Deploying to AWS Elastic Beanstalk

2 minute read

Prerequisites

  • You will need to set up our CodeShip maintained awsdeployment container to automate authentication with your AWS account.

  • This awsdeployment service (as well as your application container) needs to be defined via your codeship-services.yml file

  • A folder must be designated for deployment purposes

  • A Dockerrun.aws.json file configured for either single container or multi-container service must be placed in the deployment folder

  • Any other assets that would be required by the instance host should be included in the deployment folder as well.

  • If applicable, please review the AWS’ IAM documentation to find the correct policies for your account.

Deploying to AWS Elastic Beanstalk

Deployment to Elastic Beanstalk uses a codeship_aws eb_deploy command in the codeship/aws-deployment container that we’ve defined, so that you can get started quickly.

The arguments you have to set are:

  • The path to your deployable folder

  • The Elastic Beanstalk application name

  • The Elastic Beanstalk environment name

  • The S3 bucket to which to upload the zipped artifact.

Add the following into your codeship-steps.yml file:

- service: awsdeployment command: codeship_aws eb_deploy PATH_TO_FOLDER_TO_DEPLOY APPLICATION_NAME ENVIRONMENT_NAME S3_BUCKET_NAME

This command will zip up the content in the folder, upload it to S3, register a new version with Elastic Beanstalk and then deploy that new version. We’re also validating that the environment is fine and that the new version was correctly deployed.

Note that the awsdeployment and the data from the volume are both discussed in more detail in our AWS documentation, and that all EB-related commands will work the same way in lieu of the above example.

Customizing The Deployment Script

If you want to customize the deployment you can also use the existing script from our open source AWS container and edit it so it fits exactly to your needs.

This script can be added to your repository and then called directly via your codeship-steps.yml file, as in the following example:

- service: awsdeployment command: /deploy/scripts/deploy_to_eb

Elastic Beanstalk Permissions Policy

Please replace [region] and [accountid] with the respective values for your AWS account / Elastic Beanstalk application.

{ "Statement": [ { "Action": [ "elasticbeanstalk:CreateApplicationVersion", "elasticbeanstalk:DescribeEnvironments", "elasticbeanstalk:DeleteApplicationVersion", "elasticbeanstalk:UpdateEnvironment" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "sns:CreateTopic", "sns:GetTopicAttributes", "sns:ListSubscriptionsByTopic", "sns:Subscribe" ], "Effect": "Allow", "Resource": "arn:aws:sns:[region]:[accountid]:*" }, { "Action": [ "autoscaling:SuspendProcesses", "autoscaling:DescribeScalingActivities", "autoscaling:ResumeProcesses", "autoscaling:DescribeAutoScalingGroups" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "cloudformation:GetTemplate", "cloudformation:DescribeStackResource", "cloudformation:UpdateStack" ], "Effect": "Allow", "Resource": "arn:aws:cloudformation:[region]:[accountid]:*" }, { "Action": [ "ec2:DescribeImages", "ec2:DescribeKeyPairs" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "s3:PutObject", "s3:PutObjectAcl", "s3:GetObject", "s3:GetObjectAcl", "s3:ListBucket", "s3:DeleteObject", "s3:GetBucketPolicy" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::Elastic Beanstalk-[region]-[accountid]", "arn:aws:s3:::Elastic Beanstalk-[region]-[accountid]/*" ] } ] }

If you are using more than one instance for your application you need to add at least the following permissions as well.

{ "Action": [ "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:RegisterInstancesWithLoadBalancer" ], "Effect": "Allow", "Resource": "*" }