This is a Spring Boot app which serves a dashboard to see the status of your AWS Codepipelines.
It uses the AWS Java client to fetch data from AWS. Please follow the policy instructions below to provide access for development or set up a Role for Elastic Beanstlak deployment. For development, this means that the computer running the spring boot app must have network access to AWS.
You can run the application on your local computer by running mvn spring-boot:run from the command line after grabbing the source (assuming Maven is installed already). There is also a Dockerfile included to run the application in a container (local or remote).
After that, you can reach the application in a web browser at
http://localhost:8080/
The terminal will stream the log of your application.
Issue AWS_REGION="eu-west-1" AWS_PROFILE="ci" mvn spring-boot:run
After you have it running with Java/Maven (which builds it), assuming you have Docker installed and running, follow the guidelines in the docker_buildspec.yml to build a Docker image. To run the app in a Docker container:
docker run -p8080:8080 -v`echo $HOME/.aws`:/home/app/.aws:ro --name dashboard codecentric/aws-codepipelines-dashboard
After start, you can reach the application from the same URL as above. This configuration assumes that you've already an AWS account with a running AWS CLI on your development host. If you're having trouble with that, see "Instructions for Setting up AWS permission for Development" below.
Navigate to http://localhost:8080/
Navigate to http://localhost:8080/#/filtered/regexp to display all pipelines whose name matches the regexp.
Navigate to http://localhost:8080/#/filtered/project-[ab] to display all pipelines whose name contains project-a or project-b
Navigate to http://localhost:8080/#/filtered/(project-alpha)|(project-beta) to display all pipelines whose name contains project-alpha or project-beta
You have to give/ensure the user mentioned in $HOME/.aws/credentials has the right policy. Check policies with this CLI command:
aws iam list-attached-user-policies --user-name <USERNAME>
Verify that the following entry is listed:
{
"PolicyName": "AWSCodePipelineReadOnlyAccess",
"PolicyArn": "arn:aws:iam::aws:policy/AWSCodePipelineReadOnlyAccess"
}
AWSCodePipelineFullAccess will also work. If you do not have either of these, you need to attach the policy:
- Log in to AWS as an Administrator or someone with IAM access
- Choose IAM
- Click "Policies" in Left Navigation
- Search for "AWSCodePipelineReadOnlyAccess"
- Select Attach entities, select "Attach"
- Choose your user
- click "Attach policy"
- The application can only report on CodePipelines in the region that the Elastic Beanstalk environment is deployed to
- If this data is sensitive, you might want to restrict access in the Security Group that gets created by Elastic Beanstalk (EB will always create a Security Group, so just modify the one that it creates after creation)
- Choose Generic->Docker for the Elastic Beanstalk Platform
- You will need to either create an EC2 role that hass the AWSCodePipelineReadOnlyAccess managed policy attached to it, or attach that policy to the EC2 Role generated by Elatsic Beanstalk
- You will also need GitHub connectivity as well as CodeBuild, CodePipeline, and ElasticBeanstalk Service roles for this (the last 3 can be generated by AWS)
- The details of the EB environment are up to you to decide, but a basic single t1.micro seems to work fine for occasional needs
- (Optional) Set up EC2 Role with the managed Policy AWSCodePipelineReadOnlyAccess attached to it
- Create the Elastic Beanstalk Environment with the EC2 role as the IAM Instance Profile in the Security settings if you have created it (if you autogenerate, attach the Managed Policy to the generated role)
- Create a CodeBuild with buildspec.yml to build the Java artifacts (use the Amazon managed Ubuntu Java Runtime, you shouldn't need a VPC or artifacts, use an existing CodeBuild Service Role or generate a new one)
- Create a CodeBuild with eb_docker_buildspec.yml to containerize the Java artifacts (use the Amazon managed Ubuntu Docker Runtime, ensure you specify the eb_docker_buildspec.yml, you shouldn't need a VPC or artifacts, use an existing CodeBuild Service Role or generate a new one)
- Create a CodePipeline with:
- GitHub repo as the Source stage (you can use any version of the repo and any branch you see fit, as long as the necesssary files exist for CodeBuild to function)
- The Java CodeBuild as the first part of the Build stage, with output artifacts tagged something like "JavaArtifacts"
- The Containerize CodeBuild as the second part of the Build stage, with the input artifacts as the output artifats of the Java build (in this example, JavaArtifacts) and the output artifacts tagged as something like "EBApp"
- (Optional) Set up a Human approval step before deployment if uptime is critical
- Set up a Deploy stage to your Elastic Beanstlak environment from Step 3 with the Input artifacts as the output from the Contaizer step (in this example, EBApp)
- Release the Change to trigger a new build and deployment