Blue/Green Deployment for Autoscaling Groups with CodePipeline, CodeBuild and CodeDeploy (Part 2/7)
In this 7-parts tutorial we will create an initial environment composed by an autoscaling group with two ubuntu machines behind a load balancer, then we will create a CI/CD pipeline to provide blue/green deployments using CodeBuild, CodeDeploy and CodePipeline.
Part 2: Prerequisites
In this section we will create all the required resources that we need for the next steps:
- EC2 Key Pair
- Security Group
- IAM Role for EC2 Instances
- IAM Role for CodeBuild
- IAM Role for CodeDeploy
- Fork the Tutorial Repository on Github
Create an EC2 Key Pair
Let’s create a SSH key to access our servers
Browse to “Key Pairs” (under Network & Security) in the EC2 portal
Then click to “Create key pair”
Create a new key with the following details:
- Name: bluegreen-key
- File format: pem
The key will be downloaded automatically, store it in a secure place (you will need it after)
Create a Security Group
Now let’s create a security group to allow traffic to our servers
Browse to “Security groups” (under Network & Security) in the EC2 portal
Then click to “Create security group”
Create a new key with the following details
- Name: bluegreen-sg
- Description: all open
- VPC: <your-vpc>
- Inbound Rules Type: All traffic
- Inbound Rules Source: Anywhere
- Outbound Rules Type: All traffic
- Outbound Rules Destination: Custom 0.0.0.0/0
Create an IAM Role for your EC2 Instances
Now we need to create an IAM role for your instances to grant access to S3
Browse to “Policies” in the IAM portal
Click on “Create policy”
Click on the “JSON” tab, paste the below policy and click on “Review policy”
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:Get*",
"s3:List*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
Create the policy with the details below:
- Name: bluegreen-ec2-policy
- Description: allow access to s3 from ec2 instance
Browse to “Roles” in the IAM portal
Click on “Create role”
Create a role with the following details:
- Type of trusted entity: AWS service
- Use case: EC2
Then attach the policy created previously “bluegreen-ec2-policy” and click “Next:Tags”
Add a tag (optional) and click “Next: Review”
Finally create the role by click “Create role” (name it “bluegreen-ec2-role”)
Create an IAM Role for CodeBuild
Let’s create an IAM role to by used by CodeBuild
Browse to “Policies” in the IAM portal
Click on “Create policy”
Click on the “JSON” tab, paste the below policy and click on “Review policy”
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": "*",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
]
},
{
"Effect": "Allow",
"Resource": "*",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:GetBucketAcl",
"s3:GetBucketLocation"
]
},
{
"Effect": "Allow",
"Action": [
"codebuild:CreateReportGroup",
"codebuild:CreateReport",
"codebuild:UpdateReport",
"codebuild:BatchPutTestCases"
],
"Resource": "*"
}
]
}
Create the policy with the details below:
- Name: bluegreen-codebuild-policy
- Description: allow required access for codebuild
Browse to “Roles” in the IAM portal
Now let’s create another role for CodeBuild by click on “Create role”
Create a role with the following details:
- Type of trusted entity: AWS service
- Use case: CodeBuild
Then attach the policy created previously “bluegreen-codebuild-policy” and click “Next:Tags”
Add a tag (optional) and click “Next: Review”
Finally create the role by click “Create role” (name it “bluegreen-codebuild-role”)
Create an IAM Role for CodeDeploy
Now let’s create another role for CodeDeploy
Click on “Create role” to create a new role
Create a role with the following details:
- Type of trusted entity: AWS service
- Use case: CodeDeploy
Then keep the policy called “AWSCodeDeployRole” and click “Next:Tags”
Add a tag (optional) and click “Next: Review”
Finally create the role by click “Create role” (name it “bluegreen-codedeploy-role”)
Fork the Tutorial Repository on Github
Fork the following repository:
