forked from s0enke/cloudformation-templates
-
Notifications
You must be signed in to change notification settings - Fork 0
/
infrastructure.yml
156 lines (148 loc) · 4.54 KB
/
infrastructure.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
AWSTemplateFormatVersion: "2010-09-09"
Description: Infrastructure for CloudFormation templates, e.g. pipeline and bucket
Parameters:
TemplateBucketName:
Type: String
GithubOauthToken:
Type: String
DeploymentStage:
Type: String
Default: prod
Resources:
TemplateBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Ref TemplateBucketName
AccessControl: PublicRead
TemplateBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref TemplateBucket
PolicyDocument:
Version: "2012-10-17"
Statement:
Effect: Allow
Principal: "*"
Action: s3:GetObject
Resource: !Sub arn:aws:s3:::${TemplateBucket}/*
ArtifactStoreBucket:
Type: AWS::S3::Bucket
Properties:
VersioningConfiguration:
Status: Enabled
AccessControl: BucketOwnerFullControl
Pipeline:
Type: AWS::CodePipeline::Pipeline
Properties:
RoleArn: !GetAtt PipelineRole.Arn
ArtifactStore:
Location:
Ref:
ArtifactStoreBucket
Type: S3
Stages:
- Name: Source
Actions:
- InputArtifacts: []
Name: SourceAction
ActionTypeId:
Category: Source
Owner: ThirdParty
Version: 1
Provider: GitHub
OutputArtifacts:
- Name: SourceOutput
Configuration:
Owner: s0enke
Repo: cloudformation-templates
Branch: master
OAuthToken:
Ref: GithubOauthToken
RunOrder: 1
- Name: DeploySelf
Actions:
- Name: DeploySelfAction
ActionTypeId:
Category: Deploy
Owner: AWS
Provider: CloudFormation
Version: 1
InputArtifacts:
- Name: SourceOutput
RunOrder: 1
Configuration:
ActionMode: CREATE_UPDATE
Capabilities: CAPABILITY_IAM
RoleArn: !GetAtt DeploySelfActionRole.Arn
StackName: !Ref AWS::StackName
TemplatePath: 'SourceOutput::infrastructure.yml'
ParameterOverrides: !Sub '{"TemplateBucketName": "${TemplateBucketName}", "GithubOauthToken": "${GithubOauthToken}", "DeploymentStage": "${DeploymentStage}"}'
- Name: ValidateAndDeployTemplates
Actions:
- InputArtifacts:
- Name: SourceOutput
Name: ValidateAndDeployTemplatesAction
ActionTypeId:
Category: Build
Owner: AWS
Version: 1
Provider: CodeBuild
OutputArtifacts:
- Name: ValidateAndDeployTemplatesOutput
Configuration:
ProjectName:
Ref: ValidateAndDeployTemplatesBuild
RunOrder: 2
PipelineRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
Effect: Allow
Principal:
Service: codepipeline.amazonaws.com
Action: sts:AssumeRole
Path: /
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AdministratorAccess
DeploySelfActionRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
Effect: Allow
Principal:
Service: cloudformation.amazonaws.com
Action: sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AdministratorAccess
ValidateAndDeployTemplatesBuild:
Type: AWS::CodeBuild::Project
Properties:
Artifacts:
Type: CODEPIPELINE
Environment:
ComputeType: BUILD_GENERAL1_SMALL
Image: aws/codebuild/eb-python-2.6-amazonlinux-64:2.1.3
Type: LINUX_CONTAINER
EnvironmentVariables:
- Name: TEMPLATE_DEPLOYMENT_BUCKET
Value: !Ref TemplateBucket
Name: !Sub ValidateAndDeployTemplatesBuild-${DeploymentStage}
ServiceRole: !Ref ValidateAndDeployTemplatesBuildRole
Source:
Type: CODEPIPELINE
ValidateAndDeployTemplatesBuildRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
Effect: Allow
Principal:
Service: codebuild.amazonaws.com
Action: sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AdministratorAccess