/www/html
     pattern: "**"
     owner: apache
     group: apache
     mode: 755
     type:
       - file
hooks:
   BeforeInstall:
   - location: Scripts/installapache.sh
     runas: root
   - location: Scripts/startapache.sh
     runas: root
   AfterInstall:
   - location: Scripts/restartapache.sh
     runas: root

The Sample AWSCodeDeploy application used for this blog post is available over here.

Creating the CodeDeploy Application and Performing Deployment

1. Launch an EC2 instance with the Instance Profile role created before, a tag that you like (e.g. Environment = Production or Name = CodeDeployDemo) and with the following user data :

sudo yum update
sudo yum install aws-cli
cd /home/ec2-user
aws s3 cp s3://aws-codedeploy-us-east-1/latest/install . --region us-east-1
chmod +x ./install
sudo ./install auto

2. Go back to the AWS Management Console and select the “CodeDeploy” service.
AWSCodeDeploy Getting Started

Click on Get Started Now to create your first application and deployment group. It provides you two options:

  • Sample Deployment allows you to deploy a sample WordPress application on EC2 instances.
  • Custom Deployment allows you to deploy your application on existing EC2 instances.

AWSCodeDeploy Welcome Screen
We will pick with the Custom Deployment model.
3. Create your application
A CodeDeploy application helps you to create deployment groups and to identify deployment targets (EC2 instances) on which a particular revision is applied.
To create an application, you need to provide:

  • Application Name: suitable name for your CodeDeploy application
  • Deployment Group Name: name provided to your deployment group on which you will be deploying your application
  • Amazon EC2 tags: specified key-value pair basis on which deployment targets are identified. For auto-scaling, you need to provide an auto-scaling group name.
  • Deployment Configuration: Desired deployment configuration. This determines how the application will be deployed on EC2 instances. There are three possible options i.e., CodeDeployDefault.AllAtOnce, CodeDeployDefault.HalfAtOnce, CodeDeployDefault.OnceAtOnce.
  • Service Role: This is the service role created by you during pre-requisites step 1.
AWS CodeDeploy Application Creation

AWS CodeDeploy Application Search by Amazon EC2 TagsOnce all the necessary details are filled up, click on “Create Application” and move towards creating new deployments and publishing new revisions.
4. Create new deployment
Once the application is created, it is time to create a new deployment which will deploy a revision to deployment targets.
To create a deployment, go to that application and select deploy new revision.
AWSCodeDeploy How to Deploy your Application Screen

For a new deployment, we need to pass:

  • Application Name: name of the application you created in a previous step.
  • Deployment Group: select the deployment group you created in a previous step.
  • Revision Type: whether deployment code is available at S3 or GitHub
  • Revision Location: S3/GitHub path of the deployment code
  • Deployment Description: Description of this deployment
  • Deployment Config: Desired deployment configuration. This determines how the application will be deployed on EC2 instances. There are three possible options: CodeDeployDefault.AllAtOnce, CodeDeployDefault.HalfAtOnce, CodeDeployDefault.OnceAtOnce.
AWSCodeDeploy Create New Deployment Screen

AWSCodeDeploy Deployment Creation File Type Drop Down
That’s it. Deployment process has started and you can monitor the deployment process on the next screen.
AWSCodeDeploy Deployments Creation Progress
The deployment process goes from Created to In Progress to Succeeded.
AWSCodeDeploy Successful Completion
Once the deployment process is completed, you can go back and view your application.
If you used the above application, you will see something like this:
Sample AWSCodeDeploy Application

Re-Deploying Application with the latest revision

Deploying your latest revision is very easy. All you need to do is to build a compressed archive file (sample new build archive file) and put it into S3 bucket. Once done, go back to your application and create new deployment where you need to pass the latest S3 archive file path as revision location.

A new revision of sample application used for this post is available over here.
New AWSCodeDeploy Deployment Creation
Now, initiate the deployment procedure and new application code will be deployed to your instances.
AWSCodeDeploy Successful Deployment
Once done, go back to your browser and browse the application using the public IP address of your instance.
Updated AWSCodeDeploy Application

Limitations of AWS CodeDeploy

  • Only available for N.Virginia and Oregon region.
  • Existing running instances without IAM roles cannot use AWS CodeDeploy. You need to re-launch them using Instance Profile IAM role created above under Pre-requisites section.

Avatar

Written by

Sanket Dangi

Head of Managed Services at REAN Cloud. Before joining REAN Cloud, I was CEO and Founder of StraightArc Solutions which was later acquired by REAN Cloud. I started my career working on cloud computing. Loves to talk about DevOps, System Administration, Scalability, High Availability, Disaster Recovery and Cloud Security. Apart from work, I love to meet people, travel and watch sports.

Related Posts

Joe Nemer
Joe Nemer
— September 12, 2019

Real-Time Application Monitoring with Amazon Kinesis

Amazon Kinesis is a real-time data streaming service that makes it easy to collect, process, and analyze data so you can get quick insights and react as fast as possible to new information.  With Amazon Kinesis you can ingest real-time data such as application logs, website clickstre...

