Skip to content
This repository was archived by the owner on Nov 4, 2022. It is now read-only.

Commit 786ed0c

Browse files
ferdinglerferdingler
committed
Added all static assets
1 parent 8f724d6 commit 786ed0c

File tree

128 files changed

+621
-0
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

128 files changed

+621
-0
lines changed

workshop/static/assets/pipeline.yaml

Lines changed: 327 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,327 @@
1+
AWSTemplateFormatVersion: '2010-09-09'
2+
Description: >-
3+
Pipeline for a Serverless SAM application
4+
5+
Metadata:
6+
AWS::CloudFormation::Interface:
7+
ParameterGroups:
8+
-
9+
Label:
10+
default: "Source Code Configuration"
11+
Parameters:
12+
- SourceCodeProvider
13+
- CodeCommitRepoName
14+
- CodeCommitBranch
15+
-
16+
Label:
17+
default: "Build Configuration"
18+
Parameters:
19+
- ComputeType
20+
- EnvironmentType
21+
-
22+
Label:
23+
default: "Deploy Configuration"
24+
Parameters:
25+
- DeployStackName
26+
- DeployParameterOverrides
27+
28+
Outputs:
29+
ArtifactsBucketArn:
30+
Value: !GetAtt Artifacts.Arn
31+
ArtifactsBucketName:
32+
Value: !Ref Artifacts
33+
PipelineName:
34+
Value: !Ref Pipeline
35+
PipelineVersion:
36+
Value: !GetAtt Pipeline.Version
37+
38+
Parameters:
39+
ComputeType:
40+
AllowedValues:
41+
- BUILD_GENERAL1_SMALL
42+
- BUILD_GENERAL1_MEDIUM
43+
- BUILD_GENERAL1_LARGE
44+
Default: BUILD_GENERAL1_SMALL
45+
Description: AWS CodeBuild project compute type.
46+
Type: String
47+
EnvironmentType:
48+
AllowedValues:
49+
- LINUX_CONTAINER
50+
- WINDOWS_CONTAINER
51+
Default: LINUX_CONTAINER
52+
Description: Environment type used by AWS CodeBuild. See the documentation for details (https://docs.aws.amazon.com/codebuild/latest/userguide/create-project.html#create-project-cli).
53+
Type: String
54+
SourceCodeProvider:
55+
Type: String
56+
Description: Location of your source code repository
57+
Default: CodeCommit
58+
AllowedValues:
59+
- CodeCommit
60+
CodeCommitRepoName:
61+
Type: String
62+
Description: CodeCommit repository name, only specify if you chose CodeCommit in SourceCodeProvider
63+
Default: 'sam-app'
64+
CodeCommitBranch:
65+
Type: String
66+
Description: CodeCommit repository branch name, only specify if you chose CodeCommit in SourceCodeProvider.
67+
Default: master
68+
DeployParameterOverrides:
69+
Description: Parameter overrides for the deploy stage
70+
Type: String
71+
Default: '{}'
72+
DeployStackName:
73+
Description: The stack name for the deploy stage
74+
Type: String
75+
Default: 'sam-app'
76+
77+
Conditions:
78+
UseCodeCommit:
79+
!Equals [!Ref SourceCodeProvider, 'CodeCommit']
80+
81+
Rules:
82+
ValidateCodeCommit:
83+
RuleCondition: !Equals [!Ref SourceCodeProvider, 'CodeCommit']
84+
Assertions:
85+
- Assert: !Not [!Equals [!Ref CodeCommitRepoName, '']]
86+
AssertDescription: "CodeCommitRepoName must be specified when SourceCodeProvider is CodeCommit"
87+
- Assert: !Not [!Equals [!Ref CodeCommitBranch, '']]
88+
AssertDescription: "CodeCommitBranch must be specified when SourceCodeProvider is CodeCommit"
89+
90+
Resources:
91+
Artifacts:
92+
Type: AWS::S3::Bucket
93+
Properties:
94+
LifecycleConfiguration:
95+
Rules:
96+
- ExpirationInDays: 30
97+
Status: Enabled
98+
99+
Pipeline:
100+
Type: AWS::CodePipeline::Pipeline
101+
Properties:
102+
ArtifactStore:
103+
Location: !Ref Artifacts
104+
Type: S3
105+
RoleArn: !GetAtt PipelineRole.Arn
106+
Stages:
107+
- Name: Source
108+
Actions:
109+
- !If
110+
- UseCodeCommit
111+
- Name: CodeCommitSource
112+
ActionTypeId:
113+
Category: Source
114+
Owner: AWS
115+
Provider: CodeCommit
116+
Version: "1"
117+
Configuration:
118+
RepositoryName: !Ref CodeCommitRepoName
119+
BranchName: !Ref CodeCommitBranch
120+
OutputArtifacts:
121+
- Name: SourceArtifact
122+
- !Ref AWS::NoValue
123+
124+
- Name: Build
125+
Actions:
126+
- Name: Build
127+
ActionTypeId:
128+
Category: Build
129+
Owner: AWS
130+
Provider: CodeBuild
131+
Version: "1"
132+
Configuration:
133+
ProjectName: !Ref BuildProject
134+
InputArtifacts:
135+
- Name: SourceArtifact
136+
OutputArtifacts:
137+
- Name: BuildArtifact
138+
139+
- Name: Dev
140+
Actions:
141+
- Name: CreateChangeSet
142+
ActionTypeId:
143+
Category: Deploy
144+
Owner: AWS
145+
Provider: CloudFormation
146+
Version: '1'
147+
InputArtifacts:
148+
- Name: BuildArtifact
149+
Configuration:
150+
ActionMode: CHANGE_SET_REPLACE
151+
Capabilities: CAPABILITY_IAM,CAPABILITY_AUTO_EXPAND
152+
ParameterOverrides: !Ref DeployParameterOverrides
153+
RoleArn: !GetAtt DeploymentRole.Arn
154+
StackName: !Ref DeployStackName
155+
TemplatePath: "BuildArtifact::packaged.yaml"
156+
ChangeSetName: !Sub a-${DeployStackName}-Deploy
157+
RunOrder: 1
158+
- Name: ExecuteChangeSet
159+
ActionTypeId:
160+
Category: Deploy
161+
Owner: AWS
162+
Provider: CloudFormation
163+
Version: '1'
164+
Configuration:
165+
ActionMode: CHANGE_SET_EXECUTE
166+
StackName: !Ref DeployStackName
167+
ChangeSetName: !Sub a-${DeployStackName}-Deploy
168+
RunOrder: 2
169+
PipelineRole:
170+
Type: AWS::IAM::Role
171+
Properties:
172+
Description: !Sub "Used by CodePipeline. Created by CloudFormation ${AWS::StackId}"
173+
AssumeRolePolicyDocument:
174+
Version: "2012-10-17"
175+
Statement:
176+
- Effect: Allow
177+
Principal:
178+
Service:
179+
- "codepipeline.amazonaws.com"
180+
Action:
181+
- "sts:AssumeRole"
182+
Policies:
183+
- PolicyName: s3-access
184+
PolicyDocument:
185+
Version: "2012-10-17"
186+
Statement:
187+
- Effect: Allow
188+
Action:
189+
- "s3:DeleteObject"
190+
- "s3:GetObject"
191+
- "s3:GetObjectVersion"
192+
- "s3:PutObject"
193+
Resource:
194+
- !Sub arn:${AWS::Partition}:s3:::${Artifacts}/*
195+
- Effect: Allow
196+
Action:
197+
- "s3:ListBucket"
198+
- "s3:GetBucketPolicy"
199+
Resource:
200+
- !Sub arn:${AWS::Partition}:s3:::${Artifacts}
201+
- PolicyName: codebuild-access
202+
PolicyDocument:
203+
Version: "2012-10-17"
204+
Statement:
205+
- Effect: Allow
206+
Action:
207+
- "codebuild:StartBuild"
208+
- "codebuild:BatchGetBuilds"
209+
Resource:
210+
- !GetAtt BuildProject.Arn
211+
212+
- PolicyName: deploy-cloudformation-access
213+
PolicyDocument:
214+
Version: "2012-10-17"
215+
Statement:
216+
