Prerequisites for configuring an on-premises instance - Amazon CodeDeploy
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Prerequisites for configuring an on-premises instance

The following prerequisites must be met before you can register an on-premises instance.


If you are using the register-on-premises-instance command and periodically refreshed temporary credentials generated with the Amazon Security Token Service (Amazon STS), there are other prerequisites. For information, see IAM session ARN registration prerequisites.

Device requirements

The device you want to prepare, register, and tag as an on-premises instance with CodeDeploy must be running a supported operating system. For a list, see Operating systems supported by the CodeDeploy agent.

If your operating system is not supported, the CodeDeploy agent is available as open source for you to adapt to your needs. For more information, see the CodeDeploy agent repository in GitHub.

Outbound communication

The on-premises instance must be able to connect to public Amazon service endpoints to communicate with CodeDeploy.

The CodeDeploy agent communicates outbound using HTTPS over port 443.

Administrative control

The local or network account used on the on-premises instance to configure the on-premises instance must be able to run either as sudo or root (for Ubuntu Server) or as an administrator (for Windows Server).

IAM permissions

The IAM identity you use to register the on-premises instance must be granted permissions to complete the registration (and to deregister the on-premises instance, as needed).

In addition to the policy described in Step 3: Limit the CodeDeploy user's permissions, make sure the calling IAM identity has the following additional policy attached.

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iam:CreateAccessKey", "iam:CreateUser", "iam:DeleteAccessKey", "iam:DeleteUser", "iam:DeleteUserPolicy", "iam:ListAccessKeys", "iam:ListUserPolicies", "iam:PutUserPolicy", "iam:GetUser" ], "Resource": "*" } ] }

For information on how to attach IAM policies, see Managing IAM policies.