sakamaki-kazuyoshi/CodePipeline-S3toEC2.yml

## CodePipeline-S3toEC2.yml
AWSTemplateFormatVersion: '2010-09-09'
# ------------------------------------------------------------#
# Input Parameters
# ------------------------------------------------------------#
Parameters:
  ProjectName:
    Type: String
    Default: 'test'
  EC2KeyPair:
    Type: AWS::EC2::KeyPair::KeyName
  SecurityGroupInboudRule:
    Type: String
    Default: '0.0.0.0/0'
    Description: Please input inbound rules for CodeDeploy Agent server.
  SourceS3ObjectKey:
    Type: String
    Default: 'SampleApp_Linux.zip'
    Description: Please input Source file name of CodePipeline.
Resources:
# ------------------------------------------------------------#
# S3 Bucket
# ------------------------------------------------------------#
  CodePipelineSourceBucket:
    Type: 'AWS::S3::Bucket'
    Properties:
      BucketName: !Sub ${ProjectName}-code-pipe-line-source-${AWS::AccountId}
      VersioningConfiguration:
        Status: Enabled
  CodePipelineArtifactBucket:
    Type: 'AWS::S3::Bucket'
    Properties:
      BucketName: !Sub ${ProjectName}-code-pipe-line-artifact-${AWS::AccountId}
# ------------------------------------------------------------#
#  IAM
# ------------------------------------------------------------#
  CodeDeployDeployAgentRole:
    Type: "AWS::IAM::Role"
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          -
            Effect: "Allow"
            Principal:
              Service:
                - "ec2.amazonaws.com"
            Action:
              - "sts:AssumeRole"
      Path: "/"
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforAWSCodeDeploy
      RoleName: !Sub ${ProjectName}-web-role
  CodeDeployDeployAgentInstanceProfile:
    Type: "AWS::IAM::InstanceProfile"
    Properties:
      Path: "/"
      Roles:
        - !Ref CodeDeployDeployAgentRole
      InstanceProfileName: !Sub ${ProjectName}-web-role
  CodeDeployServiceRole:
    Type: "AWS::IAM::Role"
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          -
            Effect: "Allow"
            Principal:
              Service:
                - "codedeploy.amazonaws.com"
            Action:
              - "sts:AssumeRole"
      Path: "/"
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole
      RoleName: !Sub ${ProjectName}-CodeDeploy-role
  CodePipelineServiceRole:
    Type: "AWS::IAM::Role"
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          -
            Effect: "Allow"
            Principal:
              Service:
                - "codepipeline.amazonaws.com"
            Action:
              - "sts:AssumeRole"
      Path: "/"
      RoleName: !Sub ${ProjectName}-CodePipeline-role
  CodePipelineManagedPolicy:
    Type: AWS::IAM::ManagedPolicy
    Properties:
      ManagedPolicyName: AWSCodePipelineServiceRolePolicy
      Description: Policy used in trust relationship with CodePipeline
      Path: /
      PolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Resource: '*'
            Action: 'iam:PassRole'
            Condition:
              StringEqualsIfExists:
                "iam:PassedToService":
                  - "cloudformation.amazonaws.com"
                  - "elasticbeanstalk.amazonaws.com"
                  - "ec2.amazonaws.com"
                  - "ecs-tasks.amazonaws.com"
          - Effect: Allow
            Resource: '*'
            Action:
                - "codecommit:CancelUploadArchive"
