· 6 years ago · Mar 07, 2019, 04:22 AM
1Parameters:
2 BranchName:
3 Description: GitHub branch name
4 Type: String
5 Default: master
6 RepositoryName:
7 Description: GitHub repository name
8 Type: String
9 Default: test
10 GitHubOwner:
11 Type: String
12 GitHubSecret:
13 Type: String
14 NoEcho: true
15 GitHubOAuthToken:
16 Type: String
17 NoEcho: true
18 ApplicationName:
19 Description: CodeDeploy application name
20 Type: String
21 Default: DemoApplication
22 BetaFleet:
23 Description: Fleet configured in CodeDeploy
24 Type: String
25 Default: DemoFleet
26Resources:
27 CodePipelineArtifactStoreBucket:
28 Type: "AWS::S3::Bucket"
29 CodePipelineArtifactStoreBucketPolicy:
30 Type: "AWS::S3::BucketPolicy"
31 Properties:
32 Bucket: !Ref CodePipelineArtifactStoreBucket
33 PolicyDocument:
34 Version: 2012-10-17
35 Statement:
36 - Sid: DenyUnEncryptedObjectUploads
37 Effect: Deny
38 Principal: "*"
39 Action: "s3:PutObject"
40 Resource: !Join
41 - ""
42 - - !GetAtt
43 - CodePipelineArtifactStoreBucket
44 - Arn
45 - /*
46 Condition:
47 StringNotEquals:
48 "s3:x-amz-server-side-encryption": "aws:kms"
49 - Sid: DenyInsecureConnections
50 Effect: Deny
51 Principal: "*"
52 Action: "s3:*"
53 Resource: !Join
54 - ""
55 - - !GetAtt
56 - CodePipelineArtifactStoreBucket
57 - Arn
58 - /*
59 Condition:
60 Bool:
61 "aws:SecureTransport": false
62 AppPipelineWebhook:
63 Type: "AWS::CodePipeline::Webhook"
64 Properties:
65 Authentication: GITHUB_HMAC
66 AuthenticationConfiguration:
67 SecretToken: !Ref GitHubSecret
68 Filters:
69 - JsonPath: $.ref
70 MatchEquals: "refs/heads/{Branch}"
71 TargetPipeline: !Ref AppPipeline
72 TargetAction: SourceAction
73 Name: AppPipelineWebhook
74 TargetPipelineVersion: !GetAtt
75 - AppPipeline
76 - Version
77 RegisterWithThirdParty: true
78 AppPipeline:
79 Type: "AWS::CodePipeline::Pipeline"
80 Properties:
81 Name: github-events-pipeline
82 RoleArn: !GetAtt
83 - CodePipelineServiceRole
84 - Arn
85 Stages:
86 - Name: Source
87 Actions:
88 - Name: SourceAction
89 ActionTypeId:
90 Category: Source
91 Owner: ThirdParty
92 Version: 1
93 Provider: GitHub
94 OutputArtifacts:
95 - Name: SourceOutput
96 Configuration:
97 Owner: !Ref GitHubOwner
98 Repo: !Ref RepositoryName
99 Branch: !Ref BranchName
100 OAuthToken: !Ref GitHubOAuthToken
101 PollForSourceChanges: false
102 RunOrder: 1
103 - Name: Beta
104 Actions:
105 - Name: BetaAction
106 InputArtifacts:
107 - Name: SourceOutput
108 ActionTypeId:
109 Category: Deploy
110 Owner: AWS
111 Version: 1
112 Provider: CodeDeploy
113 Configuration:
114 ApplicationName: !Ref ApplicationName
115 DeploymentGroupName: !Ref BetaFleet
116 RunOrder: 1
117 ArtifactStore:
118 Type: S3
119 Location: !Ref CodePipelineArtifactStoreBucket
120 CodePipelineServiceRole:
121 Type: "AWS::IAM::Role"
122 Properties:
123 AssumeRolePolicyDocument:
124 Version: 2012-10-17
125 Statement:
126 - Effect: Allow
127 Principal:
128 Service:
129 - codepipeline.amazonaws.com
130 Action: "sts:AssumeRole"
131 Path: /
132 Policies:
133 - PolicyName: AWS-CodePipeline-Service-3
134 PolicyDocument:
135 Version: 2012-10-17
136 Statement:
137 - Effect: Allow
138 Action:
139 - "codecommit:CancelUploadArchive"
140 - "codecommit:GetBranch"
141 - "codecommit:GetCommit"
142 - "codecommit:GetUploadArchiveStatus"
143 - "codecommit:UploadArchive"
144 Resource: "*"
145 - Effect: Allow
146 Action:
147 - "codedeploy:CreateDeployment"
148 - "codedeploy:GetApplicationRevision"
149 - "codedeploy:GetDeployment"
150 - "codedeploy:GetDeploymentConfig"
151 - "codedeploy:RegisterApplicationRevision"
152 Resource: "*"
153 - Effect: Allow
154 Action:
155 - "codebuild:BatchGetBuilds"
156 - "codebuild:StartBuild"
157 Resource: "*"
158 - Effect: Allow
159 Action:
160 - "devicefarm:ListProjects"
161 - "devicefarm:ListDevicePools"
162 - "devicefarm:GetRun"
163 - "devicefarm:GetUpload"
164 - "devicefarm:CreateUpload"
165 - "devicefarm:ScheduleRun"
166 Resource: "*"
167 - Effect: Allow
168 Action:
169 - "lambda:InvokeFunction"
170 - "lambda:ListFunctions"
171 Resource: "*"
172 - Effect: Allow
173 Action:
174 - "iam:PassRole"
175 Resource: "*"
176 - Effect: Allow
177 Action:
178 - "elasticbeanstalk:*"
179 - "ec2:*"
180 - "elasticloadbalancing:*"
181 - "autoscaling:*"
182 - "cloudwatch:*"
183 - "s3:*"
184 - "sns:*"
185 - "cloudformation:*"
186 - "rds:*"
187 - "sqs:*"
188 - "ecs:*"
189 Resource: "*"