From 4b21d06a7ba42522fce76fb515396d879411bbcd Mon Sep 17 00:00:00 2001 From: jeshan Date: Mon, 29 Jul 2019 15:00:56 +0400 Subject: [PATCH] commit infrastructure template --- config/config.yaml | 4 ++ config/main/infra.yaml | 4 ++ templates/infrastructure.yaml | 123 ++++++++++++++++++++++++++++++++++ 3 files changed, 131 insertions(+) create mode 100644 config/config.yaml create mode 100644 config/main/infra.yaml create mode 100644 templates/infrastructure.yaml diff --git a/config/config.yaml b/config/config.yaml new file mode 100644 index 0000000..b5fe791 --- /dev/null +++ b/config/config.yaml @@ -0,0 +1,4 @@ +project_code: tfbridge +region: us-east-1 + +profile: jeshanco diff --git a/config/main/infra.yaml b/config/main/infra.yaml new file mode 100644 index 0000000..8036c0e --- /dev/null +++ b/config/main/infra.yaml @@ -0,0 +1,4 @@ +template_path: infrastructure.yaml + +parameters: + AwsProfile: jeshanco diff --git a/templates/infrastructure.yaml b/templates/infrastructure.yaml new file mode 100644 index 0000000..e0e4c4e --- /dev/null +++ b/templates/infrastructure.yaml @@ -0,0 +1,123 @@ +AWSTemplateFormatVersion: '2010-09-09' +Description: 'base infrastructure for the tfbridge project' + +Parameters: + AwsProfile: + Type: String + Description: The AWS cli profile + GithubRepo: + Type: String + Default: jeshan/tfbridge + +Resources: + Bucket: + Type: AWS::S3::Bucket + Properties: + LifecycleConfiguration: + Rules: + - ExpirationInDays: 15 + Prefix: build-cache/* + Status: Enabled + + DeployTfBridge: + Properties: + Artifacts: + Type: NO_ARTIFACTS + BadgeEnabled: true + Cache: + Modes: + - LOCAL_CUSTOM_CACHE + Type: LOCAL + Location: !Sub '${Bucket.Arn}/build-cache' + EncryptionKey: !Sub 'arn:aws:kms:${AWS::Region}:${AWS::AccountId}:alias/aws/s3' + Environment: + ComputeType: BUILD_GENERAL1_LARGE + Image: aws/codebuild/standard:2.0 + PrivilegedMode: true + Type: LINUX_CONTAINER + EnvironmentVariables: + - Name: GO111MODULE + Type: PLAINTEXT + Value: 'on' + LogsConfig: + CloudWatchLogs: + GroupName: !Ref 'LogGroup' + Status: ENABLED + ServiceRole: !GetAtt 'Role.Arn' + Source: + BuildSpec: !Sub |- + version: 0.2 + + env: + variables: + LC_ALL: C.UTF-8 + LANG: C.UTF-8 + + cache: + paths: + - /go/pkg + phases: + install: + runtime-versions: + golang: 1.12 + pre_build: + commands: + - pip3 install sceptre + - aws configure set profile.${AwsProfile}.region ${AWS::Region} + - aws configure set profile.${AwsProfile}.credential_source EcsContainer + build: + commands: + - ./build.sh + - sceptre --no-colour launch -y main + GitCloneDepth: 1 + InsecureSsl: false + Location: !Sub https://github.com/${GithubRepo} + Type: GITHUB + TimeoutInMinutes: 15 + Triggers: + Webhook: true + FilterGroups: + - - Type: EVENT + Pattern: PUSH + - Type: HEAD_REF + Pattern: '^refs/tags/v.+$' + Type: AWS::CodeBuild::Project + + LogGroup: + Type: AWS::Logs::LogGroup + + Role: + Properties: + AssumeRolePolicyDocument: + Statement: + - Action: sts:AssumeRole + Effect: Allow + Principal: + Service: codebuild.amazonaws.com + Version: '2012-10-17' + Policies: + - PolicyDocument: + Statement: + - Action: + - logs:CreateLogGroup + - logs:CreateLogStream + - logs:DeleteLogGroup + - logs:DescribeLogGroups + - logs:PutLogEvents + Effect: Allow + Resource: + - !Sub 'arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:*' + - Action: + - cloudformation:* + Effect: Allow + Resource: + - !Sub arn:aws:cloudformation:${AWS::Region}:${AWS::AccountId}:stack/tfbridge-* + - Action: + - s3:GetObject + - s3:PutObject + Effect: Allow + Resource: + - !Sub '${Bucket.Arn}/build-cache/*' + Version: '2012-10-17' + PolicyName: deploy-tfbridge-pol + Type: AWS::IAM::Role