By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Issue deploying code build artifact to LightSail (Bitbucket > Jenkins > LightSail)

0

Hello everyone, I have this pipeline where I am trying the SCM is Bitbucket, the Build is on an ec2 instance (Jenkins), and the Deployment is supposed to be on a Virtual Private Server (LightSail). Everything works well except the deployment part. I have configured aws-cli on lightSail, installed CodeDeploy agent & Ruby, & everything is working well. Still, the Deployment is failing.

Online solutions I came across recommended ensuring CodeDeployAgent is running, alongside the appropriate IAM roles which I have confirmed both to be well configured. Still, no successfull deployment.

**Event logs from CodeDeployment console **== CodeDeploy agent was not able to receive the lifecycle event. Check the CodeDeploy agent logs on your host and make sure the agent is running and can connect to the CodeDeploy server.

**Some event logs from LightSail = ** ""

odedeploy-agent/bin/../lib/codedeploy-agent.rb:43:in block (2 levels) in <main>' /opt/codedeploy-agent/vendor/gems/gli-2.21.1/lib/gli/command_support.rb:131:in execute' /opt/codedeploy-agent/vendor/gems/gli-2.21.1/lib/gli/app_support.rb:298:in block in call_ command' /opt/codedeploy-agent/vendor/gems/gli-2.21.1/lib/gli/app_support.rb:311:in call_command' /opt/codedeploy-agent/vendor/gems/gli-2.21.1/lib/gli/app_support.rb:85:in run' /opt/codedeploy-agent/bin/../lib/codedeploy-agent.rb:90:in <main>' 2024-05-12T22:32:40 ERROR [codedeploy-agent(6010)]: InstanceAgent::Plugins::CodeDeployPlug in::CommandPoller: Cannot reach InstanceService: Aws::CodeDeployCommand::Errors::AccessDen iedException - Aws::CodeDeployCommand::Errors::AccessDeniedException

"" aws console error message screenshot from LightSail instance

Topics
Developer ToolsComputeDevOps
Tags
AWS CodePipelineAWS CodeDeployAmazon LightsailDevOps
Language
English
dru
asked 14 days ago223 views
1 Answer
2

Hello.

Judging from the error message, there seems to be a problem with the IAM configured in Lightsail.
What IAM policy do you have in place for Lightsail?
In the case of Lightsail, you cannot set an IAM role directly, so you need to set an access key from an IAM user.
Try setting this access key to the OS root user.

I think the IAM policy used by Lightsail can be the one described in the AWS blog below.
https://aws.amazon.com/jp/blogs/compute/using-aws-codedeploy-and-aws-codepipeline-to-deploy-applications-to-amazon-lightsail/

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:Get*",
                "s3:List*"
            ],
            "Resource": "arn:aws:s3:::<S3 Bucket Name>/*"
        }
    ]
}
profile picture
EXPERT
Riku_Kobayashi
answered 14 days ago
profile picture
EXPERT
Osvaldo Marte
reviewed 12 days ago
  • dru
    14 days ago

    Thanks for stopping by. I actually did set the access-key & secret-key on the LightSail OS in '/etc/codedeploy-agent/conf/codedeploy.onpremises.yml" alongside the iam_user_arn and region. I also confirmed the arn_user had the s3 full access, CodeDeploy full access and all. Still not working.

  • Riku_Kobayashi EXPERT
    14 days ago

    Please try restarting the Codedeploy Agent as per the stackoverflow answer below. Also, if you have set authentication information other than "codedeploy.onpremises.yml", try deleting it. https://stackoverflow.com/questions/37721601/aws-code-deploy-deployment-failed

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content