Amazon Web Services Question posted in
The official Amazon Web Services documentation can be found here.

Amazon web services – Cloudfromation script erroring out on CodeDeployDeploymentGroup

I have a sample script which creates EC2, CodeBuild, CodeDeploy and its Deployment Group with ALB and then it goes further to setup with codePipeline, however I am getting an error on CodeDeployDeploymentGroup stage,

Error –
CodeDeployDeploymentGroup
CREATE_FAILED
Likely root cause

The target group name arn:aws:elasticloadbalancing:us-west-2:363010889649:targetgroup/SampleTG/75497adb8b9bc9b8 specified in targetGroupInfoList exceeds the maximum allowed length of 32 characters.

here is the sample script

The sample script is here

what could be the issue? I have tried shorting the names, so I am not sure what could be the problem here.

Tags:

2

Answers


  1. 0

    As seen in the CloudFormation documentation you should use the Name property of the target group, or the TargetGroupName attribute with the Fn::GetAtt intrinsic function, as shown in the following example

    In your code, inside CodeDeployDeploymentGroup, you’re using:

    TargetGroupInfoList:
  - Name: !Ref MyTargetGroup

    which returns the ARN of the target group. Instead, as written in the documentation, you should use Fn::GetAtt to get the name of the group so that it would look like this:

    TargetGroupInfoList:
  - Name: !GetAtt MyTargetGroup.TargetGroupName
    Login or Signup to reply.
  2. 0

    Your CloudFormation template for setting up a CI/CD pipeline looks quite comprehensive.Here’s a refined version of your template with some improvements:

    Description: Automated CI/CD Pipeline with AWS Services

Parameters:
  VpcId:
    Description: VPC ID
    Type: String
    Default: 'vpc-08feca1900f25be53'
  SubnetIds:
    Description: Comma-separated list of subnet IDs
    Type: CommaDelimitedList
    Default: 'subnet-09ff603fd9aeccb2c,subnet-00cbc2dd838206fbc,subnet-0581763c47811058b,subnet-0dd954f53aeea3c88'
  InstanceType:
    Description: EC2 instance type
    Type: String
    Default: 't2.micro'
  KeyName:
    Description: EC2 Key Pair
    Type: AWS::EC2::KeyPair::KeyName
    Default: 'sample-app-using-ec2'
  AMIId:
    Description: Amazon Linux 2 AMI ID
    Type: AWS::EC2::Image::Id
    Default: 'ami-074be47313f84fa38'
  AvailabilityZone:
    Description: Availability Zone
    Type: String
    Default: 'us-west-2b'
  GitHubToken:
    Description: GitHub OAuth Token
    Type: String
    NoEcho: true

Resources:
  # Unified IAM Role with Necessary Permissions
  UnifiedCICDRole:
    Type: 'AWS::IAM::Role'
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: 'Allow'
            Principal:
              Service:
                - 'ec2.amazonaws.com'
                - 'codebuild.amazonaws.com'
                - 'codedeploy.amazonaws.com'
                - 'codepipeline.amazonaws.com'
            Action: 'sts:AssumeRole'
      Policies:
        - PolicyName: 'UnifiedCICDPolicy'
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
              - Effect: 'Allow'
                Action:
                  - 'ec2:Describe*'
                  - 'ec2:AuthorizeSecurityGroupIngress'
                  - 'ec2:AuthorizeSecurityGroupEgress'
                  - 'ec2:RevokeSecurityGroupIngress'
                  - 'ec2:RevokeSecurityGroupEgress'
                  - 'ec2:CreateSecurityGroup'
                  - 'ec2:DeleteSecurityGroup'
                  - 'ec2:CreateTags'
                  - 'ec2:DeleteTags'
                  - 'codebuild:*'
                  - 'codedeploy:*'
                  - 'codepipeline:*'
                  - 's3:GetObject'
                  - 's3:PutObject'
                  - 's3:ListBucket'
                  - 'logs:*'
                  - 'iam:PassRole'
                Resource: '*'

  # Security Group for EC2 and Load Balancer
  InstanceSecurityGroup:
    Type: 'AWS::EC2::SecurityGroup'
    Properties:
      GroupDescription: 'Enable SSH and HTTP access'
      VpcId: !Ref VpcId
      SecurityGroupIngress:
        - IpProtocol: 'tcp'
          FromPort: '22'
          ToPort: '22'
          CidrIp: '0.0.0.0/0'
        - IpProtocol: 'tcp'
          FromPort: '80'
          ToPort: '80'
          CidrIp: '0.0.0.0/0'
      SecurityGroupEgress:
        - IpProtocol: '-1'
          FromPort: '-1'
          ToPort: '-1'
          CidrIp: '0.0.0.0/0'

  # Instance Profile for EC2
  UnifiedInstanceProfile:
    Type: 'AWS::IAM::InstanceProfile'
    Properties:
      Roles:
        - !Ref UnifiedCICDRole

  # EC2 Instance
  MyEC2Instance:
    Type: 'AWS::EC2::Instance'
    Properties:
      InstanceType: !Ref InstanceType
      KeyName: !Ref KeyName
      ImageId: !Ref AMIId
      SecurityGroupIds:
        - !Ref InstanceSecurityGroup
      IamInstanceProfile: !Ref UnifiedInstanceProfile
      UserData: !Base64 |
        #!/bin/bash
        yum update -y
        yum install -y httpd
        systemctl start httpd
        systemctl enable httpd
        # Create a dummy index.html file to pass health check
        echo "<html><h1>Dummy Index</h1></html>" > /var/www/html/index.html
      AvailabilityZone: !Ref AvailabilityZone
      Tags:
        - Key: Name
          Value: SampleAppEC2
        - Key: Intent
          Value: SampleAppEC2

  # Application Load Balancer
  MyLoadBalancer:
    Type: 'AWS::ElasticLoadBalancingV2::LoadBalancer'
    Properties:
      Name: 'SampleELB'
      Subnets: !Ref SubnetIds
      SecurityGroups:
        - !Ref InstanceSecurityGroup
      Scheme: internet-facing

  # Target Group
  MyTargetGroup:
    Type: 'AWS::ElasticLoadBalancingV2::TargetGroup'
    Properties:
      Name: 'ShortTGName'  # Shortened target group name
      Port: 80
      Protocol: HTTP
      VpcId: !Ref VpcId
      HealthCheckPath: /
      TargetType: instance

  # Listener for Load Balancer
  MyListener:
    Type: 'AWS::ElasticLoadBalancingV2::Listener'
    Properties:
      LoadBalancerArn: !Ref MyLoadBalancer
      DefaultActions:
        - Type: forward
          TargetGroupArn: !Ref MyTargetGroup
      Port: 80
      Protocol: HTTP

  # CodeDeploy Application and Deployment Group
  CodeDeployApplication:
    Type: 'AWS::CodeDeploy::Application'
    Properties:
      ApplicationName: 'SampleCDApp'

  CodeDeployDeploymentGroup:
    Type: 'AWS::CodeDeploy::DeploymentGroup'
    Properties:
      ApplicationName: !Ref CodeDeployApplication
      DeploymentGroupName: 'SampleDG'
      ServiceRoleArn: 'arn:aws:iam::363010889649:role/CodeDeploy-custom-roles'
      DeploymentConfigName: CodeDeployDefault.OneAtATime
      LoadBalancerInfo:
        TargetGroupInfoList:
          - Name: !GetAtt MyTargetGroup.TargetGroupName
      Ec2TagFilters:
        - Key: Name
          Value: SampleAppEC2
          Type: KEY_AND_VALUE

  # CodeBuild Project
  MyCodeBuildProject:
    Type: 'AWS::CodeBuild::Project'
    Properties:
      Name: 'SampleCB'
      ServiceRole: 'arn:aws:iam::363010889649:role/service-role/codebuild-sample-app-codebuild-service-role'
      Artifacts:
        Type: 'CODEPIPELINE'
      Environment:
        ComputeType: 'BUILD_GENERAL1_SMALL'
        Image: 'aws/codebuild/standard:4.0'
        Type: 'LINUX_CONTAINER'
      Source:
        Type: 'CODEPIPELINE'
      TimeoutInMinutes: 10

  # CodePipeline
  MyPipeline:
    Type: 'AWS::CodePipeline::Pipeline'
    Properties:
      RoleArn: !GetAtt UnifiedCICDRole.Arn
      Stages:
        - Name: Source
          Actions:
            - Name: SourceAction
              ActionTypeId:
                Category: Source
                Owner: ThirdParty
                Provider: GitHub
                Version: 1
              OutputArtifacts:
                - Name: SourceOutput
              Configuration:
                Owner: 'techdecipher'
                Repo: 'using-aws-dev-tools'
                Branch: 'main'
                OAuthToken: !Ref GitHubToken
        - Name: Build
          Actions:
            - Name: BuildAction
              ActionTypeId:
                Category: Build
                Owner: AWS
                Provider: CodeBuild
                Version: 1
              InputArtifacts:
                - Name: SourceOutput
              OutputArtifacts:
                - Name: BuildOutput
              Configuration:
                ProjectName: 'SampleCB'
        - Name: Deploy
          Actions:
            - Name: DeployAction
              ActionTypeId:
                Category: Deploy
                Owner: AWS
                Provider: CodeDeploy
                Version: 1
              InputArtifacts:
                - Name: BuildOutput
              Configuration:
                ApplicationName: !Ref CodeDeployApplication
                DeploymentGroupName: !Ref CodeDeployDeploymentGroup

Outputs:
  InstanceId:
    Description: 'InstanceId of the newly created EC2 instance'
    Value: !Ref MyEC2Instance
  LoadBalancerDNS:
    Description: 'DNS name of the load balancer'
    Value: !GetAtt MyLoadBalancer.DNSName

    Above CF template follows security best practices.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search