diff --git a/deployments/pipeline-new.yml b/deployments/pipeline-new.yml index e2dc03b..2964630 100644 --- a/deployments/pipeline-new.yml +++ b/deployments/pipeline-new.yml @@ -60,7 +60,7 @@ Resources: DependsOn: - SSMArtifactBucket - SSMCodePipelineServiceRoleArn - - SSMCloudFormationDeployRole + # - SSMCloudFormationDeployRole Properties: RoleArn: !GetAtt CodePipelineServiceRole.Arn ArtifactStore: @@ -179,8 +179,8 @@ Resources: #-----------------------------------------------------------------------------# # Services #-----------------------------------------------------------------------------# - # - Name: Services - # Actions: + - Name: Services + Actions: # - Name: Server # ActionTypeId: @@ -196,8 +196,8 @@ Resources: # Capabilities: CAPABILITY_IAM # ParameterOverrides: !Sub | # { - # "EnvironmentName": "${EnvironmentName}", # "ServiceName": "server", + # "EnvironmentName": "${EnvironmentName}", # "ImageUrl": "amazon/amazon-ecs-sample" # } # InputArtifacts: @@ -217,33 +217,35 @@ Resources: # Capabilities: CAPABILITY_IAM # ParameterOverrides: !Sub | # { - # "EnvironmentName": "${EnvironmentName}", # "ServiceName": "cache", + # "EnvironmentName": "${EnvironmentName}", # "ImageUrl": "amazon/amazon-ecs-sample" # } # InputArtifacts: # - Name: Source - # - Name: Database - # ActionTypeId: - # Category: Deploy - # Owner: AWS - # Version: 1 - # Provider: CloudFormation - # Configuration: - # ActionMode: CREATE_UPDATE - # RoleArn: !GetAtt CloudFormationDeployRole.Arn - # StackName: !Sub ${EnvironmentName}-Database-Service - # TemplatePath: !Sub Source::deployments/services-${DeploymentType}/database.yml - # Capabilities: CAPABILITY_IAM - # ParameterOverrides: !Sub | - # { - # "EnvironmentName": "${EnvironmentName}", - # "ServiceName": "database", - # "ImageUrl": "amazon/amazon-ecs-sample" - # } - # InputArtifacts: - # - Name: Source + - Name: Database + ActionTypeId: + Category: Deploy + Owner: AWS + Version: 1 + Provider: CloudFormation + Configuration: + ActionMode: CREATE_UPDATE + RoleArn: !GetAtt CloudFormationDeployRole.Arn + StackName: !Sub ${EnvironmentName}-Database-Service + TemplatePath: !Sub Source::deployments/services-${DeploymentType}/database.yml + Capabilities: CAPABILITY_IAM + # Don't have an image at this point, using a sample image + ParameterOverrides: !Sub | + { + "ServiceName": "database", + "EnvironmentName": "${EnvironmentName}", + "DeploymentType": "${DeploymentType}", + "ImageUrl": "amazon/amazon-ecs-sample" + } + InputArtifacts: + - Name: Source #-----------------------------------------------------------------------------# @@ -266,8 +268,8 @@ Resources: # Capabilities: CAPABILITY_IAM # ParameterOverrides: !Sub | # { - # "ServiceName": "server", # "EnvironmentName": "${EnvironmentName}", + # "ServiceName": "server", # "DeploymentType": "${DeploymentType}", # "TriggerMessagePattern": "[(BuildServer|BuildAll)]", # "GitHubRepo": "${GitHubRepo}", @@ -292,8 +294,8 @@ Resources: # Capabilities: CAPABILITY_IAM # ParameterOverrides: !Sub | # { - # "ServiceName": "cache", # "EnvironmentName": "${EnvironmentName}", + # "ServiceName": "cache", # "DeploymentType": "${DeploymentType}", # "TriggerMessagePattern": "[(BuildCache|BuildAll)]", # "GitHubRepo": "${GitHubRepo}", @@ -318,8 +320,8 @@ Resources: Capabilities: CAPABILITY_IAM ParameterOverrides: !Sub | { - "ServiceName": "database", "EnvironmentName": "${EnvironmentName}", + "ServiceName": "database", "DeploymentType": "${DeploymentType}", "TriggerMessagePattern": "[(BuildDatabase|BuildAll)]", "GitHubRepo": "${GitHubRepo}", @@ -462,12 +464,12 @@ Resources: Name: /microservices/codepipeline_service_role_arn Type: String Value: !GetAtt CodePipelineServiceRole.Arn - SSMCloudFormationDeployRole: - Type: AWS::SSM::Parameter - Properties: - Name: /microservices/cloudformation_deploy_role - Type: String - Value: !Ref CloudFormationDeployRole + # SSMCloudFormationDeployRole: + # Type: AWS::SSM::Parameter + # Properties: + # Name: /microservices/cloudformation_deploy_role + # Type: String + # Value: !Ref CloudFormationDeployRole Outputs: PipelineUrl: diff --git a/deployments/pipeline-service.yml b/deployments/pipeline-service.yml index 3ae2114..f3d3e48 100644 --- a/deployments/pipeline-service.yml +++ b/deployments/pipeline-service.yml @@ -29,9 +29,9 @@ Parameters: CodePipelineServiceRoleArn: Type: AWS::SSM::Parameter::Value Default: /microservices/codepipeline_service_role_arn - CloudFormationDeployRole: - Type: AWS::SSM::Parameter::Value - Default: /microservices/cloudformation_deploy_role + # CloudFormationDeployRole: + # Type: AWS::SSM::Parameter::Value + # Default: /microservices/cloudformation_deploy_role Resources: @@ -106,17 +106,32 @@ Resources: #-----------------------------------------------------------------------------# # CodePipeline #-----------------------------------------------------------------------------# + # CloudWatchEventRule: + # Type: AWS::Events::Rule + # Properties: + # EventPattern: + # detail: + # action-type: [PUSH] + # image-tag: [latest] + # repository-name: [!Ref Repository] + # result: [SUCCESS] + # detail-type: [ECR Image Action] + # source: [aws.ecr] + # Targets: + # - Arn: !Sub arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${Pipeline} + # RoleArn: !GetAtt CloudWatchEventRole.Arn + # Id: server-pipeline + + # https://docs.aws.amazon.com/codebuild/latest/userguide/sample-build-notifications.html#sample-build-notifications-ref CloudWatchEventRule: Type: AWS::Events::Rule Properties: EventPattern: + detail-type: [CodeBuild Build State Change] + source: [aws.codebuild] detail: - action-type: [PUSH] - image-tag: [latest] - repository-name: [!Ref Repository] - result: [SUCCESS] - detail-type: [ECR Image Action] - source: [aws.ecr] + build-status: [SUCCEEDED] + project-name: [!Ref CodeBuildProject] Targets: - Arn: !Sub arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${Pipeline} RoleArn: !GetAtt CloudWatchEventRole.Arn @@ -151,34 +166,34 @@ Resources: - Name: Source Actions: - - Name: Image - Namespace: ImageVariables - ActionTypeId: - Category: Source - Owner: AWS - Version: 1 - Provider: ECR - Configuration: - RepositoryName: !Ref Repository - ImageTag: latest - OutputArtifacts: - - Name: Image - RunOrder: 1 - # - Name: Image + # Namespace: ImageVariables # ActionTypeId: # Category: Source # Owner: AWS # Version: 1 - # Provider: S3 + # Provider: ECR # Configuration: - # S3Bucket: !Ref ArtifactBucket - # S3ObjectKey: !Sub imagedefinitions/${ServiceName}.zip - # PollForSourceChanges: false + # RepositoryName: !Ref Repository + # ImageTag: latest # OutputArtifacts: # - Name: Image # RunOrder: 1 + - Name: Image + ActionTypeId: + Category: Source + Owner: AWS + Version: 1 + Provider: S3 + Configuration: + S3Bucket: !Ref ArtifactBucket + S3ObjectKey: !Sub imagedefinitions/${ServiceName}.zip + PollForSourceChanges: false + OutputArtifacts: + - Name: Image + RunOrder: 1 + - Name: Code ActionTypeId: Category: Source @@ -193,31 +208,10 @@ Resources: PollForSourceChanges: false OutputArtifacts: - Name: Code - RunOrder: 1 #-----------------------------------------------------------------------------# # Deploy #-----------------------------------------------------------------------------# - # - Name: Deploy - # Actions: - # - Name: Deploy - # ActionTypeId: - # Category: Deploy - # Owner: AWS - # Version: 1 - # Provider: ECS - # Configuration: - # ClusterName: - # Fn::ImportValue: !Sub ${EnvironmentName}:ClusterName - # ServiceName: !Ref ServiceName - # # Needs imagedefinitions.json but ECR produces imageDetail.json. - # # Need a build stage to build images or transform imageDetail.json - # # as described here: https://stackoverflow.com/a/57015190 - # # Or use blue/green deployment - # FileName: imagedefinitions.json - # InputArtifacts: - # - Name: Image - - Name: Deploy Actions: - Name: Deploy @@ -225,22 +219,38 @@ Resources: Category: Deploy Owner: AWS Version: 1 - Provider: CloudFormation + Provider: ECS Configuration: - ActionMode: CREATE_UPDATE - RoleArn: !Ref CloudFormationDeployRole - StackName: !Sub ${EnvironmentName}-Server-Service - TemplatePath: !Sub Code::deployments/services-${DeploymentType}/server.yml - Capabilities: CAPABILITY_IAM - ParameterOverrides: !Sub | - { - "EnvironmentName": "${EnvironmentName}", - "ServiceName": "${ServiceName}", - "ImageUrl": "${Repository.RepositoryUri}@#{ImageVariables.ImageDigest}" - } + ClusterName: + Fn::ImportValue: !Sub ${EnvironmentName}:ClusterName + ServiceName: !Ref ServiceName + FileName: imagedefinitions.json InputArtifacts: - Name: Image - - Name: Code + + # - Name: Deploy + # Actions: + # - Name: Deploy + # ActionTypeId: + # Category: Deploy + # Owner: AWS + # Version: 1 + # Provider: CloudFormation + # Configuration: + # ActionMode: CREATE_UPDATE + # RoleArn: !Ref CloudFormationDeployRole + # StackName: !Sub ${EnvironmentName}-Server-Service + # TemplatePath: !Sub Code::deployments/services-${DeploymentType}/server.yml + # Capabilities: CAPABILITY_IAM + # ParameterOverrides: !Sub | + # { + # "EnvironmentName": "${EnvironmentName}", + # "ServiceName": "${ServiceName}", + # "ImageUrl": "${Repository.RepositoryUri}@#{ImageVariables.ImageDigest}" + # } + # InputArtifacts: + # - Name: Image + # - Name: Code #-----------------------------------------------------------------------------# # Role for CodeBuild service @@ -268,13 +278,13 @@ Resources: - logs:CreateLogStream - logs:PutLogEvents - ecr:GetAuthorizationToken - - Resource: !Sub arn:aws:s3:::${ArtifactBucket}/* + - Resource: !Sub arn:aws:s3:::${ArtifactBucket}* Effect: Allow Action: - s3:GetObject - s3:PutObject - s3:GetObjectVersion - - Resource: "*" # !GetAtt Repository.Arn + - Resource: !GetAtt Repository.Arn Effect: Allow Action: - ecr:GetDownloadUrlForLayer