This article is about Codeship Pro.

Deploying To AWS Elastic Beanstalk

You'll need roughly 4 minutes to read this article.

You can find a sample repo for deploying to AWS with Codeship Pro on Github here.

To make it easy for you to deploy your application to AWS Elastic Beanstalk, we’ve built a container that has the AWSCLI installed. We will set up a simple example showing you how to configure any deployment to AWS Elastic Beanstalk.

Codeship AWS Deployment Container

Codeship Pro uses an AWS deployment container that we maintain to authenticate with your AWS account.

Please review our AWS documentation to learn how to set up and use this authentication container.

You will need the AWS service, as well as your application itself, defined via your codeship-services.yml file so that you can execute the necessary S3 commands in your codeship-steps.yml file.

It is also advised that you review AWS’ IAM documentation to find the correct policies for your account.

Deploying to AWS Elastic Beanstalk

Deployment to Elastic Beanstalk uses a codeship_aws eb_deploy command in the codeship/aws-deployment container that we’ve defined, so that you can get started quickly.

The arguments you have to set are:

  • The path to your deployable folder
  • The Elastic Beanstalk application name
  • The Elastic Beanstalk environment name
  • The S3 bucket to which to upload the zipped artifact.

Add the following into your codeship-steps.yml file:

- service: awsdeployment
  command: codeship_aws eb_deploy PATH_TO_FOLDER_TO_DEPLOY APPLICATION_NAME ENVIRONMENT_NAME S3_BUCKET_NAME

This command will zip up the content in the folder, upload it to S3, register a new version with Elastic Beanstalk and then deploy that new version. We’re also validating that the environment is fine and that the new version was correctly deployed.

Note that the awsdeployment and the data from the volume are both discussed in more detail in our AWS documentation, and that all EB-related commands will work the same way in lieu of the above example.

Customizing The Deployment Script

If you want to customize the deployment you can also use the existing script from our open source AWS container and edit it so it fits exactly to your needs.

This script can be added to your repository and then called directly via your codeship-steps.yml file, as in the following example:

- service: awsdeployment
  command: /deploy/scripts/deploy_to_eb

Elastic Beanstalk Permissions Policy

Please replace [region] and [accountid] with the respective values for your AWS account / Elastic Beanstalk application.

{
  "Statement": [
    {
      "Action": [
        "elasticbeanstalk:CreateApplicationVersion",
        "elasticbeanstalk:DescribeEnvironments",
        "elasticbeanstalk:DeleteApplicationVersion",
        "elasticbeanstalk:UpdateEnvironment"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Action": [
        "sns:CreateTopic",
        "sns:GetTopicAttributes",
        "sns:ListSubscriptionsByTopic",
        "sns:Subscribe"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:sns:[region]:[accountid]:*"
    },
    {
      "Action": [
        "autoscaling:SuspendProcesses",
        "autoscaling:DescribeScalingActivities",
        "autoscaling:ResumeProcesses",
        "autoscaling:DescribeAutoScalingGroups"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Action": [
        "cloudformation:GetTemplate",
        "cloudformation:DescribeStackResource",
        "cloudformation:UpdateStack"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:cloudformation:[region]:[accountid]:*"
    },
    {
      "Action": [
        "ec2:DescribeImages",
        "ec2:DescribeKeyPairs"
      ],
      "Effect": "Allow",
      "Resource": "*"
   },
   {
    "Action": [
     "s3:PutObject",
     "s3:PutObjectAcl",
     "s3:GetObject",
     "s3:GetObjectAcl",
     "s3:ListBucket",
     "s3:DeleteObject",
     "s3:GetBucketPolicy"
   ],
   "Effect": "Allow",
   "Resource": [
    "arn:aws:s3:::Elastic Beanstalk-[region]-[accountid]",
    "arn:aws:s3:::Elastic Beanstalk-[region]-[accountid]/*"
   ]
  }
 ]
}

If you are using more than one instance for your application you need to add at least the following permissions as well.

{
  "Action": [
    "elasticloadbalancing:DescribeInstanceHealth",
    "elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
    "elasticloadbalancing:RegisterInstancesWithLoadBalancer"
  ],
  "Effect": "Allow",
  "Resource": "*"
}