Github CI/CD with AWS CodeDeploy
In this blog post, we are going to see the Github CI/CD Continuous Integration (CI) and Continuous Deployment (CD) implementation using AWS Codedeploy. From the DevOps perspective AWS offer a comprehensive suite of services and tools designed to facilitate DevOps practices, enabling organizations to develop, deploy, and manage applications efficiently. Key services from AWS stack are.
CodeDeploy is a deployment service that automates code deployments to any instance, including Amazon EC2 instances/on-premises servers, AWS Lamda and Amazon ECS Service. It helps you release new features rapidly and avoid downtime during application deployment.
Requirements
To get Hands-on on blog we need to have Github repo, Instance Role, Service Role, AWS EC2 instance, AWS CodeDeploy Application, and Specific User with (AWSCodeDeployFullAccess) rigth.
Sample Code
Create appspec.yml file
To manage the deployment process for an application, developer need to create a appspec.ymlfile in the root directoy of the project. This file in AWS CodeDeploy configures application deployment by defining file locations, specifying lifecycle hooks for scripts, and detailing actions for each deployment step.
Hooks define the scripts to run at various stages of the deployment process. Lifecycle steps include ApplicationStop, BeforeInstall, AfterInstall, ApplicationStart, and ValidateService.
Every lifecycle step is define a separate file under scripts folder in your project folder like in our case [after_install.sh &application_start.sh]
├── README.md
├── app.js
├── appspec.yml
├── package.json
└── scripts
├── after_install.sh
└── application_start.shCreate Instance & Service Roles
Instance role grant permissions to EC2 instances and the applications running on them to access other AWS services while Scripts role grant permissions to AWS services to interact with other AWS resources on behalf of the account.
Now create Instance roleopen the IAM in AWS console and click on Roles. From the Trusted entity type select AWS Service option, select EC2 under use case. Then, click on the Next button to proceed.
Now add policy “AmazonEC2RoleforAWSCodeDeploy” to the role. Then, click on the Next button to proceed.
AmazonEC2RoleforAWSCodeDeploy PolicyGive name this role “su-instance-ec2-codedeploy” and click on Create role button.
Now create Service roleopen the IAM in AWS console and click on Roles. From the Trusted entity type select AWS Service option, select CodeDeploy under use case. Then, click on the Next button to proceed.
Directly give name this role “su-servicerole-codedeploy” and click on Create role button.
Setup EC2 instance with CodeDeploy Agent
Now spin the Amazon Linux instance, Open the EC2 console in the AWS Management Console, click on Launch Instance. Under Name and Tags, give your instance a name “su-codedeploy-setup”. Choose any Instance Type as per your requirment. Open Advanced details section, assign the instance role you created earlier by selecting it in the IAM instance profile field.
To pre-install the CodeDeploy Agent we need to put the following bash script in User Data under Advanced Details section.
#!/bin/bash
sudo yum -y update
sudo yum -y install ruby
sudo yum -y install wget
cd /home/ec2-user
wget https://aws-codedeploy-us-east-1.s3.amazonaws.com/latest/install
sudo chmod +x ./install
sudo ./install autoFinally, Click on Launch Instance to create and start your Amazon Linux instance.
Create AWS CodeDeploy Application
Now type CodeDeploy in the search box of AWS Console, click on Create Application. Enter application name and select EC2/On-premises option from Compute platform.
Next, create a Deployment Group under the application and assign it an appropriate name and along with Service Role “su-service-codedeploy” which we create previously.
Select Deployment type option “in-place” and then select Amazon EC2 Instance in the Environment configuration. Type Name in the Key box and search the instance value.
Select “CodeDeployDefault.AllAtOnce” in the Deployment settings option and lastly uncheck the “Enable Load balancing” under Load balancer.
Finally, Click on Create deployment group button.
Create Specific User
To create new user open IAM from the AWS Management Console, click on Create User button and give user name.
Now attach the “AWSCodeDeployFullAccess” policy with the user.
AWSCodeDeployFullAccess policyFinally, Click on Create user button. At this moment we need Access keys for the Github workflow. So open Security credential tab of the newly created user in the console and click the Create Access Key button. From Access key best practices & alternatives page select Other option, fill the meta-data in Description field and click Create Access Key button.
At this point download the Access Keys on your machine for future use.
Github Repoistory Setting
Every github workflow need Access keys detail for the respective repository. In this scenario open https://github.com/technetbytes/aws-codedeploy repository setting and thenSecrets and variables -> Actions.Add Access key & Secret access key in the setting.
GitHub workflows are configurable automated processes that run one or more jobs, defined in YAML format. Create a deploy.yml file in the .github/workflows/ folder at the root of the repository.
cd path/to/root_repo
mkdir .github/workflows
touch .github/workflows/deploy.ymlWorkflow configuration details should be YAML format and here is the complete config detail.
name: CI/CD Pipeline
on:
push:
branches: [ main ]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
# Step 1
- name: Checkout to repo
uses: actions/checkout@v2
# Step 2
- name: Set AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
# Step 3
- name: Create CodeDeploy Deployment
id: deploy
run: |
aws deploy create-deployment \
--application-name Testing-CodeDeploy-Application \
--deployment-group-name Test-Deployment-Group \
--deployment-config-name CodeDeployDefault.OneAtATime \
--github-location repository=${{ github.repository }},commitId=${{ github.sha }}In the configuration above, we set up the Continuous Deployment aspect of CI/CD. In Step 3, we used the AWS CLI command aws deploy create-deployment to complete the deployment process.
- — application-name :=
Testing-CodeDeploy.Application - — deployment-group-name :=
Test-Deployment-Group
GitHub Setting
AWS CodeDeploy requires GitHub OAuth for a seamless end-to-end deployment process. To configure OAuth, create a temporary deployment and select GitHub as the revision type. Enter a name for the token in the text box, then click Connect to GitHub. Complete the GitHub authentication, and you’re all set.
To verify the OAuth configuration in GitHub, log into your GitHub account, go to Settings > Applications, and open the Authorized OAuth Apps tab. You should see the AWS CodeDeploy app listed there.
Perform Test
With the configuration and settings complete, you can now make changes and commit them to the repository. This should trigger the GitHub workflow, deploying the latest version of the code to the EC2 instance.
EC2-Instance Stop Scenario
If the EC2 instance goes down or stops while a developer commits code to the repository, the following scenario will unfold within your GitHub workflow and CodeDeploy deployment process. Go to the Actions tab in the repository, open the latest workflow run to view the details, and confirm that each step has completed successfully.
Now find the Deployment in the AWS Managment Console and you will see the following status.
Solution
Start the EC2 instance from the AWS Managment Console !
I hope this blog gives you a clearer understanding of AWS CodeDeploy with Github and complete the Continuous Integration (CI) and Continuous Deployment (CD) example. Thanks !
Feel free to contact me:
→ https://www.linkedin.com/in/saqib-ullah-siddiqui/
→ saqibullah@gmail.com
