Questions tagged with AWS CodeDeploy

Good afternoon dear experts. Help solve the issue. I run the sh file (with rights) through the terminal, I get No such file or directory/.bashrc Google didn't help. I'm beating this wall for the 3rd evening). sh file content: ` source ~/.bashrc cd ~/data python file.py ` Contents of the .bashrc file: ` # .bashrc export PATH="~/.pyenv/bin:$PATH" eval "$(pyenv init -)" eval "$(pyenv virtualenv-init -)" # Source global definitions if [ -f /etc/bashrc ]; then . /etc/bashrc fi # Uncomment the following line if you don't like systemctl's auto-paging feature: # export SYSTEMD_PAGER= # User specific aliases and functi # >>> conda initialize >>> # !! Contents within this block are managed by 'conda init' !! __conda_setup="$('/home/ec2-user/.pyenv/versions/anaconda3-2020.11/bin/conda' 'shell.bash' 'hook' 2> /dev/null)" if [ $? -eq 0 ]; then eval "$__conda_setup" else if [ -f "/home/ec2-user/.pyenv/versions/anaconda3-2020.11/etc/profile.d/conda.sh" ]; then . "/home/ec2-user/.pyenv/versions/anaconda3-2020.11/etc/profile.d/conda.sh" else export PATH="/home/ec2-user/.pyenv/versions/anaconda3-2020.11/bin:$PATH" fi fi unset __conda_setup # <<< conda initialize <<< `

Hi Team I need to know what strategy we should use when we try to upgrade an agent on a running ec2. In order to follow cloud standards what i did is. i created an AMI and that has got my agent installed, so any new ec2 made by that AMI is having the agent installed. But when i want to upgrade the agent. how should i go about it? Which is the best option here: 1. Code deploy 2. Code pipeline 3. Lambda. or what else should be a good approach to follow? Thanks

I wanted to test whether Codedeploy can be deployed without ECS tasks, so I tested the ECS service with the task number set to 0. Contrary to expectations, CodeDeploy was successfully deployed with no tasks. If it was successfully deployed, it means that the content was properly distributed to the task. I wonder why it succeeded in the absence of the task. Below is the codedeploy result. [ECS image01](https://i.ibb.co/G0vTQ7L/ECS-codedeploy01.png) [ECS image02](https://i.ibb.co/7NJXmSn/ECS-codedeploy02.png)

I seem to be receiving regular 500s from CodeDeploy. I am using codepipeline to deploy three different code sources to ~20 instances in one stage. During this deployment I am seeing random failures occur, and there is no deployment visible in the codedeploy console for the failed deployment either. The failures are not consistent and seem to impact an arbitrary instance when the failure occurs. Any insight into what may be happening will be greatly appreciated. Thanks.

hello everyone, i want to deploy a pretrained model on the AWS Server using endpoint so that i can fetch it on the mobile device. i am also sharing the github link of the model which i want to deploy on the aws. its the pretrained object detection of tensorflow. For further explanation you can ask me. https://github.com/tauqueerdanish/object_detection/blob/main/Task_01.ipynb

I'm trying to make sense of what I am seeing in the AWS CodeDeploy console. I have a Deployment Group whose configuration specifies CodeDeployDefault.HalfAtATime (and in fact that seems to be the behavior I observe in my ASGs during deployment). However when I look at the individual deployments in my history, they show a configuration of CodeDeployDefault.AllAtOnce. What am I missing here?

One box stage in CICD pipeline is a stage before production stage. This stage also will receive the production traffic. The goal of this stage is to validate the new changes with very small prod traffic and keep the blast radius to minimal incase of issues. In server based deployment, this stage will contain only 1 machine to receive very small % of traffic. The code changes will be deployed to 1-box stage before production and leave it for some time to validate the behaviour of new change. If there is an issue in 1-box stage with the new code, the blast radius will be minimal and roll back is faster since the changes are deployed in only one machine. It is explained in "Backward compatibility and one-box testing" topic in this link - https://aws.amazon.com/builders-library/automating-safe-hands-off-deployments/ How do we setup the same in lambda ci-cd ? Any leads on this will be super helpful.

Is anyone facing issues with AWS Codebuild getting stuck in the queue phase? AWS Codebuild is stuck in the queue and never kicks off build in US-EAST-1. I have the same exact codebuild replicated in the US-EAST-2 region and it runs fine there. To be clear: the actual build does not kick off. This is not a buildspec.yml issue. I'm building using Amazon Linux 2 ARM64. I presume that there's issues in US-EAST-1 with ARM64 builds. Any advice to get over this hurdle? I logged tickets with support but so far nothing.

I have updated several task definitions and for the life of me I cannot get the latest revisions to run. We are using the AWS code management system, e.g. Code Deploy, Code Commit, etc. Wondering if there is a preferred way to get task definition to run the latest revision. I have tried stopping the service and updating with "Force new Deployment" checked and so far no dice. Any idea what I'm doing wrong?

I have an autoscaling with a run configuration using a windows image. I also have an application with an execution group and pipeline configured to deploy this autoscaling. Only deploy copying a .zip file from S3 to windows. It happens that sometimes the implantation works and other times it doesn't, what could cause this? When it fails, the deployment is pending for about an hour and then an UnkownError is generated in the ApplicationStop event. I don't understand why sometimes it works and sometimes it doesn't.

I have created one S3 bucket, and i deployed my code in that bucket and i try to open that code in chrome with bucketname as url but am getting site can't be reached what is issue ? Can any help me ?

I have a pipeline with a source stage, build stage, and self-mutate stage. I'm trying to take an existing yaml file and prepare the project it's associated with for deployment. The yaml file uses a config file for production and a different for testing, which is why the code below produces the following error: `Parameters: [DatabaseNamespace, SecretsKmsKey] must have values (Service: AmazonCloudFormation; Status Code: 400; Error Code: ValidationError;` I've been looking at the documentation [found here][1] and I think I'm close to figuring this out if I can pass the parameters from the config file with one of the props available. The fourth stage of the pipeline: ``` pipeline.addStage({ stageName: 'Test_Deploy', actions: [ new CloudFormationCreateReplaceChangeSetAction({ actionName: 'PrepareChanges', stackName: 'my-stack', changeSetName: 'StagedChangeSet', adminPermissions: true, templatePath: sourceOutput.atPath('cloudformation/cf-test.yaml'), runOrder: 1 }) ] }) ``` Config file: ``` AppStackName=my-stack AppDeployBucket=deploy-bucket DatabaseNamespace=cf-test-database SecretsKmsKey=secrets-kms-key ``` [1]: https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_codepipeline_actions.CloudFormationCreateReplaceChangeSetActionProps.html

We have a CodeBuild project that is set up to build the develop branch from our GitGub repository when changes are pushed to it. In our case we used a 'Push' event trigger with this in the head ref ^refs/heads/develop$ That works but when you go to look at the builds to see which one you want to deploy, it just shows the merge commit hash for the develop branch under the 'Source Version' column rather than saying "develop". If I do a manual build and use 'develop' as the source it does say 'develop' in the source version. Is there a way to control this so that the Source Version shows something more meaningful? thanks

