taufiqpsumarna/CodebuildPolicy.json

## buildspec.yml
# Add this variables into CodeBuild Build Project
#   AWS_ACCOUNT_ID
#   AWS_DEFAULT_REGION
#   AWS_ECR_REPO_NAME

version: 0.2
phases:
  pre_build:
    commands:
      - echo Logging in to Amazon ECR...
      - echo Check REPOSITORY_URI "$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$AWS_ECR_REPO_NAME"
      - echo Check Environment $(aws --version && docker --version)
      - aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com
      - REPOSITORY_URI=$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$AWS_ECR_REPO_NAME
      - COMMIT_HASH=$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | cut -c 1-7)
      - IMAGE_TAG=${COMMIT_HASH:=latest}
  build:
    commands:
      - echo Build started on `date`
      - echo Building the Docker image...
      - docker build -t $REPOSITORY_URI:latest .
      - docker tag $REPOSITORY_URI:latest $REPOSITORY_URI:$IMAGE_TAG
  post_build:
    commands:
      - echo Build completed on `date`
      - echo Pushing the Docker images...
      - docker push $REPOSITORY_URI:latest
      - docker push $REPOSITORY_URI:$IMAGE_TAG
      - echo Writing image definitions file...
      - printf '[{"name":"container-name","imageUri":"%s"}]' $REPOSITORY_URI:$IMAGE_TAG > imagedefinitions.json
artifacts:
  files: imagedefinitions.json

## CodebuildPolicy.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ecr:GetDownloadUrlForLayer",
                "ecr:BatchGetImage",
                "ecr:BatchCheckLayerAvailability",
                "ecr:PutImage",
                "ecr:InitiateLayerUpload",
                "ecr:UploadLayerPart",
                "ecr:CompleteLayerUpload",
                "ecr:GetAuthorizationToken",
                "ecs:RegisterTaskDefinition",
                "ecs:UpdateService",
                "ecs:DescribeServices",
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents",
                "s3:PutObject",
                "s3:PutObjectAcl",
                "s3:GetObject",
                "s3:GetObjectAcl"
            ],
            "Resource": "*"
        }
    ]
}
	# Add this variables into CodeBuild Build Project
	# AWS_ACCOUNT_ID
	# AWS_DEFAULT_REGION
	# AWS_ECR_REPO_NAME

	version: 0.2
	phases:
	pre_build:
	commands:
	- echo Logging in to Amazon ECR...
	- echo Check REPOSITORY_URI "$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$AWS_ECR_REPO_NAME"
	- echo Check Environment $(aws --version && docker --version)
	- aws ecr get-login-password --region $AWS_DEFAULT_REGION \| docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com
	- REPOSITORY_URI=$AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$AWS_ECR_REPO_NAME
	- COMMIT_HASH=$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION \| cut -c 1-7)
	- IMAGE_TAG=${COMMIT_HASH:=latest}
	build:
	commands:
	- echo Build started on `date`
	- echo Building the Docker image...
	- docker build -t $REPOSITORY_URI:latest .
	- docker tag $REPOSITORY_URI:latest $REPOSITORY_URI:$IMAGE_TAG
	post_build:
	commands:
	- echo Build completed on `date`
	- echo Pushing the Docker images...
	- docker push $REPOSITORY_URI:latest
	- docker push $REPOSITORY_URI:$IMAGE_TAG
	- echo Writing image definitions file...
	- printf '[{"name":"container-name","imageUri":"%s"}]' $REPOSITORY_URI:$IMAGE_TAG > imagedefinitions.json
	artifacts:
	files: imagedefinitions.json
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Effect": "Allow",
	"Action": [
	"ecr:GetDownloadUrlForLayer",
	"ecr:BatchGetImage",
	"ecr:BatchCheckLayerAvailability",
	"ecr:PutImage",
	"ecr:InitiateLayerUpload",
	"ecr:UploadLayerPart",
	"ecr:CompleteLayerUpload",
	"ecr:GetAuthorizationToken",
	"ecs:RegisterTaskDefinition",
	"ecs:UpdateService",
	"ecs:DescribeServices",
	"logs:CreateLogGroup",
	"logs:CreateLogStream",
	"logs:PutLogEvents",
	"s3:PutObject",
	"s3:PutObjectAcl",
	"s3:GetObject",
	"s3:GetObjectAcl"
	],
	"Resource": "*"
	}
	]
	}