How can I run the CodeDeploy agent with a user profile that's not the root profile?

Last updated: 2019-02-26

How can I run the AWS CodeDeploy agent with a user profile that's not the root profile?

Short Description

Before you start, make sure that the CodeDeploy agent is installed on your Amazon Elastic Compute Cloud (Amazon EC2) instance.

The following steps apply to instances that use the Amazon Linux 1 or Amazon Linux 2 Amazon Machine Image (AMI).

Resolution

Change the user and set permissions for the user that the agent will run on

1.    Connect to your instance using SSH.

2.    To stop the CodeDeploy host agent, run the following command:

sudo service codedeploy-agent stop

3.    To modify the CodeDeploy agent configuration file, run the sed stream editor command:

sed -i 's/""/"ec2-user"/g' /etc/init.d/codedeploy-agent

Important: For Amazon Linux 2 AMIs, run this additional command:

sed -i 's/#User=codedeploy/User=ec2-user/g' /usr/lib/systemd/system/codedeploy-agent.service

Note: In the preceding commands, replace ec2-user with the user name that you want the CodeDeploy host agent to run on.

4.    To grant user permissions to the necessary directories, run the following commands:

sudo chown ec2-user:ec2-user -R /opt/codedeploy-agent/
sudo chown ec2-user:ec2-user -R /var/log/aws/

5.    To restart the CodeDeploy agent and confirm that your updates to the configuration file were successful, run the following commands:

sudo service codedeploy-agent start
sudo service codedeploy-agent status

If your updates were successful, you receive output similar to the following:

The AWS CodeDeploy agent is running as PID ####

6.    To see what processes are running and which user is running these processes, run the following command:

ps aux | grep codedeploy-agent

Automate the user change process

To make sure that the CodeDeploy agent is installed and running with the correct user when new instances are launched (for example, during scaling events), complete the following steps to automate the user change process:

1.    Open the Amazon EC2 console.

2.    On the navigation pane, choose Launch Configurations.

3.    Choose Create launch configuration.

4.    Select the Amazon Linux AMI.

5.    Choose Next: Configure details.

6.    For IAM role, choose a preconfigured IAM role that grants your Amazon EC2 instance permissions to access Amazon Simple Storage Service (Amazon S3) resources.

7.    Choose Advanced Details.

8.    In the User data section of the agent configuration file, enter the commands to install the CodeDeploy agent and update the file to use a specific user. See the following example:

#!/bin/bash
yum -y update
yum install -y ruby aws-cli -y
cd /home/ec2-user
aws s3 cp s3://aws-codedeploy-us-east-1/latest/install . --region us-east-1
chmod +x ./install
./install auto
service codedeploy-agent stop
##adduser username <--- this is only required if you use a username that does not already exist
sed -i 's/""/"ec2-user"/g' /etc/init.d/codedeploy-agent
##sed -i 's/#User=codedeploy/User=ec2-user/g' /usr/lib/systemd/system/codedeploy-agent.service  <--- Uncomment this line for Amazon Linux 2
chown ec2-user:ec2-user -R /opt/codedeploy-agent/
chown ec2-user:ec2-user -R /var/log/aws/
service codedeploy-agent start

Note: Replace ec2-user with the user name that you want the CodeDeploy host agent to run on. The preceding code executes automatically when a new instance is launched that's using this launch configuration.

9.    Complete the remaining steps in the launch wizard as needed, and then choose Create launch configuration.

10.    Choose Create an Auto Scaling group using this launch configuration.

11.    Complete the following:
For Group name, enter a name for your Auto Scaling group.
For Subnet, enter a subnet that allows your instance to access the internet.

12.    Choose Next: Configure scaling policies, and then choose a policy based on your needs.

13.    Complete the rest of the steps in the launch wizard, and then choose Create Auto Scaling Group.

Confirm that the CodeDeploy agent is running on the instance that you created to automate the user change process

Make sure that your instance is running, and then complete the following steps:

1.    Connect to your instance using SSH.

2.    Run the following command:

sudo service codedeploy-agent status

3.    To make sure that the correct user name is used, run the following command:

ps aux | grep codedeploy-agent

If the CodeDeploy agent is running, you receive output similar to the following:

The AWS CodeDeploy agent is running as PID ####

Did this article help you?

Anything we could improve?


Need more help?