I'm experiencing an issue with a deployment to one of several Windows servers - other servers with the same job are deploying correctly. The issue is that upon extraction of a zip file the following error occurs: Exception calling "ExtractToDirectory" with "2" argument(s): "The file 'C:\Prog....c.yml' already exists." (path shortened for brevity) After the deployment failed, I looked in the directory and sure enough the file was there and it was written by the code deployment job. I noticed something odd though, in the code deploy agent logs there are two sets of every entry, including the above error. It appears that code deploy is running two instances and they are both trying to perform the same deployment and therefore can't write to the same file. Here is a snippet from the agent log: 2022-04-03T00:01:51 DEBUG [codedeploy-agent(13484)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller: PollHostCommand: Host Command = nil 2022-04-03T00:01:51 DEBUG [codedeploy-agent(13484)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller: PollHostCommand: Host Command = nil 2022-04-03T00:01:52 DEBUG [codedeploy-agent(13484)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller: Calling PollHostCommand: 2022-04-03T00:01:52 DEBUG [codedeploy-agent(13484)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller: Calling PollHostCommand: 2022-04-03T00:01:52 INFO [codedeploy-agent(13484)]: Version file found in C:/ProgramData/Amazon/CodeDeploy/.version with agent version OFFICIAL_1.3.2.1902_msi. 2022-04-03T00:01:52 INFO [codedeploy-agent(13484)]: Version file found in C:/ProgramData/Amazon/CodeDeploy/.version with agent version OFFICIAL_1.3.2.1902_msi. On servers where the deployment succeeds, I only see one line for each of the above in the log files. I have restarted the agent service to no avail as well as reinstalled. Any help is appreciated.

I'm trying to build an infrastructure using `CodePipeline` and `CodeBuild`. I've a .NET project with targetFramework set as `.Net Core 6`. When the CodeBuild process triggers the build, it throws an error ``` /root/.dotnet/sdk/5.0.202/Sdks/Microsoft.NET.Sdk/targets/Microsoft.NET.TargetFrameworkInference.targets(141,5): error NETSDK1045: The current .NET SDK does not support targeting .NET 6.0. Either target .NET 5.0 or lower, or use a version of the .NET SDK that supports .NET 6.0. ``` If I switch the targetFramework to .Net Core 3.1 or 5, it works fine. Has anyone faced this issue before? If yes, how did they overcome it?

I cannot seem too get more than 1 concurrent build running at a time. If I try to set the "restrict Number of Concurrent Build" in the Project Configuration for CodeBuild to say 3 I get this error: "Project-level concurrent build limit cannot exceed the account-level concurrent build limit of 1" The build that we use builds a custom Windows Server Docker image. Not sure if that has any bearing on this. thanks

Hi there, hope you are fine. Recently I came across Sagemaker Async inference API, there we can scale down even to 0 instances. What I want is that I deploy my solution to EC2 instances using FastAPI, uvicorn and Celery or Rabbit-MQ(as message broker, for queuing). Then I can scale up and scale down instances based on traffic. Also, if that's not the case, then I keep a minimal CPU instance on always and based on that I scale up and scale down GPU instances for handling requests. Thanks , for any help. Best Regards Muhammad Ali

Hi, I am trying to setup CodeBuild to build the develop branch that the PR is merged into rather than building the actual PR branch. The reason for this is sometime peoples PR brances don't yet include the develop changes made since their PR was created. Can someone tell me what I need to do in the Source section of CodeBuild in order to achieve this? thanks

As already pointed out in the old [Developer Forum](https://forums.aws.amazon.com/thread.jspa?messageID=812431&tstart=0#812431) CodeDeploy B/G deploy is failing if the AutoScalingGroup has some AutoScalingPolicy attached because it looses the attachment to the original TargetGroup. Has anybody found a better solution than [manually re-attaching it](https://dev.to/cvortmann/fixing-aws-codedeploy-issue-where-auto-scaling-group-is-not-attached-to-target-group-47ac)? Attaching the policies instead of the target is also a possibility, but it makes the management of the policies not in CloudFormation. BTW, the old workaround only worked with "classic LB", it can't be implemented with current ALBs. It is "funny" that AWS is aware of this severe bug but did not fixed it yet, after 5 years ;(

I am at my wits end here. I am trying to set up a CodeDeploy deployment with my EC2 instance for GitHub, but whenever I try to verify the token name it either says "There seems to be a problem with your session" or when I clear cookies and try changing the region, it will show the correct window but it doesn't respond after hitting the "Confirm" button. In the URL I can see that the pop up window for the connection is using a "**us-west-1**" region, but the EC2 and CodeDeploy appication is set up in "**us-east-1**". When I do clear cookies and it shows the correct window and then I hit the "Commit" button, nothing happens but the console shows this error: > Uncaught DOMException: Permission denied to access property "signalGitHubFinished" on cross-origin object Which makes me think this is a CORS issue between the regions. I did find a similar issue like this way back in 2015 but it was resolved with someone saying "This issue is fixed now". But it's clearly not fixed for me. PLEASE HELP.

My customer is looking to deploy the app infra via a code pipeline which has the source, lint, compile, build, package and deploy stages. The lambda is in typescript and there are 4 lambdas which should be deployed for this app. Is there a need to have a different codepipeline for each lambda deployment or can I deploy all the lambdas in a single code pipeline. If there is a single pipeline, how will the app code linting, building, compiling and packaging happen for all the 4 lambdas ? Is it going to be in parallel? If yes, then would there 4 parallel runs of lint, compile and so on. Is there any reference architecture ?

Hello AWS Community, in my team we have just on AWS Account, and that way we deploy th **PreProd**and ro stages in tghe same account. the Problem is: i wanant to delete all stacks produced through the **PreProd **stage before moving to the **Pre **stage because of duplicat names ... etc. i tried using the command ``` cdk destroy --app 'npx ts-node ./bin/AutBusBackend.ts' --all --force" ``` but the destroy here is deleting the stacks without the prefix ***Pre***, and in this time we don't have anway this stacks. Do you know how can i get ride of this problem to delete the stacks that are preduced in the current stage before and not the default stacks names in cdk.out ? here is my pipeline code ``` const repo = codecommit.Repository.fromRepositoryName(this, 'AutbusBackendRepo', 'AutbusBackend'); const pipeline = new CodePipeline(this, 'AutBusPipeline', { pipelineName: 'AutBusPipeline', synth: new ShellStep('Synth', { input: CodePipelineSource.codeCommit(repo, 'master'), commands: [ 'npm install -g npm', 'npm install', 'npm ci', 'npm run build', 'npm run cdk -- synth' ] }) }); const preProd = pipeline.addStage(new AppStage(this, 'PreProd',{ env: { account: account, region: region } })); const step1 = new ShellStep('IntegrationTesting', { commands: [ 'npm install', 'npm test' ] }); const step2 = new ManualApprovalStep('Manual approval before Prod'); const step3 = new ShellStep('Delete deployed Stacks', { commands: [ 'npm install', 'npm install -g aws-cdk', "cdk destroy --app 'npx ts-node ./bin/AutBusBackend.ts' --all --force" ] }); // step2.addStepDependency(step1); // step3.addStepDependency(step2); // preProd.addPost(step3); // preProd.addPost(step2); // preProd.addPost(step1); const prodStage = pipeline.addStage(new AppStage(this, 'Prod', { env: { account: account, region: region } })); ``` Thanks in adavance for any new insiring idea

code deploy is successfully integrated but when iam accessing the apllication iam getting localhost:3000 refused to connect in ubuntu server even after giving all the port permissions

So I have a CodeBuild project that uploads my latest code to the $latest Lambda version, then publishes a new Lambda version and then does a string replacement on the CodeDeploys appspec file to set the CurrentVersion and the TargetVersion. This works for basic stuff but if say there are 2 people working on the Lambda code and 2 CodeBuilds get kicked off, you will end up with 2 sets of appspec files e.g. Appspec1: CurrentVersion: 1 TargetVersion: 2 Appspec2: CurrentVersion: 1 TargetVersion: 3 So when Appspec1 is deployed all goes well and the CurrentVersion becomes 2. But then when Appspec2 gets deployed, it will fail because the CurrentVersion is set to 1 instead of the now new version 2. So how do people get around this? Do you have to set the versions or can CodeDeploy figure it out for itself somehow?

