Skip to content

Prepare CodeDeploy

ot-nemoto edited this page Jan 11, 2019 · 1 revision

CodeDeployのサービスロールを作成

cat << EOT > CodeDeployDemo-Trust.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "",
            "Effect": "Allow",
            "Principal": {
                "Service": [
                    "codedeploy.amazonaws.com"
                ]
            },
            "Action": "sts:AssumeRole"
        }
    ]
}
EOT

aws iam create-role \
  --role-name CodeDeployServiceRole \
  --assume-role-policy-document file://CodeDeployDemo-Trust.json

aws iam attach-role-policy \
  --role-name CodeDeployServiceRole \
  --policy-arn arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole

EC2インスタンス用のIAMインスタンスプロファイルを作成

cat << EOT > CodeDeployDemo-EC2-Trust.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "",
            "Effect": "Allow",
            "Principal": {
                "Service": "ec2.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}
EOT

cat << EOT > CodeDeployDemo-EC2-Permissions.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "s3:Get*",
                "s3:List*"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}
EOT

aws iam create-role \
  --role-name CodeDeployDemo-EC2-Instance-Profile \
  --assume-role-policy-document file://CodeDeployDemo-EC2-Trust.json

aws iam put-role-policy \
  --role-name CodeDeployDemo-EC2-Instance-Profile \
  --policy-name CodeDeployDemo-EC2-Permissions \
  --policy-document file://CodeDeployDemo-EC2-Permissions.json

aws iam create-instance-profile \
  --instance-profile-name CodeDeployDemo-EC2-Instance-Profile
aws iam add-role-to-instance-profile \
  --instance-profile-name CodeDeployDemo-EC2-Instance-Profile \
  --role-name CodeDeployDemo-EC2-Instance-Profile

EC2インスタンス用のセキュリティグループの作成

aws ec2 create-security-group \
  --group-name CodeDeployDemo-Security-Group \
  --description "CodeDeployDemo Security Group"

aws ec2 authorize-security-group-ingress \
  --group-name CodeDeployDemo-Security-Group \
  --to-port 80 \
  --ip-protocol tcp \
  --cidr-ip 0.0.0.0/0 \
  --from-port 80

Clone this wiki locally