Create codebuild trigger

deployments/pipeline-new.yml

@@ -60,7 +60,7 @@ Resources:
     DependsOn:
       - SSMArtifactBucket
       - SSMCodePipelineServiceRoleArn
-      - SSMCloudFormationDeployRole
+      # - SSMCloudFormationDeployRole
     Properties:
       RoleArn: !GetAtt CodePipelineServiceRole.Arn
       ArtifactStore:
@@ -179,8 +179,8 @@ Resources:
         #-----------------------------------------------------------------------------#
         # Services
         #-----------------------------------------------------------------------------#
-        # - Name: Services
+        - Name: Services
-        #   Actions:
+          Actions:
 
             # - Name: Server
             #   ActionTypeId:
@@ -196,8 +196,8 @@ Resources:
             #     Capabilities: CAPABILITY_IAM
             #     ParameterOverrides: !Sub |
             #       {
-            #         "EnvironmentName": "${EnvironmentName}",
             #         "ServiceName": "server",
+            #         "EnvironmentName": "${EnvironmentName}",
             #         "ImageUrl": "amazon/amazon-ecs-sample"
             #       }
             #   InputArtifacts:
@@ -217,33 +217,35 @@ Resources:
             #     Capabilities: CAPABILITY_IAM
             #     ParameterOverrides: !Sub |
             #       {
-            #         "EnvironmentName": "${EnvironmentName}",
             #         "ServiceName": "cache",
+            #         "EnvironmentName": "${EnvironmentName}",
             #         "ImageUrl": "amazon/amazon-ecs-sample"
             #       }
             #   InputArtifacts:
             #     - Name: Source
 
-            # - Name: Database
+            - Name: Database
-            #   ActionTypeId:
+              ActionTypeId:
-            #     Category: Deploy
+                Category: Deploy
-            #     Owner: AWS
+                Owner: AWS
-            #     Version: 1
+                Version: 1
-            #     Provider: CloudFormation
+                Provider: CloudFormation
-            #   Configuration:
+              Configuration:
-            #     ActionMode: CREATE_UPDATE
+                ActionMode: CREATE_UPDATE
-            #     RoleArn: !GetAtt CloudFormationDeployRole.Arn
+                RoleArn: !GetAtt CloudFormationDeployRole.Arn
-            #     StackName: !Sub ${EnvironmentName}-Database-Service
+                StackName: !Sub ${EnvironmentName}-Database-Service
-            #     TemplatePath: !Sub Source::deployments/services-${DeploymentType}/database.yml
+                TemplatePath: !Sub Source::deployments/services-${DeploymentType}/database.yml
-            #     Capabilities: CAPABILITY_IAM
+                Capabilities: CAPABILITY_IAM
-            #     ParameterOverrides: !Sub |
+                # Don't have an image at this point, using a sample image
-            #       {
+                ParameterOverrides: !Sub |
-            #         "EnvironmentName": "${EnvironmentName}",
+                  {
-            #         "ServiceName": "database",
+                    "ServiceName": "database",
-            #         "ImageUrl": "amazon/amazon-ecs-sample"
+                    "EnvironmentName": "${EnvironmentName}",
-            #       }
+                    "DeploymentType": "${DeploymentType}",
-            #   InputArtifacts:
+                    "ImageUrl": "amazon/amazon-ecs-sample"
-            #     - Name: Source
+                  }
+              InputArtifacts:
+                - Name: Source
 
