|
1
|
AWSTemplateFormatVersion: '2010-09-09'
|
|
2
|
Description: Sample CodePipeline template for SPA(React) with S3+CloudFront.
|
|
3
|
|
|
4
|
Parameters:
|
|
5
|
DeployBucketName:
|
|
6
|
Type: String
|
|
7
|
SourceRepositoryName:
|
|
8
|
Type: String
|
|
9
|
SourceBranch:
|
|
10
|
Type: String
|
|
11
|
Default: master
|
|
12
|
|
|
13
|
Resources:
|
|
14
|
|
|
15
|
|
|
16
|
CodeBuild:
|
|
17
|
Type: AWS::CodeBuild::Project
|
|
18
|
Properties:
|
|
19
|
Name: !Sub ${AWS::StackName}-CodeBuild
|
|
20
|
Description: !Sub "Created by ${AWS::StackName}"
|
|
21
|
Source:
|
|
22
|
BuildSpec: buildspec.yml
|
|
23
|
Type: CODEPIPELINE
|
|
24
|
Artifacts:
|
|
25
|
Type: CODEPIPELINE
|
|
26
|
Environment:
|
|
27
|
Type: LINUX_CONTAINER
|
|
28
|
ComputeType: "BUILD_GENERAL1_SMALL"
|
|
29
|
Image: aws/codebuild/amazonlinux2-x86_64-standard:4.0
|
|
30
|
ServiceRole: !GetAtt CodeBuildServiceRole.Arn
|
|
31
|
LogsConfig:
|
|
32
|
CloudWatchLogs:
|
|
33
|
Status: ENABLED
|
|
34
|
|
|
35
|
CodePipeline:
|
|
36
|
Type: AWS::CodePipeline::Pipeline
|
|
37
|
Properties:
|
|
38
|
Name: !Sub ${AWS::StackName}-CodePipeline
|
|
39
|
RoleArn: !GetAtt CodepipelineServiceRole.Arn
|
|
40
|
ArtifactStore:
|
|
41
|
Location: !Ref ArtifactStoreBucket
|
|
42
|
Type: S3
|
|
43
|
RestartExecutionOnUpdate: false
|
|
44
|
Stages:
|
|
45
|
- Name: Source
|
|
46
|
Actions:
|
|
47
|
- Name: Source
|
|
48
|
ActionTypeId:
|
|
49
|
Category: Source
|
|
50
|
Owner: AWS
|
|
51
|
Provider: CodeCommit
|
|
52
|
Version: '1'
|
|
53
|
Configuration:
|
|
54
|
RepositoryName: !Ref SourceRepositoryName
|
|
55
|
BranchName: !Ref SourceBranch
|
|
56
|
PollForSourceChanges: false
|
|
57
|
OutputArtifacts:
|
|
58
|
- Name: SourceArtifact
|
|
59
|
- Name: Build
|
|
60
|
Actions:
|
|
61
|
- Name: Build
|
|
62
|
ActionTypeId:
|
|
63
|
Category: Build
|
|
64
|
Owner: AWS
|
|
65
|
Provider: CodeBuild
|
|
66
|
Version: '1'
|
|
67
|
Configuration:
|
|
68
|
ProjectName: !Ref CodeBuild
|
|
69
|
EnvironmentVariables: !Sub |
|
|
70
|
[
|
|
71
|
{
|
|
72
|
"name":"DEPLOY_BUKET",
|
|
73
|
"type":"PLAINTEXT",
|
|
74
|
"value": "${DeployBucketName}"
|
|
75
|
}
|
|
76
|
]
|
|
77
|
InputArtifacts:
|
|
78
|
- Name: SourceArtifact
|
|
79
|
Namespace: BuildVariables
|
|
80
|
|
|
81
|
ArtifactStoreBucket:
|
|
82
|
Type: 'AWS::S3::Bucket'
|
|
83
|
Properties:
|
|
84
|
BucketName: !Sub ${AWS::StackName}-artifactstore-${AWS::AccountId}
|
|
85
|
LifecycleConfiguration:
|
|
86
|
Rules:
|
|
87
|
- Id: clear-old-objects-rule
|
|
88
|
Status: Enabled
|
|
89
|
ExpirationInDays: 7
|
|
90
|
PublicAccessBlockConfiguration:
|
|
91
|
BlockPublicAcls: True
|
|
92
|
BlockPublicPolicy: True
|
|
93
|
IgnorePublicAcls: True
|
|
94
|
RestrictPublicBuckets: True
|
|
95
|
|
|
96
|
|
|
97
|
CodeBuildServiceRole:
|
|
98
|
Type: AWS::IAM::Role
|
|
99