- Effect: Allow
217+
Action:
218+
- "cloudformation:DescribeStacks"
219+
- "cloudformation:CreateChangeSet"
220+
- "cloudformation:ExecuteChangeSet"
221+
- "cloudformation:DescribeChangeSet"
222+
- "cloudformation:DeleteChangeSet"
223+
Resource:
224+
- !Sub arn:${AWS::Partition}:cloudformation:${AWS::Region}:${AWS::AccountId}:stack/${DeployStackName}/*
225+
226+
- PolicyName: deploy-iam-access
227+
PolicyDocument:
228+
Version: "2012-10-17"
229+
Statement:
230+
- Effect: Allow
231+
Action:
232+
- "iam:PassRole"
233+
Resource:
234+
- !GetAtt DeploymentRole.Arn
235+
236+
- !If
237+
- UseCodeCommit
238+
- PolicyName: codecommit-access
239+
PolicyDocument:
240+
Version: "2012-10-17"
241+
Statement:
242+
- Effect: Allow
243+
Action:
244+
- "codecommit:ListBranches"
245+
- "codecommit:GetBranch"
246+
- "codecommit:GetCommit"
247+
- "codecommit:GetUploadArchiveStatus"
248+
- "codecommit:GitPull"
249+
- "codecommit:UploadArchive"
250+
- "codecommit:CancelUploadArchive"
251+
Resource:
252+
- !Sub arn:${AWS::Partition}:codecommit:${AWS::Region}:${AWS::AccountId}:${CodeCommitRepoName}
253+
- !Ref AWS::NoValue
254+
BuildProject:
255+
Type: AWS::CodeBuild::Project
256+
Properties:
257+
ServiceRole: !GetAtt BuildProjectRole.Arn
258+
Source:
259+
Type: CODEPIPELINE
260+
Artifacts:
261+
Type: CODEPIPELINE
262+
Environment:
263+
ComputeType: !Ref ComputeType
264+
Image: 'aws/codebuild/amazonlinux2-x86_64-standard:1.0'
265+
Type: !Ref EnvironmentType
266+
EnvironmentVariables:
267+
- Name: PACKAGE_BUCKET
268+
Value: !Ref Artifacts
269+
270+
CodeBuildPolicy:
271+
Type: AWS::IAM::Policy
272+
Properties:
273+
PolicyName: !Sub codebuild-access-${AWS::StackName}
274+
Roles:
275+
- !Ref BuildProjectRole
276+
PolicyDocument:
277+
Version: '2012-10-17'
278+
Statement:
279+
- Action:
280+
- logs:CreateLogGroup
281+
- logs:CreateLogStream
282+
- logs:PutLogEvents
283+
Effect: Allow
284+
Resource:
285+
- !Sub arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/*
286+
- Action:
287+
- s3:PutObject
288+
- s3:GetObject
289+
- s3:GetObjectVersion
290+
Effect: Allow
291+
Resource:
292+
- !Sub arn:${AWS::Partition}:s3:::${Artifacts}/*
293+
- Action:
294+
- s3:ListBucket
295+
Effect: Allow
296+
Resource:
297+
- !Sub arn:${AWS::Partition}:s3:::${Artifacts}
298+
BuildProjectRole:
299+
Type: AWS::IAM::Role
300+
Properties:
301+
Description: !Sub "Used in CodeBuild project. Created by stack ${AWS::StackId}"
302+
AssumeRolePolicyDocument:
303+
Statement:
304+
- Action:
305+
- sts:AssumeRole
306+
Effect: Allow
307+
Principal:
308+
Service:
309+
- codebuild.amazonaws.com
310+
Version: '2012-10-17'
311+
Path: /service-role/
312+
313+
DeploymentRole:
314+
Type: AWS::IAM::Role
315+
Properties:
316+
Description: !Sub "Used by CloudFormation. Created by stack ${AWS::StackId}"
317+
AssumeRolePolicyDocument:
318+
Version: "2012-10-17"
319+
Statement:
320+
- Effect: Allow
321+
Principal:
322+
Service:
323+
- "cloudformation.amazonaws.com"
324+
Action:
325+
- "sts:AssumeRole"
326+
ManagedPolicyArns:
327+
- arn:aws:iam::aws:policy/AdministratorAccess

0 commit comments

Comments
 (0)