-
Notifications
You must be signed in to change notification settings - Fork 0
/
lambda-pipeline.yml
149 lines (139 loc) · 4.04 KB
/
lambda-pipeline.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
AWSTemplateFormatVersion: 2010-09-09
Description: CD pipeline for my Lambda project
Parameters:
ProjectName:
Type: String
Default: my-lambda-project
CapitalizedProjectName:
Type: String
Default: MyLambdaProject
SourceRepositoryName:
Type: String
Default: lambda-pipeline
SourceBranchName:
Type: String
Default: master
CodeBuildProjectTimeOut:
Type: Number
Default: 20
Resources:
ArtifactsBucket:
Type: AWS::S3::Bucket
DependsOn: CloudFormationRole
Properties:
BucketName: !Sub '${ProjectName}-artifacts'
CodeBuildRole:
Type: AWS::IAM::Role
DependsOn: CloudFormationRole
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- sts:AssumeRole
Principal:
Service:
- codebuild.amazonaws.com
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AdministratorAccess
CodePipelineRole:
Type: AWS::IAM::Role
DependsOn: CloudFormationRole
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- sts:AssumeRole
Principal:
Service:
- codepipeline.amazonaws.com
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AdministratorAccess
CloudFormationRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- sts:AssumeRole
Principal:
Service:
- cloudformation.amazonaws.com
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AdministratorAccess
CodeCommitRepository:
Type: AWS::CodeCommit::Repository
Properties:
RepositoryName: !Ref SourceRepositoryName
CodeBuildProject:
Type: AWS::CodeBuild::Project
DependsOn: CloudFormationRole
Properties:
Artifacts:
Type: CODEPIPELINE
Environment:
ComputeType: BUILD_GENERAL1_SMALL
Image: aws/codebuild/nodejs:10.14.1
Type: LINUX_CONTAINER
PrivilegedMode: true
EnvironmentVariables:
- Name: CodeBuildRoleARN
Value: !GetAtt CodeBuildRole.Arn
- Name: RoleSessionName
Value: !Sub '${ProjectName}-session-role'
Name: !Sub '${ProjectName}'
ServiceRole: !GetAtt CodeBuildRole.Arn
Source:
Type: CODEPIPELINE
TimeoutInMinutes: !Sub '${CodeBuildProjectTimeOut}' # must be between 5 minutes and 8 hours
CodePipeline:
Type: AWS::CodePipeline::Pipeline
Properties:
ArtifactStore:
Type: S3
Location: !Ref ArtifactsBucket
Name: !Sub '${ProjectName}'
RestartExecutionOnUpdate: true
RoleArn: !GetAtt CodePipelineRole.Arn
Stages:
- Name: Source
Actions:
- Name: Source
ActionTypeId:
Category: Source
Owner: AWS
Provider: CodeCommit
Version: 1
Configuration:
RepositoryName: !Ref SourceRepositoryName
BranchName: !Ref SourceBranchName
OutputArtifacts:
- Name: SourceOutput
- Name: Build
Actions:
- Name: BuildAndTest
ActionTypeId:
Category: Build
Owner: AWS
Provider: CodeBuild
Version: 1
Configuration:
ProjectName: !Ref CodeBuildProject
InputArtifacts:
- Name: SourceOutput
OutputArtifacts:
- Name: BuildOutput
Outputs:
ArtifactsBucket:
Description: S3 bucket holding all the OutputArtifacts of any pipeline stage
Value: !Ref ArtifactsBucket
Export:
Name: !Sub '${CapitalizedProjectName}PipelineArtifactsBucket'
RepositoryURL:
Description: SSH URL of the repository
Value: !GetAtt CodeCommitRepository.CloneUrlSsh