forked from krishnan-mani/the-cf-workshop
-
Notifications
You must be signed in to change notification settings - Fork 0
/
pipeline.yaml
131 lines (122 loc) · 3.88 KB
/
pipeline.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
AWSTemplateFormatVersion: "2010-09-09"
Description: >
Creates a pipeline to deploy stack in CloudFormation off specified branch
Parameters:
RepositoryName:
Description: The repository on Github to deploy from
Type: String
RepositoryOwner:
Description: Account or organisation that owns the repository on Github
Type: String
GithubAccessToken:
Description: Personal access token generated for Github
Type: String
BranchName:
Description: The branch in version control to retrieve changes from
Type: String
Default: develop
ApplicationName:
Description: >
The name of the application. This will be used as part of the name of the stack, as well as the name of the pipeline
Type: String
Default: webapp
Resources:
ArtifactStoreBucket:
Type: AWS::S3::Bucket
DeletionPolicy: Retain
Properties:
VersioningConfiguration:
Status: Enabled
Pipeline:
Type: AWS::CodePipeline::Pipeline
Properties:
ArtifactStore:
Location: !Ref 'ArtifactStoreBucket'
Type: S3
DisableInboundStageTransitions: []
Name: !Sub "${ApplicationName}-${BranchName}"
RoleArn: !GetAtt [PipelineRole, Arn]
Stages:
- Name: Source
Actions:
- Name: Github
ActionTypeId:
Category: Source
Owner: ThirdParty
Provider: GitHub
Version: 1
Configuration:
Repo: !Ref RepositoryName
Branch: !Ref BranchName
Owner: !Ref RepositoryOwner
OAuthToken: !Ref GithubAccessToken
OutputArtifacts:
- Name: TemplateSource
- Name: Stack
Actions:
- Name: CreateOrUpdateStack
ActionTypeId:
Category: Deploy
Owner: AWS
Provider: CloudFormation
Version: 1
InputArtifacts:
- Name: TemplateSource
Configuration:
ActionMode: REPLACE_ON_FAILURE
RoleArn: !Sub ${CFNRole.Arn}
StackName: !Sub "${ApplicationName}-${BranchName}"
TemplatePath: "TemplateSource::templates/template.yaml"
CFNRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: ['sts:AssumeRole']
Effect: Allow
Principal:
Service: [cloudformation.amazonaws.com]
Version: '2012-10-17'
Path: /
Policies:
- PolicyName: CloudFormationRole
PolicyDocument:
Version: '2012-10-17'
Statement:
- Action:
- 'ec2:*'
- 'elasticloadbalancing:*'
- 'autoscaling:*'
Effect: Allow
Resource: '*'
PipelineRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: ['sts:AssumeRole']
Effect: Allow
Principal:
Service: [codepipeline.amazonaws.com]
Version: '2012-10-17'
Path: /
Policies:
- PolicyName: CodePipelineAccess
PolicyDocument:
Version: '2012-10-17'
Statement:
- Action:
- 's3:*'
- 'cloudformation:CreateStack'
- 'cloudformation:DescribeStacks'
- 'cloudformation:DeleteStack'
- 'cloudformation:UpdateStack'
- 'cloudformation:CreateChangeSet'
- 'cloudformation:ExecuteChangeSet'
- 'cloudformation:DeleteChangeSet'
- 'cloudformation:DescribeChangeSet'
- 'cloudformation:SetStackPolicy'
- 'iam:PassRole'
- 'sns:Publish'
Effect: Allow
Resource: '*'