Last active
November 15, 2018 17:27
-
-
Save moofish32/30aed42671079e6da215dbac7bda4fb6 to your computer and use it in GitHub Desktop.
Simple App Delivery Example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import codebuild = require('@aws-cdk/aws-codebuild'); | |
import codepipeline = require('@aws-cdk/aws-codepipeline'); | |
import s3 = require('@aws-cdk/aws-s3'); | |
import iam = require('@aws-cdk/aws-iam'); | |
import ec2 = require('@aws-cdk/aws-ec2'); | |
import cdk = require('@aws-cdk/cdk'); | |
import cicd = require('@aws-cdk/app-delivery'); | |
const app = new cdk.App(); | |
// We define a stack that contains the CodePipeline | |
const pipelineStack = new cdk.Stack(app, 'PipelineStack'); | |
const pipeline = new codepipeline.Pipeline(pipelineStack, 'CodePipeline', { | |
// Mutating a CodePipeline can cause the currently propagating state to be | |
// "lost". Ensure we re-run the latest change through the pipeline after it's | |
// been mutated so we're sure the latest state is fully deployed through. | |
restartExecutionOnUpdate: true, | |
}); | |
const bucket = s3.Bucket.import( pipeline, 'OceanMoofish', { bucketArn: 'arn:aws:s3:::schools-of-moofish' }); | |
const contextVpc = pipelineStack.getContext(VPC_ID); | |
const vpcId = contextVpc || new cdk.Parameter(pipelineStack, 'VpcId', {type: 'String'}); | |
new s3.PipelineSourceAction(pipeline, 'S3Source', { | |
bucket, | |
bucketKey: 'fishstacks', | |
stage: pipeline.addStage('source'), | |
}); | |
const project = new codebuild.PipelineProject(pipelineStack, 'CodeBuild', { | |
environment: { | |
buildImage: codebuild.LinuxBuildImage.UBUNTU_14_04_NODEJS_10_1_0, | |
environmentVariables: { | |
VPC_ID: { | |
type: codebuild.BuildEnvironmentVariableType.PlainText, | |
value: vpcId, | |
}, | |
}, | |
}, | |
buildSpec: { | |
version: '0.2', | |
phases: { | |
install: { | |
commands: [ | |
'npm install', | |
], | |
}, | |
build: { | |
commands: [ | |
'npm run build', | |
'npm run cdk synth -- -c vpcId=$VPC_ID -o dist', | |
], | |
}, | |
}, | |
artifacts: { | |
'base-directory': 'dist', | |
files: '**/*', | |
}, | |
}, | |
}); | |
const buildStage = pipeline.addStage('build'); | |
const buildAction = project.addBuildToPipeline(buildStage, 'CodeBuild'); | |
const synthesizedApp = buildAction.outputArtifact; | |
const selfUpdateStage = pipeline.addStage('SelfUpdate'); | |
new cicd.PipelineDeployStackAction(pipelineStack, 'SelfUpdatePipeline', { | |
stage: selfUpdateStage, | |
stack: pipelineStack, | |
inputArtifact: synthesizedApp, | |
}); | |
const deployStage = pipeline.addStage('Deploy'); | |
// this is wrong but we can't get the right role | |
deployStage.pipeline.role.addToPolicy(new iam.PolicyStatement(). | |
addAction('ec2:AuthorizeSecurityGroupEgress'). | |
addAction('ec2:AuthorizeSecurityGroupIngress'). | |
addAction('ec2:DeleteSecurityGroup'). | |
addAction('ec2:DescribeSecurityGroups'). | |
addAction('ec2:CreateSecurityGroup'). | |
addAction('ec2:RevokeSecurityGroupEgress'). | |
addAction('ec2:RevokeSecurityGroupIngress'). | |
addAllResources()); | |
const simpleStack = new cdk.Stack(app, 'SimpleFishStacks'); | |
const vpc = ec2.VpcNetwork.import(simpleStack, 'MyVPC', { | |
vpcId: vpcId.resolve(), // shouldn't have to do this right? | |
availabilityZones: ['a'], | |
publicSubnetIds: ['a'], | |
privateSubnetIds: ['a'], | |
isolatedSubnetIds: [], | |
}); | |
const fishWall = new ec2.SecurityGroup(simpleStack, 'SecureFishSnacks', { | |
vpc, | |
}); | |
fishWall.addIngressRule( | |
new ec2.CidrIPv4('32.23.32.23/32'), | |
new ec2.TcpPort(443), | |
'A really old Whitelisted IP', | |
); | |
new cicd.PipelineDeployStackAction(pipelineStack, 'DeployServiceStackA', { | |
stage: deployStage, | |
stack: simpleStack, | |
inputArtifact: synthesizedApp, | |
}); | |
app.run(); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment