AWS Code Deploy to VPC instances in AutoScaling Group fails unless Elastic IP is assigned

1
votes

I have a AutoScaling Group Setup and AWS Code Deploy Setup for VPC having 1 public subnet. The VPC instance is capable of accessing all AWS services through IAM Role.

The base AMI is ubuntu with CodeDeploy Agent installed on it. Whenever the scaling event triggers, the AutoScaling Group launches an instance and the instance goes into "Waiting for Lifecycle Event"

AWS Code Deploy triggers deployment and is "In Progress" state, it remains in that state for more than an hour and then it fails.

If, within that hour, I manually assign Elastic IP, the Code deploy succeeds immediately.

Is having public/Elastic IP a requirement for CodeDeploy to succeed on VPC instances?

How can I get Code Deploy succeeded without the need of Public IP.

3
aws-code-deploy
Have you set up a NAT instance so that the instances can access the internet without a public facing IP address? The EIP doesn't matter if the instance has access to the internet otherwise. Your code is deployed from the CodeDeploy agent polling the endpoint.Kevin
Thanks Kevin, I thought setting up internet gateway would be enough for VPC instances to connect to Internet, now after you pointed out, I read the docs carefully and found that Internet Gateway along with Public IP is needed or NAT instance should be setup. I would go for assigning a Public IP on launch. Can you post that as answer so that I can accept?user12334

3 Answers

2
votes

Have you set up a NAT instance so that the instances can access the internet without a public facing IP address? The EIP doesn't matter if the instance has access to the internet otherwise. Your code is deployed from the CodeDeploy agent polling the endpoint, thus if it can't hit the end point, it will never work.

0
votes

The endpoint that CodeDeploy agent talks to is not the public domain name like codedeloy.amazonaws.com. Agent talks to command control endpoint, which is "https://codedeploy-commands.#{cfg.region}.amazonaws.com", according to https://github.com/aws/aws-codedeploy-agent/blob/29d4ff4797c544565ccae30fd490aeebc9662a78/vendor/gems/codedeploy-commands-1.0.0/lib/aws/plugins/deploy_control_endpoint.rb#L9. So you'll need to make sure private instance can access to this command control endpoint.

0
votes

To connect your VPC to CodeDeploy, you define an interface VPC endpoint for CodeDeploy. An interface endpoint is an elastic network interface with a private IP address that serves as an entry point for traffic destined to a supported AWS service. The endpoint provides reliable, scalable connectivity to CodeDeploy without requiring an internet gateway, network address translation (NAT) instance, or VPN connection.

https://docs.aws.amazon.com/codedeploy/latest/userguide/vpc-endpoints.html