 
         #-----------------------------------------------------------------------------#
@@ -266,8 +268,8 @@ Resources:
             #     Capabilities: CAPABILITY_IAM
             #     ParameterOverrides: !Sub |
             #       {
-            #         "ServiceName": "server",
             #         "EnvironmentName": "${EnvironmentName}",
+            #         "ServiceName": "server",
             #         "DeploymentType": "${DeploymentType}",
             #         "TriggerMessagePattern": "[(BuildServer|BuildAll)]",
             #         "GitHubRepo": "${GitHubRepo}",
@@ -292,8 +294,8 @@ Resources:
             #     Capabilities: CAPABILITY_IAM
             #     ParameterOverrides: !Sub |
             #       {
-            #         "ServiceName": "cache",
             #         "EnvironmentName": "${EnvironmentName}",
+            #         "ServiceName": "cache",
             #         "DeploymentType": "${DeploymentType}",
             #         "TriggerMessagePattern": "[(BuildCache|BuildAll)]",
             #         "GitHubRepo": "${GitHubRepo}",
@@ -318,8 +320,8 @@ Resources:
                 Capabilities: CAPABILITY_IAM
                 ParameterOverrides: !Sub |
                   {
-                    "ServiceName": "database",
                     "EnvironmentName": "${EnvironmentName}",
+                    "ServiceName": "database",
                     "DeploymentType": "${DeploymentType}",
                     "TriggerMessagePattern": "[(BuildDatabase|BuildAll)]",
                     "GitHubRepo": "${GitHubRepo}",
@@ -462,12 +464,12 @@ Resources:
       Name: /microservices/codepipeline_service_role_arn
       Type: String
       Value: !GetAtt CodePipelineServiceRole.Arn
-  SSMCloudFormationDeployRole:
+  # SSMCloudFormationDeployRole:
-    Type: AWS::SSM::Parameter
+  #   Type: AWS::SSM::Parameter
-    Properties:
+  #   Properties:
-      Name: /microservices/cloudformation_deploy_role
+  #     Name: /microservices/cloudformation_deploy_role
-      Type: String
+  #     Type: String
-      Value: !Ref CloudFormationDeployRole
+  #     Value: !Ref CloudFormationDeployRole
 
 Outputs:
   PipelineUrl:

deployments/pipeline-service.yml

@@ -29,9 +29,9 @@ Parameters:
   CodePipelineServiceRoleArn:
     Type: AWS::SSM::Parameter::Value<String>
     Default: /microservices/codepipeline_service_role_arn
-  CloudFormationDeployRole:
+  # CloudFormationDeployRole:
-    Type: AWS::SSM::Parameter::Value<String>
+  #   Type: AWS::SSM::Parameter::Value<String>
-    Default: /microservices/cloudformation_deploy_role
+  #   Default: /microservices/cloudformation_deploy_role
 
 Resources:
 
@@ -106,17 +106,32 @@ Resources:
   #-----------------------------------------------------------------------------#
   # CodePipeline
   #-----------------------------------------------------------------------------#
+  # CloudWatchEventRule:
+  #   Type: AWS::Events::Rule
+  #   Properties:
+  #     EventPattern:
+  #       detail:
+  #         action-type: [PUSH]
+  #         image-tag: [latest]
+  #         repository-name: [!Ref Repository]
+  #         result: [SUCCESS]
+  #       detail-type: [ECR Image Action]
+  #       source: [aws.ecr]
+  #     Targets:
+  #       - Arn: !Sub arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${Pipeline}
+  #         RoleArn: !GetAtt CloudWatchEventRole.Arn
+  #         Id: server-pipeline
+
+  # https://docs.aws.amazon.com/codebuild/latest/userguide/sample-build-notifications.html#sample-build-notifications-ref
   CloudWatchEventRule:
     Type: AWS::Events::Rule
     Properties:
       EventPattern:
+        detail-type: [CodeBuild Build State Change]
+        source: [aws.codebuild]
         detail:
-          action-type: [PUSH]
+          build-status: [SUCCEEDED]
-          image-tag: [latest]
+          project-name: [!Ref CodeBuildProject]
-          repository-name: [!Ref Repository]
-          result: [SUCCESS]
-        detail-type: [ECR Image Action]
-        source: [aws.ecr]
       Targets:
         - Arn: !Sub arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${Pipeline}
           RoleArn: !GetAtt CloudWatchEventRole.Arn
@@ -151,34 +166,34 @@ Resources:
         - Name: Source
           Actions:
 
-            - Name: Image
-              Namespace: ImageVariables
-              ActionTypeId:
-                Category: Source
-                Owner: AWS
-                Version: 1
-                Provider: ECR
-              Configuration:
-                RepositoryName: !Ref Repository
-                ImageTag: latest
-              OutputArtifacts:
-                - Name: Image
-              RunOrder: 1
-
             # - Name: Image
+            #   Namespace: ImageVariables
             #   ActionTypeId:
             #     Category: Source
             #     Owner: AWS
             #     Version: 1
-            #     Provider: S3
+            #     Provider: ECR
             #   Configuration:
-            #     S3Bucket: !Ref ArtifactBucket
+            #     RepositoryName: !Ref Repository
-            #     S3ObjectKey: !Sub imagedefinitions/${ServiceName}.zip
+            #     ImageTag: latest
-            #     PollForSourceChanges: false
             #   OutputArtifacts:
             #     - Name: Image
             #   RunOrder: 1
 