                - "codecommit:GetBranch"
                - "codecommit:GetCommit"
                - "codecommit:GetUploadArchiveStatus"
                - "codecommit:UploadArchive"
          - Effect: Allow
            Resource: '*'
            Action:
              - "codedeploy:CreateDeployment"
              - "codedeploy:GetApplication"
              - "codedeploy:GetApplicationRevision"
              - "codedeploy:GetDeployment"
              - "codedeploy:GetDeploymentConfig"
              - "codedeploy:RegisterApplicationRevision"
          - Effect: Allow
            Resource: '*'
            Action:
              - "codestar-connections:UseConnection"
          - Effect: Allow
            Resource: '*'
            Action:
              - "elasticbeanstalk:*"
              - "ec2:*"
              - "elasticloadbalancing:*"
              - "autoscaling:*"
              - "cloudwatch:*"
              - "s3:*"
              - "sns:*"
              - "cloudformation:*"
              - "rds:*"
              - "sqs:*"
              - "ecs:*"
          - Effect: Allow
            Resource: '*'
            Action:
              - "lambda:InvokeFunction"
              - "lambda:ListFunctions"
          - Effect: Allow
            Resource: '*'
            Action:
              - "opsworks:CreateDeployment"
              - "opsworks:DescribeApps"
              - "opsworks:DescribeCommands"
              - "opsworks:DescribeDeployments"
              - "opsworks:DescribeInstances"
              - "opsworks:DescribeStacks"
              - "opsworks:UpdateApp"
              - "opsworks:UpdateStack"
          - Effect: Allow
            Resource: '*'
            Action:
              - "cloudformation:CreateStack"
              - "cloudformation:DeleteStack"
              - "cloudformation:DescribeStacks"
              - "cloudformation:UpdateStack"
              - "cloudformation:CreateChangeSet"
              - "cloudformation:DeleteChangeSet"
              - "cloudformation:DescribeChangeSet"
              - "cloudformation:ExecuteChangeSet"
              - "cloudformation:SetStackPolicy"
              - "cloudformation:ValidateTemplate"
          - Effect: Allow
            Resource: '*'
            Action:
              - "codebuild:BatchGetBuilds"
              - "codebuild:StartBuild"
          - Effect: Allow
            Resource: '*'
            Action:
              - "devicefarm:ListProjects"
              - "devicefarm:ListDevicePools"
              - "devicefarm:GetRun"
              - "devicefarm:GetUpload"
              - "devicefarm:CreateUpload"
              - "devicefarm:ScheduleRun"
          - Effect: Allow
            Resource: '*'
            Action:
              - "servicecatalog:ListProvisioningArtifacts"
              - "servicecatalog:CreateProvisioningArtifact"
              - "servicecatalog:DescribeProvisioningArtifact"
              - "servicecatalog:DeleteProvisioningArtifact"
              - "servicecatalog:UpdateProduct"
          - Effect: Allow
            Resource: '*'
            Action:
              - "cloudformation:ValidateTemplate"
          - Effect: Allow
            Resource: '*'
            Action:
              - "ecr:DescribeImages"
          - Effect: Allow
            Resource: '*'
            Action:
              - "states:DescribeExecution"
              - "states:DescribeStateMachine"
              - "states:StartExecution"
