# Monitoring deployments with Amazon SNS event notifications Monitoring deployments with Amazon SNS event notifications You can add triggers to a CodeDeploy deployment group to receive notifications about events related to deployments or instances in that deployment group. These notifications are sent to recipients who are subscribed to an Amazon SNS topic you have made part of the trigger's action. You can receive notifications for CodeDeploy events in SMS messages or email messages. You can also use the JSON data that is created when a specified event occurs in other ways, such as sending messages to Amazon SQS queues or invoking a function in AWS Lambda. For a look at the structure of the JSON data provided for deployment and instance triggers, see [JSON data formats for CodeDeploy triggers](monitoring-sns-event-notifications-json-format.md). You might choose to use triggers to receive notifications if: + You are a developer who needs to know when a deployment fails or stops so you can troubleshoot it. + You are a system administrator who needs to know how many instances fail in order to monitor the health of your Amazon EC2 fleet. + You are a manager who wants an at-a-glance count of deployment and instance events, which you can get through filtering rules that route different types of notifications into folders in your desktop email client. You can create up to 10 triggers for each CodeDeploy deployment group, for any of the following event types. | Deployment events | Instance events | | --- | --- | | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/codedeploy/latest/userguide/monitoring-sns-event-notifications.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/codedeploy/latest/userguide/monitoring-sns-event-notifications.html) | | ¹Applies to blue/green deployments only. Indicates that the latest application revision has been installed on instances in a replacement environment and traffic from the original environment can now be rerouted behind a load balancer. For more information see [Working with deployments in CodeDeploy](deployments.md). | **Topics** + [Grant Amazon SNS permissions to a service role](monitoring-sns-event-notifications-permisssions.md) + [Create a trigger for a CodeDeploy event](monitoring-sns-event-notifications-create-trigger.md) + [Edit a trigger in a deployment group](monitoring-sns-event-notifications-edit-trigger.md) + [Delete a trigger from a deployment group](monitoring-sns-event-notifications-delete-trigger.md) + [JSON data formats for triggers](monitoring-sns-event-notifications-json-format.md) # Grant Amazon SNS permissions to a CodeDeploy service role Grant Amazon SNS permissions to a service role Before your triggers can generate notifications, the service role you use in your CodeDeploy operations must be granted permission to access the Amazon SNS resources. **To grant Amazon SNS permissions to a service role** 1. Sign in to the AWS Management Console and open the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/). 1. In the IAM console, in the navigation pane, choose **Roles**. 1. Choose the name of the service role you use in your AWS CodeDeploy operations. 1. On the **Permissions** tab, in the **Inline Policies** area, choose **Create Role Policy**. –or– If the **Create Role Policy** button is not available, expand the **Inline Policies** area, and then choose **click here**. 1. On the **Set Permissions** page, choose **Custom Policy**, and then choose **Select**. 1. On the **Review Policy** page, in the **Policy Name** field, enter a name to identify this policy, such as `SNSPublish`. 1. Paste the following into the **Policy Document** field: ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "sns:Publish", "Resource": "*" } ] } ``` ------ 1. Choose **Apply Policy**. # Create a trigger for a CodeDeploy event Create a trigger for a CodeDeploy event You can create a trigger that publishes an Amazon Simple Notification Service (Amazon SNS) topic for a AWS CodeDeploy deployment or instance event. Then, when that event occurs, all subscribers to the associated topic receive notifications through the endpoint specified in the topic, such as an SMS message or email message. Amazon SNS offers multiple methods for subscribing to topics. Before you create a trigger, you must set up the Amazon SNS topic for the trigger to point to. For information, see [Create a topic](https://docs.aws.amazon.com/sns/latest/dg/CreateTopic.html). When you create a topic, we recommend you give it a name that identifies its purpose, in formats such as `Topic-group-us-west-3-deploy-fail` or `Topic-group-project-2-instance-stop`. You must also grant Amazon SNS permissions to a CodeDeploy service role before notifications can be sent for your trigger. For information, see [Grant Amazon SNS permissions to a CodeDeploy service role](monitoring-sns-event-notifications-permisssions.md). After you have created the topic, you can add subscribers. For information about creating, managing, and subscribing to topics, see [What is Amazon Simple Notification Service](https://docs.aws.amazon.com/sns/latest/dg/welcome.html). ## Create a trigger to send notifications for CodeDeploy events (console) You can use the CodeDeploy console to create triggers for a CodeDeploy event. At the end of the setup process, a test notification message is sent to ensure that both permissions and trigger details are set up correctly. **To create a trigger for a CodeDeploy event** 1. In the AWS Management Console, open the AWS CodeDeploy console. 1. Sign in to the AWS Management Console and open the CodeDeploy console at [https://console.aws.amazon.com/codedeploy](https://console.aws.amazon.com/codedeploy). **Note** Sign in with the same user that you set up in [Getting started with CodeDeploy](getting-started-codedeploy.md). 1. In the navigation pane, expand **Deploy**, then choose **Applications**. 1. On the **Applications** page, choose the name of the application associated with the deployment group where you want to add a trigger. 1. On the **Application details** page, choose the deployment group where you want to add a trigger. 1. Choose **Edit**. 1. Expand **Advanced - optional**. 1. In the **Triggers** area, choose **Create trigger**. 1. In **Create deployment trigger** pane, do the following: 1. In **Trigger name**, enter a name for the trigger that makes it easy to identify its purpose. We recommend formats such as `Trigger-group-us-west-3-deploy-fail` or `Trigger-group-eu-central-instance-stop`. 1. In **Events**, choose the event type or types to trigger the Amazon SNS topic to send notifications. 1. In **Amazon SNS topics**, choose the name of topic you created for sending notifications for this trigger. 1. Choose **Create trigger**. CodeDeploy sends a test notification to confirm you have correctly configured access between CodeDeploy and the Amazon SNS topic. Depending on the endpoint type you selected for the topic, and if you are subscribed to the topic, you receive confirmation in an SMS message or email message. 1. Choose **Save changes**. ## Create a trigger to send notifications for CodeDeploy events (CLI) You can use the CLI to include triggers when you create a deployment group, or you can add triggers to an existing deployment group. ### To create a trigger to send notifications for a new deployment group Create a JSON file to configure the deployment group, and then run the [create-deployment-group](https://docs.aws.amazon.com/cli/latest/reference/deploy/create-deployment-group.html) command using the `--cli-input-json` option. The simplest way to create the JSON file is to use the `--generate-cli-skeleton` option to get a copy of the JSON format, and then provide the required values in a plain-text editor. 1. Run the following command, and then copy the results into a plain-text editor. ``` aws deploy create-deployment-group --generate-cli-skeleton ``` 1. Add the name of an existing CodeDeploy application to the output: ``` { "applicationName": "TestApp-us-east-2", "deploymentGroupName": "", "deploymentConfigName": "", "ec2TagFilters": [ { "Key": "", "Value": "", "Type": "" } ], "onPremisesInstanceTagFilters": [ { "Key": "", "Value": "", "Type": "" } ], "autoScalingGroups": [ "" ], "serviceRoleArn": "", "triggerConfigurations": [ { "triggerName": "", "triggerTargetArn": "", "triggerEvents": [ "" ] } ] } ``` 1. Provide values for the parameters you want to configure. When you use the [create-deployment-group](https://docs.aws.amazon.com/codedeploy/latest/APIReference/API_CreateDeploymentGroup.html) command, you must provide, at a minimum, values for the following parameters: + `applicationName`: The name of an application already created in your account. + `deploymentGroupName`: A name for the deployment group you are creating. + `serviceRoleArn`: The ARN of an existing service role set up for CodeDeploy in your account. For information, see [Step 2: Create a service role for CodeDeploy](getting-started-create-service-role.md). In the `triggerConfigurations` section, provide values for the following parameters: + `triggerName`: The name you want to give the trigger so you can easily identify it. We recommend formats such as `Trigger-group-us-west-3-deploy-fail` or `Trigger-group-eu-central-instance-stop`. + `triggerTargetArn`: The ARN of the Amazon SNS topic you created to associate with your trigger, in this format: `arn:aws:sns:us-east-2:444455556666:NewTestTopic`. + `triggerEvents`: The type of event or events for which you want to trigger notifications. You can specify one or more event types, separating multiple event type names with commas (for example, `"triggerEvents":["DeploymentSuccess","DeploymentFailure","InstanceFailure"]`). When you add more than one event type, notifications for all those types are sent to the topic you specified, rather than to a different topic for each one. You can choose from the following event types: + DeploymentStart + DeploymentSuccess + DeploymentFailure + DeploymentStop + DeploymentRollback + DeploymentReady (Applies only to replacement instances in a blue/green deployment) + InstanceStart + InstanceSuccess + InstanceFailure + InstanceReady (Applies only to replacement instances in a blue/green deployment) The following configuration example creates a deployment group named `dep-group-ghi-789-2` for an application named `TestApp-us-east-2` and a trigger that prompts the sending of notifications whenever a deployment starts, succeeds, or fails: ``` { "applicationName": "TestApp-us-east-2", "deploymentConfigName": "CodeDeployDefault.OneAtATime", "deploymentGroupName": "dep-group-ghi-789-2", "ec2TagFilters": [ { "Key": "Name", "Value": "Project-ABC", "Type": "KEY_AND_VALUE" } ], "serviceRoleArn": "arn:aws:iam::444455556666:role/AnyCompany-service-role", "triggerConfigurations": [ { "triggerName": "Trigger-group-us-east-2", "triggerTargetArn": "arn:aws:sns:us-east-2:444455556666:us-east-deployments", "triggerEvents": [ "DeploymentStart", "DeploymentSuccess", "DeploymentFailure" ] } ] } ``` 1. Save your updates as a JSON file, and then call that file using the `--cli-input-json` option when you run the **create-deployment-group** command: **Important** Be sure to include `file://` before the file name. It is required in this command. ``` aws deploy create-deployment-group --cli-input-json file://filename.json ``` At the end of the creation process, you receive a test notification message that indicates both permissions and trigger details are set up correctly. ### To create a trigger to send notifications for an existing deployment group To use the AWS CLI to add triggers for CodeDeploy events to an existing deployment group, create a JSON file to update the deployment group, and then run the [update-deployment-group](https://docs.aws.amazon.com/cli/latest/reference/deploy/create-deployment-group.html) command using the `--cli-input-json` option. The simplest way to create the JSON file is to run the **get-deployment-group** command to get a copy of the deployment group's configuration, in JSON format, and then update the parameter values in a plain-text editor. 1. Run the following command, and then copy the results into a plain-text editor. ``` aws deploy get-deployment-group --application-name application --deployment-group-name deployment-group ``` 1. Delete the following from the output: + At the beginning of the output, delete `{ "deploymentGroupInfo":`. + At the end of the output, delete `}`. + Delete the row containing `deploymentGroupId`. + Delete the row containing `deploymentGroupName`. The contents of your text file should now look similar to the following: ``` { "applicationName": "TestApp-us-east-2", "deploymentConfigName": "CodeDeployDefault.OneAtATime", "autoScalingGroups": [], "ec2TagFilters": [ { "Type": "KEY_AND_VALUE", "Value": "Project-ABC", "Key": "Name" } ], "triggerConfigurations": [], "serviceRoleArn": "arn:aws:iam::444455556666:role/AnyCompany-service-role", "onPremisesInstanceTagFilters": [] } ``` 1. In the `triggerConfigurations` section, add data for the `triggerEvents`, `triggerTargetArn`, and `triggerName` parameters. For information about trigger configuration parameters, see [TriggerConfig](https://docs.aws.amazon.com/codedeploy/latest/APIReference/API_TriggerConfig.html). The contents of your text file should now look similar to the following. This code prompts notifications to be sent whenever a deployment starts, succeeds, or fails. ``` { "applicationName": "TestApp-us-east-2", "deploymentConfigName": "CodeDeployDefault.OneAtATime", "autoScalingGroups": [], "ec2TagFilters": [ { "Type": "KEY_AND_VALUE", "Value": "Project-ABC", "Key": "Name" } ], "triggerConfigurations": [ { "triggerEvents": [ "DeploymentStart", "DeploymentSuccess", "DeploymentFailure" ], "triggerTargetArn": "arn:aws:sns:us-east-2:444455556666:us-east-deployments", "triggerName": "Trigger-group-us-east-2" } ], "serviceRoleArn": "arn:aws:iam::444455556666:role/AnyCompany-service-role", "onPremisesInstanceTagFilters": [] } ``` 1. Save your updates as a JSON file, and then run the [update-deployment-group](https://docs.aws.amazon.com/cli/latest/reference/deploy/create-deployment-group.html) command using the `--cli-input-json` option. Be sure to include the `--current-deployment-group-name` option and substitute the name of your JSON file for *filename*: **Important** Be sure to include `file://` before the file name. It is required in this command. ``` aws deploy update-deployment-group --current-deployment-group-name deployment-group-name --cli-input-json file://filename.json ``` At the end of the creation process, you receive a test notification message that indicates both permissions and trigger details are set up correctly. # Edit a trigger in a CodeDeploy deployment group Edit a trigger in a deployment group If your notification requirements change, you can modify your trigger rather than create a new one. ## Modify a CodeDeploy trigger (CLI) To use the AWS CLI to change trigger details for CodeDeploy events when you update a deployment group, create a JSON file to define changes to the deployment group's properties, and then run the [update-deployment-group](https://docs.aws.amazon.com/cli/latest/reference/deploy/update-deployment-group.html) command with the `--cli-input-json` option. The simplest way to create the JSON file is to run the **get-deployment-group** command to get the current deployment group details in JSON format, and then edit the required values in a plain-text editor. 1. Run the following command, substituting the names of your application and deployment group for *application* and *deployment-group*: ``` aws deploy get-deployment-group --application-name application --deployment-group-name deployment-group ``` 1. Copy the results of the command into a plain-text editor and then delete the following: + At the beginning of the output, delete `{ "deploymentGroupInfo":`. + At the end of the output, delete `}`. + Delete the row containing `deploymentGroupId`. + Delete the row containing `deploymentGroupName`. The contents of your text file should now look similar to the following: ``` { "applicationName": "TestApp-us-east-2", "deploymentConfigName": "CodeDeployDefault.OneAtATime", "autoScalingGroups": [], "ec2TagFilters": [ { "Type": "KEY_AND_VALUE", "Value": "East-1-Instances", "Key": "Name" } ], "triggerConfigurations": [ { "triggerEvents": [ "DeploymentStart", "DeploymentSuccess", "DeploymentFailure", "DeploymentStop" ], "triggerTargetArn": "arn:aws:sns:us-east-2:111222333444:Trigger-group-us-east-2", "triggerName": "Trigger-group-us-east-2" } ], "serviceRoleArn": "arn:aws:iam::444455556666:role/AnyCompany-service-role", "onPremisesInstanceTagFilters": [] } ``` 1. Change any parameters, as necessary. For information about trigger configuration parameters, see [TriggerConfig](https://docs.aws.amazon.com/codedeploy/latest/APIReference/API_TriggerConfig.html). 1. Save your updates as a JSON file, and then run the [update-deployment-group](https://docs.aws.amazon.com/cli/latest/reference/deploy/update-deployment-group.html) command using the `--cli-input-json` option. Be sure to include the `--current-deployment-group-name` option and substitute the name of your JSON file for *filename*: **Important** Be sure to include `file://` before the file name. It is required in this command. ``` aws deploy update-deployment-group --current-deployment-group-name deployment-group-name --cli-input-json file://filename.json ``` At the end of the creation process, you receive a test notification message that indicates both permissions and trigger details are set up correctly. # Delete a trigger from a CodeDeploy deployment group Delete a trigger from a deployment group Because there is a limit of 10 triggers per deployment group, you might want to delete triggers if they are no longer being used. You cannot undo the deletion of a trigger, but you can re-create one. ## Delete a trigger from a deployment group (console) 1. Sign in to the AWS Management Console and open the CodeDeploy console at [https://console.aws.amazon.com/codedeploy](https://console.aws.amazon.com/codedeploy). **Note** Sign in with the same user that you set up in [Getting started with CodeDeploy](getting-started-codedeploy.md). 1. In the navigation pane, expand **Deploy**, then choose **Applications**. 1. On the **Applications** page, choose the name of the application associated with the deployment group where you want to delete a trigger. 1. On the **Application details** page, choose the deployment group where you want to delete a trigger. 1. Choose **Edit**. 1. Expand **Advanced - optional**. 1. In the **Triggers** area, choose the trigger you want to delete, then choose **Delete trigger**. 1. Choose **Save changes**. ## Delete a trigger from a deployment group (CLI) To use the CLI to delete a trigger, call the [update-deployment-group](https://docs.aws.amazon.com/cli/latest/reference/deploy/update-deployment-group.html) command, with empty trigger configuration parameters, specifying: + The name of the application associated with the deployment group. To view a list of application names, call the [list-applications](https://docs.aws.amazon.com/cli/latest/reference/deploy/list-applications.html) command. + The name of the deployment group associated with the application. To view a list of deployment group names, call the [list-deployment-groups](https://docs.aws.amazon.com/cli/latest/reference/deploy/list-deployment-groups.html) command. For example: ``` aws deploy update-deployment-group --application-name application-name --current-deployment-group-name deployment-group-name --trigger-configurations ``` # JSON data formats for CodeDeploy triggers JSON data formats for triggers You can use the JSON output that is created when a trigger for a deployment or instance is activated in a custom notification workflow, such as sending messages to Amazon SQS queues or invoking a function in AWS Lambda. **Note** This guide does not address how to configure notifications using JSON. For information about using Amazon SNS to send messages to Amazon SQS queues, see [Sending Amazon SNS messages to Amazon SQS queues](https://docs.aws.amazon.com/sns/latest/dg/SendMessageToSQS.html). For information about using Amazon SNS to invoke a Lambda function, see [Invoking Lambda functions using Amazon SNS notifications](https://docs.aws.amazon.com/sns/latest/dg/sns-lambda.html). The following examples show the structure of the JSON output available with CodeDeploy triggers. **Sample JSON Output for Instance-Based Triggers** ``` { "region": "us-east-2", "accountId": "111222333444", "eventTriggerName": "trigger-group-us-east-instance-succeeded", "deploymentId": "d-75I7MBT7C", "instanceId": "arn:aws:ec2:us-east-2:444455556666:instance/i-496589f7", "lastUpdatedAt": "1446744207.564", "instanceStatus": "Succeeded", "lifecycleEvents": [ { "LifecycleEvent": "ApplicationStop", "LifecycleEventStatus": "Succeeded", "StartTime": "1446744188.595", "EndTime": "1446744188.711" }, { "LifecycleEvent": "BeforeInstall", "LifecycleEventStatus": "Succeeded", "StartTime": "1446744189.827", "EndTime": "1446744190.402" } //More lifecycle events might be listed here ] } ``` **Sample JSON Output for Deployment-Based Triggers** ``` { "region": "us-west-1", "accountId": "111222333444", "eventTriggerName": "Trigger-group-us-west-3-deploy-failed", "applicationName": "ProductionApp-us-west-3", "deploymentId": "d-75I7MBT7C", "deploymentGroupName": "dep-group-def-456", "createTime": "1446744188.595", "completeTime": "1446744190.402", "deploymentOverview": { "Failed": "10", "InProgress": "0", "Pending": "0", "Skipped": "0", "Succeeded": "0" }, "status": "Failed", "errorInformation": { "ErrorCode": "IAM_ROLE_MISSING", "ErrorMessage": "IAM Role is missing for deployment group: dep-group-def-456" } } ```