By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Install CodeDeployAgent using SSM with enable_auth as true

0

I am trying to install CodeDeployAgent via SSM on an ec2 in private subnet. However, its failing because its pointing to CodeDeploy endpoint: https://codedeploy-commands.eu-west-2.amazonaws.com. So we use the vpc endpoint, it should point to CodeDeploy endpoint: https://codedeploy-commands-secure.eu-west-2.amazonaws.com which can be done by setting :enable_auth_policy: true in /etc/codedeploy-agent/conf/codedeployagent.yml

Topics
Developer ToolsManagement & Governance
Tags
AWS CodeDeployAWS Systems Manager
Language
English
Bhavin
asked 9 months ago416 views
1 Answer
1
Accepted Answer

To install the CodeDeployAgent via SSM on an EC2 instance in a private subnet, you need to create a Systems Manager (SSM) document that installs the CodeDeploy agent and modifies the configuration file to enable the enable_auth_policy setting.

Here are the steps to do this:

Create a new SSM document. This document will contain the commands to install the CodeDeploy agent and modify the configuration file. Here is an example of what the document might look like:

{
  "schemaVersion": "2.2",
  "description": "Install CodeDeploy Agent",
  "parameters": {},
  "mainSteps": [
    {
      "action": "aws:runShellScript",
      "name": "installCodeDeployAgent",
      "inputs": {
        "runCommand": [
          "#!/bin/bash",
          "sudo yum update -y",
          "sudo yum install ruby -y",
          "sudo yum install wget -y",
          "cd /home/ec2-user",
          "wget https://aws-codedeploy-eu-west-2.s3.amazonaws.com/latest/install",
          "chmod +x ./install",
          "sudo ./install auto > /tmp/logfile",
          "sudo service codedeploy-agent start"
        ]
      }
    },
    {
      "action": "aws:runShellScript",
      "name": "enableAuthPolicy",
      "inputs": {
        "runCommand": [
          "#!/bin/bash",
          "echo ':enable_auth_policy: true' | sudo tee -a /etc/codedeploy-agent/conf/codedeployagent.yml",
          "sudo service codedeploy-agent restart"
        ]
      }
    }
  ]
}

Save the document and then use the AWS Management Console, AWS CLI, or an SDK to execute the document on your EC2 instance. Here is an example of how to do this using the AWS CLI:

aws ssm send-command --document-name "NameOfYourDocument" --instance-ids "YourInstanceId"

Replace "NameOfYourDocument" with the name of the SSM document you created and "YourInstanceId" with the ID of your EC2 instance.

Please note that the EC2 instance needs to have an IAM role with the necessary permissions to execute SSM documents and the S3 bucket needs to be accessible from the EC2 instance.

Also, please replace the region code in the S3 URL with the region of your EC2 instance. The example provided is for the eu-west-2 region.

profile picture
Ercan -flightlesstux-
answered 9 months ago
profile pictureAWS
EXPERT
Jonathan_D
reviewed 9 months ago
profile picture
EXPERT
Gary Mclean
reviewed 9 months ago
  • Bhavin
    9 months ago

    Wonderful, thanks a lot Had to do one change "sed -i 's/:enable_auth_policy: false/:enable_auth_policy: true/g' /etc/codedeploy-agent/conf/codedeployagent.yml",

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content