CodePipeline Configuration - RyanShahidi/Django-Nuxt-Docker-AWS-Cookiecutter GitHub Wiki

Setting up CodePipeline

Before we create the code pipeline that will handle our deployments, we first need to create a service role that gives us appropriate permissions. If an elastic beanstalk IAM account has not previously been created, here are the instructions:

  • go to IAM
  • In the IAM Resources section in the center of the page click Roles
  • Click Create role
  • Select CodeBuild in the list of AWS Services
  • Add the following policy: AWSElasticBeanstalkFullAccess
  • Click Create policy and a new page will pop-up. In the tabs at the top select JSON and copy Code 1 that is pasted at the end:
    • This creates custom permissions for the different code deployals. Now click Review policy
  • There should be 22 services that appear. Now give the pipeline permission a Name and a useful Description
  • Click Create policy
  • Now go back to the role permission window. Search for the name you just created, you might need to click the refresh button on that page.
  • Click Next: Tags and Next: Review
  • Create a name for the role then click Create role

Creating CodeBuild IAM Role

  • Click Create role
  • Select CodeBuild in the list of AWS Services
  • Add the following policy: Amazon EC2ContainerRegistryFullAccess
  • Click Create policy and a new page will pop-up. In the tabs at the top select JSON and copy Code 2 that is pasted at the end.

After IAM accounts are created, go to CodePipeline and click Create pipeline

  • Give the pipeline whatever name you want.
  • Make sure New service role is selected and you can set the role name to whatever you want. Click Next

Connecting Source to Github

  • Set Source provider to github
  • Connect to GitHub
  • You should be able to see all repositories. If you cannot go to https://github.com/settings/applications
    • Click AWS CodePipeline
    • From here you can grant access to organizations repo’s
    • If you click previous and then next you should now have access to the organizations repo
  • Select the appropriate Repository
  • Set Branch to master (Or whatever else you would prefer)
  • Use GitHub webhooks

Add Build Stage

These steps will have to be completed for each of the backend, frontend, and nginx configurations.

  • Build provider - AWS CodeBuild
  • Select Region
  • Click Create project
  • Give the project a name
  • Source
    • Source provider
      • AWS CodeCommit
  • Environment
    • Select Managed image
      • Operating system - Ubuntu
      • Runtime - Standard
      • Image - aws/codebuild/standard:4.0
      • Image version - Always use the latest image for this runtime version
      • Environment type - Linux
    • Under Privileged select Enable this flag if you want to build Docker images or want your builds to get elevated privileges
    • Select Existing service role. This will use the role that was created above using Code 2, be sure to select that role from the list.
    • Select Allow AWS CodeBuild to modify this service role so it can be used with this build project
  • Buildspec
    • Use a buildspec file
    • For example, you would type buildspec-backend.yml to set the buildspec file for the backend
  • Now you can finish creating your project. After going back to the CodePipeline page click Next
  • Repeat steps for remaining dockerfiles

Add deploy stage

  • Deploy provider - AWS Elastic Beanstalk
  • Region - Same region as you have been using
  • Application name - Name of the application we created under the Elastic Beanstalk section
  • Environment name - Name of the environment we created under the Elastic Beanstalk section
  • Click Next then Create pipeline

This pipeline will not currently work as it does not have the appropriate permissions. To fix this, go to the CodePipeline general page and select the pipeline we just created.

  • Now in the panel to the left under Pipeline a new tab Pipelines/Settings should appear. Click the Settings
  • Click the link to the Service role arn
  • Click Attach policies
  • Add: AWSElasticBeanstalkFullAccess
  • Attach policy

This should automatically start deploying to elastic beanstalk

Random errors

  • If getting the following error when deploying, run the following code on your home machine and commit the changes.
ECS task stopped due to: Task failed to start. (jarvisweb: CannotStartContainerError: Error response from daemon: OCI runtime create failed: container_linux.go:349: starting container process caused "exec: \"/usr/src/app/entrypoint.sh\": permission denied": unknown)
  • On Linux or Mac run:
chmod +x entrypoint.sh
git add entrypoint.sh
git commit
  • On Windows run:
git add --chmod=+x -- entrypoint.sh
git commit