      Roles:
        - !Ref CodePipelineServiceRole
# ------------------------------------------------------------#
#  VPC
# ------------------------------------------------------------#
  VPC:
    Type: 'AWS::EC2::VPC'
    Properties:
      CidrBlock: 10.0.0.0/16
      EnableDnsSupport: 'true'
      EnableDnsHostnames: 'true'
      InstanceTenancy: default
      Tags:
        - Key: Name
          Value: !Sub ${ProjectName}-vpc
# ------------------------------------------------------------#
#  Internet Gateway
# ------------------------------------------------------------#
  InternetGateway:
    Type: 'AWS::EC2::InternetGateway'
    Properties:
      Tags:
        - Key: Name
          Value: !Sub ${ProjectName}-igw
  VPCGatewayAttachment:
    Type: 'AWS::EC2::VPCGatewayAttachment'
    Properties:
      InternetGatewayId: !Ref InternetGateway
      VpcId: !Ref VPC
# ------------------------------------------------------------#
#  Subnet
# ------------------------------------------------------------#
  PublicSubnetA:
    Type: 'AWS::EC2::Subnet'
    Properties:
      VpcId: !Ref VPC
      AvailabilityZone: 'ap-northeast-1a'
      CidrBlock: 10.0.1.0/24
      MapPublicIpOnLaunch: 'true'
      Tags:
        - Key: Name
          Value: !Sub ${ProjectName}-public-subnet01
  PublicSubnetC:
    Type: 'AWS::EC2::Subnet'
    Properties:
      VpcId: !Ref VPC
      AvailabilityZone: 'ap-northeast-1c'
      CidrBlock: 10.0.2.0/24
      MapPublicIpOnLaunch: 'true'
      Tags:
        - Key: Name
          Value: !Sub ${ProjectName}-public-subnet02
# ------------------------------------------------------------#
#  RouteTable
# ------------------------------------------------------------#
  PublicRouteTable:
    Type: 'AWS::EC2::RouteTable'
    Properties:
      VpcId: !Ref VPC
      Tags:
        - Key: Name
          Value: !Sub ${ProjectName}-public-rtb
  RouteAddInternetGateway:
    Type: 'AWS::EC2::Route'
    Properties:
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref InternetGateway
      RouteTableId: !Ref PublicRouteTable
  AssociatePublicSubnetAToPublicRouteTable:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      RouteTableId: !Ref PublicRouteTable
      SubnetId: !Ref PublicSubnetA
  AssociatePublicSubnetCToPublicRouteTable:
    Type: 'AWS::EC2::SubnetRouteTableAssociation'
    Properties:
      RouteTableId: !Ref PublicRouteTable
      SubnetId: !Ref PublicSubnetC
# ------------------------------------------------------------#
#  Securitygroup
# ------------------------------------------------------------#
  CodeDeployDeployAgentSecuritygroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupName: !Sub ${ProjectName}-codedeploy-agent-sg
      GroupDescription: !Sub ${ProjectName}-codedeploy-agent-sg
      Tags:
        - Key: Name
          Value: !Sub ${ProjectName}-codedeploy-agent-sg
      VpcId: !Ref VPC
      SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: '22'
        ToPort: '22'
        CidrIp: !Sub ${SecurityGroupInboudRule}
      - IpProtocol: tcp
        FromPort: '80'
        ToPort: '80'
        CidrIp: !Sub ${SecurityGroupInboudRule}
# ------------------------------------------------------------#
#  EC2
# ------------------------------------------------------------#
  CodeDeployDeployAgentInstance:
    Type: "AWS::EC2::Instance"
    Properties:
      AvailabilityZone: ap-northeast-1a
      ImageId: ami-0a1c2ec61571737db #AL2
      InstanceType: t3.micro
