create repo

Author: davetownsend

.eslintrc.json

@@ -0,0 +1,11 @@
+{
+  "extends": ["eslint:recommended"],
+  "parserOptions": {
+    "ecmaVersion": 2018,
+    "sourceType": "module"
+  },
+  "env": {
+    "es6": true,
+    "node": true
+  }
+}

.prettierrc.yml

@@ -0,0 +1,2 @@
+singleQuote: true
+printWidth: 120

app/.gitignore

@@ -0,0 +1,9 @@
+# package directories
+node_modules
+jspm_packages
+
+# Serverless directories
+.serverless
+
+# ignornig this beause account details are written for CodeArtifact
+package-lock.json

app/handler.js

@@ -0,0 +1,11 @@
+module.exports.hello = async event => {
+  return {
+    statusCode: 200,
+    body: JSON.stringify(
+      {
+        message: 'Your function executed successfully',
+        input: event,
+      },
+    ),
+  };
+};

app/package.json

@@ -0,0 +1,15 @@
+{
+  "name": "app",
+  "version": "1.0.0",
+  "description": "",
+  "main": "handler.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "devDependencies": {
+    "serverless": "^2.7.0"
+  }
+}

app/serverless.yml

@@ -0,0 +1,11 @@
+service: myapp
+
+provider:
+  name: aws
+  runtime: nodejs12.x
+  stage: ${opt:stage}
+  region: us-west-2
+
+functions:
+  hello:
+    handler: handler.hello

buildspec.yml

@@ -0,0 +1,26 @@
+version: 0.2
+
+phases:
+  install:
+    runtime-versions:
+      nodejs: 12
+  pre_build:
+    commands:
+      - yum install epel-release -y
+      - yum install jq -y
+      - param_name=/myapp/$STAGE/deploy_role
+      - DEPLOY_ROLE=$(aws ssm get-parameter --name $param_name | jq ".Parameter.Value" | tr -d \")
+      - aws codeartifact login --tool npm --repository artifacts-repo --domain artifacts-domain --domain-owner $ACCOUNT_ID
+      - npm -d ping
+  build:
+    commands:
+      - role=$(aws sts assume-role --role-arn $DEPLOY_ROLE --role-session-name deployer-session --duration-seconds $DURATION)
+      - KEY=$(echo $role | jq ".Credentials.AccessKeyId" --raw-output)
+      - SECRET=$(echo $role | jq ".Credentials.SecretAccessKey" --raw-output)
+      - TOKEN=$(echo $role | jq ".Credentials.SessionToken" --raw-output)
+      - export AWS_ACCESS_KEY_ID=$KEY
+      - export AWS_SECRET_ACCESS_KEY=$SECRET
+      - export AWS_SESSION_TOKEN=$TOKEN
+      - export AWS_DEFAULT_REGION=$AWS_REGION
+      - cd app && npm i
+      - $(npm bin)/sls deploy --stage $STAGE -v

pipeline/cross-account-role/deployer-role.yml

@@ -0,0 +1,59 @@
+AWSTemplateFormatVersion: "2010-09-09"
+Description: Used as cross-account role by CodeBuild.
+Parameters:
+  CIAccountId:
+    Type: String
+    Description: Enter CI account ID
+Resources:
+  DeployerRole:
+    Type: AWS::IAM::Role
+    Properties:
+      Path: /
+      RoleName: !Sub ${AWS::StackName}
+      AssumeRolePolicyDocument:
+        Version: "2012-10-17"
+        Statement:
+          - Effect: Allow
+            Principal:
+              Service:
+                - lambda.amazonaws.com
+                - codepipeline.amazonaws.com
+                - codebuild.amazonaws.com
+                - cloudformation.amazonaws.com
+              AWS: !Sub "arn:aws:iam::${CIAccountId}:role/pipeline-codebuild-role"
+            Action: sts:AssumeRole
+      Policies:
+        - PolicyName: !Sub ${AWS::StackName}-policy
+          PolicyDocument:
+            Version: "2012-10-17"
+            Statement:
+              - Effect: Allow
+                Action:
+                  - iam:*
+                Resource:
+                  - "*"
+              - Effect: Allow
+                Action:
+                  - sns:*
+                Resource:
+                  - "*"
+              - Effect: Allow
+                Action:
+                  - cloudformation:*
+                Resource:
+                  - "*"
+              - Effect: Allow
+                Action:
+                  - lambda:*
+                Resource:
+                  - "*"
+              - Effect: Allow
+                Action:
+                  - logs:*
+                Resource:
+                  - "*"
+              - Effect: Allow
+                Action:
+                  - s3:*
+                Resource:
+                  - "*"

pipeline/monitor-service/.gitignore

@@ -0,0 +1,8 @@
+# dependencies
+/node_modules
+
+# serverless build dirs
+.serverless
+
+# ignornig this beause account details are written for CodeArtifact
+package-lock.json

pipeline/monitor-service/build-monitor.js

@@ -0,0 +1,66 @@
+const superagent = require('superagent');
+const middy = require('middy');
+const { ssm } = require('middy/middlewares');
+
+const notify = async (event, context) => {
+  const { slackUrl } = context;
+  let data = getMessage(event);
+
+  try {
+    await superagent.post(slackUrl).send(data);
+    return `Sent to Slack`;
+  } catch (error) {
+    return { statusCode: 500 };
+  }
+};
+
+const getMessage = (event) => {
+  const status = event.detail['build-status'];
+  const project = event.detail['project-name'];
+  let account = getJobAccount(event);
+  const deepLink = event.detail['additional-information'].logs['deep-link'];
+
+  let msg = {
+    attachments: [
+      {
+        fallback: `${project}  ${status} - ${account}`,
+        pretext: ``,
+        color: status === 'SUCCEEDED' ? '#00A542' : '#D00000',
+        fields: [
+          {
+            value:
+              status === 'SUCCEEDED'
+                ? `Successful deploy to ${account} - CodeBuild Log: ${deepLink}`
+                : `Failed deploy to ${account} - CodeBuild Log: ${deepLink}`,
+            short: false,
+          },
+        ],
+      },
+    ],
+  };
+  return msg;
+};
+
+const getJobAccount = (event) => {
+  let jobAccount = 'No account found';
+  const envVars = event.detail['additional-information'].environment['environment-variables'];
+  if (envVars.some((stage) => stage['value'] === 'dev')) {
+    jobAccount = 'DEV';
+  } else if (envVars.some((stage) => stage['value'] === 'test')) {
+    jobAccount = 'TEST';
+  } else if (envVars.some((stage) => stage['value'] === 'prod')) {
+    jobAccount = 'PRODUCTION';
+  }
+  return jobAccount;
+};
+
+module.exports.notify = middy(notify).use(
+  ssm({
+    cache: true,
+    cacheExpiryInMillis: 5 * 60 * 1000,
+    setToContext: true,
+    names: {
+      slackUrl: `/myapp/${process.env.STAGE}/slack_url`,
+    },
+  })
+);