I'm using a SAM template for B/G deployment. The problem is a CodeDeploy resource is automatically created. Is it possible to specify a name for application and deployment group?
https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/automating-updates-to-serverless-apps.html
If you enable gradual deployments through your AWS SAM template, a
CodeDeploy resource is automatically created for you. You can view the
CodeDeploy resource directly through the AWS Management Console.
Related
I have an AWS CloudFormation template where I've defined a AWS::CodeDeploy::DeploymentGroup resource. When I provision that resource, CloudFormation is going above and beyond and actually executing that deployment.
Is there any way to prevent that behavior? I don't want deployments to be performed at the same time that I create the deployment groups.
If a Codebuild project runs on a custom image that has awscli preinstalled, but not configured for that AWS account, would it be still possible to run aws * in that project's buildspec without updating its AWS credentials there first?
In other words, are these credentials made available by Codebuild (e.g. via providing this information in automatically picked up environment variables) , or if I am using a custom image, it is up to me to take care of that explicitly, and aws * is only expected to work in buildspec out of the box without additional efforts on Codebuild managed images?
(I mean configuration/credentials for the account and role the Codebuild project in question operates in)
When you attach an IAM service role with your AWS Codebuild project, you don't need to configure AWS cli. IAM service role is part of environment configuration and this role will be assumed whenever you try to access resources in AWS. This goes same for your custom image for AWS Codebuild as well.
I have setup code pipeline for end to end automatic deployment of revision on EC2 instances using cloudformation template, the deployment group is of type blue/green for codedploy.
But I dont understand how to keep the code deployment group in sync with newly created auto scaling group (green).
Do I have to create new lambda invoke action in pipeline after successful deployment to update the newly created auto scaling group name.
Unfortunately, CloudFormation does not support Blue/Green deployments for EC2 platform:
For blue/green deployments, AWS CloudFormation supports deployments on Lambda compute platforms only.
Support for ECS is very new.
To create deployment group for blue/green for EC2 platform you would have to create a custom resource in CloudFormation .
The custom resource would be based on a lambda function, and in that lambda function you would use create_deployment_group to define blue/green details for your EC2 instances. As part of this process, you will have an option to choose how to deal with AutoScaling group, e.g.
"greenFleetProvisioningOption": {
"action": "COPY_AUTO_SCALING_GROUP"
}
For creation of custom resource, crhelper by AWS is very useful.
Hope this helps and hope Blue/Green for EC2 will be supported by CloudFormation soon.
I am exploring CodeStar using a basic project created with the Python 3.7 Lambda template following the Serverless Project Tutorial in the AWS CodeStar documentation:
https://docs.aws.amazon.com/codestar/latest/userguide/sam-tutorial.html
My build and deploy are successful. However a see a warning in my CloudFormation event log:
The IAM user doesn't allow CloudFormation to call lambda:GetAlias, this could result in formulating a appspec file with stale CurrentVersion for CodeDeploy deployment. Please fix it to avoid any possible CodeDeploy deployment failures.
I am just using the AWS resources created automatically by the CodeStar console.
What do I do to fix this warning?
Details
The CodeDeploy step in the CodePipeline deploys the lambda function by updating a CloudFormation stack named: awscodestar-<codestar project name>-lambda.
When I looked in the event log for this stack, I noticed the above warning for the resource named HelloWorldAliaslive
To fix this, add the lambda:GetAlias permission to the inline policy associated with the IAM role named CodeStarWorker-<project>-CloudFormation
Open the AWS Console for CodeStar
Click Project in the left navbar
Find the Project Resources section. One of the AWS IAM resources will have a name CodeStarWorker-<project>-CloudFormation. Click the link in the ARN column of the table to open the role in IAM.
Locate the inline policy named CodeStarWorkerCloudFormationRolePolicy and click the Edit button.
Add the "lambda:GetAlias" action to this policy.
This policy is created automatically by CodeStar. In my account, the policy included several Statements. I chose to add the "lambda:GetAlias" action to the statement which already had "lambda:CreateAlias" action.
After making this change, the warning no longer appeared in my CloudFormation event logs.
I have a CloudFormation template that creates an AWS::ElasticBeanstalk::Environment and an AWS::ElasticLoadBalancingV2::TargetGroup
I would like to associate the AutoScalingGroup that beanstalk creates with the TargetGroup created in my template.
My end goal is doing path-based routing via an ALB to a bunch of beanstalk applications from a single domain (i.e., www.domain.com/foo routes to ebapp1 and www.domain.com/bar routes to ebapp2)
I can actually accomplish what I wish via the CLI:
aws autoscaling attach-load-balancer-target-groups --auto-scaling-group-name "<asg-name>" --target-group-arns "<arn-for-target-group>"
However, I would like to have this association created automatically when I launch my new beanstalk environment via CloudFormation.
I am having trouble figuring out how to translate this into my CloudFormation template. Any pointers?
Your CLI command is related to AWS::AutoScaling::AutoScalingGroup, and if you want to get result as same as your CLI command you can use TargetGroupARNs parameter on AWS::AutoScaling::AutoScalingGroup.
Use the Reference function to get the value of target group arn parameter.
If this is not what you need, and if your command really works, you can call it using UserData or metadata in an instance that you have created on your template to run your CLI command.