      KeyName: !Ref EC2KeyPair
      BlockDeviceMappings:
        - DeviceName: /dev/xvda
          Ebs:
            VolumeType: gp2
            VolumeSize: 8
      NetworkInterfaces:
        - AssociatePublicIpAddress: "true"
          DeviceIndex: "0"
          GroupSet:
            - Ref: CodeDeployDeployAgentSecuritygroup
          SubnetId:
            Ref: PublicSubnetA
      IamInstanceProfile: !Ref CodeDeployDeployAgentInstanceProfile
      Tags:
        - Key: Name
          Value: !Sub ${ProjectName}-codedeploy-agent
      UserData:
        Fn::Base64: |
          #!/bin/bash
          yum -y update
          yum install -y ruby
          yum install -y wget
          cd /home/ec2-user
          wget https://aws-codedeploy-ap-northeast-1.s3.ap-northeast-1.amazonaws.com/latest/install
          chmod +x ./install
          ./install auto
# ------------------------------------------------------------#
# CodeDeploy
# ------------------------------------------------------------#
  CodeDeployApplication:
    Type: AWS::CodeDeploy::Application
    Properties:
      ApplicationName: !Sub ${ProjectName}-application
      ComputePlatform: Server
  CodeDeployDeploymentGroup:
    Type: AWS::CodeDeploy::DeploymentGroup
    Properties:
      ApplicationName: !Ref CodeDeployApplication
      DeploymentGroupName: !Sub ${ProjectName}-deployment-group
      DeploymentStyle:
        DeploymentOption: WITHOUT_TRAFFIC_CONTROL
        DeploymentType: IN_PLACE
      Ec2TagFilters:
        - Key: Name
          Value: !Sub ${ProjectName}-codedeploy-agent
          Type: KEY_AND_VALUE
      DeploymentConfigName: CodeDeployDefault.OneAtATime
      ServiceRoleArn: !GetAtt CodeDeployServiceRole.Arn
# ------------------------------------------------------------#
# CodePipeline
# ------------------------------------------------------------#
  CodePipeline:
    Type: AWS::CodePipeline::Pipeline
    Properties:
      Name: !Sub ${ProjectName}-pipeline
      Stages:
        - Name: Source
          Actions:
            - Name: SourceAction
              ActionTypeId:
                Category: Source
                Owner: AWS
                Version: 1
                Provider: S3
              OutputArtifacts:
                - Name: SourceArtifact
              Configuration:
                S3Bucket: !Ref CodePipelineSourceBucket
                S3ObjectKey: !Ref SourceS3ObjectKey
              RunOrder: 1
        - Name: Deploy
          Actions:
            - Name: DeployAction
              InputArtifacts:
                - Name: SourceArtifact
              ActionTypeId:
                Category: Deploy
                Owner: AWS
                Version: 1
                Provider: CodeDeploy
              Configuration:
                ApplicationName: !Ref CodeDeployApplication
                DeploymentGroupName: !Ref CodeDeployDeploymentGroup
              RunOrder: 1
      ArtifactStore:
        Type: S3
        Location: !Ref CodePipelineArtifactBucket
      RestartExecutionOnUpdate: false
      RoleArn: !GetAtt CodePipelineServiceRole.Arn
	AWSTemplateFormatVersion: '2010-09-09'
	# ------------------------------------------------------------#
	# Input Parameters
	# ------------------------------------------------------------#
	Parameters:
	ProjectName:
	Type: String
	Default: 'test'
	EC2KeyPair:
	Type: AWS::EC2::KeyPair::KeyName
	SecurityGroupInboudRule:
	Type: String
