chrisj-au/CFN-CodePipelineSchedule.yaml

## CFN-CodePipelineSchedule.yaml
# Schedule CodePipeline Build using CloudWatch Event Rule

Parameters:
    ProjectName:
        Type: String
        Default: cicd-terraform
        AllowedPattern: [a-zA-Z][a-zA-Z0-9-]*
        MinLength: 3
        MaxLength: 64
        Description: Adhere to S3 naming standard; must begin with a letter and contain only alphanumeric characters or hyphens.
  Environment:
    Description: Environment to deploy
    Type: String
    Default: prod
    AllowedValues:
      - prod
      - stage
  DeploySchdule:
    Type: String
    AllowedValues:
      - None
      - 1 hour
      - 1 day
      - 7 days
      - 30 days
      - 60 days
    Description: Schedule run Deploy CodePipeline
    Default: None
Conditions:
  ShouldCreateSchedule:
    !Not
      - !Equals ["None", !Ref DeploySchdule]
Resources:
    PipelineDeploy:
        Type: AWS::CodePipeline::Pipeline
        Properties:
          Name: !Sub ${ProjectName}-${Environment}-Deploy
          ## Requires additional properties
    TFPlanSchedule:
        Type: AWS::Events::Rule
        Condition: ShouldCreateSchedule
        Properties:
          Name: !Sub ${ProjectName}-Deploy-Schedule
          Description: !Sub Schedule to run CodePipeline ${PipelineDeploy}
          ScheduleExpression: !Sub rate(DeploySchdule)
          State: ENABLED
          Targets:
            - Arn: !Sub arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${PipelineDeploy}
              Id: !Sub ${PipelineDeploy}-CW
              RoleArn: !GetAtt PermissionTFPlanSchedule.Arn
      PermissionTFPlanSchedule:
            Type: AWS::IAM::Role
            Condition: ShouldCreateSchedule
            Properties:
              Description: Role to invoke CodePipeline from CloudWatch
              AssumeRolePolicyDocument:
                Version: "2012-10-17"
                Statement:
                  Effect: Allow
                  Principal:
                    Service: events.amazonaws.com
                  Action: sts:AssumeRole
              Policies:
                -
                 PolicyName: "CloudWatchInvokeCodePipeline"
                 PolicyDocument:
                   Version: "2012-10-17"
                   Statement:
                      -
                        Effect: "Allow"
                        Action: "codepipeline:StartPipelineExecution"
                        Resource: !Sub arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${PipelineDeploy}
	# Schedule CodePipeline Build using CloudWatch Event Rule

	Parameters:
	ProjectName:
	Type: String
	Default: cicd-terraform
	AllowedPattern: [a-zA-Z][a-zA-Z0-9-]*
	MinLength: 3
	MaxLength: 64
	Description: Adhere to S3 naming standard; must begin with a letter and contain only alphanumeric characters or hyphens.
	Environment:
	Description: Environment to deploy
	Type: String
	Default: prod
	AllowedValues:
	- prod
	- stage
	DeploySchdule:
	Type: String
	AllowedValues:
	- None
	- 1 hour
	- 1 day
	- 7 days
	- 30 days
	- 60 days
	Description: Schedule run Deploy CodePipeline
	Default: None
	Conditions:
	ShouldCreateSchedule:
	!Not
	- !Equals ["None", !Ref DeploySchdule]
	Resources:
	PipelineDeploy:
	Type: AWS::CodePipeline::Pipeline
	Properties:
	Name: !Sub ${ProjectName}-${Environment}-Deploy
	## Requires additional properties
	TFPlanSchedule:
	Type: AWS::Events::Rule
	Condition: ShouldCreateSchedule
	Properties:
	Name: !Sub ${ProjectName}-Deploy-Schedule
	Description: !Sub Schedule to run CodePipeline ${PipelineDeploy}
	ScheduleExpression: !Sub rate(DeploySchdule)
	State: ENABLED
	Targets:
	- Arn: !Sub arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${PipelineDeploy}
	Id: !Sub ${PipelineDeploy}-CW
	RoleArn: !GetAtt PermissionTFPlanSchedule.Arn
	PermissionTFPlanSchedule:
	Type: AWS::IAM::Role
	Condition: ShouldCreateSchedule
	Properties:
	Description: Role to invoke CodePipeline from CloudWatch
	AssumeRolePolicyDocument:
	Version: "2012-10-17"
	Statement:
	Effect: Allow
	Principal:
	Service: events.amazonaws.com
	Action: sts:AssumeRole
	Policies:
	-
	PolicyName: "CloudWatchInvokeCodePipeline"
	PolicyDocument:
	Version: "2012-10-17"
	Statement:
	-
	Effect: "Allow"
	Action: "codepipeline:StartPipelineExecution"
	Resource: !Sub arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${PipelineDeploy}