This example provides all the permissions to build Codedeploy on AWS
In this example you will create the following permissions:
-
A S3 bucket
-
A IAM USER for Travis CI
-
attach policy: AWSCodeDeployDeployerAccess
-
user policy
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1487528506000", "Effect": "Allow", "Action": [ "s3:*" ], "Resource": [ "arn:aws:s3:::codedeploy-*" ] } ] }
-
-
A IAM Role for EC2 (default: Role-EC2-CodeDeploy)
-
trust role
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }
-
role policy
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1487527978000", "Effect": "Allow", "Action": [ "s3:GetObject", "s3:GetObjectVersion", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::codedeploy-*" ] } ] }
-
-
A IAM Role for CodeDeploy service (default: Role-CodeDeploy)
- attach policy: AWSCodeDeployRole
-
CodeDeploy application (default: $projectname)
- Deployment config: CodeDeployDefault.AllAtOnce (default)
- Deployment Group: dev, stage, prod
$ chmod +x install
$ ./install
- ProjectName = Set your project name.
- Region = AWS region
- BucketName = Set you S3 bucket name
- IAMGROUP = Set IAM group name
You can without auto install.
$ ./s3bucket
$ ./iamuser-travis
$ ./iamrole-ec2
$ ./iamrole-codedeploy
$ ./codedeploy