· 6 years ago · Jul 13, 2019, 01:42 AM
1AWSTemplateFormatVersion: 2010-09-09
2
3Parameters:
4
5 AppName:
6 Description: Name of App
7 Type: String
8
9 EnvName:
10 Description: Name of environment
11 Type: String
12
13 OauthToken:
14 Description: Oauth token for github
15 Type: String
16
17Resources:
18
19 CodePipelineRole:
20 Type: AWS::IAM::Role
21 Properties:
22 AssumeRolePolicyDocument:
23 Statement:
24 - Action: ['sts:AssumeRole']
25 Effect: Allow
26 Principal:
27 Service: [codepipeline.amazonaws.com]
28 Version: '2012-10-17'
29 Path: /
30 Policies:
31 - PolicyName: CodePipelineS3WriteAccess
32 PolicyDocument:
33 Version: '2012-10-17'
34 Statement:
35 - Action:
36 - 's3:PutObject'
37 Effect: Allow
38 Resource:
39 - 'arn:aws:s3:::codepipeline*'
40 - 'arn:aws:s3:::elasticbeanstalk*'
41 - PolicyName: CodePipelineGeneralAccess
42 PolicyDocument:
43 Version: '2012-10-17'
44 Statement:
45 - Action:
46 - 's3:GetObject'
47 - 's3:GetObjectVersion'
48 - 's3:GetBucketVersioning'
49 - 'elasticbeanstalk:*'
50 - 'ec2:*'
51 - 'elasticloadbalancing:*'
52 - 'autoscaling:*'
53 - 'cloudwatch:*'
54 - 's3:*'
55 - 'cloudformation:*'
56 - 'rds:*'
57 - 'ecs:*'
58 - 'iam:PassRole'
59 - 'lambda:InvokeFunction'
60 - 'lambda:ListFunctions'
61 - 'opsworks:CreateDeployment'
62 - 'opsworks:DescribeApps'
63 - 'opsworks:DescribeCommands'
64 - 'opsworks:DescribeDeployments'
65 - 'opsworks:DescribeInstances'
66 - 'opsworks:DescribeStacks'
67 - 'opsworks:UpdateApp'
68 - 'opsworks:UpdateStack'
69 - 'cloudformation:CreateStack'
70 - 'cloudformation:DeleteStack'
71 - 'cloudformation:DescribeStacks'
72 - 'cloudformation:UpdateStack'
73 - 'cloudformation:CreateChangeSet'
74 - 'cloudformation:DeleteChangeSet'
75 - 'cloudformation:DescribeChangeSet'
76 - 'cloudformation:ExecuteChangeSet'
77 - 'cloudformation:SetStackPolicy'
78 - 'cloudformation:ValidateTemplate'
79 - 'iam:PassRole'
80 - 'codebuild:BatchGetBuilds'
81 - 'codebuild:StartBuild'
82 - 'logs:CreateLogGroup'
83 - 'logs:CreateLogStream'
84 - 'logs:PutLogEvents'
85 - 'logs:DescribeLogStreams'
86 - 'logs:PutRetentionPolicy'
87 - 'ecr:BatchCheckLayerAvailability'
88 - 'ecr:CompleteLayerUpload'
89 - 'ecr:GetAuthorizationToken'
90 - 'ecr:InitiateLayerUpload'
91 - 'ecr:PutImage'
92 - 'ecr:UploadLayerPart'
93 Effect: Allow
94 Resource: '*'
95
96 S3Bucket:
97 Type: "AWS::S3::Bucket"
98 Properties:
99 AccessControl: Private
100 BucketName: !Sub ${AppName}-${EnvName}-codepipeline
101 LifecycleConfiguration:
102 Rules:
103 - ExpirationInDays: 90
104 Status: Enabled
105
106 Pipeline:
107 Type: "AWS::CodePipeline::Pipeline"
108 Properties:
109 Name: !Sub ${AppName}-${EnvName}-pipeline
110 RoleArn:
111 !Join
112 - ''
113 - - !Sub 'arn:aws:iam::${AWS::AccountId}:role/'
114 - !Ref CodePipelineRole
115 ArtifactStore:
116 Type: S3
117 Location: !Sub ${AppName}-${EnvName}-codepipeline
118 Stages:
119 - Name: Source
120 Actions:
121 - Name: GitHubRepo
122 ActionTypeId:
123 Category: Source
124 Owner: ThirdParty
125 Version: '1'
126 Provider: GitHub
127 OutputArtifacts:
128 - Name: !Sub ${AppName}${EnvName}Source
129 Configuration:
130 Owner: wuntu-three
131 Repo: !Sub ${AppName}
132 PollForSourceChanges: false
133 Branch: master
134 OAuthToken: !Sub ${OauthToken}
135 RunOrder: 1
136
137 - Name: Build
138 Actions:
139 - Name: Codebuild
140 ActionTypeId:
141 Category: Build
142 Owner: AWS
143 Version: '1'
144 Provider: CodeBuild
145 InputArtifacts:
146 - Name: !Sub ${AppName}${EnvName}Source
147 OutputArtifacts:
148 - Name: !Sub ${AppName}-${EnvName}-build
149 Configuration:
150 ProjectName: !Sub ${AppName}-${EnvName}
151 RunOrder: 1
152
153 - Name: Deploy
154 Actions:
155 - Name: !Sub ${AppName}-${EnvName}-build
156 ActionTypeId:
157 Category: Deploy
158 Owner: AWS
159 Version: '1'
160 Provider: ElasticBeanstalk
161 InputArtifacts:
162 - Name: !Sub ${AppName}-${EnvName}-build
163 OutputArtifacts: []
164 Configuration:
165 ApplicationName: !Sub ${AppName}-${EnvName}
166 EnvironmentName: !Sub ${AppName}-${EnvName}
167 RunOrder: 1