	Default: '0.0.0.0/0'
	Description: Please input inbound rules for CodeDeploy Agent server.
	SourceS3ObjectKey:
	Type: String
	Default: 'SampleApp_Linux.zip'
	Description: Please input Source file name of CodePipeline.
	Resources:
	# ------------------------------------------------------------#
	# S3 Bucket
	# ------------------------------------------------------------#
	CodePipelineSourceBucket:
	Type: 'AWS::S3::Bucket'
	Properties:
	BucketName: !Sub ${ProjectName}-code-pipe-line-source-${AWS::AccountId}
	VersioningConfiguration:
	Status: Enabled
	CodePipelineArtifactBucket:
	Type: 'AWS::S3::Bucket'
	Properties:
	BucketName: !Sub ${ProjectName}-code-pipe-line-artifact-${AWS::AccountId}
	# ------------------------------------------------------------#
	# IAM
	# ------------------------------------------------------------#
	CodeDeployDeployAgentRole:
	Type: "AWS::IAM::Role"
	Properties:
	AssumeRolePolicyDocument:
	Version: "2012-10-17"
	Statement:
	-
	Effect: "Allow"
	Principal:
	Service:
	- "ec2.amazonaws.com"
	Action:
	- "sts:AssumeRole"
	Path: "/"
	ManagedPolicyArns:
	- arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforAWSCodeDeploy
	RoleName: !Sub ${ProjectName}-web-role
	CodeDeployDeployAgentInstanceProfile:
	Type: "AWS::IAM::InstanceProfile"
	Properties:
	Path: "/"
	Roles:
	- !Ref CodeDeployDeployAgentRole
	InstanceProfileName: !Sub ${ProjectName}-web-role
	CodeDeployServiceRole:
	Type: "AWS::IAM::Role"
	Properties:
	AssumeRolePolicyDocument:
	Version: "2012-10-17"
	Statement:
	-
	Effect: "Allow"
	Principal:
	Service:
	- "codedeploy.amazonaws.com"
	Action:
	- "sts:AssumeRole"
	Path: "/"
	ManagedPolicyArns:
	- arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole
	RoleName: !Sub ${ProjectName}-CodeDeploy-role
	CodePipelineServiceRole:
	Type: "AWS::IAM::Role"
	Properties:
	AssumeRolePolicyDocument:
	Version: "2012-10-17"
	Statement:
	-
	Effect: "Allow"
	Principal:
	Service:
	- "codepipeline.amazonaws.com"
	Action:
	- "sts:AssumeRole"
	Path: "/"
	RoleName: !Sub ${ProjectName}-CodePipeline-role
	CodePipelineManagedPolicy:
	Type: AWS::IAM::ManagedPolicy
	Properties:
	ManagedPolicyName: AWSCodePipelineServiceRolePolicy
	Description: Policy used in trust relationship with CodePipeline
	Path: /
	PolicyDocument:
	Version: '2012-10-17'
	Statement:
	- Effect: Allow
	Resource: '*'
	Action: 'iam:PassRole'
	Condition:
	StringEqualsIfExists:
	"iam:PassedToService":
	- "cloudformation.amazonaws.com"
	- "elasticbeanstalk.amazonaws.com"
	- "ec2.amazonaws.com"
	- "ecs-tasks.amazonaws.com"
	- Effect: Allow
	Resource: '*'
	Action:
	- "codecommit:CancelUploadArchive"
	- "codecommit:GetBranch"
	- "codecommit:GetCommit"
	- "codecommit:GetUploadArchiveStatus"
	- "codecommit:UploadArchive"
	- Effect: Allow
	Resource: '*'
	Action:
	- "codedeploy:CreateDeployment"
	- "codedeploy:GetApplication"
	- "codedeploy:GetApplicationRevision"
	- "codedeploy:GetDeployment"
	- "codedeploy:GetDeploymentConfig"
	- "codedeploy:RegisterApplicationRevision"
	- Effect: Allow
	Resource: '*'
	Action:
	- "codestar-connections:UseConnection"
	- Effect: Allow
	Resource: '*'
	Action:
	- "elasticbeanstalk:*"
	- "ec2:*"
	- "elasticloadbalancing:*"
	- "autoscaling:*"
	- "cloudwatch:*"
	- "s3:*"
	- "sns:*"
	- "cloudformation:*"
	- "rds:*"
	- "sqs:*"
	- "ecs:*"
	- Effect: Allow
	Resource: '*'
	Action:
	- "lambda:InvokeFunction"
	- "lambda:ListFunctions"
	- Effect: Allow
	Resource: '*'
	Action:
	- "opsworks:CreateDeployment"
