Permalink
Switch branches/tags
Nothing to show
Find file Copy path
90a3983 Jan 2, 2018
0 contributors

Users who have contributed to this file

152 lines (148 sloc) 4.47 KB
{
"AWSTemplateFormatVersion":"2010-09-09",
"Description":" This cloudformation template creates resources required for synching new instances with the latest deployment from AWS CodeDeploy based on the CodeDeployAppname, DeploymentGroup tags on the instance",
"Resources":{
"EventRule": {
"Type": "AWS::Events::Rule",
"Properties": {
"Description": "EventRule",
"EventPattern": {
"source": [
"aws.ec2"
],
"detail-type": [
"EC2 Instance State-change Notification"
],
"detail": {
"state": [
"running"
]
}
},
"State": "ENABLED",
"Targets": [{
"Arn": { "Fn::GetAtt": ["CodeDeploySyncNewInstance", "Arn"] },
"Id": "TargetFunctionV1"
}]
}
},
"PermissionForEventsToInvokeLambda": {
"Type": "AWS::Lambda::Permission",
"Properties": {
"FunctionName": { "Ref": "CodeDeploySyncNewInstance" },
"Action": "lambda:InvokeFunction",
"Principal": "events.amazonaws.com",
"SourceArn": { "Fn::GetAtt": ["EventRule", "Arn"] }
}
},
"CodeDeployServiceRole":{
"Type":"AWS::IAM::Role",
"Properties":{
"ManagedPolicyArns":[
"arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole"
],
"AssumeRolePolicyDocument":{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Principal":{
"Service":[
"codedeploy.amazonaws.com"
]
},
"Action":[
"sts:AssumeRole"
]
}
]
}
}
},
"CodeDeployLambdaRole":{
"Type":"AWS::IAM::Role",
"Properties":{
"ManagedPolicyArns":[
"arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole",
"arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess",
],
"AssumeRolePolicyDocument":{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Principal":{
"Service":[
"ec2.amazonaws.com",
"lambda.amazonaws.com"
]
},
"Action":[
"sts:AssumeRole"
]
}
]
},
"Path":"/",
"Policies":[
{
"PolicyName":"Lambda-codedeploy",
"PolicyDocument":{
"Version":"2012-10-17",
"Statement":[{
"Sid": "StartContinuousAssessmentLambdaPolicyStmt",
"Effect": "Allow",
"Action":["codedeploy:Get*","codedeploy:UpdateDeploymentGroup", "codedeploy:List*", "codedeploy:CreateDeployment" ],
"Resource": ["*"]
}]
}
},
{
"PolicyName":"IamPassRole",
"PolicyDocument":{
"Version":"2012-10-17",
"Statement":[{
"Sid": "StartContinuousAssessmentLambdaPolicyStmt",
"Effect": "Allow",
"Action":["iam:PassRole" ],
"Resource": [{ "Fn::GetAtt": ["CodeDeployServiceRole", "Arn"] }]
}]
}
},
]
}
},
"CodeDeploySyncNewInstance":{
"Type":"AWS::Lambda::Function",
"Properties":{
"Role":{
"Fn::GetAtt":[
"CodeDeployLambdaRole",
"Arn"
]
},
"Environment": {
"Variables": {
"CodeDeployRole": { "Fn::GetAtt": ["CodeDeployServiceRole", "Arn"] }
}
},
"Code": {
"S3Bucket": "awslabs-new-instance-sync-lambda",
"S3Key": "new-instance-code-sync.zip"
},
"Runtime":"python2.7",
"Timeout":300,
"Handler":"new-instance-code-sync.lambda_handler",
"MemorySize":512
}
}
},
"Outputs":{
"NewInstanceLambdaFunction":{
"Description":"The Lambda function that creates Resources for synching new instances",
"Value":{
"Ref":"CodeDeploySyncNewInstance"
}
}
}
}