[AWS] Jenkins, CodeDeploy로 AutoScaling Blue/green 배포 환경 구성

1. Architecture

1.1 Infra

1.2 Service

3. Requirements

  • Configured VPC
  • Jenkins server
  • GitLab server
  • AMI with CodeDeploy agent

4. Target Group

EC2 → Target groups → Create target group
Choose a target type: Instances
Target group name: prd-apn2-test-web-tg
Protocol: HTTP : 80
VPC: prd-apn2-test-vpc
Health checks: HTTP
Health check path: /

5. Security Group

5.1 Web Load Balancer

EC2 → Security Groups → Create security group
Security group name: prd-apn2-test-web-xalb-sg
Description: Allows HTTP and HTTPS to clients
VPC: prd-apn2-test-vpc
Inbound rules:
     TCP: 80, Source: 0.0.0.0/0, Description: All open
Tages:
     Key: Name, Value: prd-apn2-test-web-xalb-sg

5.2 Web Auto Scaling Group

Security group name: prd-apn2-test-web-asg-sg
Description: Allows HTTP to Web Load Balancer
VPC: prd-apn2-test-vpc
Inbound rules:
     TCP: 80, Source: prd-apn2-test-web-xalb-sg, Description: Allow HTTP to Web Load Balancer

6. ELB

EC2 → Load Balancers → Create Load Balancer
Load balancer types: Application Load Balancer
Load balancer name: prd-apn2-test-web-xalb
Scheme: Internet-facing
IP address type: IPv4
VPC: prd-apn2-test-vpc
Mappings: ap-northeast-2a(pub), ap-northeast-2c(pub)
Security Groups: prd-apn2-test-web-xalb-sg
Listeners and routing:
     Protocol: HTTP
     Port: 80
     Default action: prd-apn2-test-web-tg

7. IAM

7.1 EC2

IAM → Roles → Create role
Trusted entity type

  • AWS service

Use case

Common use cases: EC2

Add permissions: AmazonEC2RoleforAWSCodeDeploy

Role name: EC2TestWebASGCodeDeployRole

7.2 CodeDeploy

7.2.1 Policy

IAM → Policy → Create Policy

JSON

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": [
        "iam:PassRole",
        "ec2:CreateTags",
        "ec2:RunInstances"
      ],
      "Resource": "*"
    }
  ]
}

Name: AWSCodeDeployRoleForAutoScaling

7.2.2 Roles

IAM → Roles → Create role
Trusted entity type

  • AWS service

Use case

Use cases for other AWS services: CodeDeploy

Add permissions
Set permissions boundary - optional

  • Create role without a permissions boundary

Name, review, and create
Role name: AWSCodeDeployRoleForAutoScaling

Permissions → Add permissions → Attach policies

AWSCodeDeployRoleForAutoScaling 적용 확인

7.3 Jenkins

IAM → Users → Add users
Username: JenkinsForCodeDeploy

Select AWS credential type

  • Access key - Programmatic access

Set permissions
Attach existing policies directly: AWSCodeDeployFullAccess, AmazonS3FullAccess

8. AMI

Create an AMI from an Amazon EC2 Instance
Image name: prd-apn2-test-web-ami

9. Launch templates

EC2 → Launch Templates
Launch template name: prd-apn2-test-web-template
Application and OS Images (Amazon Machine Image) - required
     MY AMI: prd-apn2-test-web-ami

Instance type: t2.micro

key pair name: prd-test-web-ec2-key
Subnet: Don’t include in launch template

Security groups: prd-apn2-test-web-asg-sg

Configure storage: 1x 30GiB, gp2 Root volume

Advanced details
IAM instance profile: EC2TestWebASGCodeDeployRole

10. Auto Scaling

EC2 → Auto Scaling groups
Auto Scaling group name: prd-apn2-test-web-asg

Version: Latest

VPC: prod-apn2-test-vpc

Availability Zones and subnets: prd-apn2-test-pri-2a, prd-apn2-test-pri-2c

  • Attach to an existing load balancer
  • Choose from your load balancer target groups

Existing load balancer target groups: prd-apn2-test-web-tg

Group size
     Desired capacity: 2
     Minimum capacity: 2
     Maximum capacity: 4

Scaling policies

  • Target Tracking scaling policy
    Scaling policy name: Target Tracking Policy
    Metric type: Average CPU untilization
    Target value: 40
    Instances need: 300

Add notifications

Add tags
Key: Name
Value - optional: prd-apn2-test-web-asg

11. CodeDeploy

11.1 Application

CodeDeploy → Applications → Create application
Application name: test-web

Compute platform:

  • EC2/On-premises

11.2 Deployment Groups

Deployment Groups → Create deployment group

Enter a deployment group name: prd-test-web

Service role
Enter a service role: arn:aws:iam::400450079911:role/AWSCodeDeployRoleForAutoScaling

Deployment type
Choose how to deploy your application: Blue/green

Environment configuration

  • Automatically copy Amazon EC2 Auto Scaling group
    prd-apn2-test-web-asg

Deployment settings
Traffic rerouting: Reroute traffic immediately
Choose whether instances in the original environment are terminated after the deployment is succeeds, and how long to wait before termination
     Terminate the original instances in the deployment group
     Days: 0 / Hours: 0 / Minutes: 10
Deployment configuration: CodeDeployDefault.AllAtOnce

Load balancer

  • Application Load Balancer or Network Load Balancer
    Choose a target group: prd-apn2-test-web-tg

12. S3

S3 → Buckets → Create bucket

General configuration
Bucket name: test-jenkins-deploy-s3
AWS Region: ap-northeast-2

Object Ownership
Object Ownership: ACLs disabled (recommended)

Block Public Access settings for this bucket

  • Block all public access

Bucket Versioning
Bucket Versioning: Disable

Default encryption!

13. Jenkins

13.1 Setting Up the Jenkins Plugin for AWS CodeDeploy

13.2 Pipeline

Choose New Item Freestyle project

Enter a name for the project:test-web-prd

Post-build Actions: Deploy an application to AWS CodeDeploy

Deploy an application to AWS CodeDeploy
AWS CodeDeploy Application Name: test-web
AWS CodeDeploy Deployment Group: prd-test-web
AWS CodeDeploy Deployment Config: CodeDeployDefault.AllAtOnce
AWS Region: AP_NORTHEAST_2
S3 Bucket: test-jenkins-deploy-s3
Include Files: dist/**, scripts/*.sh, nginx.conf, appspec.yml
Use Access/Secret keys
AWS Access Key: {AWS Access Key}
AWS Secret Key: {AWS Secret Key}

14. Checking Deploy Process

14.1. Jenkins Build

Build Now

14.2. S3 Build File

Check if the file built on S3 has been successfully uploaded.

Download uncompress the file, then you'll see the files that you uploaded as Include Files.

14.3. Checking CodeDeploy

CodeDeploy → Deployments → Deployment history

14.4. Checking Target groups

EC2 → Target Groups
Check the Health status

14.4. Checking ALB

Copy the DNS name address and test if you can access the website with the address.

좋은 웹페이지 즐겨찾기