I'm trying to deploy a GitHub project to a EC2 Instance using AWS CodeDeploy. After following 2 video tutorials an a bunch of Google answer, I'm still getting the following error:
2017-02-01 12:20:08 INFO [codedeploy-agent(1379)]: master 1379: Spawned child 1/1
2017-02-01 12:20:09 INFO [codedeploy-agent(1383)]: On Premises config file does not exist or not readable
2017-02-01 12:20:09 INFO [codedeploy-agent(1383)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandExecutor: Archives to retain is: 5}
2017-02-01 12:20:09 INFO [codedeploy-agent(1383)]: Version file found in /opt/codedeploy-agent/.version.
2017-02-01 12:20:09 ERROR [codedeploy-agent(1383)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller: Missing credentials - please check if this instance was started with an IAM instance profile
I have two IAM:
Policy Name: AmazonEC2RoleforAWSCodeDeploy
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetObject",
"s3:GetObjectVersion",
"s3:ListObjects"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
Policy Name: AutoScalingNotificationAccessRole
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Resource": "*",
"Action": [
"sqs:SendMessage",
"sqs:GetQueueUrl",
"sns:Publish"
]
}
]
}
Trust Relationship
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"codedeploy.amazonaws.com",
"ec2.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
Policy Name: AWSCodeDeployRole
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"autoscaling:CompleteLifecycleAction",
"autoscaling:DeleteLifecycleHook",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeLifecycleHooks",
"autoscaling:PutLifecycleHook",
"autoscaling:RecordLifecycleActionHeartbeat",
"autoscaling:CreateAutoScalingGroup",
"autoscaling:UpdateAutoScalingGroup",
"autoscaling:EnableMetricsCollection",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribePolicies",
"autoscaling:DescribeScheduledActions",
"autoscaling:DescribeNotificationConfigurations",
"autoscaling:DescribeLifecycleHooks",
"autoscaling:SuspendProcesses",
"autoscaling:ResumeProcesses",
"autoscaling:AttachLoadBalancers",
"autoscaling:PutScalingPolicy",
"autoscaling:PutScheduledUpdateGroupAction",
"autoscaling:PutNotificationConfiguration",
"autoscaling:PutLifecycleHook",
"autoscaling:DescribeScalingActivities",
"autoscaling:DeleteAutoScalingGroup",
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:TerminateInstances",
"tag:GetTags",
"tag:GetResources",
"sns:Publish",
"cloudwatch:DescribeAlarms",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer"
],
"Resource": "*"
}
]
}
Trust Relationship
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"codedeploy.amazonaws.com",
"ec2.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
I spin my own image that I have created based on Debian so I have NodeJS already installed. When I spin the new instance I also paste the following code in the User data
text area to make sure CodeDeploy is installed.
#!/bin/bash -x
REGION=$(curl 169.254.169.254/latest/meta-data/placement/availability-zone/ | sed 's/[a-z]$//') &&
sudo apt-get update -y &&
sudo apt-get install -y python-pip &&
sudo apt-get install -y ruby &&
sudo apt-get install -y wget &&
cd /home/admin &&
wget https://aws-codedeploy-$REGION.s3.amazonaws.com/latest/install &&
chmod +x ./install &&
sudo ./install auto &&
sudo apt-get remove -y wget &&
sudo service codedeploy-agent start
If I log in in the EC2 instance that I have create, and execute the following command:
echo $(curl http://169.254.169.254/latest/meta-data/iam/security-credentials/)
I get the following response CodeDeployInstanceRole
When I then execute
curl http://169.254.169.254/latest/meta-data/iam/security-credentials/CodeDeployInstanceRole
I get the following response
{
"Code" : "Success",
"LastUpdated" : "2017-02-01T12:38:07Z",
"Type" : "AWS-HMAC",
"AccessKeyId" : "THE_KEY",
"SecretAccessKey" : "SECRET",
"Token" : "TOKEN",
"Expiration" : "2017-02-01T19:08:43Z"
}
On GitHub I see that CodeDeploy never accesses my repo even when I select deployment using GitHub, I set the right repo name, and commit ID.
What am I missing?
Turns out that by default Debian doesn't have curl
installed. Installing curl
before making the curl request to get the region the server is running on was the missing part in the Bash script.