Configure an Amazon EC2 instance to work with CodeDeploy
These instructions show you how to configure an Amazon EC2 instance running Amazon Linux, Ubuntu Server, Red Hat Enterprise Linux (RHEL), or Windows Server for use in CodeDeploy deployments.
Note
If you do not have an Amazon EC2 instance, you can use the Amazon CloudFormation template to launch one running Amazon Linux or Windows Server. We do not provide a template for Ubuntu Server or RHEL.
Step 1: Verify an IAM instance profile is attached to your Amazon EC2 instance
-
Sign in to the Amazon Web Services Management Console and open the Amazon EC2 console at https://console.amazonaws.cn/ec2/
. -
In the navigation pane, under Instances, choose Instances.
-
Browse to and choose your Amazon EC2 instance in the list.
-
In the details pane, on the Description tab, note the value in the IAM role field, and then proceed to the next section.
If the field is empty, you can attach an IAM instance profile to the instance. For information, see Attaching an IAM role to an instance.
Step 2: Verify the attached IAM instance profile has the correct access permissions
-
Open the IAM console at https://console.amazonaws.cn/iam/
. -
In the navigation pane, choose Roles.
-
Browse to and choose the IAM role name you noted in step 4 of the previous section.
Note
If you want to use the service role generated by the Amazon CloudFormation template instead of one you created by following the instructions in Step 2: Create a service role for CodeDeploy, note the following:
In some versions of our Amazon CloudFormation template, the display name of the IAM instance profile generated and attached to the Amazon EC2 instances is not the same as the display name in the IAM console. For example, the IAM instance profile might have a display name of
CodeDeploySampleStack-expnyi6-InstanceRoleInstanceProfile-IK8J8A9123EX
, while the IAM instance profile in the IAM console might have a display name ofCodeDeploySampleStack-expnyi6-InstanceRole-C5P33V1L64EX
.To help you identify the instance profile in the IAM console, you'll see the prefix of
CodeDeploySampleStack-expnyi6-InstanceRole
is the same for both. For information about why these display names might be different, see Instance profiles. -
Choose the Trust Relationships tab. If there is no entry in Trusted Entities that reads The identity provider(s) ec2.amazonaws.com.cn, you cannot use this Amazon EC2 instance. Stop and create an Amazon EC2 instance using the information in Working with instances for CodeDeploy.
If there is an entry that reads The identity provider(s) ec2.amazonaws.com.cn, and you are storing your applications in GitHub repositories only, then skip ahead to Step 3: Tag the Amazon EC2 instance.
If there is an entry that reads The identity provider(s) ec2.amazonaws.com.cn, and you are storing your applications in Amazon S3 buckets, choose the Permissions tab.
-
If there is a policy in the Permissions policies area, expand the policy, then choose Edit policy.
-
Choose the JSON tab. If you are storing your applications in Amazon S3 buckets, make sure
"s3:Get*"
and"s3:List*"
are in the list of specified actions.It may look something like this:
{"Statement":[{"Resource":"*","Action":[ ... Some actions may already be listed here ... "s3:Get*","s3:List*" ... Some more actions may already be listed here ... ],"Effect":"Allow"}]}
Or it may look something like this:
{ "Version": "2012-10-17", "Statement": [ { "Action": [ ... Some actions may already be listed here ... "s3:Get*", "s3:List*" ... Some more actions may already be listed here ... ], ... } ] }
If
"s3:Get*"
and"s3:List*"
are not in the list of specified actions, choose Edit to add them, and then choose Save. (If neither"s3:Get*"
or"s3:List*"
is the last action in the list, be sure to add a comma after the action, so the policy document validates.)Note
We recommend that you restrict this policy to only those Amazon S3 buckets your Amazon EC2 instances must access. Make sure to give access to the Amazon S3 buckets that contain the CodeDeploy agent. Otherwise, an error might occur when the CodeDeploy agent is installed or updated on the instances. For example:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:Get*", "s3:List*" ], "Resource": [ "arn:aws-cn:s3:::amzn-s3-demo-bucket/*", "arn:aws-cn:s3:::aws-codedeploy-cn-north-1/*", "arn:aws-cn:s3:::aws-codedeploy-cn-northwest-1/*" ] } ] }
Step 3: Tag the Amazon EC2 instance
For instructions about how to tag the Amazon EC2 instance so that CodeDeploy can find it during a deployment, see Working with tags in the console, and then return to this page.
Note
You can tag the Amazon EC2 instance with any key and value you like. Just make sure to specify this key and value when you deploy to it.
Step 4: Install the Amazon CodeDeploy agent on the Amazon EC2 instance
For instructions about how to install the CodeDeploy agent on the Amazon EC2 instance and verify it is running, see Managing CodeDeploy agent operations, and then proceed to Create an application with CodeDeploy.