Register an On-Premises Server in AWS CodeDeploy | AWS CodeDeploy

Register an On-Premises Server in CodeDeploy

Prev Question Next Question

Question

Your company owns an on-premises Ubuntu server in a local data center where several legacy applications are running.

You want to use AWS CodeDeploy to deploy new application revisions to this particular on-premises instance but firstly you need to register the server in CodeDeploy and use an IAM user to perform the authentication.

Which of the following methods is the most appropriate?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer - C.

Option A is incorrect because when working with on-premises instances for CodeDeploy, the AWS CLI command register can only register an IAM user instead of an IAM role for the authentication.

Option B is incorrect because the server cannot be registered automatically.

You will need to use the register command to register the on-premises instance.

Option C is CORRECT because the register command can create an IAM user for the server and register the server with CodeDeploy.

The following is an example:

aws deploy register --instance-name AssetTag12010298EX --tags Key=Name,Value=CodeDeployDemo-OnPrem --region us-west-2

Option D is incorrect because the tag-resource CLI command is used to associate a list of tags with the resources and cannot register the on-premises servers with CodeDeploy.

Reference:

https://docs.aws.amazon.com/codedeploy/latest/userguide/on-premises-instances-register.html, https://docs.aws.amazon.com/codedeploy/latest/userguide/instances-on-premises-register-instance.html.

The most appropriate method to register an on-premises Ubuntu server in CodeDeploy and use an IAM user for authentication is option A: Create an IAM role for the on-premises server and assign the CodeDeploy permissions to the role. Use the register AWS CLI command to bind the IAM role with the server.

Explanation:

AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services, including EC2 instances and on-premises servers. To deploy an application revision to an on-premises Ubuntu server using CodeDeploy, the server needs to be registered in CodeDeploy first.

Option A is the correct answer because it follows the best practices for IAM users and roles in AWS. Here's a step-by-step explanation of why this is the most appropriate method:

  1. Create an IAM role: First, you need to create an IAM role that has the necessary permissions to access CodeDeploy. This can be done from the IAM console or using the AWS CLI. The role should have the CodeDeploy permissions that you want to grant to the on-premises server, such as the ability to create deployments or access S3 buckets.

  2. Assign permissions to the role: Once you've created the role, you need to assign the appropriate permissions to it. In this case, you need to grant the role permissions to access CodeDeploy. This can be done by attaching a policy to the role that allows access to CodeDeploy.

  3. Register the server: Next, you need to register the on-premises server with CodeDeploy. This can be done using the register command in the AWS CLI. You will need to specify the IAM role that you created in step 1 when you register the server.

  4. Use the IAM role for authentication: Finally, when you deploy new application revisions to the on-premises server using CodeDeploy, the server will authenticate with CodeDeploy using the IAM role that you created. This provides a secure and scalable way to manage access to CodeDeploy.

Option B is not the correct answer because it suggests including the IAM user in the CodeDeploy configuration file, which is not a best practice. IAM users should be created separately and managed separately from application configuration files. In addition, the CodeDeploy agent should be installed on the on-premises server before it can be registered with CodeDeploy.

Option C is also not the correct answer because it suggests creating an IAM user for the on-premises server, which is unnecessary. IAM roles are more appropriate for this use case because they are designed to provide temporary security credentials to entities that need to access AWS services.

Option D is not the correct answer because it suggests creating an IAM user and tagging the server. While it is possible to use tags to deploy new revisions to servers based on specific criteria, it is not necessary in this case because the on-premises server is the only server that needs to be registered with CodeDeploy.