Simple App Delivery Example

app-delivery-example.ts

import codebuild = require('@aws-cdk/aws-codebuild');
import codepipeline = require('@aws-cdk/aws-codepipeline');
import s3 = require('@aws-cdk/aws-s3');
import iam = require('@aws-cdk/aws-iam');
import ec2 = require('@aws-cdk/aws-ec2');
import cdk = require('@aws-cdk/cdk');
import cicd = require('@aws-cdk/app-delivery');

const app = new cdk.App();

// We define a stack that contains the CodePipeline
const pipelineStack = new cdk.Stack(app, 'PipelineStack');

const pipeline = new codepipeline.Pipeline(pipelineStack, 'CodePipeline', {
  // Mutating a CodePipeline can cause the currently propagating state to be
  // "lost". Ensure we re-run the latest change through the pipeline after it's
  // been mutated so we're sure the latest state is fully deployed through.
  restartExecutionOnUpdate: true,
});

const bucket = s3.Bucket.import( pipeline, 'OceanMoofish', { bucketArn: 'arn:aws:s3:::schools-of-moofish' });

const contextVpc = pipelineStack.getContext(VPC_ID);
const vpcId = contextVpc || new cdk.Parameter(pipelineStack, 'VpcId', {type: 'String'});

new s3.PipelineSourceAction(pipeline, 'S3Source', {
  bucket,
  bucketKey: 'fishstacks',
  stage: pipeline.addStage('source'),
});

const project = new codebuild.PipelineProject(pipelineStack, 'CodeBuild', {
  environment: {
    buildImage: codebuild.LinuxBuildImage.UBUNTU_14_04_NODEJS_10_1_0,
    environmentVariables: {
      VPC_ID: {
        type: codebuild.BuildEnvironmentVariableType.PlainText,
        value: vpcId,
      },
    },
  },
  buildSpec: {
    version: '0.2',
    phases: {
      install: {
        commands: [
          'npm install',
        ],
      },
      build: {
        commands: [
          'npm run build',
          'npm run cdk synth -- -c vpcId=$VPC_ID -o dist',
        ],
      },
    },
    artifacts: {
      'base-directory': 'dist',
      files: '**/*',
    },
  },
});

const buildStage = pipeline.addStage('build');
const buildAction = project.addBuildToPipeline(buildStage, 'CodeBuild');
const synthesizedApp = buildAction.outputArtifact;

const selfUpdateStage = pipeline.addStage('SelfUpdate');
new cicd.PipelineDeployStackAction(pipelineStack, 'SelfUpdatePipeline', {
  stage: selfUpdateStage,
  stack: pipelineStack,
  inputArtifact: synthesizedApp,
});

const deployStage = pipeline.addStage('Deploy');

// this is wrong but we can't get the right role
deployStage.pipeline.role.addToPolicy(new iam.PolicyStatement().
  addAction('ec2:AuthorizeSecurityGroupEgress').
  addAction('ec2:AuthorizeSecurityGroupIngress').
  addAction('ec2:DeleteSecurityGroup').
  addAction('ec2:DescribeSecurityGroups').
  addAction('ec2:CreateSecurityGroup').
  addAction('ec2:RevokeSecurityGroupEgress').
  addAction('ec2:RevokeSecurityGroupIngress').
  addAllResources());

const simpleStack = new cdk.Stack(app, 'SimpleFishStacks');

const vpc =  ec2.VpcNetwork.import(simpleStack, 'MyVPC', {
  vpcId: vpcId.resolve(),  // shouldn't have to do this right?
  availabilityZones: ['a'],
  publicSubnetIds: ['a'],
  privateSubnetIds: ['a'],
  isolatedSubnetIds: [],
});

const fishWall = new ec2.SecurityGroup(simpleStack, 'SecureFishSnacks', {
  vpc,
});

fishWall.addIngressRule(
  new ec2.CidrIPv4('32.23.32.23/32'),
  new ec2.TcpPort(443),
  'A really old Whitelisted IP',
);

new cicd.PipelineDeployStackAction(pipelineStack, 'DeployServiceStackA', {
  stage: deployStage,
  stack: simpleStack,
  inputArtifact: synthesizedApp,
});

app.run();