Automated Deployment with EC2 and Bitbucket

First, I am going to split this into several parts in order to be able to handle the wordpress editing process.

1. I am going to describe how I bring up an ec2 instance with boto3
2. I describe the oauth process to the bitbuckt REST API and the transfer of a deploy-key
3. Bring it all together and wrap it up

So, to start lets create an EC2 instance:

import boto3

def start_ec2_app():

c = get_client()
res = get_resource()

app_sg = create_app_sg(c, 'app')

keypair = c.create_key_pair(KeyName='app_key')
with open('keys/'+keypair['KeyName']+'.pem','w+') as keyfile:

inst = res.create_instances(
ImageId = AMI,
KeyName = 'app_key',
InstanceType = INSTANCE_TYPE,
SecurityGroups = ['app'],
MinCount = 1,
MaxCount = 1

# let's wait for the instance
runningWaiter = c.get_waiter("instance_running")
runningWaiter.wait(InstanceIds = [inst[0].id])

instances = res.instances.filter(Filters=[{'Name': 'instance-state-name', 'Values': ['running']}])
i = 0
for instance in instances:
tags = [{"Key" : 'instanceName', "Value" : 'app_%s' %i}]
print(instance.public_ip_address+' '+instance.public_dns_name)
Resources = [],
Tags = tags)

allow_ssh(c, 'app')

def allow_ssh(c, name):
sg = c.describe_security_groups(Filters=[{'Name': 'group-name', 'Values': [name]}])
group = sg['SecurityGroups'][0].get('GroupId')
IpProtocol = "tcp",
CidrIp = "",
FromPort = 22,
ToPort = 22,
GroupId = group)

def get_client():
return boto3.client(
region_name = AWS_REGION,
aws_access_key_id = AWS_ACCESS_KEY,
aws_secret_access_key = AWS_SECRET_KEY,

def get_resource():
return boto3.resource(
region_name = AWS_REGION,
aws_access_key_id = AWS_ACCESS_KEY,
aws_secret_access_key = AWS_SECRET_KEY,

def create_app_sg(c, name):
sg = c.describe_security_groups(Filters=[{'Name': 'group-name', 'Values': [name]}])
if not sg['SecurityGroups']:
GroupName = name,
Description = '%s Security Group' %name)


Okay, okay… let’s go slowly:
a) we need a client to work (or at least I prefer a client, you could use a resource with some fiddling), so we create one
b) this client now creates a security group that gets the fabulous name ‘app’
c) we run an instance (a single one in this case)
d) we get the id of the instance so we can
e) wait until the instance is running
f) then we can retrieve the public ip and the dns-name
g) lastly we create a pair of keys and save the private key

So, this is done. Off to bitbucket and oauth next…


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s