Codedeploy Blue/Green 배포 시에 다음과 같이 에러가 발생할 수 있다.
"The IAM role does not give you permission to perform operations in the following AWS service: AmazonAutoScaling. Contact your AWS administrator if you need help. If you are an AWS administrator, you can grant permissions to your users or groups by creating IAM policies."
이 내용은 Codedeploy Role에 아래의 3가의 Action들에 대한 Policy가 없어서 발생하게 된다.
AWS Managed Policy에도 아직까지 추가가 안되어 있어서, Blue / Green 배포 설정 시에는 추가가 필요하다.
- Codedeploy Role에 다음과 Policy를 추가.
Hello,
Thank you for contacting Amazon Web Services Support. I understand that you are running into issues when using an AutoScaling Group (ASG) with a launch template for your CodeDeploy Blue/Green deployments. To clarify, launch templates are supported with Blue/Green deployments; however, there are additional permissions that are needed for the CodeDeploy role in order for this feature to work. When using launch templates the role must have the following permissions added:
- ec2:RunInstance
- ec2:CreateTags
- iam:PassRole
Currently, this information is missing from the AWS CodeDeploy documentation; there is an open feature request to update the documentation as well as to add these required permissions to the managed CodeDeploy policy so that users will not need to manually add these permissions. At the moment, this feature is still being reviewed so I do not have any timeline or ETA for this but at the very least, the documentation will be updated to reflect the extra permissions required for using launch templates.