	- "opsworks:DescribeApps"
	- "opsworks:DescribeCommands"
	- "opsworks:DescribeDeployments"
	- "opsworks:DescribeInstances"
	- "opsworks:DescribeStacks"
	- "opsworks:UpdateApp"
	- "opsworks:UpdateStack"
	- Effect: Allow
	Resource: '*'
	Action:
	- "cloudformation:CreateStack"
	- "cloudformation:DeleteStack"
	- "cloudformation:DescribeStacks"
	- "cloudformation:UpdateStack"
	- "cloudformation:CreateChangeSet"
	- "cloudformation:DeleteChangeSet"
	- "cloudformation:DescribeChangeSet"
	- "cloudformation:ExecuteChangeSet"
	- "cloudformation:SetStackPolicy"
	- "cloudformation:ValidateTemplate"
	- Effect: Allow
	Resource: '*'
	Action:
	- "codebuild:BatchGetBuilds"
	- "codebuild:StartBuild"
	- Effect: Allow
	Resource: '*'
	Action:
	- "devicefarm:ListProjects"
	- "devicefarm:ListDevicePools"
	- "devicefarm:GetRun"
	- "devicefarm:GetUpload"
	- "devicefarm:CreateUpload"
	- "devicefarm:ScheduleRun"
	- Effect: Allow
	Resource: '*'
	Action:
	- "servicecatalog:ListProvisioningArtifacts"
	- "servicecatalog:CreateProvisioningArtifact"
	- "servicecatalog:DescribeProvisioningArtifact"
	- "servicecatalog:DeleteProvisioningArtifact"
	- "servicecatalog:UpdateProduct"
	- Effect: Allow
	Resource: '*'
	Action:
	- "cloudformation:ValidateTemplate"
	- Effect: Allow
	Resource: '*'
	Action:
	- "ecr:DescribeImages"
	- Effect: Allow
	Resource: '*'
	Action:
	- "states:DescribeExecution"
	- "states:DescribeStateMachine"
	- "states:StartExecution"
	Roles:
	- !Ref CodePipelineServiceRole
	# ------------------------------------------------------------#
	# VPC
	# ------------------------------------------------------------#
	VPC:
	Type: 'AWS::EC2::VPC'
	Properties:
	CidrBlock: 10.0.0.0/16
	EnableDnsSupport: 'true'
	EnableDnsHostnames: 'true'
	InstanceTenancy: default
	Tags:
	- Key: Name
	Value: !Sub ${ProjectName}-vpc
	# ------------------------------------------------------------#
	# Internet Gateway
	# ------------------------------------------------------------#
	InternetGateway:
	Type: 'AWS::EC2::InternetGateway'
	Properties:
	Tags:
	- Key: Name
	Value: !Sub ${ProjectName}-igw
	VPCGatewayAttachment:
	Type: 'AWS::EC2::VPCGatewayAttachment'
	Properties:
	InternetGatewayId: !Ref InternetGateway
	VpcId: !Ref VPC
	# ------------------------------------------------------------#
	# Subnet
	# ------------------------------------------------------------#
	PublicSubnetA:
	Type: 'AWS::EC2::Subnet'
	Properties:
	VpcId: !Ref VPC
	AvailabilityZone: 'ap-northeast-1a'
	CidrBlock: 10.0.1.0/24
	MapPublicIpOnLaunch: 'true'
	Tags:
	- Key: Name
	Value: !Sub ${ProjectName}-public-subnet01
	PublicSubnetC:
	Type: 'AWS::EC2::Subnet'
	Properties:
	VpcId: !Ref VPC
	AvailabilityZone: 'ap-northeast-1c'
	CidrBlock: 10.0.2.0/24
	MapPublicIpOnLaunch: 'true'
	Tags:
	- Key: Name
	Value: !Sub ${ProjectName}-public-subnet02
	# ------------------------------------------------------------#
	# RouteTable
	# ------------------------------------------------------------#
	PublicRouteTable:
	Type: 'AWS::EC2::RouteTable'
	Properties:
	VpcId: !Ref VPC
	Tags:
	- Key: Name
	Value: !Sub ${ProjectName}-public-rtb
	RouteAddInternetGateway:
	Type: 'AWS::EC2::Route'
	Properties:
	DestinationCidrBlock: 0.0.0.0/0
	GatewayId: !Ref InternetGateway
	RouteTableId: !Ref PublicRouteTable
	AssociatePublicSubnetAToPublicRouteTable:
	Type: 'AWS::EC2::SubnetRouteTableAssociation'
	Properties:
	RouteTableId: !Ref PublicRouteTable
	SubnetId: !Ref PublicSubnetA
	AssociatePublicSubnetCToPublicRouteTable:
