-
-
Save sirvict0r/045e8f682f27652ef4faa6f8f7b3dd5f to your computer and use it in GitHub Desktop.
Cloudformation Files for Creating a Serverless CICD Pipeline
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWSTemplateFormatVersion: '2010-09-09' | |
| Description: 'Deployment Stack' | |
| Parameters: | |
| GitHubToken: | |
| NoEcho: true | |
| Type: String | |
| Description: Secret. It might look something like 9b189a1654643522561f7b3ebd44a1531a4287af OAuthToken with access to Repo. Go to https://github.com/settings/tokens" | |
| GitHubOwner: | |
| Type: String | |
| Description: GitHub UserName | |
| Repo: | |
| Type: String | |
| Description: GitHub Repo to pull from. Only the Name. not the URL | |
| Branch: | |
| Type: String | |
| Description: Branch to use from Repo. Only the Name. not the URL | |
| Default: master | |
| Project: | |
| Type: String | |
| Description: Project being built | |
| BetaTestLink: | |
| Type: String | |
| Description: Link to test beta site | |
| StageTestLink: | |
| Type: String | |
| Description: Link to test stage site | |
| ProdTestLink: | |
| Type: String | |
| Description: Link to test prod site | |
| StageMessage: | |
| Type: String | |
| Description: Message to stage tester | |
| Default: Please verify and approve | |
| ProdMessage: | |
| Type: String | |
| Description: Message to prod tester | |
| Default: Please verify and approve | |
| AWSAccessKeyID: | |
| Type: String | |
| Description: AWS Access Key Id | |
| AWSSecretAccessKey: | |
| Type: String | |
| Description: AWS Secret Access Key Id | |
| TemplateBucket: | |
| Type: String | |
| Description: Bucket holding templates | |
| Resources: | |
| BuildRole: | |
| Type: 'AWS::IAM::Role' | |
| Properties: | |
| AssumeRolePolicyDocument: | |
| Version: '2012-10-17' | |
| Statement: | |
| - Effect: Allow | |
| Principal: | |
| Service: | |
| - codepipeline.amazonaws.com | |
| - codebuild.amazonaws.com | |
| - lambda.amazonaws.com | |
| Action: | |
| - 'sts:AssumeRole' | |
| Policies: | |
| - PolicyName: DeployPolicy | |
| PolicyDocument: | |
| Version: '2012-10-17' | |
| Statement: | |
| - Effect: Allow | |
| Action: | |
| - 's3:GetObject' | |
| - 's3:GetObjectVersion' | |
| - 's3:GetBucketVersioning' | |
| Resource: '*' | |
| - Effect: Allow | |
| Action: | |
| - 'codecommit:CancelUploadArchive' | |
| - 'codecommit:GetBranch' | |
| - 'codecommit:GetCommit' | |
| - 'codecommit:GetUploadArchiveStatus' | |
| - 'codecommit:UploadArchive' | |
| Resource: '*' | |
| - Effect: Allow | |
| Action: | |
| - 'cloudwatch:*' | |
| - 's3:*' | |
| - 'sns:*' | |
| - 'cloudformation:*' | |
| - 'sqs:*' | |
| - 'iam:PassRole' | |
| - 'logs:*' | |
| Resource: '*' | |
| - Effect: Allow | |
| Action: | |
| - 'cloudformation:CreateStack' | |
| - 'cloudformation:DeleteStack' | |
| - 'cloudformation:DescribeStacks' | |
| - 'cloudformation:UpdateStack' | |
| - 'cloudformation:CreateChangeSet' | |
| - 'cloudformation:DeleteChangeSet' | |
| - 'cloudformation:DescribeChangeSet' | |
| - 'cloudformation:ExecuteChangeSet' | |
| - 'cloudformation:SetStackPolicy' | |
| - 'cloudformation:ValidateTemplate' | |
| - 'iam:PassRole' | |
| Resource: '*' | |
| - Effect: Allow | |
| Action: | |
| - 'codebuild:BatchGetBuilds' | |
| - 'codebuild:StartBuild' | |
| Resource: '*' | |
| - Effect: Allow | |
| Action: | |
| - 'lambda:*' | |
| Resource: '*' | |
| - Effect: Allow | |
| Action: | |
| - "codepipeline:PutJobSuccessResult" | |
| - "codepipeline:PutJobFailureResult" | |
| Resource: '*' | |
| BuildArtifactsBucket: | |
| Type: "AWS::S3::Bucket" | |
| BuildApprovalSNS: | |
| Type: "AWS::SNS::Topic" | |
| BuildPipeLine: | |
| Type: "AWS::CodePipeline::Pipeline" | |
| Properties: | |
| ArtifactStore: | |
| Location: !Ref BuildArtifactsBucket | |
| Type: S3 | |
| RoleArn: !GetAtt BuildRole.Arn | |
| Stages: | |
| - Name: Source | |
| Actions: | |
| - Name: GetSource | |
| ActionTypeId: | |
| Category: Source | |
| Owner: ThirdParty | |
| Provider: GitHub | |
| Version: 1 | |
| OutputArtifacts: | |
| - Name: SourceOutput | |
| Configuration: | |
| Owner: !Ref GitHubOwner | |
| Repo: !Ref Repo | |
| Branch: !Ref Branch | |
| OAuthToken: !Ref GitHubToken | |
| RunOrder: 1 | |
| - Name: Build-Beta | |
| Actions: | |
| - Name: Build | |
| ActionTypeId: | |
| Category: Build | |
| Owner: AWS | |
| Provider: "CodeBuild" | |
| Version: 1 | |
| InputArtifacts: | |
| - Name: SourceOutput | |
| OutputArtifacts: | |
| - Name: BetaBuiltOutput | |
| Configuration: | |
| ProjectName: !GetAtt BetaBuildProject.Outputs.BuildProjectName | |
| RunOrder: 1 | |
| - Name: Build-Stage | |
| Actions: | |
| - Name: Approval | |
| ActionTypeId: | |
| Category: Approval | |
| Owner: AWS | |
| Provider: "Manual" | |
| Version: 1 | |
| Configuration: | |
| NotificationArn: !Ref BuildApprovalSNS | |
| ExternalEntityLink: !Ref BetaTestLink | |
| CustomData: !Ref StageMessage | |
| RunOrder: 1 | |
| - Name: Build | |
| ActionTypeId: | |
| Category: Build | |
| Owner: AWS | |
| Provider: "CodeBuild" | |
| Version: 1 | |
| InputArtifacts: | |
| - Name: SourceOutput | |
| OutputArtifacts: | |
| - Name: StageBuiltOutput | |
| Configuration: | |
| ProjectName: !GetAtt StageBuildProject.Outputs.BuildProjectName | |
| RunOrder: 2 | |
| - Name: Build-Prod | |
| Actions: | |
| - Name: Approval | |
| ActionTypeId: | |
| Category: Approval | |
| Owner: AWS | |
| Provider: "Manual" | |
| Version: 1 | |
| Configuration: | |
| NotificationArn: !Ref BuildApprovalSNS | |
| ExternalEntityLink: !Ref StageTestLink | |
| CustomData: !Ref ProdMessage | |
| RunOrder: 1 | |
| - Name: Build | |
| ActionTypeId: | |
| Category: Build | |
| Owner: AWS | |
| Provider: "CodeBuild" | |
| Version: 1 | |
| InputArtifacts: | |
| - Name: SourceOutput | |
| OutputArtifacts: | |
| - Name: ProdBuiltOutput | |
| Configuration: | |
| ProjectName: !GetAtt ProdBuildProject.Outputs.BuildProjectName | |
| RunOrder: 2 | |
| BetaBuildProject: | |
| Type: "AWS::CloudFormation::Stack" | |
| Properties: | |
| TemplateURL: !Join ["/", ["https://s3.amazonaws.com", !Ref TemplateBucket, "nested-api-build.yml"]] | |
| Parameters: | |
| Project: !Ref Project | |
| Environment: beta | |
| Role: !Ref BuildRole | |
| AWSAccessKeyID: !Ref AWSAccessKeyID | |
| AWSSecretAccessKey: !Ref AWSSecretAccessKey | |
| StageBuildProject: | |
| Type: "AWS::CloudFormation::Stack" | |
| Properties: | |
| TemplateURL: !Join ["/", ["https://s3.amazonaws.com", !Ref TemplateBucket, "nested-api-build.yml"]] | |
| Parameters: | |
| Project: !Ref Project | |
| Environment: stage | |
| Role: !Ref BuildRole | |
| AWSAccessKeyID: !Ref AWSAccessKeyID | |
| AWSSecretAccessKey: !Ref AWSSecretAccessKey | |
| ProdBuildProject: | |
| Type: "AWS::CloudFormation::Stack" | |
| Properties: | |
| TemplateURL: !Join ["/", ["https://s3.amazonaws.com", !Ref TemplateBucket, "nested-api-build.yml"]] | |
| Parameters: | |
| Project: !Ref Project | |
| Environment: prod | |
| Role: !Ref BuildRole | |
| AWSAccessKeyID: !Ref AWSAccessKeyID | |
| AWSSecretAccessKey: !Ref AWSSecretAccessKey |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWSTemplateFormatVersion: '2010-09-09' | |
| Description: 'API Build Project' | |
| Parameters: | |
| Project: | |
| Type: String | |
| Description: Project being built | |
| Environment: | |
| Type: String | |
| Description: Environment being deployed | |
| Role: | |
| Type: String | |
| Description: IAM Role | |
| AWSAccessKeyID: | |
| Type: String | |
| Description: Access Key ID | |
| AWSSecretAccessKey: | |
| Type: String | |
| Description: Secret Access Key | |
| Resources: | |
| BuildProject: | |
| Type: "AWS::CodeBuild::Project" | |
| Properties: | |
| Name: !Join [ -, [ !Ref Project, BuildProject, !Ref Environment ] ] | |
| Description: !Join [ " ", [ "API build project for",!Ref Project ] ] | |
| Source: | |
| Type: CODEPIPELINE | |
| Artifacts: | |
| Type: CODEPIPELINE | |
| Environment: | |
| ComputeType: BUILD_GENERAL1_SMALL | |
| Image: 'aws/codebuild/nodejs:6.3.1' | |
| Type: LINUX_CONTAINER | |
| EnvironmentVariables: | |
| - Name: BUILD_ENV | |
| Value: !Ref Environment | |
| - Name: AWS_ACCESS_KEY_ID | |
| Value: !Ref AWSAccessKeyID | |
| - Name: AWS_SECRET_ACCESS_KEY | |
| Value: !Ref AWSSecretAccessKey | |
| ServiceRole: !Ref Role | |
| Outputs: | |
| BuildProjectName: | |
| Description: Name of the build project | |
| Value: !Ref BuildProject |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment