-
Notifications
You must be signed in to change notification settings - Fork 0
Prepare CodeDeploy
ot-nemoto edited this page Jan 11, 2019
·
1 revision
cat << EOT > CodeDeployDemo-Trust.json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": [
"codedeploy.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
EOT
aws iam create-role \
--role-name CodeDeployServiceRole \
--assume-role-policy-document file://CodeDeployDemo-Trust.json
aws iam attach-role-policy \
--role-name CodeDeployServiceRole \
--policy-arn arn:aws:iam::aws:policy/service-role/AWSCodeDeployRolecat << EOT > CodeDeployDemo-EC2-Trust.json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOT
cat << EOT > CodeDeployDemo-EC2-Permissions.json
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:Get*",
"s3:List*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
EOT
aws iam create-role \
--role-name CodeDeployDemo-EC2-Instance-Profile \
--assume-role-policy-document file://CodeDeployDemo-EC2-Trust.json
aws iam put-role-policy \
--role-name CodeDeployDemo-EC2-Instance-Profile \
--policy-name CodeDeployDemo-EC2-Permissions \
--policy-document file://CodeDeployDemo-EC2-Permissions.json
aws iam create-instance-profile \
--instance-profile-name CodeDeployDemo-EC2-Instance-Profile
aws iam add-role-to-instance-profile \
--instance-profile-name CodeDeployDemo-EC2-Instance-Profile \
--role-name CodeDeployDemo-EC2-Instance-Profileaws ec2 create-security-group \
--group-name CodeDeployDemo-Security-Group \
--description "CodeDeployDemo Security Group"
aws ec2 authorize-security-group-ingress \
--group-name CodeDeployDemo-Security-Group \
--to-port 80 \
--ip-protocol tcp \
--cidr-ip 0.0.0.0/0 \
--from-port 80