Skip to content

Instantly share code, notes, and snippets.

@jonauman

jonauman/cf

Last active July 3, 2019 07:57
Show Gist options
  • Save jonauman/9b6714741adb05642ec2e6bd745b3f1a to your computer and use it in GitHub Desktop.
Save jonauman/9b6714741adb05642ec2e6bd745b3f1a to your computer and use it in GitHub Desktop.
Download ZIP
Raw
cf
AWSTemplateFormatVersion: 2010-09-09
Parameters:
AppName:
Description: Name of App
Type: String
EnvName:
Description: Name of environment
Type: String
OauthToken:
Description: Oauth token for github
Type: String
Resources:
CodePipelineRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: ['sts:AssumeRole']
Effect: Allow
Principal:
Service: [codepipeline.amazonaws.com]
Version: '2012-10-17'
Path: /
Policies:
- PolicyName: CodePipelineS3WriteAccess
PolicyDocument:
Version: '2012-10-17'
Statement:
- Action:
- 's3:PutObject'
Effect: Allow
Resource:
- 'arn:aws:s3:::codepipeline*'
- 'arn:aws:s3:::elasticbeanstalk*'
- PolicyName: CodePipelineGeneralAccess
PolicyDocument:
Version: '2012-10-17'
Statement:
- Action:
- 's3:GetObject'
- 's3:GetObjectVersion'
- 's3:GetBucketVersioning'
- 'elasticbeanstalk:*'
- 'ec2:*'
- 'elasticloadbalancing:*'
- 'autoscaling:*'
- 'cloudwatch:*'
- 's3:*'
- 'cloudformation:*'
- 'rds:*'
- 'ecs:*'
- 'iam:PassRole'
- 'lambda:InvokeFunction'
- 'lambda:ListFunctions'
- 'opsworks:CreateDeployment'
- 'opsworks:DescribeApps'
- 'opsworks:DescribeCommands'
- 'opsworks:DescribeDeployments'
- 'opsworks:DescribeInstances'
- 'opsworks:DescribeStacks'
- 'opsworks:UpdateApp'
- 'opsworks:UpdateStack'
- 'cloudformation:CreateStack'
- 'cloudformation:DeleteStack'
- 'cloudformation:DescribeStacks'
- 'cloudformation:UpdateStack'
- 'cloudformation:CreateChangeSet'
- 'cloudformation:DeleteChangeSet'
- 'cloudformation:DescribeChangeSet'
- 'cloudformation:ExecuteChangeSet'
- 'cloudformation:SetStackPolicy'
- 'cloudformation:ValidateTemplate'
- 'iam:PassRole'
- 'codebuild:BatchGetBuilds'
- 'codebuild:StartBuild'
- 'logs:CreateLogGroup'
- 'logs:CreateLogStream'
- 'logs:PutLogEvents'
- 'logs:DescribeLogStreams'
- 'logs:PutRetentionPolicy'
- 'ecr:BatchCheckLayerAvailability'
- 'ecr:CompleteLayerUpload'
- 'ecr:GetAuthorizationToken'
- 'ecr:InitiateLayerUpload'
- 'ecr:PutImage'
- 'ecr:UploadLayerPart'
Effect: Allow
Resource: '*'
S3Bucket:
Type: "AWS::S3::Bucket"
Properties:
AccessControl: Private
BucketName: !Sub ${AppName}-${EnvName}-codepipeline
LifecycleConfiguration:
Rules:
- ExpirationInDays: 90
Status: Enabled
Pipeline:
Type: "AWS::CodePipeline::Pipeline"
Properties:
Name: !Sub ${AppName}-${EnvName}-pipeline
RoleArn:
!Join
- ''
- - !Sub 'arn:aws:iam::${AWS::AccountId}:role/'
- !Ref CodePipelineRole
ArtifactStore:
Type: S3
Location: !Sub ${AppName}-${EnvName}-codepipeline
Stages:
- Name: Source
Actions:
- Name: GitHubRepo
ActionTypeId:
Category: Source
Owner: ThirdParty
Version: '1'
Provider: GitHub
OutputArtifacts:
- Name: !Sub ${AppName}${EnvName}Source
Configuration:
Owner: wuntu-three
Repo: !Sub ${AppName}
PollForSourceChanges: false
Branch: master
OAuthToken: !Sub ${OauthToken}
RunOrder: 1
- Name: Build
Actions:
- Name: Codebuild
ActionTypeId:
Category: Build
Owner: AWS
Version: '1'
Provider: CodeBuild
InputArtifacts:
- Name: !Sub ${AppName}${EnvName}Source
OutputArtifacts:
- Name: !Sub ${AppName}-${EnvName}-build
Configuration:
ProjectName: !Sub ${AppName}-${EnvName}
RunOrder: 1
- Name: Deploy
Actions:
- Name: !Sub ${AppName}-${EnvName}-build
ActionTypeId:
Category: Deploy
Owner: AWS
Version: '1'
Provider: ElasticBeanstalk
InputArtifacts:
- Name: !Sub ${AppName}-${EnvName}-build
OutputArtifacts: []
Configuration:
ApplicationName: !Sub ${AppName}-${EnvName}
EnvironmentName: !Sub ${AppName}-${EnvName}
RunOrder: 1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment