aws-nuke
aws-nuke copied to clipboard
Published
20 hours ago •
rebuy-de
rebuy-de
Adding codedeploy deployment configs and groups
This PR includes two new modules for AWS CodeDeploy.
Testing
CodeDeploy resources were created using the setup code mentioned below, and then AWS Nuke was used to clean these resources up, specifying :
"CodeDeployDeploymentConfig"
"CodeDeployDeploymentGroup"
"CodeDeployApplication" (Support already existing)
Setup code
#!/bin/bash
set -ex
# Generate a random string
SHORT_RANDOM_STRING=$(openssl rand -hex 10)
# Get AWS username
USERNAME=$(aws sts get-caller-identity --query "Arn" --output text | cut -d/ -f2)
echo "Username: $USERNAME"
# Get AWS account ID
AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query "Account" --output text)
echo "AWS Account ID: $AWS_ACCOUNT_ID"
# Generate a random number
RANDOMNUM=$(cat /dev/urandom | LANG=c tr -dc '0-9' | head -c 12)
echo "Random number: $RANDOMNUM"
# https://docs.aws.amazon.com/codepipeline/latest/userguide/pipelines-create-service-role-cli.html
echo "create a service role for codedeploy and codepipeline"
cat <<EOF > $USERNAME-trust-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"codedeploy.amazonaws.com",
"codepipeline.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
EOF
cat <<EOF > $USERNAME-role-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"elasticbeanstalk:*",
"ec2:*",
"elasticloadbalancing:*",
"autoscaling:*",
"cloudwatch:*",
"s3:*",
"sns:*",
"cloudformation:*",
"rds:*",
"sqs:*",
"ecs:*",
"codecommit:*",
"codedeploy:*",
"codebuild:*",
"devicefarm:*",
"lambda:*"
],
"Resource": "*"
}
]
}
EOF
# Create an IAM role for CodeDeploy and CodePipeline to use
aws iam create-role \
--role-name MyRole-$SHORT_RANDOM_STRING \
--assume-role-policy-document file://$USERNAME-trust-policy.json \
--no-cli-pager
# Attach the IAM role policy to the IAM role
aws iam put-role-policy \
--role-name MyRole-$SHORT_RANDOM_STRING \
--policy-name RolePolicy \
--policy-document file://$USERNAME-role-policy.json \
--no-cli-pager
# Get the ARN of the IAM role
role_arn=$(aws iam get-role \
--role-name MyRole-$SHORT_RANDOM_STRING \
--query Role.Arn \
--no-cli-pager)
# attach additional policies to the service role
aws iam attach-role-policy --role-name MyRole-$SHORT_RANDOM_STRING --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess
aws iam attach-role-policy --role-name MyRole-$SHORT_RANDOM_STRING --policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess
# Wait for 5 seconds for policy updates to propagate
sleep 5
# create source code
mkdir -p src/main/java
mkdir -p src/test/java
cat <<EOF >./src/main/java/MessageUtil.java
public class MessageUtil {
private String message;
public MessageUtil(String message) {
this.message = message;
}
public String printMessage() {
System.out.println(message);
return message;
}
public String salutationMessage() {
message = "Hi!" + message;
System.out.println(message);
return message;
}
}
EOF
cat <<EOF >./src/test/java/TestMessageUtil.java
import org.junit.Test;
import org.junit.Ignore;
import static org.junit.Assert.assertEquals;
public class TestMessageUtil {
String message = "Robert";
MessageUtil messageUtil = new MessageUtil(message);
@Test
public void testPrintMessage() {
System.out.println("Inside testPrintMessage()");
assertEquals(message,messageUtil.printMessage());
}
@Test
public void testSalutationMessage() {
System.out.println("Inside testSalutationMessage()");
message = "Hi!" + "Robert";
assertEquals(message,messageUtil.salutationMessage());
}
}
EOF
cat <<EOF >pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>org.example</groupId>
<artifactId>messageUtil</artifactId>
<version>1.0</version>
<packaging>jar</packaging>
<name>Message Utility Java Sample App</name>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.11</version>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.8.0</version>
</plugin>
</plugins>
</build>
</project>
EOF
# create the buildspec file
cat <<EOF >buildspec.yml
version: 0.2
phases:
install:
runtime-versions:
java: corretto11
pre_build:
commands:
- echo Nothing to do in the pre_build phase...
