ASCC aims at simplifying the creation of a proper CI/CD pipeline for applications, using AWS CodePipeline.
Pipelines created with this utility are able to deploy to any number of specified regions, stages, and AWS accounts.
Here's what the pipeline looks like:
Currently, this pipeline only supports NodeJS SST applications. It should be possible to build a pipeline for any kind of application and framework, with the help of docker containers. Feel free to open pull requests to add other Dockerfiles for other languages/frameworks!
The only supported repository provider for now is GitHub.
It should be relatively easy to add support for CodeCommit or BitBucket, since they are both supported by AWS CodePipeline.
npm install -g ascc
or
npm install --save-dev ascc
Copy one of the example Dockerfiles, paste it at the root of your directory, and tune it to your needs.
Create a parameters file for your pipeline
ASCC expects a JSON file with a predetermined set of parameters. Take a peak at the example, or at the full schema the JSON schema for all the details.
To be able to checkout your source code, ASCC needs a token that authorizes it to your repository. You will need to store that token in a Secrets Manager secret, with the name that you have defined in your parameters file.
GitHub personnal access token creation. The personnal token should have the following access:
- repo - to read the repository
- admin:repo_hook - if you plan to use webhooks
ascc create --params-file path/to/your/params/file [--aws-profile your_profile]
This will create all the required resources for your CI/CD pipeline. AWS CodePipeline will run the pipeline once by default, but it will fail to deploy. You need to complete the next step for deployment to succeed.
If you need to update your pipeline because you've changed parameters, simply re-run the command above.
ASCC will use your default AWS profile, or any other profile that you can specify with the --aws-profile option.
ASCC does not know the permissions needed to deploy your application, and it also does not create roles with admin access to your account for security best practices reasons. Instead, for the deployment to each stage, ASCC will assume a role that you should create, which should contain all the permissions required to deploy your application. After running the create command, you will have the ARNs for each deployment role in your terminal. You will need to use them to create a role for each stage, in the AWS account associated with that stage, with the following parameters:
Name: <stackName>-<stageName>-AsccTargetDeploymentRole, e.g. myApp-Alpha-AsccTargetDeploymentRole. ASCC will assume a role with this name.
Trust policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1",
"Effect": "Allow",
"Principal": {
"AWS": "<role_arn_from_terminal>"
},
"Action": "sts:AssumeRole"
}
]
}
Policies: Whatever is needed to deploy your application
This will remove the resources for your CI/CD pipeline, but not the resources for your application. You will need to delete the CloudFormation stacks manually in your AWS accounts if you want to also remove your application resources.
ascc remove --params-file path/to/your/params/file [--aws-profile your_profile]
- Add support for end-to-end tests based on user-defined AWS Lambda Functions