Hi, I have a very simple C# Lambda that I will execute from a schedule. I want to use CodeBuild and CodeDeploy to be able to deploy new versions of this to either my staging or production environments. At the moment, my CodeBuild project build does the following: * Builds the Lambda c# project * Pushes the code to the Lambda $latest version * Creates a new Lambda version * Updates (string replacement) my Lambda deployment appspec.yml file to have the correct 'currentversion' and 'targetversion' based on what the current versions are. * uploads the appspec to an S3 bucket so that I can use it later in CodeDeploy. My CodeDeploy just takes the appspec.yml file and executes it which then changes the $latest version of the Lambda to the new version. Thats all good (I think) except that my CodeBuild doesn't know where I want to deploy the change to (staging or production) so should I be uploading 2 sets of code (one targeting a 'stage' Lambda alias and the other targeting a 'production' Lambda alias)? Or should there be a separate CodeBuild project for each environment? Or should I be having a completely separate Lambda (instead of using aliases) where one is for staging and the other for production? I feel like I am doing something horribly wrong here :)

Hello, I'm using CodeDeploy and CodePipeline to deploy my back-end Python Flask application on an EC2 instance with Github connection. Usually, to start the app locally I will use this command in the terminal: `uwsgi --ini myapp:app_var_name` My problem is that when I do this, the step "Application start" in the CodeDeploy "deployment" stage runs infinitely, until a timeout error happens that stops the pipeline. I confirmed the fact that the application was launched by sending a request to the public address. What kind of command line should I write to avoid any CodeDeploy stage to timeout? Does adding `&` to the command line enough?

Hi, we are experiencing a strange behavior in our pipeline flow. Step from source pulling e image building are correctly marked as succeeded in pipeline but the procedure fall in a "in progress" state for the deploy step. Anyway, when I check ECR panel, I can see the image correctly deployed to cluster. Nothing was changed in the last days about the pipeline setting up, just as usual new commits. Logs are clean and nothing can point me to resolve this issue. Is there something that I can check further to fix this situation? Thanks!

When I run a CodeDeploy deployment there is a script called "scripts.log" that is added to the code agent output on the target server that contains logs related to the lifecycle hook scripts. Is it possible to either change the log level on these or switch them off? thanks

Hi, I don't have a lot of experience with AWS. As a means to understand the tech let's assume the following theoretical use case: 1. University with 400,000 static files (html, images, js). Vendor hosted CMS generates the static files. 2. University needs to host these generated statics files and implement SSO (Shibboleth SP3) on separate server eg EC2 Amazon Linux 2. 3. Use GitHub for version control (team of 5 developers) and deploy to CodeDeploy from GitHub main branch 4. Use Load Balancers. ....From your experience of hosting large scale informational static websites is GitHub>CodeDeploy>EC2 a suitable option or should I be studying/considering other best practice AWS services? Starting out so any resources or direction appreciated. Thanks

Hi, I am trying to deploy an amplify app as per https://webapp.serverlessworkshops.io/staticwebhosting/deploy/ but the build is failing because of an existing bucket I am unable to see the bucket in S3. How can I delete the bucket? or how to resolve this issue? ``` 2022-02-25T03:31:32.457Z [INFO]: An error occurred when creating the CloudFormation stack 2022-02-25T03:31:32.459Z [WARNING]: ✖ Root stack creation failed 2022-02-25T03:31:32.464Z [INFO]: AlreadyExistsException: Stack [amplify-wildrydes-prod-32220] already exists at Request.extractError (/root/.nvm/versions/node/v14.18.1/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/protocol/query.js:50:29) at Request.callListeners (/root/.nvm/versions/node/v14.18.1/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/sequential_executor.js:106:20) at Request.emit (/root/.nvm/versions/node/v14.18.1/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/sequential_executor.js:78:10) at Request.emit (/root/.nvm/versions/node/v14.18.1/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/request.js:686:14) at Request.transition (/root/.nvm/versions/node/v14.18.1/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/request.js:22:10) at AcceptorStateMachine.runTo (/root/.nvm/versions/node/v14.18.1/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/state_machine.js:14:12) at /root/.nvm/versions/node/v14.18.1/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/state_machine.js:26:10 at Request.<anonymous> (/root/.nvm/versions/node/v14.18.1/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/request.js:38:9) at Request.<anonymous> (/root/.nvm/versions/node/v14.18.1/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/request.js:688:12) at Request.callListeners (/root/.nvm/versions/node/v14.18.1/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/sequential_executor.js:116:18) at Request.emit (/root/.nvm/versions/node/v14.18.1/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/sequential_executor.js:78:10) at Request.emit (/root/.nvm/versions/node/v14.18.1/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/request.js:686:14) at Request.transition (/root/.nvm/versions/node/v14.18.1/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/request.js:22:10) at AcceptorStateMachine.runTo (/root/.nvm/versions/node/v14.18.1/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/state_machine.js:14:12) at /root/.nvm/versions/node/v14.18.1/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/state_machine.js:26:10 at Request.<anonymous> (/root/.nvm/versions/node/v14.18.1/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/request.js:38:9) at Request.<anonymous> (/root/.nvm/versions/node/v14.18.1/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/request.js:688:12) at Request.callListeners (/root/.nvm/versions/node/v14.18.1/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/sequential_executor.js:116:18) at callNextListener (/root/.nvm/versions/node/v14.18.1/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/sequential_executor.js:96:12) at IncomingMessage.onEnd (/root/.nvm/versions/node/v14.18.1/lib/node_modules/@aws-amplify/cli/node_modules/aws-sdk/lib/event_listeners.js:335:13) at IncomingMessage.emit (events.js:412:35) at IncomingMessage.emit (domain.js:475:12) at endReadableNT (internal/streams/readable.js:1334:12) at processTicksAndRejections (internal/process/task_queues.js:82:21) { code: 'AlreadyExistsException', time: 2022-02-25T03:31:32.456Z, requestId: '92bb3d71-1610-43c4-a385-54cb25e459cd', statusCode: 400, retryable: false, retryDelay: 81.16703459454344 } 2022-02-25T03:31:32.487Z [ERROR]: !!! Build failed 2022-02-25T03:31:32.487Z [ERROR]: !!! Non-Zero Exit Code detected 2022-02-25T03:31:32.488Z [INFO]: # Starting environment caching... 2022-02-25T03:31:32.488Z [INFO]: # Environment caching completed Terminating logging... ``` Thank you

I am using CodeDeploy to deploy a .Net app to a Windows Server 2022 machine. I am using an AppSpec.yml file to manage the deployment steps. I have read that you can read in the CodeDeploy environment variables such as $DEPLOYMENT_GROUP_NAME in your hook scripts e.g. [https://aws.amazon.com/blogs/devops/using-codedeploy-environment-variables/](). The example are always in linux scripts though e.g. ``` if [ "$DEPLOYMENT_GROUP_NAME" == "Staging" ] then ``` I am wanting to do this in a cmd file as when deploying to Windows you can't use .sh files. I have tried as a test echoing the results of a variable from a cmd file but it always comes out as not being set to my Deployment Group Name. Are CodeDeploy variables not available in windows deployments or am I using them wrong. What I am trying to achieve ultimately is to know which Deployment Group (Test or Prod) is being deployed to so that I can update some configuration accordingly.