build:
commands:
- echo Build started on `date`
- mvn install
post_build:
commands:
- echo Build completed on `date`
artifacts:
files:
- target/messageUtil-1.0.jar
EOF
# create two S3 buckets
aws s3api create-bucket --bucket codedeploy-$RANDOMNUM-input --no-cli-pager
# Create a zip file of the source code
zip -r MessageUtil.zip ./src/* pom.xml buildspec.yml
# Upload the source code to the S3 bucket
aws s3 cp MessageUtil.zip s3://codedeploy-$RANDOMNUM-input
# bucket versioning is required to use codedeploy
aws s3api put-bucket-versioning \
--bucket codedeploy-$RANDOMNUM-input \
--versioning-configuration Status=Enabled \
--no-cli-pager
# # Create an AWS CodeDeploy application
aws deploy create-application --application-name "CodeDeployDemoApplication-$SHORT_RANDOM_STRING"
# List applications
aws deploy list-applications
# Create an autoscaling group for use with CodeDeploy deployment group
LAUNCH_CONFIG_NAME="ASG-launch-config-$SHORT_RANDOM_STRING"
KEY_PAIR_NAME="ASG-key-pair-$SHORT_RANDOM_STRING"
aws ec2 create-key-pair --key-name=$KEY_PAIR_NAME --output text
echo "Creating launch group: $LAUNCH_CONFIG_NAME"
aws autoscaling create-launch-configuration \
--launch-configuration-name $LAUNCH_CONFIG_NAME \
--image-id 'ami-0cd7323ab3e63805f' \
--instance-type 't2.micro' \
--key-name $KEY_PAIR_NAME \
--security-groups $SEC_GROUP_ID
echo "Launch group created: $LAUNCH_CONFIG_NAME"
# create autoscaling group
AUTOSCALING_GROUP_NAME='ASG-auto-scaling-group'
echo 'Testing autoscaling group creation'
aws autoscaling create-auto-scaling-group \
--auto-scaling-group-name $AUTOSCALING_GROUP_NAME-$SHORT_RANDOM_STRING \
--launch-configuration-name $LAUNCH_CONFIG_NAME \
--min-size 1 \
--max-size 3 \
--availability-zones 'us-east-1a'
# Create an AWS CodeDeploy deployment group
aws deploy create-deployment-group \
--application-name CodeDeployDemoApplication-$SHORT_RANDOM_STRING \
--auto-scaling-groups $AUTOSCALING_GROUP_NAME-$SHORT_RANDOM_STRING \
--deployment-config-name CodeDeployDefault.OneAtATime \
--deployment-group-name CodeDeployDemo_DG \
--ec2-tag-filters Key=Name,Value=CodeDeployDemo,Type=KEY_AND_VALUE \
--service-role-arn arn:aws:iam::$AWS_ACCOUNT_ID:role/MyRole-$SHORT_RANDOM_STRING
# List deployment groups
aws deploy list-deployment-groups --application-name CodeDeployDemoApplication-20fdbddbb85b101b5943
# Create a deployment in AWS CodeDeploy
aws deploy create-deployment \
--application-name "CodeDeployDemoApplication-$SHORT_RANDOM_STRING" \
--deployment-group-name "CodeDeployDemo_DG" \
--s3-location "bucket=codedeploy-$RANDOMNUM-input,key=MessageUtil.zip,bundleType=zip"
# List deployments
aws deploy list-deployments
# Create a deployment config in AWS CodeDeploy
aws deploy create-deployment-config \
--deployment-config-name ThreeQuartersHealthy \
--minimum-healthy-hosts type=FLEET_PERCENT,value=75
# List deployment configs
aws deploy list-deployment-configs
echo "cleaning up files"
rm $USERNAME-trust-policy.json
rm $USERNAME-role-policy.json
rm MessageUtil.zip
rm buildspec.yml
rm pom.xml
rm -rf src
rm -rf sample_source_code
