1. Architecture

1.1 Infra

1.2 Service

3. Requirements

Configured VPC

Jenkins server

GitLab server

AMI with CodeDeploy agent

4. Target Group

EC2 → Target groups → Create target group
Choose a target type: InstancesTarget group name: prd-apn2-test-web-tgProtocol: HTTP : 80VPC: prd-apn2-test-vpcHealth checks: HTTPHealth check path: /

5. Security Group

5.1 Web Load Balancer

EC2 → Security Groups → Create security group
Security group name: prd-apn2-test-web-xalb-sgDescription: Allows HTTP and HTTPS to clientsVPC: prd-apn2-test-vpcInbound rules:
     TCP: 80 , Source: 0.0.0.0/0 , Description: All openTages:
     Key: Name , Value: prd-apn2-test-web-xalb-sg

5.2 Web Auto Scaling Group

Security group name: prd-apn2-test-web-asg-sgDescription: Allows HTTP to Web Load BalancerVPC: prd-apn2-test-vpcInbound rules:
     TCP: 80 , Source: prd-apn2-test-web-xalb-sg , Description: Allow HTTP to Web Load Balancer

6. ELB

EC2 → Load Balancers → Create Load Balancer
Load balancer types: Application Load BalancerLoad balancer name: prd-apn2-test-web-xalbScheme: Internet-facingIP address type: IPv4VPC: prd-apn2-test-vpcMappings: ap-northeast-2a(pub) , ap-northeast-2c(pub)Security Groups: prd-apn2-test-web-xalb-sgListeners and routing:
     Protocol: HTTP     Port: 80     Default action: prd-apn2-test-web-tg

7. IAM

7.1 EC2

IAM → Roles → Create role
Trusted entity type AWS service Use case
Common use cases: EC2
Add permissions: AmazonEC2RoleforAWSCodeDeploy

Role name: EC2TestWebASGCodeDeployRole

7.2 CodeDeploy

7.2.1 Policy

IAM → Policy → Create Policy
JSON

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": [
        "iam:PassRole",
        "ec2:CreateTags",
        "ec2:RunInstances"
      ],
      "Resource": "*"
    }
  ]
}

Name: AWSCodeDeployRoleForAutoScaling

7.2.2 Roles

IAM → Roles → Create role
Trusted entity typeAWS service Use case
Use cases for other AWS services: CodeDeploy

Add permissions
Set permissions boundary - optional
Create role without a permissions boundary
Name, review, and create
Role name: AWSCodeDeployRoleForAutoScaling
Permissions → Add permissions → Attach policies

AWS CodeDeployRoleForAutoScalingアプリケーションの検証

7.3 Jenkins

IAM → Users → Add users
Username: JenkinsForCodeDeploySelect AWS credential type
Access key - Programmatic access
Set permissions
Attach existing policies directly: AWSCodeDeployFullAccess , AmazonS3FullAccess

8. AMI

Create an AMI from an Amazon EC2 Instance
Image name: prd-apn2-test-web-ami

9. Launch templates

EC2 → Launch Templates
Launch template name: prd-apn2-test-web-templateApplication and OS Images (Amazon Machine Image) - required
     MY AMI: prd-apn2-test-web-amiInstance type: t2.micro
key pair name: prd-test-web-ec2-keySubnet: Don’t include in launch templateSecurity groups: prd-apn2-test-web-asg-sg
Configure storage: 1x 30GiB , gp2 Root volume
Advanced details
IAM instance profile: EC2TestWebASGCodeDeployRole

10. Auto Scaling

EC2 → Auto Scaling groups
Auto Scaling group name: prd-apn2-test-web-asgVersion: Latest
VPC: prod-apn2-test-vpcAvailability Zones and subnets: prd-apn2-test-pri-2a , prd-apn2-test-pri-2c
Attach to an existing load balancer Choose from your load balancer target groups Existing load balancer target groups: prd-apn2-test-web-tg
Group size
     Desired capacity: 2     Minimum capacity: 2     Maximum capacity: 4Scaling policies
Target Tracking scaling policy
Scaling policy name: Target Tracking PolicyMetric type: Average CPU untilizationTarget value: 40Instances need: 300 Add notifications
Add tags
Key: NameValue - optional: prd-apn2-test-web-asg

11. CodeDeploy

11.1 Application

CodeDeploy → Applications → Create application
Application name: test-webCompute platform:EC2/On-premises

11.2 Deployment Groups

Deployment Groups → Create deployment group
Enter a deployment group name: prd-test-web
Service role
Enter a service role: arn:aws:iam::400450079911:role/AWSCodeDeployRoleForAutoScaling
Deployment type
Choose how to deploy your application: Blue/green
Environment configurationAutomatically copy Amazon EC2 Auto Scaling group prd-apn2-test-web-asg Deployment settings
Traffic rerouting: Reroute traffic immediatelyChoose whether instances in the original environment are terminated after the deployment is succeeds, and how long to wait before termination
      Terminate the original instances in the deployment group     Days: 0 /Hours: 0 /Minutes: 10Deployment configuration: CodeDeployDefault.AllAtOnce
Load balancer
Application Load Balancer or Network Load Balancer
Choose a target group: prd-apn2-test-web-tg

12. S3

S3 → Buckets → Create bucket
General configuration
Bucket name: test-jenkins-deploy-s3AWS Region: ap-northeast-2
Object Ownership
Object Ownership: ACLs disabled (recommended)
Block Public Access settings for this bucket
Block all public access Bucket Versioning
Bucket Versioning: Disable
Default encryption!

13. Jenkins

13.1 Setting Up the Jenkins Plugin for AWS CodeDeploy

13.2 Pipeline

Choose New Item Freestyle project
Enter a name for the project: test-web-prd
Post-build Actions: Deploy an application to AWS CodeDeploy
Deploy an application to AWS CodeDeploy
AWS CodeDeploy Application Name: test-webAWS CodeDeploy Deployment Group: prd-test-webAWS CodeDeploy Deployment Config: CodeDeployDefault.AllAtOnceAWS Region: AP_NORTHEAST_2S3 Bucket: test-jenkins-deploy-s3Include Files: dist/**, scripts/*.sh, nginx.conf, appspec.yml
Use Access/Secret keys
AWS Access Key: {AWS Access Key}AWS Secret Key: {AWS Secret Key}

14. Checking Deploy Process

14.1. Jenkins Build

Build Now

14.2. S3 Build File

Check if the file built on S3 has been successfully uploaded.
Download uncompress the file, then you'll see the files that you uploaded as Include Files.

14.3. Checking CodeDeploy

CodeDeploy → Deployments → Deployment history

14.4. Checking Target groups

EC2 → Target Groups
Check the Health status

14.4. Checking ALB

Copy the DNS name address and test if you can access the website with the address.