· 4 years ago · Nov 04, 2020, 02:56 PM
1AWSTemplateFormatVersion: 2010-09-09
2Description: Creative813 Wordpress websites
3Parameters:
4 ApplicationName:
5 Type: String
6 Description: App name
7 EC2InstanceName:
8 Default:
9 Type: String
10 Description: Name of the target EC2 instance (Value for the Name tag). It will be used to select an instance for deployment
11 Repository:
12 Description: Name of the repository
13 Type: String
14 RepositoryOwner:
15 Default:
16 Description: Repository owner
17 Type: String
18 RepositoryTokenSecret:
19 Default:
20 Description: Secret name for git authentication. Should be created manually beforehand
21 Type: String
22 RepositoryTokenSecretKey:
23 Default:
24 Description: Secret's key for git authentication
25 Type: String
26 TargetBranch:
27 Default: master
28 Description: git source branch
29 Type: String
30
31Resources:
32 application:
33 Type: AWS::CodeDeploy::Application
34 Properties:
35 ApplicationName: !Sub ${ApplicationName}
36 ComputePlatform: Server
37 pipelineRole:
38 Type: AWS::IAM::Role
39 Properties:
40 AssumeRolePolicyDocument:
41 Statement:
42 - Action: sts:AssumeRole
43 Effect: Allow
44 Principal:
45 Service: codepipeline.amazonaws.com
46 Version: "2012-10-17"
47 applicationDeploymentGroup:
48 Type: AWS::CodeDeploy::DeploymentGroup
49 Properties:
50 ApplicationName: !Ref application
51 DeploymentConfigName: CodeDeployDefault.OneAtATime
52 DeploymentStyle:
53 DeploymentType: IN_PLACE
54 DeploymentOption: WITHOUT_TRAFFIC_CONTROL
55 Ec2TagFilters:
56 - Key: Name
57 Type: KEY_AND_VALUE
58 Value: !Ref EC2InstanceName
59 ServiceRoleArn: !Sub arn:aws:iam::${AWS::AccountId}:role/AWSUserRoleForEC2
60 pipelineRoleDefaultPolicy:
61 Type: AWS::IAM::Policy
62 Properties:
63 PolicyDocument:
64 Statement:
65 - Action:
66 - iam:PassRole
67 Resource: "*"
68 Effect: Allow
69 Condition:
70 StringEqualsIfExists:
71 iam:PassedToService:
72 - cloudformation.amazonaws.com
73 - elasticbeanstalk.amazonaws.com
74 - ec2.amazonaws.com
75 - ecs-tasks.amazonaws.com
76 - Action:
77 - codedeploy:CreateDeployment
78 - codedeploy:GetApplication
79 - codedeploy:GetApplicationRevision
80 - codedeploy:GetDeployment
81 - codedeploy:GetDeploymentConfig
82 - codedeploy:RegisterApplicationRevision
83 Resource: "*"
84 Effect: Allow
85 - Action:
86 - ec2:*
87 - cloudwatch:*
88 - s3:*
89 Resource: "*"
90 Effect: Allow
91 Version: '2012-10-17'
92 PolicyName: pipelineRoleDefaultPolicy
93 Roles:
94 - !Ref pipelineRole
95 pipelineResource:
96 Type: AWS::CodePipeline::Pipeline
97 Properties:
98 RoleArn: !GetAtt pipelineRole.Arn
99 Stages:
100 - Name: Source
101 Actions:
102 - ActionTypeId:
103 Category: Source
104 Owner: ThirdParty
105 Provider: GitHub ## update with required git source
106 Version: "1"
107 Configuration:
108 Owner: !Ref RepositoryOwner
109 Repo: !Ref Repository
110 Branch: !Ref TargetBranch
111 OAuthToken: !Join ["", ["{{resolve:secretsmanager:", !Ref RepositoryTokenSecret, ":SecretString:", !Ref RepositoryTokenSecretKey, "::}}"]]
112 PollForSourceChanges: false
113 Name: GitHubSource
114 OutputArtifacts:
115 - Name: SourceArtifact
116 RunOrder: 1
117 - Name: Deploy
118 Actions:
119 - InputArtifacts:
120 - Name: SourceArtifact
121 Name: Deploy
122 Region: !Ref "AWS::Region"
123 ActionTypeId:
124 Category: Deploy
125 Owner: AWS
126 Version: '1'
127 Provider: CodeDeploy
128 Configuration:
129 ApplicationName: !Ref application
130 DeploymentGroupName: !Ref applicationDeploymentGroup
131 RunOrder: 1
132 ArtifactStore:
133 Location: !Ref pipelineArtifactsBucket
134 Type: S3
135 Name: !Sub ${ApplicationName}-pipeline
136 RestartExecutionOnUpdate: false
137 pipelineArtifactsBucket:
138 Type: AWS::S3::Bucket
139 Properties:
140 AccessControl: BucketOwnerFullControl
141 BucketEncryption:
142 ServerSideEncryptionConfiguration:
143 - ServerSideEncryptionByDefault:
144 SSEAlgorithm: AES256
145 BucketName: !Sub ${ApplicationName}-artifact-store
146 PublicAccessBlockConfiguration:
147 BlockPublicAcls: true
148 BlockPublicPolicy: true
149 IgnorePublicAcls: true
150 RestrictPublicBuckets: true