David walks you through
running the CodeDeploy agent
with non-root profiles

codedeploy-agent-non-root-profile-david

How do I run the AWS CodeDeploy agent with user profiles other than root?

Before you begin, make sure that the CodeDeploy agent is installed on your EC2 instance running Amazon Linux. After it's installed, perform the following tasks:

1.    Log in to your running instance by using SSH.

2.    Stop the CodeDeploy host agent.

sudo service codedeploy-agent stop

3.    Modify the CodeDeploy agent configuration file using the Stream Editor (sed) command, replacing {username} with the user name for the profile the agent will run as:

sed -i 's/""/"{username}"/g' /etc/init.d/codedeploy-agent

4.    Grant the user permissions to the necessary directories by running the following commands:

sudo chown {username}:{username} -R /opt/codedeploy-agent/
sudo chown {username}:{username} -R /var/log/aws/

Verify that the changes were successful by running the following commands in order, which will restart the CodeDeploy agent and return its status:

sudo service codedeploy-agent start
sudo service codedeploy-agent status

If the changes were successful, you'll receive output similar to the following:

The AWS CodeDeploy agent is running as PID ####

To ensure the correct username is being used, run a command similar to the following:

ps aux | grep codedeploy-agent

To ensure the CodeDeploy agent is installed and running under the correct user profile when new instances are launched (for example, during scaling events), you can optionally automate this process by adding the preceding commands into a launch configuration's UserData property:

1.    Open the EC2 console.

2.    Select Launch Configurations from the left navigation pane.

3.    Choose Create launch configuration.

4.    Select the Amazon Linux AMI.

5.    Choose Next: Configure Details.

6.    For IAM role, choose a preconfigured IAM role that grants your EC2 instance permissions to access S3 resources. For more information, see How do I configure an AWS CodeDeploy service role and instance profile?

7.    Open the Advanced Details drop-down menu and add commands in the User data field that will install the CodeDeploy agent and modify the agent configuration file, similar to the following:

#!/bin/bash
yum -y update
yum install -y ruby aws-cli -y
cd /home/ec2-user
aws s3 cp s3://aws-codedeploy-us-east-1/latest/install . --region us-east-1
chmod +x ./install
./install auto
service codedeploy-agent stop
adduser {username}
sed -i 's/""/"{username}"/g' /etc/init.d/codedeploy-agent
chown {username}:{username} -R /opt/codedeploy-agent/
chown {username}:{username} -R /var/log/aws/
service codedeploy-agent start

These commands execute automatically when a new instance is launched using this launch configuration.

8.    Choose Next: Add Storage and complete the rest of the instance launch wizard according to your needs.

9.    Choose Create launch configuration.

10.   Choose Create an Auto Scaling group using this launch configuration. Add a name that's meaningful to you and select a subnet to ensure your instance can access the Internet; you can leave all other settings as default.

11.   Choose Next: Configure scaling policies.

12.   Choose an Auto Scaling policy for your use case, and then choose Review. Complete the rest of the Auto Scaling launch wizard, and then choose Create Auto Scaling Group.

To verify that the CodeDeploy agent is running, after your instance is in the running state, log in to the instance using SSH and run the following command:

sudo service codedeploy-agent status

To ensure the correct username is being used, run a command similar to the following:

ps aux | grep codedeploy-agent

If the CodeDeploy agent is running, the output will be similar to the following:

The AWS CodeDeploy agent is running as PID ####


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2017-01-10