Deploying to AWS elastic beanstalk from semaphore

gistfile1.sh

#!/bin/bash

# replace myapp with your application name
# replace ap-myregion-1 with your region name
# replace production with your environment name
# replace mybucket with your bucket name

# See the end of this script for the permissions I needed to give my user at the AWS end
# Finding all the ARNs can be difficult, you can allow them for resource "*" if you are feeling slack

# setup credentials - commented out as I have created "configuration files" through the admin - this works though if you don’t want to do that
# if you uncomment these you will need to create environment variables for AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
#mkdir ~/.aws
#echo -e "[default]\nregion = ap-myregion-1" > ~/.aws/config
#echo -e "[default]\naws_access_key_id=$AWS_ACCESS_KEY_ID\naws_access_key=$AWS_SECRET_ACCESS_KEY" > ~/.aws/credentials

# still set the permissions as I think aws requires them to be 600 and can't do that through admin
chmod 600 ~/.aws/config
chmod 600 ~/.aws/credentials

# grab the tag, which we'll use to identify our bundle
TAG=`git rev-parse --verify HEAD | cut -c 1-7`
# / is not allowed in the label, replace with a pipe
MSG=`git log -1 --pretty=%B | head -1 | sed 's#/#|#g'`

# create a bundle
git archive --format=zip HEAD > myapp-$TAG.zip

# copy the bundle to our S3 bucket
aws s3 cp myapp-$TAG.zip s3://mybucket/

# create the application version, pointing to our new s3 object
# appending || true means this will always return true, because possibly the application version already exists
# probably it could fail for another reason and this is a bad idea ... but then in that case the next command would fail anyway
aws elasticbeanstalk create-application-version --application-name myapp --version-label "$TAG $MSG" --source-bundle S3Bucket=mybucket,S3Key=myapp-$TAG.zip || true

# deploy the application
aws elasticbeanstalk update-environment --environment-name production --version-label "$TAG $MSG"

# wait for the health to turn some colour other than grey
while [ `aws elasticbeanstalk describe-environments | grep Health | cut -d: -f2 | sed -e 's/^[^"]*"//' -e 's/".*$//'` = "Grey" ]; do sleep 1; done

# check the version label
[[ `aws elasticbeanstalk describe-environments | grep VersionLabel | cut -d: -f2 | sed -e 's/^[^"]*"//' -e 's/".*$//'` = "$TAG $MSG" ]]

# check the health status
[[ `aws elasticbeanstalk describe-environments | grep Health | cut -d: -f2 | sed -e 's/^[^"]*"//' -e 's/".*$//'` = "Green" ]]


# AWS permissions required
#
# I have a feeling the wildcard permissions didn't actually do anything, but I still have them there I can't be bothered to figure it out
#
# autoscaling:DescribeAutoScalingGroups
# autoscaling:DescribeScalingActivities
# autoscaling:ResumeProcesses
# autoscaling:SuspendProcesses
# cloudformation:DescribeStackEvents
# cloudformation:DescribeStackResource
# cloudformation:DescribeStackResources
# cloudformation:DescribeStacks
# cloudformation:GetTemplate
# cloudformation:List*
# ec2:Describe*
# elasticbeanstalk:Check*
# elasticbeanstalk:CreateApplicationVersion
# elasticbeanstalk:Describe*
# elasticbeanstalk:List*
# elasticbeanstalk:RequestEnvironmentInfo
# elasticbeanstalk:RetrieveEnvironmentInfo
# elasticbeanstalk:UpdateEnvironment
# rds:Describe*
# rds:DescribeOrderableDBInstanceOptions
# rds:ListTagsForResource
# s3:DeleteObject
# s3:Get*
# s3:GetObject
# s3:List*
# s3:ListBucket
# s3:PutObject
# s3:PutObjectAcl