David walks you through
running the CodeDeploy agent
with non-root profiles

codedeploy-agent-non-root-profile-david

How can I run the AWS CodeDeploy agent with a user profile that's not the root profile?

Before you start, make sure that the CodeDeploy agent is installed on your Amazon Elastic Compute Cloud (Amazon EC2) instance.

The resolution below applies to instances that use the Amazon Linux AMI or Amazon Linux 2.

Change the user and set permissions for the user that the agent will run on

1.    Connect to your instance using SSH.

2.    To stop the CodeDeploy host agent, run the following command:

sudo service codedeploy-agent stop

3.    To modify the CodeDeploy agent configuration file, run the sed stream editor command:

sed -i 's/""/"ec2-user"/g' /etc/init.d/codedeploy-agent

Note: Make sure to replace "ec2-user" with the user name that you want the CodeDeploy host agent to run on.

4.    To grant user permissions to the necessary directories, run the following commands:

sudo chown ec2-user:ec2-user -R /opt/codedeploy-agent/
sudo chown ec2-user:ec2-user -R /var/log/aws/

5.    To restart the CodeDeploy agent and confirm that your updates to the configuration file were successful, run the following commands:

sudo service codedeploy-agent start
sudo service codedeploy-agent status

If your updates were successful, you receive output similar to the following:

The AWS CodeDeploy agent is running as PID ####

6.    To see what processes are running and which user is running these processes, run the following command:

ps aux | grep codedeploy-agent

Automate the user change process

To make sure that the CodeDeploy agent is installed and running with the correct user when new instances are launched (for example, during scaling events), you can automate the user change process:

1.    Open the Amazon EC2 console.

2.    On the navigation pane, choose Launch Configurations.

3.    Choose Create launch configuration.

4.    Select the Amazon Linux AMI.

5.    Choose Next: Configure details.

6.    For IAM role, choose a preconfigured IAM role that grants your Amazon EC2 instance permissions to access Amazon Simple Storage Service (Amazon S3) resources.

Note: For more information, see How do I configure an AWS CodeDeploy service role and instance profile?.

7.    Choose Advanced Details.

8.    In the User data section of the agent configuration file, enter the commands to install the CodeDeploy agent and update the file to use a specific user. See the following example:

#!/bin/bash
yum -y update
yum install -y ruby aws-cli -y
cd /home/ec2-user
aws s3 cp s3://aws-codedeploy-us-east-1/latest/install . --region us-east-1
chmod +x ./install
./install auto
service codedeploy-agent stop
##adduser username <--- this is only required if you use a username that does not already exist
sed -i 's/""/"ec2-user"/g' /etc/init.d/codedeploy-agent
chown ec2-user:ec2-user -R /opt/codedeploy-agent/
chown ec2-user:ec2-user -R /var/log/aws/
service codedeploy-agent start

Note: Make sure that you replace "ec2-user" with the user name that you want the CodeDeploy host agent to run on. The code above executes automatically when a new instance is launched that's using this launch configuration.

9.    Complete the remaining steps in the launch wizard as needed, and then choose Create launch configuration.

10.    Choose Create an Auto Scaling group using this launch configuration.

11.    Complete the following:
For Group name, enter a name for your Auto Scaling group.
For Subnet, enter a subnet that allows your instance to access the internet.

12.    Choose Next: Configure scaling policies, and then choose a policy based on your needs.

13.    Complete the rest of the steps in the launch wizard, and then choose Create Auto Scaling Group.

Confirm that the CodeDeploy agent is running on the instance that you created to automate the user change process

Make sure that your instance is running, and then complete the following steps:

1.    Connect to your instance using SSH.

2.    Run the following command:

sudo service codedeploy-agent status

3.    To make sure that the correct user name is used, run the following command:

ps aux | grep codedeploy-agent

If the CodeDeploy agent is running, you receive output similar to the following:

The AWS CodeDeploy agent is running as PID ####

Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2017-01-10

Updated: 2019-02-26