-
Notifications
You must be signed in to change notification settings - Fork 0
/
cicd.template.yml
132 lines (119 loc) · 3.99 KB
/
cicd.template.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
Description: CICD pipeline for cfn-monitoring
Parameters:
GithubToken:
Type: String
NoEcho: true
Description: OAuth token for the Github organization. Needs read/write access to repos and repo hooks
GithubOwner:
Type: String
Description: Owner of the github repository to track
GithubRepo:
Type: String
Description: Name of the github repository to track
GithubBranch:
Type: String
Description: Name of the github branch to track
PipelineDefinitionBucket:
Type: String
Description: Bucket name where the pipeline definition is located
PipelineDefinitionKey:
Type: String
Description: Key name where the pipeline definition is located
Resources:
ArtifactStore:
Type: AWS::S3::Bucket
ArtifactStorePolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref ArtifactStore
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action: s3:*Object
Resource:
- !Sub arn:aws:s3:::${ArtifactStore}
- !Sub arn:aws:s3:::${ArtifactStore}/*
Principal:
AWS:
- !Ref AWS::AccountId
- !ImportValue cfn-metadata:DevAgentRoleArn
- !ImportValue cfn-metadata:ProdAgentRoleArn
BuildProject:
Type: AWS::CodeBuild::Project
Properties:
Name: !Sub ${AWS::StackName}-build
BadgeEnabled: true
ServiceRole: !ImportValue cfn-utilities:BuilderRoleArn
EncryptionKey: !ImportValue cfn-utilities:ArtifactKeyArn
Environment:
Image: aws/codebuild/amazonlinux2-x86_64-standard:3.0
ComputeType: BUILD_GENERAL1_SMALL
EnvironmentVariables:
- Name: ARTIFACT_STORE
Value: !Ref ArtifactStore
Type: LINUX_CONTAINER
Cache:
Type: LOCAL
Modes:
- LOCAL_DOCKER_LAYER_CACHE
Artifacts:
Type: S3
Location: !Ref ArtifactStore
Name: buildResults.zip
NamespaceType: BUILD_ID
Packaging: ZIP
Source:
Type: GITHUB
Location: !Sub https://github.com/${GithubOwner}/${GithubRepo}.git
ReportBuildStatus: true
SupersessionQueue:
Type: AWS::SQS::Queue
Properties:
ContentBasedDeduplication: true
FifoQueue: true
MessageRetentionPeriod: 1209600
SupersessionEventSourceMapping:
Type: AWS::Lambda::EventSourceMapping
Properties:
FunctionName: !ImportValue cfn-core:DeploymentSupersessionFunctionArn
EventSourceArn: !GetAtt SupersessionQueue.Arn
DeploymentQueue:
Type: AWS::SQS::Queue
Properties:
ContentBasedDeduplication: true
VisibilityTimeout: 3600
FifoQueue: true
MessageRetentionPeriod: 1209600
DeploymentEventSourceMapping:
Type: AWS::Lambda::EventSourceMapping
Properties:
FunctionName: !ImportValue cfn-core:StackDeploymentFunctionArn
EventSourceArn: !GetAtt DeploymentQueue.Arn
StateMachine:
Type: AWS::StepFunctions::StateMachine
Properties:
RoleArn: !ImportValue cfn-utilities:MasterRoleArn
StateMachineName: !Sub ${AWS::StackName}-pipeline
DefinitionS3Location:
Bucket: !Ref PipelineDefinitionBucket
Key: !Ref PipelineDefinitionKey
DefinitionSubstitutions:
GithubRepo: !Ref GithubRepo
GithubOwner: !Ref GithubOwner
ArtifactStore: !Ref ArtifactStore
BuildProject: !Ref BuildProject
DeploymentQueue: !Ref DeploymentQueue
SupersessionQueue: !Ref SupersessionQueue
DevRoleArn: !ImportValue cfn-metadata:DevAgentRoleArn
ProdRoleArn: !ImportValue cfn-metadata:ProdAgentRoleArn
SharedRoleArn: !ImportValue cfn-utilities:MasterRoleArn
ApprovalNotificationFunction: !ImportValue cfn-core:ApprovalNotificationFunctionArn
FileFromZipArn: !ImportValue cfn-core:ExtractFileFromZipFunctionArn
AccountId: !Ref AWS::AccountId
Metadata:
cfn-lint:
config:
ignore_checks:
- E3002
- E3003