Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Deployment Permissions and Code Deploy

gbrown
gbrown June 14, 2019

How does enabling pipelines and deploy permissions integrate with  AWS Code Deploy? Specifically how do I make my Deployment groups in bitbucket match with the deployment groups in Code Deploy?

Answer
Watch
Like Be the first to like this
701 views

2 answers

1 accepted

0 votes
Answer accepted
Graham Gatus
Graham Gatus
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 25, 2019

Hi @gbrown 

What method are you using to talk to Code Deploy? If using the Code Deploy pipe, you can pass in the deployment group name as a pipe variable (see https://bitbucket.org/atlassian/aws-code-deploy/src/master/). The deployment group is configured in AWS, and stores configuration information related to the deployment in AWS (e.g the target EC2 instances, rollback policy).

When deploying to CodeDeploy from pipelines, there are several things you need to consider:

- The application name: The name of the application being deployed to in AWS.

- The deployment group: This stores configuration information related to the deployment in AWS (e.g the target EC2 instances, rollback policy). An application may have multiple deployment groups.

- IAM user: if using the CodeDeploy pipe, you will need to configure an IAM "bot" user with programmatic access in AWS, generate a access key id and secret access key, and store them as secure variables in pipelines, which get passed to the pipe. Typically you would generate a set of credentials with the minimum level of permissions required to perform a deployment, and store them as repository variables in pipelines.

- Pipelines deployment permissions: Optionally, within pipelines you could further restrict what branches deployments can happen from, or limit deployments to admin only users (note this is a premium feature). This provides some control on the pipelines side over who and where a deployment can happen from.

View More Comments
gbrown
gbrown July 1, 2019

I am using the CodeDeploy pipe and wish to further restrict what deployments to certain users (premium feature).

Currently I just deploy from the repository.

Like
Reply
0 votes
Graham Gatus
Graham Gatus
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 25, 2019

Hi @gbrown 

What method are you using to interact with CodeDeploy? If using the CodeDeploy pipe (https://bitbucket.org/atlassian/aws-code-deploy/src/master/), you can specify the deployment group as a variable to the pipe. The AWS credentials you pass to the pipe need to have sufficient IAM access to be able to execute your deployment.

There is no direct mapping between deployment permissions in pipelines and an AWS CodeDeploy deployment group. An AWS deployment group holds the configuration for a AWS CodeDeploy deployment (e.g for EC2, the instances to deploy to, rollback policy etc), whilst deployment permissions in pipelines can be used to guard access, preventing deployments.

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events