	Type: 'AWS::EC2::SubnetRouteTableAssociation'
	Properties:
	RouteTableId: !Ref PublicRouteTable
	SubnetId: !Ref PublicSubnetC
	# ------------------------------------------------------------#
	# Securitygroup
	# ------------------------------------------------------------#
	CodeDeployDeployAgentSecuritygroup:
	Type: AWS::EC2::SecurityGroup
	Properties:
	GroupName: !Sub ${ProjectName}-codedeploy-agent-sg
	GroupDescription: !Sub ${ProjectName}-codedeploy-agent-sg
	Tags:
	- Key: Name
	Value: !Sub ${ProjectName}-codedeploy-agent-sg
	VpcId: !Ref VPC
	SecurityGroupIngress:
	- IpProtocol: tcp
	FromPort: '22'
	ToPort: '22'
	CidrIp: !Sub ${SecurityGroupInboudRule}
	- IpProtocol: tcp
	FromPort: '80'
	ToPort: '80'
	CidrIp: !Sub ${SecurityGroupInboudRule}
	# ------------------------------------------------------------#
	# EC2
	# ------------------------------------------------------------#
	CodeDeployDeployAgentInstance:
	Type: "AWS::EC2::Instance"
	Properties:
	AvailabilityZone: ap-northeast-1a
	ImageId: ami-0a1c2ec61571737db #AL2
	InstanceType: t3.micro
	KeyName: !Ref EC2KeyPair
	BlockDeviceMappings:
	- DeviceName: /dev/xvda
	Ebs:
	VolumeType: gp2
	VolumeSize: 8
	NetworkInterfaces:
	- AssociatePublicIpAddress: "true"
	DeviceIndex: "0"
	GroupSet:
	- Ref: CodeDeployDeployAgentSecuritygroup
	SubnetId:
	Ref: PublicSubnetA
	IamInstanceProfile: !Ref CodeDeployDeployAgentInstanceProfile
	Tags:
	- Key: Name
	Value: !Sub ${ProjectName}-codedeploy-agent
	UserData:
	Fn::Base64: \|
	#!/bin/bash
	yum -y update
	yum install -y ruby
	yum install -y wget
	cd /home/ec2-user
	wget https://aws-codedeploy-ap-northeast-1.s3.ap-northeast-1.amazonaws.com/latest/install
	chmod +x ./install
	./install auto
	# ------------------------------------------------------------#
	# CodeDeploy
	# ------------------------------------------------------------#
	CodeDeployApplication:
	Type: AWS::CodeDeploy::Application
	Properties:
	ApplicationName: !Sub ${ProjectName}-application
	ComputePlatform: Server
	CodeDeployDeploymentGroup:
	Type: AWS::CodeDeploy::DeploymentGroup
	Properties:
	ApplicationName: !Ref CodeDeployApplication
	DeploymentGroupName: !Sub ${ProjectName}-deployment-group
	DeploymentStyle:
	DeploymentOption: WITHOUT_TRAFFIC_CONTROL
	DeploymentType: IN_PLACE
	Ec2TagFilters:
	- Key: Name
	Value: !Sub ${ProjectName}-codedeploy-agent
	Type: KEY_AND_VALUE
	DeploymentConfigName: CodeDeployDefault.OneAtATime
	ServiceRoleArn: !GetAtt CodeDeployServiceRole.Arn
	# ------------------------------------------------------------#
	# CodePipeline
	# ------------------------------------------------------------#
	CodePipeline:
	Type: AWS::CodePipeline::Pipeline
	Properties:
	Name: !Sub ${ProjectName}-pipeline
	Stages:
	- Name: Source
	Actions:
	- Name: SourceAction
	ActionTypeId:
	Category: Source
	Owner: AWS
	Version: 1
	Provider: S3
	OutputArtifacts:
	- Name: SourceArtifact
	Configuration:
	S3Bucket: !Ref CodePipelineSourceBucket
	S3ObjectKey: !Ref SourceS3ObjectKey
	RunOrder: 1
	- Name: Deploy
	Actions:
	- Name: DeployAction
	InputArtifacts:
	- Name: SourceArtifact
	ActionTypeId:
	Category: Deploy
	Owner: AWS
	Version: 1
	Provider: CodeDeploy
	Configuration:
	ApplicationName: !Ref CodeDeployApplication
	DeploymentGroupName: !Ref CodeDeployDeploymentGroup
	RunOrder: 1
	ArtifactStore:
	Type: S3
	Location: !Ref CodePipelineArtifactBucket
	RestartExecutionOnUpdate: false
	RoleArn: !GetAtt CodePipelineServiceRole.Arn