Read more
  • amazon kinesis
  • AWS
  • Stream Analytics
  • Streaming data
Avatar
Alex Casalboni
— September 3, 2019

Google Vision vs. Amazon Rekognition: A Vendor-Neutral Comparison

Google Cloud Vision and Amazon Rekognition offer a broad spectrum of solutions, some of which are comparable in terms of functional details, quality, performance, and costs. This post is a fact-based comparative analysis on Google Vision vs. Amazon Rekognition and will focus on the tech...

Read more
  • Amazon Rekognition
  • AWS
  • Google Cloud Platform
  • Google Vision
Alisha Reyes
Alisha Reyes
— August 30, 2019

New on Cloud Academy: CISSP, AWS, Azure, & DevOps Labs, Python for Beginners, and more…

As Hurricane Dorian intensifies, it looks like Floridians across the entire state might have to hunker down for another big one. If you've gone through a hurricane, you know that preparing for one is no joke. You'll need a survival kit with plenty of water, flashlights, batteries, and n...

Read more
  • AWS
  • Azure
  • Google Cloud Platform
  • New content
  • Product Feature
  • Python programming
Joe Nemer
Joe Nemer
— August 27, 2019

Amazon Route 53: Why You Should Consider DNS Migration

What Amazon Route 53 brings to the DNS table Amazon Route 53 is a highly available and scalable Domain Name System (DNS) service offered by AWS. It is named by the TCP or UDP port 53, which is where DNS server requests are addressed. Like any DNS service, Route 53 handles domain regist...

Read more
  • Amazon
  • AWS
  • Cloud Migration
  • DNS
  • Route 53
Alisha Reyes
Alisha Reyes
— August 22, 2019

How to Unlock Complimentary Access to Cloud Academy

Are you looking to get trained or certified on AWS, Azure, Google Cloud Platform, DevOps, Cloud Security, Python, Java, or another technical skill? Then you'll want to mark your calendars for August 23, 2019. Starting Friday at 12:00 a.m. PDT (3:00 a.m. EDT), Cloud Academy is offering c...

Read more
  • AWS
  • Azure
  • cloud academy content
  • complimentary access
  • GCP
  • on the house
Avatar
Michael Sheehy
— August 19, 2019

What Exactly Is a Cloud Architect and How Do You Become One?

One of the buzzwords surrounding the cloud that I'm sure you've heard is "Cloud Architect." In this article, I will outline my understanding of what a cloud architect does and I'll analyze the skills and certifications necessary to become one. I will also list some of the types of jobs ...

Read more
  • AWS
  • Cloud Computing
Avatar
Nitheesh Poojary
— August 19, 2019

Boto: Using Python to Automate AWS Services

Boto allows you to write scripts to automate things like starting AWS EC2 instances Boto is a Python package that provides programmatic connectivity to Amazon Web Services (AWS). AWS offers a range of services for dynamically scaling servers including the core compute service, Elastic...

Read more
  • Automated AWS Services
  • AWS
  • Boto
  • Python
Avatar
Andrew Larkin
— August 13, 2019

Content Roadmap: AZ-500, ITIL 4, MS-100, Google Cloud Associate Engineer, and More

Last month, Cloud Academy joined forces with QA, the UK’s largest B2B skills provider, and it put us in an excellent position to solve a massive skills gap problem. As a result of this collaboration, you will see our training library grow with additions from QA’s massive catalog of 500+...

Read more
  • AWS
  • Azure
  • content roadmap
  • Google Cloud Platform
Avatar
Adam Hawkins
— August 9, 2019

DevSecOps: How to Secure DevOps Environments

Security has been a friction point when discussing DevOps. This stems from the assumption that DevOps teams move too fast to handle security concerns. This makes sense if Information Security (InfoSec) is separate from the DevOps value stream, or if development velocity exceeds the band...

Read more
  • AWS
  • cloud security
  • DevOps
  • DevSecOps
  • Security
Avatar
Stefano Giacone
— August 8, 2019

Test Your Cloud Knowledge on AWS, Azure, or Google Cloud Platform

Cloud skills are in demand | In today's digital era, employers are constantly seeking skilled professionals with working knowledge of AWS, Azure, and Google Cloud Platform. According to the 2019 Trends in Cloud Transformation report by 451 Research: Business and IT transformations re...

Read more
  • AWS
  • Cloud skills
  • Google Cloud
  • Microsoft Azure
Avatar
Andrew Larkin
— August 7, 2019

Disadvantages of Cloud Computing

If you want to deliver digital services of any kind, you’ll need to estimate all types of resources, not the least of which are CPU, memory, storage, and network connectivity. Which resources you choose for your delivery —  cloud-based or local — is up to you. But you’ll definitely want...

Read more
  • AWS
  • Azure
  • Cloud Computing
  • Google Cloud Platform
Joe Nemer
Joe Nemer
— August 6, 2019

Google Cloud vs AWS: A Comparison (or can they be compared?)

The "Google Cloud vs AWS" argument used to be a common discussion among our members, but is this still really a thing? You may already know that there are three major players in the public cloud platforms arena: Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP)...

Read more
  • AWS
  • Google Cloud Platform
  • Kubernetes