I’m at the just barely scratching the surface level of getting started with AWS Deployment Pipelines. Of course, the first thing I want to do with them is get a database deployed. A couple of web searches and I find this bit of documentation from the AWS team.
Perfect. Not only is this using AWS tools all the way from Commit (source control) to Build (automation) to Deploy (pipelines), but it’s using Flyway for the magic sauce of the database deployment (database deployments need magic sauce).
Because I’m just learning, it actually took me two days to get to the point where this code was working. Or rather, where it was supposed to work. There’s one small bit missing or changed since that article was published. If you’re attempting this, let me save you a little time.
UploadArchive
If you get everything working, the first time you commit your code back to the CodeCommit branch, you’re going to get a permissions error on UploadArchive.
There was likely a change to permissions in AWS that caused this. So, what do you do? It’s actually not hard. Navigate over to IAM in the AWS Console and down to Roles. Mine currently looks like this:
Find the codepipeline role. In the image above it’s my-pipelin-CodePipelineRole-1UP4R2K71WD0H. Click on that and you’ll see the permissions:
You’re going to want to attach an inline policy. It’ll need to do two things, uploadarchive and codebuild. Here’s the JSON to create it yourself:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"codecommit:UploadArchive",
"codebuild:*"
],
"Resource": "*"
}
]
}
In my case, I set it so that it had permissions to “*”, everything. You can, of course, control that much more tightly if you so desire.
Conclusion
That’s it. Use this bit of information, get over that last tiny roadblock and you’ll have a working database deployment pipeline like I do. I will be posting more about how AWS pipelines work as I build my own, so watch this space.