AWS CICD

AWS CI/CD 用户手册

基本部署

Role

Service Trust Relationship Permission
CodeDeploy on EC2 ec2.amazonaws.com
CodeDeploy: Applications codedeploy.amazonaws.com
Pipeline codepipeline.amazonaws.com
Build on EC2 ec2.amazonaws.com AWSCodePipelineCustomActionAccess

常见错误

ApplicationStop Failed

错误现象

Deployment ApplicationStop Event 无论 appspec.yml 是否配置 总是 Failed。Deployment 详细页提示:

The overall deployment failed because too many individual instances failed deployment, too few healthy instances are available for deployment, or some instances in your deployment group are experiencing problems.

排查手段

tail -f /var/log/aws/codedeploy-agent/codedeploy-agent.log

日志反复出现: Missing credentials - please check if this instance was started with an IAM instance profile.

curl http://169.254.169.254/latest/meta-data/iam/security-credentials

访问临时 token 时报错。

解决办法

CodeDeploy 的 role 信任 ec2.amazonaws.com 后,重新赋予 ec2

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

https://docs.aws.amazon.com/cli/latest/userguide/install-linux.html

https://docs.aws.amazon.com/codedeploy/latest/userguide/codedeploy-agent-operations-install-ubuntu.html

https://docs.aws.amazon.com/codedeploy/latest/userguide/deployments-view-logs.html

Author: njun
njun's picture
Updated: 2021/07/26