Morning. We have several repo's in github (some in codecommit) and looking to automate. So my first test is just updating code, and then manually deploying, then moving to auto-deploy (I assume using codepipeline). I fixed some issues (so this is updated), but the basic question is, does the start/stop scripts have to be in the repo? When I tried to reference them under /root (on the EC2) the deploy failed. So, I don't want the real website to have the scripts folder, so I am wondering how others do it. So what is easy way to say publish all files to destination X but do not put the scripts folder there? I would imagine I could add a cleanup to the last part, but would seem redundant vs saying ignore *.sh, or scripts/* etc. Here is the basic appspec I am starting with. ``` version: 0.0 os: linux files: - source: / destination: /var/www/html/ hooks: ApplicationStop: - location: scripts/stop_httpd.sh timeout: 15 runas: root ApplicationStart: - location: scripts/start_httpd.sh timeout: 15 runas: root ```

I would like to install code-deploy-agent on windows in disabled mode but I couldn't find any argument in the MSI package. I tried to search on the registry for a specific flag regarding registration. We are trying to install code-deploy agent in an AMI but after the ec2 instance is created it complains about the instance-id. ``` Set-Service : Service 'CodeDeploy Host Agent Service (codedeployagent)' cannot be started due to the following error: Cannot start service codedeployagent on computer '.'. At C:\Windows\system32\config\systemprofile\AppData\Local\Temp\Amazon\EC2-Windows\Launch\InvokeUserData\UserScript.ps1:35 char:1 + Set-Service -Name 'codedeployagent' -StartupType 'automatic' -Status ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OpenError: (System.ServiceProcess.ServiceController:ServiceController) [Set-Service], ServiceCommandException + FullyQualifiedErrorId : CouldNotStartService,Microsoft.PowerShell.Commands.SetServiceCommand Set-Service : Service 'CodeDeploy Host Agent Service (codedeployagent)' cannot be started due to the following error: Cannot start service codedeployagent on computer '.'. At C:\Windows\system32\config\systemprofile\AppData\Local\Temp\Amazon\EC2-Windows\Launch\InvokeUserData\UserScript.ps1:35 char:1 + Set-Service -Name 'codedeployagent' -StartupType 'automatic' -Status ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OpenError: (System.ServiceProcess.ServiceController:ServiceController) [Set-Service], Se rviceCommandException + FullyQualifiedErrorId : CouldNotStartService,Microsoft.PowerShell.Commands.SetServiceCommand ```

I have come from an Azure background where builds would be automated and then when your ready you can browse through the build history, find the one that you want to deploy and hit the release button, after which you choose the environment where you wish to deploy to (Test or Prod). I have just begun my AWS journey and I can't find anything that simple for deploying an already built build. I have read the Console approach in this article https://docs.aws.amazon.com/codedeploy/latest/userguide/tutorials-windows-deploy-application.html but it seems a little convoluted. You need to go to CodeDeploy, then select your application, then choose the environment (Deployment Group), then somehow you need to know which artifact in the S3 bucket is the one that you want to deploy. The article suggests going to S3 which feels unnecessary. I'm sure I must be missing something here. I am aware of CodePipeline and I use that for automating the build part of the process but don't want the auto deploy.

We have a CodeDeploy application in the US West 2 region. Is it possible to deploy to an EC2 instance that is in Asia Pacific 2? I tried and the Deployment just hung at the initial ApplicationStop event and eventually timed out. There were no errors in the code deploy agent logs. The CodeDeploy error after timing out was "The bucket you are attempting to access must be addressed using the specified endpoint. Please send all future requests to this endpoint."

We have a CodeDeploy application running in Asia Pacific 2 and we want to use artifacts that were built and sent to an S3 bucket in US West 2. Is it possible to do this? At the moment if I try to do it the CodeDeploy process fails at the DownloadBundle event with this error message: "The bucket you are attempting to access must be addressed using the specified endpoint. Please send all future requests to this endpoint." I am using the correct address (copied s3 uri from the s3 bucket). I suspect that error is a generic "can't find the url" type message. If it is a permission issue, can someone point me to how to allow this to work? thanks

Hi, I think I have worked out how to enable rolling updates for more than one service in my cluster. I solved this by writing out more than one imagedefinitons.json file. However I have an issue in that every time my pipeline runs, even if the ECR image digest hasn't changed, both services taskDefs get bumped and replace the previous task. Is this the expected behaviour? Is there a way for ECS deploy to spot the digest is the same and not to roll forward. Thanks, Guy

I have made one Rest API in Django and now I have to deploy that in AWS. Any ideas to which AWS Service should be used? What will be the architecture? Any diagram?

Using AWS CodePipeline and setting a Source, Build and passing `taskdef.json` and `appspec.yaml` as artifacts, the deployment action `Amazon ECS (Blue/Green)` will fail with the error: STRING_VALUE can not be converted to an Integer This error does not specify where this error happens and therefore it is not possible to fix. For reference, the files look like this: ```yaml # appspec.yaml version: 0.0 Resources: - TargetService: Type: AWS::ECS::Service Properties: TaskDefinition: <TASK_DEFINITION> LoadBalancerInfo: ContainerName: "my-project" ContainerPort: 3000 ``` ```json // taskdef.json { "family": "my-project-web", "taskRoleArn": "arn:aws:iam::1234567890:role/ecsTaskRole-role", "executionRoleArn": "arn:aws:iam::1234567890:role/ecsTaskExecutionRole-web", "networkMode": "awsvpc", "cpu": "256", "memory": "512", "containerDefinitions": [ { "name": "my-project", "memory": "512", "image": "01234567890.dkr.ecr.us-east-1.amazonaws.com/my-project:a09b7d81", "environment": [], "secrets": [ { "name": "APP_ENV", "valueFrom": "arn:aws:secretsmanager:us-east-1:1234567890:secret:web/my-project-NBcsLj:APP_ENV::" }, { "name": "PORT", "valueFrom": "arn:aws:secretsmanager:us-east-1:1234567890:secret:web/my-project-NBcsLj:PORT::" }, { "name": "APP_NAME", "valueFrom": "arn:aws:secretsmanager:us-east-1:1234567890:secret:web/my-project-NBcsLj:APP_NAME::" }, { "name": "LOG_CHANNEL", "valueFrom": "arn:aws:secretsmanager:us-east-1:1234567890:secret:web/my-project-NBcsLj:LOG_CHANNEL::" }, { "name": "APP_KEY", "valueFrom": "arn:aws:secretsmanager:us-east-1:1234567890:secret:web/my-project-NBcsLj:APP_KEY::" }, { "name": "APP_DEBUG", "valueFrom": "arn:aws:secretsmanager:us-east-1:1234567890:secret:web/my-project-NBcsLj:APP_DEBUG::" } ], "essential": true, "logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-group": "", "awslogs-region": "", "awslogs-stream-prefix": "" } }, "portMappings": [ { "hostPort": 3000, "protocol": "tcp", "containerPort": 3000 } ], "entryPoint": [ "web" ], "command": [] } ], "requiresCompatibilities": [ "FARGATE", "EC2" ], "tags": [ { "key": "project", "value": "my-project" } ] } ``` Any insights on this issue are highly appreciated!

Hello guys, I have a pipeline Source -> CodeBuild -> Deploy And I have two actions in the CodeBuild. I found out if one of the action of failed, the pipeline will stop. This action in CodeBuild is optional to the project, so I want to continue the pipeline to Deploy even the action is failed in CodeBuild. Thanks!

Hi, It seems that whatever I do I can't get CodeBuild to build my Ruby project. I need Ruby version 2.7.4 so as always I added `.ruby-version` file in the root folder of my app with ruby-2.7.4 but the build fails with error: ``` rbenv: version `ruby-2.7.4' is not installed ``` I set ruby-2.6 in my `.ruby-version` but the build fails again with error ``` rbenv: version `ruby-2.6' is not installed ``` I tried installing proper Ruby version at build so I set this command: ``` pre_build: commands: - rbenv install 2.7.4 ``` but I get the same error: ``` rbenv: version `ruby-2.6' is not installed ``` What am I doing wrong? What am I missing?

I have been trying to find an answer in documentation, github, here and the old forums, but I fail to find the answer to my question. In my CDK v1 (python) I create a RDS instance of SQL Server and set credentials with aws_rds.Cerednetials.from_generated_secret(), but when I later on want to provide environment/sercrets values to the docker container I want to run in fargate I have the following environment variable that I need to be set: DB_CONNECTION_STRING, which has the following syntax: Server=<somehost.aws.com>,144;Database=<databasename>; User Id=<databaseuser>;Password=<databasepassword> All the examples I have seen uses multiple variables like DB_USER/DB_PASS/DB_HOST and then you can easily set those with help of secret_value, but there is no example on generating a connection string. How do you solve this? I took a look at aws glue, but it didn't feel like the right optionand I'm not too keen on making a dockerfile to try to pull the official docker image and then create a kind of a wrapper to have environment/sercret variables and then a script that builds up the connection string and sets it before calling the start script for the application (this has other downsides). The reason why I'm not using the CDK v2 is that the current version seems to be broken when you create a new project in WSL (seems to think it's pure ms-windows and fails to create a number of files needed). Thanks in advance for any reply.

Here's my appspec.yml file: ``` version: 0.0 os: linux files: - source: / destination: /home/ec2-user/myapp hooks: BeforeInstall: - location: scripts/remove_root_dir.sh timeout: 900 runas: root ApplicationStart: - location: scripts/install_dependencies.sh timeout: 300 runas: root - location: scripts/start_server.sh timeout: 300 runas: root ApplicationStop: - location: scripts/stop_server.sh timeout: 300 runas: root ``` Here's my stop_server.sh file under the scripts folder in my Angular root directory: ``` #!/bin/bash isExistApp = `pgrep httpd` if [[ -n $isExistApp ]]; then service httpd stop fi ``` The error message that I get is "ScriptMissing" at the ApplicationStop step. The script is not missing. I stopped my codedeploy agent, tried to clear out the files under /opt/codedeploy-agent/deployment-root (but many were write protected), and restarted the codedeploy agent. No success after numerous attempts to get CodeDeploy to complete successfully. What should I do to get CodeDeploy working properly?"

I am trying to deploy a new version of my application through the Elastic Beanstalk console , but when I attempt to upload my zip file I am getting an error message in the upload and deploy pop-up which simply says "Unable to create the application version:". I have googled for solutions and the issue for other people seems to be having too many application versions as there is a limit of 500 - I have deleted more than 5 older versions but I am still getting the error. I know the error itself is not very descriptive but would anyone know of a possible cause, or possible further directions for troubleshooting? (e.g. some logs that are somewhere)

I have an EC2 (RHEL) instance running a NodeJS server. I have setup the start of this server as a systemd service (included below) and run this service via a shell script executed during the ApplicationStart part of CodeDeploy LifeCycleEvent. In the server itself, I am using `mongoose` to connect to MongoDB running on another EC2 instance. My problem is that my server does not connect to MongoDB and instead returns the following error: ``` { message: 'Could not connect to MongoDB!!! getaddrinfo ENOTFOUND undefined', reason: TopologyDescription { type: 'Single', setName: null, maxSetVersion: null, maxElectionId: null, servers: Map { 'undefined:27017' => ServerDescription { address: 'undefined:27017', error: Error: getaddrinfo ENOTFOUND undefined at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:66:26) { name: 'MongoNetworkError' }, roundTripTime: -1, lastUpdateTime: 23933862843, lastWriteDate: null, opTime: null, type: 'Unknown', topologyVersion: undefined, minWireVersion: 0, maxWireVersion: 0, hosts: [], passives: [], arbiters: [], tags: [] } }, stale: false, compatible: true, compatibilityError: null, logicalSessionTimeoutMinutes: null, heartbeatFrequencyMS: 10000, localThresholdMS: 15, commonWireVersion: null }, level: 'error', stack: 'MongooseServerSelectionError: getaddrinfo ENOTFOUND undefined\n' + ' at NativeConnection.Connection.openUri (/home/centos/my-server/node_modules/mongoose/lib/connection.js:847:32)\n' + ' at /home/centos/my-server/node_modules/mongoose/lib/index.js:351:10\n' + ' at /home/centos/my-server/node_modules/mongoose/lib/helpers/promiseOrCallback.js:32:5\n' + ' at new Promise (<anonymous>)\n' + ' at promiseOrCallback (/home/centos/my-server/node_modules/mongoose/lib/helpers/promiseOrCallback.js:31:10)\n' + ' at Mongoose._promiseOrCallback (/home/centos/my-server/node_modules/mongoose/lib/index.js:1149:10)\n' + ' at Mongoose.connect (/home/centos/my-server/node_modules/mongoose/lib/index.js:350:20)\n' + ' at module.exports (/home/centos/my-server/startup/db.js:20:6)\n' + ' at startServer (/home/centos/my-server/index.js:22:9)\n' + ' at processTicksAndRejections (internal/process/task_queues.js:97:5)', label: 'qa-server', timestamp: '1/21/2022, 11:41:15 AM' } ``` I tried the following solutions and these did not work: 1. `https://aws.amazon.com/premiumsupport/knowledge-center/dns-resolution-failures-ec2-linux/` 2. Adding the following lines to my `.service` file: ``` After=network-online.target Wants=network-online.target ``` If anyone could provide some insight as to how I can solve this, it'd be greatly appreciated. **appspec.yaml** ``` version: 0.0 os: linux files: - source: / destination: /home/centos/my-server hooks: BeforeInstall: - location: scripts/cleanup.sh timeout: 300 runas: root AfterInstall: - location: scripts/install_dependencies.sh timeout: 300 runas: root - location: scripts/update_service.sh timeout: 300 runas: root ApplicationStart: - location: scripts/start_server.sh timeout: 300 runas: root ApplicationStop: - location: scripts/stop_server.sh timeout: 300 runas: root ``` **start_server.sh** ``` #!/bin/bash iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 9080 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 9443 sudo systemctl daemon-reload sudo systemctl restart myserver.service ``` **myserver.service** ``` [Unit] Description=Node.js My server [Service] ExecStart=/usr/bin/node /home/centos/my-server/index.js WorkingDirectory=/home/centos/my-server/ StandardOutput=syslog StandardError=syslog SyslogIdentifier=my-server-log Environment=PATH=/usr/bin:/usr/local/bin Environment=NODE_ENV=production [Install] WantedBy=multi-user.target ``` **index.js** ``` const winston = require('winston'); const express = require('express'); const logging = require('./startup/logging'); const config = require('./startup/config'); const routes = require('./startup/routes'); const db = require('./startup/db'); const validation = require('./startup/validation'); const redirect = require('./startup/redirect'); const app = express(); const successMessage = async () => { const message = 'my-server is up and running and ready for requests..'; winston.info(message); console.log(message); }; const startServer = async () => { await logging(); await config(); await routes(app); await db(); await validation(); await redirect(app); await successMessage(); }; startServer(); ``` **db.js** ``` const mongoose = require('mongoose'); const winston = require('winston'); const nconf = require('nconf'); const fs = require('fs'); module.exports = async function () { // Get the mongodb credentials from config memory const ipAddress = fs.existsSync('/.dockerenv') ? nconf.get('mongodb:dockerIPAddress') : nconf.get('mongodb:ipAddress'); const port = nconf.get('mongodb:port'); const username = encodeURIComponent(nconf.get('mongodb:username')); const password = encodeURIComponent(nconf.get('mongodb:password')); const database = nconf.get('mongodb:database'); const mongoUrl = `mongodb://${username}:${password}@${ipAddress}:${port}/${database}?authSource=admin`; mongoose .connect(mongoUrl, { useNewUrlParser: true, useUnifiedTopology: true, useCreateIndex: true, useFindAndModify: false, }) .then(() => winston.info('Connected to mongodb successfully..')) .catch((err) => winston.error('Could not connect to MongoDB!!!', err)); }; ```

