AWS Code Deploy with GIT

AWS CodeDeploy is a service that makes it easy to deploy application updates to Amazon EC2 instances. CodeDeploy is targeted at customers who manage their EC2 instances directly. CodeDeploy allows developers and administrators to centrally control and track their application deployments across their different development, testing, and production environments.

CodeDeploy automatically triggering a deployment from a source code change in a GitHub repository. GitHub is a popular code management and developer tool. By connecting GitHub to CodeDeploy, you can set up an end to end point to move your code changes from source control to your testing or production environments. The remainder of this post walks through the steps required to set up automatic deployments from GitHub to CodeDeploy.

1.Deployment with CodeDeploy

Below are reference screenshots where relevant details needs to be filled up for application, instances, GIT URL, GIT Repo, IAM Role, Commit ID, etc.

1.1) CodeDeploy Application Configuration




1.1.1) AWS CodeDeploy AppSpec File Reference

After creating an Application, we need to create an AppSpec file reference for AWS CodeDeploy and put it with your application code on Git.


An application specification file (AppSpec file), which is unique to AWS CodeDeploy, is a YAML-formatted file used to:

  • Map the source files in your application revision to their destinations on the instance.
  • Specify custom permissions for deployed files.
  • Specify scripts to be run on each instance at various stages of the deployment process.

The AppSpec file is used to manage each deployment as a series of lifecycle events. Lifecycle event hooks, which are defined in the file, allow you to run scripts on an instance after most deployment lifecycle events. AWS CodeDeploy runs only those scripts specified in the file, but those scripts can call other scripts on the instance. You can run any type of script as long as it is supported by the operating system running on the instances.

2) How the AWS CodeDeploy Agent Uses the AppSpec File

During deployment, the AWS CodeDeploy agent looks up the name of the current event in the hooks section of the AppSpec file. If the event is not found, the AWS CodeDeploy agent moves on to the next step. If the event is found, the AWS CodeDeploy agent retrieves the list of scripts to execute. The scripts are run sequentially, in the order in which they appear in the file. The status of each script is logged in the AWS CodeDeploy agent log file on the instance.

During the Install event, the AWS CodeDeploy agent uses the mappings defined in the files section of the AppSpec file to determine which folders or files to copy from the revision to the instance.

If the AWS CodeDeploy agent installed on the operating system doesn’t match what’s listed in the AppSpec file, the deployment will fail. Sample AppSpec.yml file is mentioned below.


Note: During the CodeDeploy if files are existing on the destination directory then also CodeDeploy will be failed.



3) Calling AWS CodeDeploy from GitHub

There are two service hooks that you need to configure in GitHub to set up automatic deployments. The first is the AWS CodeDeploy service hook that enables GitHub to call the CodeDeploy API. When a third party requires access to your organization’s AWS resources, the recommended best practice is to use an IAM role to delegate API access to them. By allowing a partner’s AWS account to assume a role in your account, you avoid sharing long-term AWS credentials with the partner. But if the partner you want to integrate with does not yet support roles, you should create an IAM user for your application with limited permissions. We will take that approach here and use the access keys for this user when making the AWS calls from GitHub. Go to the IAM Users page in the AWS Management Console. Click Create New Users. Enter “GitHub” for the user name in the first row.


Make sure that the option to generate an access key is checked, and click Create.


On the next page, click Show User Security Credentials to show the Access Key ID and Secret Access Key for the new user. Copy these down and store them in a safe and secure location, because this screen will be your last opportunity to download the secret key.

After you have the credentials, you can close out of the wizard. Next, you need to attach a policy to the new user to give them access permissions. Click the GitHub user in the IAM Users list. On the user page, scroll down to the Permissions section, and click Attach User Policy. Select the Custom Policy option and click Select. Enter a Policy Name like “CodeDeploy-Access”, and enter the following JSON into the Policy Document. You will need to replace “us-east-1” if you are using a different region, and replace “123ACCOUNTID” with your AWS account ID that is found on your Account Settings page. This policy is crafted to give the GitHub user only the minimum permission to call the CodeDeploy service APIs required for deployment.

  "Version": "2012-10-17",
  "Statement": [  
     "Effect": "Allow", 
     "Action": "codedeploy:GetDeploymentConfig",    
     "Resource": "arn:aws:codedeploy:us-east-1:123ACCOUNTID:deploymentconfig:*"  
     "Effect": "Allow",     
     "Action": "codedeploy:RegisterApplicationRevision",   
     "Resource": "arn:aws:codedeploy:us-east-1:123ACCOUNTID:application:DemoApplication"   
     "Effect": "Allow",     
     "Action": "codedeploy:GetApplicationRevision",    
     "Resource": "arn:aws:codedeploy:us-east-1:123ACCOUNTID:application:DemoApplication"    
      "Effect": "Allow",   
      "Action": "codedeploy:CreateDeployment",     
      "Resource": "arn:aws:codedeploy:us-east-1:123ACCOUNTID:deploymentgroup:DemoApplication/DemoFleet"  

Click Apply Policy. Now you’re ready to configure the AWS CodeDeploy service hook on GitHub. From the home page for your GitHub repository, click on the Settings tab.

On the Settings page, click the Webhooks & Services tab. Then in the Services section, click the Add Service drop-down, and select AWS CodeDeploy. On the service hook page, enter the information needed to call CodeDeploy, including the target AWS region, application name, target deployment group, and the access key ID and secret access key from the IAM user created earlier.


After entering this information, click Add Service.

4) Automatically Starting Deployments from GitHub

Now, you’ll add the second GitHub service hook to enable automatic deployments. The GitHub Auto Deployment service is used to control when deployments will be initiated on repository events. Deployments can be triggered when the default branch is pushed to, or if you’re using a continuous integration service, only when test suites successfully pass.

You first need to create a GitHub personal access token for the Auto-Deployment service to trigger a repository deployment. Go to the Applications tab in the Personal Settings page for your GitHub account. In the Personal Access Tokens section, click Generate New Token. Enter “AutoDeploy” for the Token Description, uncheck all of the scope boxes, and check only the repo_deployment scope.


Click Generate token. On the next page, copy the newly generated personal access token from the list, and store it in a safe place with the AWS access keys from before. You won’t be able to access this token again.

Now you need to configure the GitHub Auto-Deployment service hook on GitHub. From the home page for your GitHub repository, click on the Settings tab. On the Settings page, click the Webhooks & Services tab. Then in the Services section, click the Add Service drop-down, and select GitHub Auto-Deployment. On the service hook page, enter the information needed to call GitHub, including the personal access token and target deployment group for CodeDeploy.

After entering this information, click Add Service.

Now you’ll want to test everything working together. From the home page of your GitHub repository, click the index.html in the file list. On the file view page, click the pencil button on the toolbar above the file content to switch into edit mode.

You can change the web page content any way you like, such as by adding new text.

When you’re done, click Commit changes. If your prior configuration is set up correctly, a new deployment should be started immediately. Switch to the Deployments page in the AWS Management Console. You should see a new deployment at the top of the list that’s in progress.

You can browse to one of the instances in the deployment group to see when it receives the new web page. To get the public address of an instance, click on the Deployment ID in the list deployments list, and then click an Instance ID in the instances list to open the EC2 console. In the properties pane of the console, you can find the Public DNS for the instance. Copy and paste that value into a web browser address bar, and you can view the home page.