ConAWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Fargate, AWS Lambda, and your on-premises servers. 

AWS CodeDeploy makes it easier for you to rapidly release new features, helps you avoid downtime during application deployment, and handles the complexity of updating your applications. 

You have:

1. Automated deployments

   1. Deploy to Amazon EC2 and or to on-premises server infrastructure.

2. Centralized control

   1. You can launch and track the status of your deployments through the AWS CodeDeploy console or the AWS CLI. You will receive a report that lists when each application revision was deployed and to which Amazon EC2 instances.

3. Minimize downtime

   1. Supports rolling in-place deployments, in addition to blue/green.

4. Stop and roll back

   1. If there are errors, you can automatically or manually stop and roll back (roll forward to previous version) deployments.

   2. These rolled-back deployments are technically new deployments, with new deployment IDs, rather than restored versions of a previous deployment. 

   3. When automatic rollback is initiated, or when you manually initiate a redeployment or manual rollback, CodeDeploy first tries to remove from each participating instance all files that were last successfully installed. 

   4. As part of the deployment process, the CodeDeploy agent removes from each instance all the files installed by the most recent deployment. 

   5. If files that weren’t part of a previous deployment appear in target deployment locations, you can choose what CodeDeploy does with them during the next deployment:

      1. Fail the deployment — An error is reported and the deployment status is changed to Failed.

      2. Overwrite the content — The version of the file from the application revision replaces the version already on the instance.

      3. Retain the content — The file in the target location is kept and the version in the application revision is not copied to the instance.
         
         

   6. Because auto rollback is enabled for the deployment or deployment group, CodeDeploy deploys the last known good application revision, application revision 1.

      1. However, the files that you wanted to retain in deployment 1 were deleted before deployment 2 failed and cannot be retrieved by AWS CodeDeploy. 

      2. You can add them to the instance yourself if they are required for application revision 1, or you can create a new application revision.

   7. 
      

5. On premise instances don't use IAM instance profiles.

In addition to the other methods available to you in CodeDeploy, you can use AWS CloudFormation templates to perform the following tasks:

Application – A name that uniquely identifies the application that you want to deploy

Revision – An archive file containing content—such as source code, web pages, executable files, and deployment scripts

Deployment configuration – A set of deployment rules and deployment success and failure conditions. For example, if your application needs at least 50% of the instances in a deployment group to be up and serving traffic, you can specify that in your deployment configuration so that a deployment does not cause downtime.

Deployment group - A deployment group contains individually tagged instances, instances in Auto Scaling groups, or both.

Instance -Target instance for deployment

AppSpec File - Describes actions required pre- or post-deployment

You can use the CloudFormation template to quickly launch a new Amazon Linux or Windows Server Amazon EC2 instance. This instance is properly configured to participate in CodeDeploy deployments.

The AWS CloudFormation template performs the following operations:

1. Launches the new Amazon EC2 instance.

2. Instructs CloudFormation to give the Amazon EC2 instance the correct permission to participate in CodeDeploy deployments.

3. Tags the Amazon EC2 instance so that CodeDeploy can find it during a deployment.

4. Installs and runs the CodeDeploy agent on the Amazon EC2 instance so that it can actually participate in deployments.

Group instances by:

1. Auto scaling groups

2. Amazon EC2 tags

3. On-premises server tags

The agent is going to initiate a series of steps to run a deployment. 

These steps are called lifecycle events.

ApplicationStop is where you stop the application server—for example, httpd—so that traffic stops being served while files are copied down.

BeforeInstall happens before your application’s files are put in their final location.

AfterInstall happens after your files are installed.

ApplicationStart, conceptually, is the inverse of ApplicationStop; for example, starting httpd.

ValidateService event happens after everything else is done and gives you a chance to do a sanity check on the application.

On each one, the agent checks your AppSpec to determine whether you’ve defined a script for the event and runs that on your behalf. 

