Deploy github build from codeship to amazon EC2 through CodeDeploy

Question

I'm getting an headache trying to use codedeploy with codeship, and

Codeship documentation is not very clear. I have a sample code building well from codeship.

I have:

Instance of EC2 Server
CodeDeploy App with a deployment group: TestDeploymentGroup this group is relationed to a EC2 Server and with arn:aws:iam::514211081162:role/CodeDeploy
User with Access Key ID and Secret Access Key:

4- S3 Bucket with policy

 {
 "Version": "2012-10-17",
 "Statement": [
    {
        "Sid": "",
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::514211081162:role/CodeDeploy"
        },
        "Action": "s3:PutObject",
        "Resource": "arn:aws:s3:::myapp/*"
    }
]
}

IAM Policies:

CodeDeployPolicy

arn:aws:iam::514211081162:policy/CodeDeployPolicy

{
"Version": "2012-10-17",
"Statement": [
    {
        "Effect": "Allow",
        "Action": [
            "codedeploy:RegisterApplicationRevision",
            "codedeploy:GetApplicationRevision"
        ],
        "Resource": [
            "*"
        ]
    },
    {
        "Effect": "Allow",
        "Action": [
            "codedeploy:CreateDeployment",
            "codedeploy:GetDeployment"
        ],
        "Resource": [
            "*"
        ]
    },
    {
        "Effect": "Allow",
        "Action": [
            "codedeploy:GetDeploymentConfig"
        ],
        "Resource": [
            "*"
        ]
    }
]
}

This Policy has an attached entity: Role: CodeDeploy

arn:aws:iam::514211081162:role/CodeDeploy

arn:aws:iam::514211081162:instance-profile/CodeDeploy

The Role CodeDeploy has CodeDeployPolicy (defined up here) attached. He has a Trust RelationShip

{
"Version": "2012-10-17",
"Statement": [
{
  "Sid": "",
  "Effect": "Allow",
  "Principal": {
    "Service": [
      "codedeploy.us-east-1.amazonaws.com",
      "codedeploy.us-west-2.amazonaws.com"
    ]
  },
  "Action": "sts:AssumeRole"
}
]
}

When I try to deploy, I get:

upload failed: ../../../../../../tmp/AWSCODEDEPLOY_deployment_8dbb2cbc72a5db1e2e15368cbe97e0b5fcdf987e.zip to s3://aws-codedeploy-us-west-2/myapp/AWSCODEDEPLOY_deployment_8dbb2cbc72a5db1e2e15368cbe97e0b5fcdf987e.zip
A client error (AccessDenied) occurred when calling the    CreateMultipartUpload operation: Access Denied

I understand it is a permission problem, but honestly, it is too much parameters for me, and I am completly lost...

I'd try working through the CodeDeplyo wolkthrough first and then try to hook up CodeShip to be able to do some of those actions for you. http://docs.aws.amazon.com/codedeploy/latest/userguide/getting-started-walkthrough.html — Jonathan Turpie, Nov 12 '15 at 18:49

score 0 · Answer 1 · answered Nov 12 '15 at 00:55

0

Are you sure that destination bucket is right?

I find it hard to believe that s3://aws-codedeploy-us-west-2/ (from the error) is yours. Nor s3://myapp (from the bucket policy), although I suppose that could be your example name.

answered Nov 12 '15 at 00:55

Rhythmic Fistman

34,352
5
87
159

Do you know where should I see what is my s3 url? – Juliatzin Nov 12 '15 at 00:57
You need to create an s3 bucket - you must have already, otherwise where are you putting that bucket policy? `myapp` should be changed to your actual bucket name. – Rhythmic Fistman Nov 12 '15 at 00:59
yes, I have a s3 bucket, but where should I see his url? – Juliatzin Nov 12 '15 at 01:07

Deploy github build from codeship to amazon EC2 through CodeDeploy

1 Answers1