CodeDeploy does not copy files from S3 to EC2

Question

Hi there,

I have a CodePipeline set up that is supposed to take my Next.js application from Git and deploy it to my EC2 instance. The pipeline fails during the Deploy stage, in the Install event. The error is

`
```
ERROR [codedeploy-agent(18991)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller: Error during perform: Errno::ENOENT - No such file or directory @ rb_sysopen - /opt/codedeploy-agent/deployment-root/2a53ad29-81c1-4c53-b96a-6d2eef349ffd/d-D7Y306FXB/deployment-archive/appspec.yml - /opt/codedeploy-agent/lib/instance_agent/plugins/codedeploy/command_executor.rb:291:in `read'
```
`

The codedeploy-agent/... folder is indeed empty so I guess the error actually happened during the DownloadBundle event. I can see that my code was downloaded from GitHub and saved to S3 so I don't really understand what's happening here. I believe that the EC2 IAM instance profile and the service roles for both CodePipeline and CodeDeploy are set up correctly. Any advice?

Riku_Kobayashi · Answer

Hello.

Judging from the error log, it seems that the cause is that "appspec.yml" is not in the root directory.  
If it is not in the root directory, try placing it in the root directory.  
https://docs.aws.amazon.com/codedeploy/latest/userguide/reference-appspec-file-validate.html

re:Post Agent · Answer

It appears that CodeDeploy is unable to find the necessary files on your EC2 instance, specifically the appspec.yml file. This suggests that the deployment artifacts are not being properly copied from S3 to your EC2 instance. Here are a few things to check and potential solutions:

1. Verify IAM permissions: Even though you believe the IAM roles are set up correctly, double-check that the EC2 instance has the necessary permissions to access the S3 bucket where CodePipeline stores the artifacts. The EC2 instance needs to have an IAM role with AmazonS3ReadOnlyAccess or more specific S3 read permissions for the relevant bucket.

2. CodeDeploy Agent: Ensure that the CodeDeploy agent is installed, running, and up-to-date on your EC2 instance. You can check the agent's status and restart it if necessary.

3. Network connectivity: Make sure your EC2 instance has proper network connectivity to reach the S3 service. If your instance is in a private subnet, ensure that you have a NAT gateway or VPC endpoints configured correctly.

4. appspec.yml location: Confirm that your appspec.yml file is in the root of your source code repository. CodeDeploy expects to find this file in a specific location.

5. S3 bucket policy: Check if there are any bucket policies on the S3 bucket used by CodePipeline that might be restricting access.

6. Deployment group configuration: In your CodeDeploy deployment group settings, verify that the correct S3 location is specified for your application revision.

7. CodeDeploy service role: Ensure that the CodeDeploy service role has the necessary permissions to interact with both S3 and EC2.

If none of these solve the issue, you may want to check the CodeDeploy agent logs on the EC2 instance for more detailed error messages. You can typically find these logs in /var/log/aws/codedeploy-agent/codedeploy-agent.log.

Remember, the CodeDeploy agent on the EC2 instance is responsible for copying the deployment artifacts from S3 to the instance. If this process is failing, it's likely due to a permissions issue or a problem with the agent itself.  
**Sources**  
[Deployments on an EC2/On-Premises Compute Platform - AWS CodeDeploy](https://docs.aws.amazon.com/codedeploy/latest/userguide/deployment-steps-server.html)  
[Troubleshooting CodePipeline - AWS CodePipeline](https://docs.aws.amazon.com/codepipeline/latest/userguide/troubleshooting.html)

CodeDeploy does not copy files from S3 to EC2

Relevant content