|
Properties:
|
|
100
|
Path: /service-role/
|
|
101
|
RoleName: !Sub ${AWS::StackName}-codebuild-ServiceRole
|
|
102
|
AssumeRolePolicyDocument:
|
|
103
|
Version: '2012-10-17'
|
|
104
|
Statement:
|
|
105
|
- Effect: Allow
|
|
106
|
Principal:
|
|
107
|
Service:
|
|
108
|
- codebuild.amazonaws.com
|
|
109
|
Action: sts:AssumeRole
|
|
110
|
ManagedPolicyArns:
|
|
111
|
- arn:aws:iam::aws:policy/AdministratorAccess
|
|
112
|
|
|
113
|
CodepipelineServiceRole:
|
|
114
|
Type: AWS::IAM::Role
|
|
115
|
Properties:
|
|
116
|
Path: /service-role/
|
|
117
|
RoleName: !Sub ${AWS::StackName}-codepipeline-ServiceRole
|
|
118
|
AssumeRolePolicyDocument:
|
|
119
|
Version: '2012-10-17'
|
|
120
|
Statement:
|
|
121
|
- Effect: Allow
|
|
122
|
Principal:
|
|
123
|
Service:
|
|
124
|
- codepipeline.amazonaws.com
|
|
125
|
Action: sts:AssumeRole
|
|
126
|
ManagedPolicyArns:
|
|
127
|
- arn:aws:iam::aws:policy/AdministratorAccess
|
|
128
|
|
|
129
|
|
|
130
|
EventBridgeIAMPolicy:
|
|
131
|
Type: AWS::IAM::ManagedPolicy
|
|
132
|
Properties:
|
|
133
|
PolicyDocument:
|
|
134
|
Version: "2012-10-17"
|
|
135
|
Statement:
|
|
136
|
- Effect: Allow
|
|
137
|
Action:
|
|
138
|
- "codepipeline:StartPipelineExecution"
|
|
139
|
Resource:
|
|
140
|
- !Sub arn:${AWS::Partition}:codepipeline:${AWS::Region}:${AWS::AccountId}:${CodePipeline}
|
|
141
|
ManagedPolicyName: !Sub "${CodePipeline}-policy"
|
|
142
|
|
|
143
|
EventBridgeIAMRole:
|
|
144
|
Type: AWS::IAM::Role
|
|
145
|
Properties:
|
|
146
|
AssumeRolePolicyDocument:
|
|
147
|
Version: "2012-10-17"
|
|
148
|
Statement:
|
|
149
|
- Effect: Allow
|
|
150
|
Principal:
|
|
151
|
Service:
|
|
152
|
- events.amazonaws.com
|
|
153
|
Action:
|
|
154
|
- 'sts:AssumeRole'
|
|
155
|
ManagedPolicyArns:
|
|
156
|
- !Ref EventBridgeIAMPolicy
|
|
157
|
RoleName: iam-role-eventbridge
|
|
158
|
Tags:
|
|
159
|
- Key: Name
|
|
160
|
Value: iam-role-eventbridge
|
|
161
|
|
|
162
|
EventBridge:
|
|
163
|
Type: AWS::Events::Rule
|
|
164
|
Properties:
|
|
165
|
Name: !Sub "changeEvent-rule-${CodePipeline}"
|
|
166
|
Description: !Sub "for ${CodePipeline}. Created by ${AWS::StackName}"
|
|
167
|
EventPattern:
|
|
168
|
source:
|
|
169
|
- aws.codecommit
|
|
170
|
detail-type:
|
|
171
|
- 'CodeCommit Repository State Change'
|
|
172
|
resources:
|
|
173
|
- !Sub arn:${AWS::Partition}:codecommit:${AWS::Region}:${AWS::AccountId}:${SourceRepositoryName}
|
|
174
|
detail:
|
|
175
|
event: ['referenceCreated', 'referenceUpdated']
|
|
176
|
referenceType:
|
|
177
|
- branch
|
|
178
|
referenceName:
|
|
179
|
- !Ref SourceBranch
|
|
180
|
State: ENABLED
|
|
181
|
Targets:
|
|
182
|
- Arn: !Sub arn:${AWS::Partition}:codepipeline:${AWS::Region}:${AWS::AccountId}:${CodePipeline}
|
|
183
|
Id: CodePipeline
|
|
184
|
RoleArn: !GetAtt EventBridgeIAMRole.Arn
|