Hey everyone, I have an ECS Fargate cluster up and running with automated CI/CD via CodePipeline & CodeDeploy. The infrastructure is managed with terraform and works as desired. My deployment strategy is blue/green, and I went for the `CodeDeployDefault.ECSCanary10percent5Minutes` deployment configuration (as described here: https://docs.aws.amazon.com/AmazonECS/latest/userguide/deployment-type-bluegreen.html). The gradual traffic shift between the blue and green task sets works fine, however I haven't found any way to influence the canary checks (like, abort the deployment if something's wrong) or introduce custom canary checks during the deployment process. Also, I found very little information on how Canary determines the health of a deployment. I'd like to perform a number of checks during deployment, and abort if anything's wrong. **My questions are:** * How is a Canary release deemed healthy/unhealthy by default (assumption: The alb target group health check?) * What's a possible best practice to observe deployment health during canary releases and perform automated rollback? Is this even possible currently? Upon googling some more it seems that adding CloudWatch Alarms and an AlarmConfiguration to the Deployment Group could do the trick (as documented here: https://docs.aws.amazon.com/codedeploy/latest/userguide/deployment-groups-configure-advanced-options.html). Is that the idiomatic way to achieve this? If so, how do I ensure that the CloudWatch alarm check is only performed against the service version that is currently being deployed? Thanks for any pointers everyone! Maik

I have a NodeJS application running via ElasticBeanstalk, have deployed 59 previous application versions via the "upload and deploy" button in the EBS dashboard for the application environment. Before, I uploaded a zip file and the environment updated successfully (all at once strategy), never had issues. - Trying to upload a zip file the last 2 days (for the first time in some months) fails, after uploading the "Upload and deploy" popup shows only a red X icon with text "Unable to create the application version: ", without further information. - The "Application versions" page of the environment shows errors on loading like "Validation error" and "Error Unable to retrieve default rolling update values, leave the options blank to retrieve the defaults:", but is otherwise functional. - Reverting to a previous application version via the "Application versions" page also no longer works. Just like when uploading a new version, when reverting the "Deploy Application Version" popup shows "Unable to create the application version: ", without further information. - Deleting previous application versions errors out frequently, but does succeed after several attempts, I've deleted most of my old versions to make sure I'm under the limit. Is there a problem with the service currently, or has something changed in the past months requiring changes on my end? Is there any way I could debug this, as the "Upload and deploy" popups provide no information about problems? * I also cannot create a new (NodeJS) application environment via EBS dashboard, when creating a new environment from an application or from the environments page, it fails and shows only "Validation error". Update: After trying multiple times, it does succeed eventually.

Morning all, I want to confirm I am on the right track and just logically trying to put things in order. I have a group of servers that are quite static (no need for autoscaling). It's a java app, and Beanstalk doesn't support the app. So right now the developer is going to each server via custom ports to undeploy and deploy new apps. The farm has grown and its time consuming. Some of the reading is a bit confusing, so for a quick high level, I had these questions/help items. Using the left side nav from codecommit, **Under Source** - its always just one file (a .war file). so regardless, I believe I will need to use either GIT/CodeCommit and can't just have the developer upload a file to an S3 bucket right? That would enable the version control, revert, etc. **Under Deploy** - Applications - I have created the application, service role, type and configuration (by key/value). Also have the enable load balancing checked with a test group (one server right now). I don't think I really need to worry about the artifacts or the build, all I want is for the developer to finish his WAR file, commit. So not sure what is the magic that after I he commits, it takes that code, then push's to the servers. The agent is installed and just not sure if I need a pipeline setup, or there is something between the deploy and the agent and a simple answer here may prove much faster than other resources. So thank you again for the feedback and/or suggestions if there is a better way but think once setup this really is quite simple.

I can't seem to set up a pipeline that uses CodeDeploy for a lambda function. I have tried: 1. Generating the appspec.yml file as part of a CodeBuild action. In this case CodePipeline zips the file, and CodeDeploy says it can't find the appspec file. 2. Generating the appspec.yml file manually (Lambda invocation). In this case CodeDeploy gives the error "The deployment specifies that the revision is a null file, but the revision provided is a zip file." (It is definitely not a zip file) Has anyone succeeded in doing this? Note: I know SAM apparently does this. But it would be difficult to introduce new tooling at this point

I have a ruby project and I am trying to build via AWS codedeploy and having some issues specifying the ruby version. I am using Ruby 2.6.5 and I am using AWS Codedeploy standard image (aws/codebuild/standard:2.0) because according to the [docs][1] it supports Ruby 2.6.5. `.ruby-version` has 2.6.5. I also attempted a build where I put "runtime-versions: ruby: 2.6.5" in the buildspec but that threw the following error: "Phase context status code: YAML_FILE_ERROR Message: Unknown runtime version named '2.6.5' of ruby. This build image has the following versions: 2.6". This is my buildspec. ``` version: 0.2 phases: install: runtime-versions: ruby: 2.6.5 commands: - echo Installing Bundler... - gem install bundler -v 2.2.27 - bundle install build: commands: - bundle exec rspec ``` I also tried using `aws/codebuild/amazonlinux2-x86_64-standard:3.0-20.03.13` image version from AL Standard 3.0 image instead of the latest but I get the same error while on github I see ruby version 2.6.5 has been added https://github.com/aws/aws-codebuild-docker-images/tree/20.03.13. I also tried Ubuntu Standard 5.0 and same thing. What am I missing? [1]: https://github.com/aws/aws-codebuild-docker-images/blob/master/al2/x86_64/standard/2.0/Dockerfile#L320

Hi, I have a CodeCommit repository and CodePipeline pipeline which I'm using for a web application. The application includes some javascript I'd like to deploy to S3. As far as I can tell, the S3 action provider of CodeDeploy copies the whole source artefact to the target bucket. Is there any way of being selective about the parts of the repo to publish? For example it'd be great if I could only deploy the "publicsite" subdirectory to S3. I guess I could script this separately somewhere in the build, but I'd like to keep things as simple as possible. Thanks

Where is the location of ECS CodeDeploy logs? I know where to find them for EC2 deployments, but not for **ECS**.

ECS CodeDeploy "install" step is taking a while. What exactly is involved in the "install" step during ECS CodeDeploy. I'm thinking the task/container is being created. I'm trying to figure out how to reduce the time associated with the "install" step. Any help will be greatly appreciated. Thank you.

Getting this error sometime after pipeline is created successfuly. The error came during some deployments: No such file or directory - rd /s /q "C:/ProgramData/Amazon/CodeDeploy/f3aa6849-0470-40d0-bd3d-39c07f923a9d/d-ELOVEWK2E" 2>&1. Although this folders and sub folders are still there in place. What is the cause of the error and any resolution to this?

I'm trying to create CI/CD with Jenkins by following this AWS workshop https://third-party-integration-codebuild-codedeploy-plugins.workshop.aws/en/access.html and I am stuck at point 1. When I go to the Jenkins server URL it is not reachable from internet. I've verified my IP range from which I can connect to and it's correct. I've verified that the subnet the server was provisioned to has the IP CIDR range 172.31.32.0/20 and it is associated with a route table that has an entry to route all traffic 0.0.0.0/0 to Internet Gateway. I can SSH to it but can't access it from the browser. What am I missing?

How can we deploy our code on IIS server using azure pipeline via aws?

I am trying to add the following script to the `ApplicationStart` section of my CodeDeploy `appspec.yml`: ``` # collect_static_files.sh #!/bin/bash # source other files, change dir, activate python here ./manage.py collectstatic --noinput ``` With this file added deploys fail with `Script at specified location: scripts/deploy/collect_static_files.sh failed to close STDOUT` The log for the `ApplicationStart` event doesn't show anything other than the command output: ``` [stderr]You are using pip version 18.1, however version 21.3.1 is available. [stderr]You should consider upgrading via the 'pip install --upgrade pip' command. Script - scripts/deploy/collect_static_files.sh [stdout] [stdout]170 static files copied to '/var/www/mydir/static'. ``` I've tried turning off and redirecting output: ``` # ./manage.py collectstatic --noinput > /dev/null 2>&1 # ./manage.py collectstatic --noinput --verbosity 0 ``` Neither of which clear the error and even if they did wouldn't really solve the problem as I would like the output added to the log. There is something similar discussed on the [codedeploy agent GitHub](https://github.com/aws/aws-codedeploy-agent/issues/118) but for backgrounded commands. Also did a search for closing `STDOUT` but that doesn't seem like something I should be doing manually. What am I missing?

Hello folks, I have been a AWS EC2 user for some time and looking for some guidance on a large project that I am embarking on. I am looking to deploy a cluster of few 100s of EC2 instances within a VPC, where each instance will be created off a private image with all the software that I need is already available. The part that I am seeking help on is - how to start application automatically as soon as the instance is created. Are there any tools that can help with such deployment? Any pointers, documentation or a link to it would be immensely helpful. I am looking to avoid EKS and any other Kubernetes based options at this stage. Thanks for your time on my question above.

Hi everyone! My question is how can I make available the content of my FPGA image bucket available for other users, so they will be able to use my compiled FPGA image in their EC2 instances? Thanks for your answer in advance!

I have set up a CI/CD pipeline for my project. On git commits there is a trigger which runs the CodePipeline -> CodeDeploy -> EC2 setup. The EC2 instance runs an Nginx web server and Node cluster using PM2. I am using a package called dotenv to load env vars like API keys and secrets. Since we don't commit it there is no way these vars load into the Node app on EC2. I have heard about secrets manager but I am not sure. Can someone guide me on this?

I have an EC2 instance whose code is deployed to using CodePipeline. For CodeDeploy to be able to operate on the Instance I've attached the AWS managed `AmazonEC2RoleforAWSCodeDeploy` policy to the instances IAM Role. The advantage of using the AWS managed policy is that any updates/changes to the CodeDeploy service shouldn't require me to update the instance Role. However, it's occurred to me that "if" the instance was compromised by an attacker who gained access to the Shell, the unlimited scope of the policy `"Resource": "*"` would enable the attacker to perform any actions listed in the policy for any of my S3 buckets. I've been reading about the IAM Permissions Boundary but it seems to be more concerned with limiting policies that can be applied to the Role rather than the Resources they have access to. So how can I continue to use the AWS managed policy **and** limit it to specific resources?

I want have the deploy stage cross account and using code pipeline+code build+code deploy i am creating dynamic taskdef.json and app-spec file in the build stage as output and want to include them as input in the cross account deployment.confused on how to achieve the cross account deployment.

I couldn't create ECS deployment group using CloudFormation template and got error message below. ``` For ECS deployment group, loadBalancerInfo must not contain targetGroupInfo list (Service: AmazonCodeDeploy; Status Code: 400; Error Code: InvalidLoadBalancerInfoException; Request ID: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; Proxy: null) ``` My CFn template fragment is as follows. I commented out "TargetGroupInfoList" in response to the error message, but it didn't work. (got exactly same error message) ``` # CodeDeploy Deployment groups DeploymentGroup: Type: AWS::CodeDeploy::DeploymentGroup Properties: ApplicationName: !Ref DeployApplication DeploymentStyle: DeploymentType: BLUE_GREEN DeploymentOption: WITH_TRAFFIC_CONTROL BlueGreenDeploymentConfiguration: DeploymentReadyOption: ActionOnTimeout: CONTINUE_DEPLOYMENT TerminateBlueInstancesOnDeploymentSuccess: Action: TERMINATE TerminationWaitTimeInMinutes: 5 DeploymentConfigName: CodeDeployDefault.OneAtATime DeploymentGroupName: myapp-dg ECSServices: - ClusterName: !Ref ECSCluster ServiceName: !GetAtt ECSService.Name LoadBalancerInfo: ElbInfoList: - Name: !Ref ALB # TargetGroupInfoList: # - Name: !Ref TargetGroup01 # - Name: !Ref TargetGroup02 ServiceRoleArn: arn:aws:iam::xxxxxxxx:role/CodeDeployServiceRole ``` How should I define "LoadBalancerInfo" in the template?

I have multiple AWS accounts, one account has a private Git Server (in a private subnet) hosted where my development team commits code. We have CodeDeploy in another AWS account and would like to know if it is possible connect to the private Git Server to CodeDeploy.

Can we use AppStream as a target for CodeDeploy?