A revision contains a certain version of the following elements:

1. Source files that you want AWS CodeDeploy to deploy to your instances

2. Scripts that you want AWS CodeDeploy to run on your instances

To prepare a revision for deployment:

1. Develop the revision.

2. Add an AppSpec file to the revision. The appspec.yml file instructs CodeDeploy what to do and when. 

3. Push the revision to Amazon S3 or GitHub.

4. Deploy the revision.

Use Parameter Store to Securely Access Secrets and Config Data in AWS CodeDeploy

1. Prerequisites

   1. Create an EC2 Amazon Linux instance with the AWS CodeDeploy agent installed and an AWS CodeDeploy IAM role attached to the instance. 

   2. Create an S3 bucket for your AWS CodeDeploy deployment revision and provided access permissions to the bucket and to yourself (the IAM user).

   3.  Create a parameter. Example:  aws ssm put-parameter --name MySecureSQLPassword --value "abcd" --type SecureString --region us-east-1

   4. Create a policy to manage the parameter:

      1. Policy:

         1. {

         2.      "Version": "2012-10-17",

         3.      "Statement": [

         4.          {

         5.              "Effect": "Allow",

         6.              "Action": [

         7.                  "ssm:DescribeParameters"

         8.              ],

         9.              "Resource": "*"

         10.          },

         11.          {

         12.              "Effect": "Allow",

         13.              "Action": [

         14.                  "ssm:GetParameters"

         15.              ],

         16.              "Resource": [

         17.                  "arn:aws:ssm:us-east-1:<account-id>:parameter/MySecureSQLPassword"

         18.              ]

         19.          },

         20.          {

         21.              "Effect": "Allow",

         22.              "Action": [

         23.                  "kms:Decrypt"

         24.              ],

         25.              "Resource": “arn:aws:kms:us-east-1:<accountid>:alias/aws/ssm”

         26.          }

         27.      ]

         28.  }

         29. 
             

      2. aws iam create-policy --policy-name ParameterStorePolicy --policy-document file://MySQL-access.json

   5. You can now attach this policy to your AWS CodeDeploy service role. 

      1. aws iam attach-role-policy --role-name <CodeDeployServiceRole> --policy-arn "arn:aws:iam::<account-id>:policy/ParameterStorePolicy"

   6. Get the parameter: 

      1. aws ssm get-parameter \

      2.     --name "MySecureStringParameter"     --with-decryption

      3. 
         

AGENT_ISSUE - Make sure the agent is installed

AUTO_SCALING_IAM_ROLE_PERMISSIONS - The service role associated with your deployment group does not have the permission required

HEALTH_CONSTRAINTS - The overall deployment failed because too many individual instances failed deployment

HEALTH_CONSTRAINTS_INVALID - The deployment can’t start because the minimum number of healthy instances, as defined by your deployment configuration, are not available. You can reduce the required number of healthy instances

IAM_ROLE_MISSING - Make sure you are using the correct service role name. Make sure you are using the correct service role name. 

IAM_ROLE_PERMISSIONS - CodeDeploy does not have the permissions required to assume a role, or the IAM role you're using does't give you permission to perform operations in an AWS service

NO_INSTANCES - Amazon EC2 tags they might not be configured properly or your Auto Scaling group might not have enough capacity

OVER_MAX_INSTANCES - The deployment failed because more instances are targeted for deployment than are allowed for your account. To reduce the number of instances targeted for this deployment, update the tag settings for this deployment group or delete some of the targeted instances. 

THROTTLED - The deployment failed because more requests were made than are permitted for AWS CodeDeploy by an IAM role. Try reducing the number of requests.

UNABLE_TO_SEND_ASG - The deployment failed because the deployment group isn’t configured correctly with its Amazon EC2 Auto Scaling group. In the CodeDeploy console, delete the Amazon EC2 Auto Scaling group from the deployment group, and then add it again. 

Content