TRY AND ERRΦR

気になったこと、勉強したこと、その他雑記など色々メモしていきます。。Sometimes these posts will be written in English.,

【AWS CodeDeploy】Resource permissions by appspec.yml

I had misunderstanding for "permissions" in appspec.yml of AWS CodeDeploy.
Say around that we have an app which directory structure is like below.
CodeDeployのappspec.ymlで使うpermissionセクションについて誤解してた。。
例えば以下のような構成のアプリがあるとする。

app
|-src
  |--something...
|-logs
  |--logfiles...

I wanted to set logs directory's permission to 757, so that I did like this.
logsディレクトリのパーミッションを757にしたくて、こんな感じのappspec.ymlを書いた。


appspec.yml

version: 0.0
os: linux
files:
  - source: /
    destination: /var/www/html/app
permission: 
  - object: logs
    mode: 757 
	type: 
	  - directory

But it didn't work...
AWS official document says that permission section affects to the resources contained in the object you specified.
しかし動かず、、、
AWSの公式ドキュメントをみると、permissionセクションは指定したobjectに含まれるリソースに影響するみたい。

type – Optional. The types of objects to which to apply the specified permissions. This can be set to file or directory. If file is specified, the permissions are applied only to files that are immediately contained within object after the copy operation (and not to object itself). If directory is specified, the permissions are recursively applied to all directories/folders that are anywhere within object after the copy operation (but not to object itself).

AppSpec 'permissions' Section (EC2/On-Premises Deployments Only) - AWS CodeDeploy


So I made script to execute "chmod" to logs directory, and called it in the "AfterInstall" hook, then of course it worked well.
Also, I think maybe it's ok to use pattern matching which specifies logs directory from higher hierarchy directory(like /).
今回はchmodで権限を変えるスクリプトを書いて、AfterInstallフックで呼び出したところ、上手く動いた。
別のやり方として、おそらくlogsの上の階層のディレクトリをobjectに指定し、パターンマッチでやればできそう。