I have a just moved to a monorepo whereby my deployment dir and appspec.yml files are now in a sub directory. My codeDeploy now fails as the appspec.yml file cannot be found. How can I reference it now that it is not in the root? Edited by: wonka on Aug 19, 2020 8:32 PM

Customer wants to deploy an existing GraphQL application to AWS. This application will connect to an existing RDS MySQL database and a couple of on-premises databases. Once it's in AWS, the applications that use it will also be migrated to AWS. I told them about AppSync, even though they'd have to use Lambda to connect to their non-Aurora/DynamoDB databases. They asked whether they could use ElasticBeanstalk to deploy it to EC2s that auto-scale with an ELB, but I couldn't find a definitive yes/no. I found a few blog posts that seemed to say EB doesn't support GraphQL, but they were relatively old. They are interested in using the Code suite of services, and CodeDeploy can deploy auto-scaled EC2 instances, but if they can do it through EB or CodeStar that would be even better. Any help would be greatly appreciated!

My customer is asking if a feature to perform Blue/Green deployments in ECS & App/Service Mesh **without** ELB is in the works. Their questions are as follows: "...do you know if Blue/Green deployments in ECS for services that are not using a load balancer is in the works? We are evaluating our current Service Mesh and that is a feature we would like to have. Right now it doesn't appear we can do a blue/green deployment for services using App Mesh, they have to use a Load Balancer." "...when you deploy an ECS service the standard deployment swaps out all of the old task with new ones. You can't do a blue/green or linear deploy over time unless you have a load balancer We would like functionality in this article but for services that use App Mesh: https://docs.aws.amazon.com/codedeploy/latest/userguide/deployment-configurations.html#deployment-configuration-ecs " "...we're basically looking to see if it's possible to have two versions of the same service deployed at the same time + controlled routing, vs. a rolling deploy that swaps old tasks w new ones"

Using CodeDeploy for deploying to an EC2 Auto Scaling group, CodeDeploy could disable ASG'S scaling activities by setting HANDLE_PROCS=true. However, what happens if a Spot Instance is interrupted during a deployment?

Hello everyone, I am using Code Pipeline to trigger a Code Deploy deployment. The setup is working for the same application in 2 other different AWS accounts, but not on the 3rd account. When the deployment is triggered, it fails immediately with "Role is not valid". I have no more information about why the role is not valid. What I already tried that gave me same result: - recreate the pipeline with a different name - clone another pipeline and then reconfigure the new one - delete the Code Deploy deployment configuration and recreate it - took the JSON value of a working policy attached to the Role, compared it to the role generated by the pipeline, no differences - choose a shorter name for my pipeline (and the role automatically generated) --> How to get more information about why the role is not valid ? --> Any suggestions to solve my problem ? I would be very grateful ! Thanks Notes: the deploy action I am triggering is "Amazon ECS (Blue/Green)" I am using this king of setup: https://docs.aws.amazon.com/codepipeline/latest/userguide/tutorials-ecs-ecr-codedeploy.html

I have a code deployment setup that has worked fine in the past. I'm trying to deploy a simple update and am getting a failed status due to "certificate verify failed" (pasted below). From researching I found this issue coming up where codedeployagent was not running on the instance. I logged into the instance and codedeployagent was not running so I reinstalled and confirmed it's now running (pasted below). I don't understand why this would suddenly happen after it's been working. Any thoughts on what I'm missing? thx Error: 2019-07-31T00:01:23 ERROR \[codedeploy-agent(1476)]: InstanceAgent::Plugins::CodeDeployPlugin::CommandPoller: Error during perform: Seahorse::Client::NetworkingError - SSL_connect returned=1 errno=0 state=error: certificate verify failed - C:/Windows/TEMP/ocrBFEB.tmp/lib/ruby/2.3.0/net/http.rb:933:in `connect_nonblock' codedeployagent running: PS C:\Users\Administrator> powershell.exe -Command Get-Service -Name codedeployagent Status Name DisplayName ------ ---- ----------- Running codedeployagent CodeDeploy Host Agent Service

Hi, I had CodeDeploy setup which was working fine. My code is built into a zip file and stored in S3 bucket. CodeDeploy refers to this zip file for deployment on my EC2 instance. This was working fine. But recently I changed my EC2 instance type from t3.micro to t3.small. Then CodeDeploy failed to do the deployment. The following is the error message: The overall deployment failed because too many individual instances failed deployment, too few healthy instances are available for deployment, or some instances in your deployment group are experiencing problems. Any idea of this error and how could I fix it? Thanks

Hello, This is my app structure --my-app |--bin | |--console | |--phpunit |--var |--src |----file1 |----file2 I want to set permissions to all folder to be 755 with user www-data and all files to 644 with user www-data except /bin/console and /bin/phpunit which need to be 744 I've tried almost everything from https://docs.aws.amazon.com/codedeploy/latest/userguide/reference-appspec-file-structure-permissions.html and always end up with duplicated permissions. What am i doing wrong? permissions: - object: /var/www/testl/ owner: www-data group: www-data mode : 644 type: - file - object: /var/www/test owner: www-data group: www-data mode: 755 type: - directory - object: /var/www/test/bin owner: www-data group: www-data mode : 744 type: - file Edited by: thedoole on Apr 24, 2019 5:14 AM

I've been trying to get the Blue/Green deployment scenario working for a day now without much luck. I've been able to use a role and deploy to an Auto Scaling Group successfully not using Blue Green, but when I try that scenario, during deployment, I get the following permission error: "The IAM role <my role> does not give you permission to perform operations in the following AWS service: AmazonAutoScaling. Contact your AWS administrator if you need help. If you are an AWS administrator, you can grant permissions to your users or groups by creating IAM policies." My role <my role> is a simple role that has the "AWSCodeDeployRole" attached to it. In CloudTrail, I do see an "AccessDeniedException" for event name "CreateAutoScalingGroup", however, that permission appears to be in the AWSCodeDeployRole as "autoscaling:CreateAutoScalingGroup". Has anyone run into this? Am I missing some extra policy that needs to be attached to my role?

Hi, I have a codepipeline that handles the following stages to deploy an API GW and relative lambdas: 1. CodeCommit 2. CodeBuild 3. CloudFormation Deployment at a single Lambda Alias update fails, but the lambda function that has the alias is different each time, even if no change happens in the repository and in the deployed objects. The single codedeploy failing alway reports the following error: **Deployment Failed** The deployment failed because the AppSpec file that specifies the AWS Lambda deployment configuration is missing or has an invalid configuration. The Lambda function alias version does not match the current version in AppSpec file. (Error code: INVALID_LAMBDA_CONFIGURATION) Deployment configuration CodeDeployDefault.LambdaAllAtOnce If cloudformation stack is **deleted** and **created** anew deployment works.

Hello I've been playing with using CodeDeploy to push our applications live, but it always takes ages doing the BlockTraffic and AllowTraffic steps. The load balancer I'm using it with has connection draining set to 60s, but the block and allow traffic steps both take (reasonably reliably) 4m25 (265s) to complete which really does drag out the process. Is there a way to modify this timeout that I've missed? Can I set the timeout on these steps in the appspec.yml even though these stages aren't documented for the hooks in that file? Thanks James Edited by: jameseogden on Apr 28, 2017 5:59 AM

I've looked everywhere but can't find a good solution of a serverless CI/CD of Lambda functions. CodePipeline comes very close to providing that setup, except for the deployment part -- there's really no serverless way to deploy it after it's built. Any help is appreciated.