+            - Name: Image
+              ActionTypeId:
+                Category: Source
+                Owner: AWS
+                Version: 1
+                Provider: S3
+              Configuration:
+                S3Bucket: !Ref ArtifactBucket
+                S3ObjectKey: !Sub imagedefinitions/${ServiceName}.zip
+                PollForSourceChanges: false
+              OutputArtifacts:
+                - Name: Image
+              RunOrder: 1
+
             - Name: Code
               ActionTypeId:
                 Category: Source
@@ -193,31 +208,10 @@ Resources:
                 PollForSourceChanges: false
               OutputArtifacts:
                 - Name: Code
-              RunOrder: 1
 
         #-----------------------------------------------------------------------------#
         # Deploy
         #-----------------------------------------------------------------------------#
-        # - Name: Deploy
-        #   Actions:
-        #     - Name: Deploy
-        #       ActionTypeId:
-        #         Category: Deploy
-        #         Owner: AWS
-        #         Version: 1
-        #         Provider: ECS
-        #       Configuration:
-        #         ClusterName:
-        #           Fn::ImportValue: !Sub ${EnvironmentName}:ClusterName
-        #         ServiceName: !Ref ServiceName
-        #         # Needs imagedefinitions.json but ECR produces imageDetail.json.
-        #         # Need a build stage to build images or transform imageDetail.json
-        #         # as described here: https://stackoverflow.com/a/57015190
-        #         # Or use blue/green deployment
-        #         FileName: imagedefinitions.json
-        #       InputArtifacts:
-        #         - Name: Image
-
         - Name: Deploy
           Actions:
             - Name: Deploy
@@ -225,22 +219,38 @@ Resources:
                 Category: Deploy
                 Owner: AWS
                 Version: 1
-                Provider: CloudFormation
+                Provider: ECS
               Configuration:
-                ActionMode: CREATE_UPDATE
+                ClusterName:
-                RoleArn: !Ref CloudFormationDeployRole
+                  Fn::ImportValue: !Sub ${EnvironmentName}:ClusterName
-                StackName: !Sub ${EnvironmentName}-Server-Service
+                ServiceName: !Ref ServiceName
-                TemplatePath: !Sub Code::deployments/services-${DeploymentType}/server.yml
+                FileName: imagedefinitions.json
-                Capabilities: CAPABILITY_IAM
-                ParameterOverrides: !Sub |
-                  {
-                    "EnvironmentName": "${EnvironmentName}",
-                    "ServiceName": "${ServiceName}",
-                    "ImageUrl": "${Repository.RepositoryUri}@#{ImageVariables.ImageDigest}"
-                  }
               InputArtifacts:
                 - Name: Image
-                - Name: Code
+
+        # - Name: Deploy
+        #   Actions:
+        #     - Name: Deploy
+        #       ActionTypeId:
+        #         Category: Deploy
+        #         Owner: AWS
+        #         Version: 1
+        #         Provider: CloudFormation
+        #       Configuration:
+        #         ActionMode: CREATE_UPDATE
+        #         RoleArn: !Ref CloudFormationDeployRole
+        #         StackName: !Sub ${EnvironmentName}-Server-Service
+        #         TemplatePath: !Sub Code::deployments/services-${DeploymentType}/server.yml
+        #         Capabilities: CAPABILITY_IAM
+        #         ParameterOverrides: !Sub |
+        #           {
+        #             "EnvironmentName": "${EnvironmentName}",
+        #             "ServiceName": "${ServiceName}",
+        #             "ImageUrl": "${Repository.RepositoryUri}@#{ImageVariables.ImageDigest}"
+        #           }
+        #       InputArtifacts:
+        #         - Name: Image
+        #         - Name: Code
 
   #-----------------------------------------------------------------------------#
   # Role for CodeBuild service
@@ -268,13 +278,13 @@ Resources:
                   - logs:CreateLogStream
                   - logs:PutLogEvents
                   - ecr:GetAuthorizationToken
-              - Resource: !Sub arn:aws:s3:::${ArtifactBucket}/*
+              - Resource: !Sub arn:aws:s3:::${ArtifactBucket}*
                 Effect: Allow
                 Action:
                   - s3:GetObject
                   - s3:PutObject
                   - s3:GetObjectVersion
-              - Resource: "*" # !GetAtt Repository.Arn
+              - Resource: !GetAtt Repository.Arn
                 Effect: Allow
                 Action:
                   - ecr:GetDownloadUrlForLayer