The AWS CodePipeline is one of the most used AWS service that deals with continuous integration and continous deployment of the application from when the code is commited to the AWS CodeCommit from local machine, till it gets to the environment where it is served for public consumption or use.
Let me quickly mention that the CodePipeline is a combination of 4 core stage services which are code changes stage which uses the AWS CodeCommit, the artifact storage stage which uses the AWS CodeArtifacts for storing the artifacts after build, the build stage which uses the AWS CodeBuild to build and run tests of the application, and then the deployment stage of the application which uses the AWS CodeDeploy to get the appliation to the server environment, ready for use by the users.
We will be creating this pipeline using the AWS Management Console in this walkthrough.
AWS non-root user
User should have CodeCommit, CodeBuild and CodeDeploy permissions
Also give user console access and the AWS CodePipeline permission.
I also recommend you follow the walkthrough on how to create and commit a code from local to AWS CodeCommit, create CodeBuild and build docker images to ECR, and also deploying your changes using AWS CodeDeploy.
creating AWS CodePipeline
To start with, let’s select the CodePipeline menu from the side bar. Then click on Pipeline. You will get the pipeline in the window the right side of the screen. You are likely not to find any pipeline in yours like I have. So, go ahead and click the orange Create Pipeline button and let’s roll.
configure AWS CodePipeline IAM and Storage
In this next window, you would give your pipeline a name, a role like I will attach the role I already created for this purpose (you can check out the post creating AWS IAM role to create a role and attach EC2, and Code Pipeline permission), otherwise, you can select the New Service Role, which will let AWS create the role and attach it for you.
Once that is done, dropdown the Advanced Setting option and ensure to select Default Location and Default AWS Managed Key to specify where to save the artifacts will be stored and the encryption method. You can also check out this documentation on creating S3 bucket in AWS.
aws CodeCommit stage
In the next window, we will create the source of the application that will feed our Pipeline for auto deployment. Here, we will select the AWS CodeCommit. See how to create AWS CodeCommit repository and commit changes from you local machine to CodeCommit using git here.
Thereafter, select the repository name, and the branch to deploy. After that, select the preferred trigger of the CodePipeline when a change occur in the source stage. AWS CloudWatch will do a good job here. Also, select the AWS CodePipeline output format. We will go with the default Zip format in this walkthrough. Go ahead and click the Next button.
aws CodeBuild Stage
In this next stage of the AWS CodePipeline configuration, you will configure the build stage. Although, this is an optional stage, I recommend having it. It helps to troubleshooting failed pipelines, especially if you will be deploying multiple applications.
Therefore, go ahead and select the AWS CodeBuild from the dropdown menu, and select the AWS region you will be deploying to, and then the AWS CodeBuild Project in the project name. You will need to create a project first. Therefore if you have not created one, click the Create Project to create one. You should check out this quick guide on creating an AWS CodeBuild Project to help. Come back to the CodePipeline page to select your CodeBuild project. If you did not find it, simply click the refresh button and it will come up in the dropdown.
Once you have created and selected the project in the code pipeline. Select the Single Build option for the build type. Click the Next button.
AWS CodeDeploy Stage
This is the last stage in building your AWS CodePipeline. Here we will configure the deployment stage for our pipeline. AWS gave a number of options to deploy our application to a production environement, which can be the AWS Elastic Beanstalk, Elastic Container Service, etc. Here, we will use the CodeDeploy that deploy our changes to EC2 using a docker. We already discussed building and artifacting our application to Elastic Docker Registry using the AWS CodeBuild in the build stage.
In the dropdown, select the AWS CodeDeploy, select the region you will deploy to (this should be the same region you are configuring your AWS CodePipeline. Then under the Application Name, select the name of the CodeDeploy. I created a quick guide to create an AWS CodeDeploy and CodeDeploy deployment here.
Once that is done, you have completed the pipeline configuration. Click on the Next button. In the next window, you will find the summary of the configurations, you should go through and make sure all is in order. Satisfied? Then, click the next to create and run the initial CodePipeline.
You should see the image like the one below where your Pipeline starts to run from the commit stage. If the pipeline fails, I recommend you go over the process again and take note of the little details, especially your buildspec.yml and appspec.yml files.
That being said, you have successfully create your full AWS CodePipeline to help you deploy all your changes to EC2 using docker image.
Also, I recommend you checkout the post on how to automate deployment with AWS CodePipeline from Github to AWS CodeDeploy.
troubleshooting AWS CodePipeline
You can find some common errors that I faced while configuring the AWS CodePipeline for production below. Also added are the solutions that worked.
- ERROR: User: arn:aws:sts::836768216030:assumed-role/EC2-codedeploy-s3-role/i-0f537af166cc112c1 is not authorized to perform: ecr:GetAuthorizationToken on resource: * because no identity-based policy allows the ecr:GetAuthorizationToken action
SOLUTION: Add the ECR access to the CodeDeploy service role and also to the EC2 service role.
- ERROR: YAML_FILE_ERROR: stat /codebuild/output/src115977805/src/git-codecommit.us-east-1.amazonaws.com/v1/repos/frontend/buildspec.yml: no such file or directory
SOLUTION: Edit the buildspec.yml inside the codecommit and push.
- ERROR: Unable to access the artifact with Amazon S3 object key ‘staging-frontend-pip/BuildArtif/YV4J52w’ located in the Amazon S3 artifact bucket ‘codepipeline-us-east-1-866951759229’. The provided role does not have sufficient permissions.
- SOLUTION: Edit the Deploy section of the Pipeline, under Input Artifacts, select SourceArtifact. Save and rerun the pipeline.
- ERROR: missing credentials, provide credentials with one of the following options: – :access_key_id and :secret_access_key – :credentials – :credentials_provider
- SOLUTION: Ensure to have your environment variables set in the build step before you begin to build.
- ERROR: Failed BeforeInstall (CodeDeploy agent was not able to receive the lifecycle event. Check the CodeDeploy agent logs on your host and make sure the agent is running and can connect to the CodeDeploy server.)
- SOLUTION: Check that the appspec.yml is in the root directory of the project.
- ERROR: /opt/codedeploy-agent/deployment-root/390b17b7-7873-4afc-b9b0-5d4dc0d9ac49/d-IMT74NO9N$ cd deployment-archive
- SOLUTION: Check that the appspec is not included in the .gitignore file. If it is, remove it from .gitignore, and recommit the changes. It should work.