Last active
November 27, 2020 00:15
-
-
Save chrisj-au/af71a2bc703f5e0887dbfa471bae3706 to your computer and use it in GitHub Desktop.
[CloudFormation] Schedule CodePipeline
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Schedule CodePipeline Build using CloudWatch Event Rule | |
Parameters: | |
ProjectName: | |
Type: String | |
Default: cicd-terraform | |
AllowedPattern: [a-zA-Z][a-zA-Z0-9-]* | |
MinLength: 3 | |
MaxLength: 64 | |
Description: Adhere to S3 naming standard; must begin with a letter and contain only alphanumeric characters or hyphens. | |
Environment: | |
Description: Environment to deploy | |
Type: String | |
Default: prod | |
AllowedValues: | |
- prod | |
- stage | |
DeploySchdule: | |
Type: String | |
AllowedValues: | |
- None | |
- 1 hour | |
- 1 day | |
- 7 days | |
- 30 days | |
- 60 days | |
Description: Schedule run Deploy CodePipeline | |
Default: None | |
Conditions: | |
ShouldCreateSchedule: | |
!Not | |
- !Equals ["None", !Ref DeploySchdule] | |
Resources: | |
PipelineDeploy: | |
Type: AWS::CodePipeline::Pipeline | |
Properties: | |
Name: !Sub ${ProjectName}-${Environment}-Deploy | |
## Requires additional properties | |
TFPlanSchedule: | |
Type: AWS::Events::Rule | |
Condition: ShouldCreateSchedule | |
Properties: | |
Name: !Sub ${ProjectName}-Deploy-Schedule | |
Description: !Sub Schedule to run CodePipeline ${PipelineDeploy} | |
ScheduleExpression: !Sub rate(DeploySchdule) | |
State: ENABLED | |
Targets: | |
- Arn: !Sub arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${PipelineDeploy} | |
Id: !Sub ${PipelineDeploy}-CW | |
RoleArn: !GetAtt PermissionTFPlanSchedule.Arn | |
PermissionTFPlanSchedule: | |
Type: AWS::IAM::Role | |
Condition: ShouldCreateSchedule | |
Properties: | |
Description: Role to invoke CodePipeline from CloudWatch | |
AssumeRolePolicyDocument: | |
Version: "2012-10-17" | |
Statement: | |
Effect: Allow | |
Principal: | |
Service: events.amazonaws.com | |
Action: sts:AssumeRole | |
Policies: | |
- | |
PolicyName: "CloudWatchInvokeCodePipeline" | |
PolicyDocument: | |
Version: "2012-10-17" | |
Statement: | |
- | |
Effect: "Allow" | |
Action: "codepipeline:StartPipelineExecution" | |
Resource: !Sub arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${PipelineDeploy} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment