Setting up Amazon Linux instance for CodeDeploy with IAM user credentials

Question

I have created all that are needed for a successful deployment. I tried to make the deployment without configuring the CodeDeploy agent in the Amazon instance and the deployment [obviously] failed. After setting it up though, succeeded. So, my question is, should I configure every instance that I use manually? What if I have 100 instances in the deployment group? Should I create an AMI with the CodeDeploy agent tool already configured?

EDIT

I have watched this: https://www.youtube.com/watch?v=qZa5JXmsWZs

with this: https://github.com/andrewpuch/code_deploy_example

and read this: http://blogs.aws.amazon.com/application-management/post/Tx33XKAKURCCW83/Automatically-Deploy-from-GitHub-Using-AWS-CodeDeploy

I just cannot understand why I must configure with the IAM creds the instance. Isn't it supposed to take the creds from the role I launched it with? I am not an expert in aws roles and policies, but from the CD documentation this is what I understood. Is there a way to give the IAM user access to the instance so I wont have to setup the CD agent?

EDIT 2

I think that this post kind of answers: http://adndevblog.typepad.com/cloud_and_mobile/2015/04/practice-of-devops-with-aws-codedeploy-part-1.html

But as you can see, I launched multiple instances but I only installed CodeDeploy agent on one instance, what about others? Do I have to repeat myself and login to them and install them separately? It is OK since I just have 2 or 3. But what if I have handers or even thousand of instances? Actually there are different solutions for this. One of them is, I setup all environment on one instances and create an AMI from it. When I launch my working instance, I will create instance from the one I’ve already configured instead of the AWS default ones. Some other solutions are available

Answer 1

Each instance only requires the CodeDeploy agent installed on it. It does not require the AWS CLI to be installed. See AWS CodeDeploy Agent Operations for installation and operation details.

You should create an instance profile/role in IAM that will grant any instance the correct permissions to accept a code deployment through CodeDeploy service.

Create a role called ApplicationServer. To this role, add the following policy. This assumes you are using S3 for your revisions:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:Get*",
                "s3:List*"
            ],
            "Resource": [
                "arn:aws:s3:::codedeploy-example-com/*"
            ]
        },
        {
            "Sid": "Stmt1414002531000",
            "Effect": "Allow",
            "Action": [
                "cloudwatch:PutMetricData"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "Stmt1414002720000",
            "Effect": "Allow",
            "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:DescribeLogGroups",
                "logs:DescribeLogStreams",
                "logs:PutLogEvents"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

To your specific questions:

So, my question is, should I configure every instance that I use manually?

What if I have 100 instances in the deployment group? Should I create an AMI with the aws-cli tool already configured?

Configure AMI with your base tools, or use CloudFormation or puppet to manage software installation on a given instance as needed. Again the AWS CLI is not required for CodeDeploy. Only the most current version of the CodeDeploy agent is required.