Create pipeline with separate builds

deployments/pipeline-new.yml

@@ -26,6 +26,16 @@ Resources:
     Properties:
       BucketName: !Sub microservices-${EnvironmentName}-${AWS::AccountId}
 
+  #-----------------------------------------------------------------------------#
+  # Source Credentials
+  #-----------------------------------------------------------------------------#
+  SourceCredentials:
+    Type: AWS::CodeBuild::SourceCredential
+    Properties:
+      Token: !Ref GitHubToken
+      ServerType: GITHUB
+      AuthType: PERSONAL_ACCESS_TOKEN
+
   #-----------------------------------------------------------------------------#
   # CodePipeline
   #-----------------------------------------------------------------------------#
@@ -47,7 +57,7 @@ Resources:
     Type: AWS::CodePipeline::Pipeline
     DependsOn:
       - SSMArtifactBucket
-      - SSMCodePipelineServiceRole
+      - SSMCodePipelineServiceRoleArn
       - SSMCloudFormationDeployRole
     Properties:
       RoleArn: !GetAtt CodePipelineServiceRole.Arn
@@ -409,11 +419,12 @@ Resources:
                   - "logs:*"
                   - "application-autoscaling:*"
                   - "cloudwatch:*"
-                  - "route53:*"
                   - "rds:*"
                   - "mq:*"
                   # - "secretsmanager:*"
                   - "ssm:*"
+                  - "codebuild:*"
+                  - "ecr:*"
                 Resource: "*"
 
   #-----------------------------------------------------------------------------#
@@ -425,12 +436,12 @@ Resources:
       Name: /microservices/artifact_bucket
       Type: String
       Value: !Ref ArtifactBucket
-  SSMCodePipelineServiceRole:
+  SSMCodePipelineServiceRoleArn:
     Type: AWS::SSM::Parameter
     Properties:
-      Name: /microservices/codepipeline_service_role
+      Name: /microservices/codepipeline_service_role_arn
       Type: String
-      Value: !Ref CodePipelineServiceRole
+      Value: !GetAtt CodePipelineServiceRole.Arn
   SSMCloudFormationDeployRole:
     Type: AWS::SSM::Parameter
     Properties:

deployments/pipeline-service.yml

@@ -26,9 +26,9 @@ Parameters:
   ArtifactBucket:
     Type: AWS::SSM::Parameter::Value<String>
     Default: /microservices/artifact_bucket
-  CodePipelineServiceRole:
+  CodePipelineServiceRoleArn:
     Type: AWS::SSM::Parameter::Value<String>
-    Default: /microservices/codepipeline_service_role
+    Default: /microservices/codepipeline_service_role_arn
   CloudFormationDeployRole:
     Type: AWS::SSM::Parameter::Value<String>
     Default: /microservices/cloudformation_deploy_role
@@ -46,16 +46,16 @@ Resources:
   #-----------------------------------------------------------------------------#
   # CodeBuild Project
   #-----------------------------------------------------------------------------#
-  SourceCreds:
+  # SourceCredentials:
-    Type: AWS::CodeBuild::SourceCredential
+  #   Type: AWS::CodeBuild::SourceCredential
-    Properties:
+  #   Properties:
-      Token: !Ref GitHubToken
+  #     Token: !Ref GitHubToken
-      ServerType: GITHUB
+  #     ServerType: GITHUB
-      AuthType: PERSONAL_ACCESS_TOKEN
+  #     AuthType: PERSONAL_ACCESS_TOKEN
 
   CodeBuildProject:
     Type: AWS::CodeBuild::Project
-    DependsOn: SourceCreds
+    # DependsOn: SourceCredentials
     Properties:
       Artifacts:
         Type: NO_ARTIFACTS
@@ -136,7 +136,7 @@ Resources:
   Pipeline:
     Type: AWS::CodePipeline::Pipeline
     Properties:
-      RoleArn: !Ref CodePipelineServiceRole
+      RoleArn: !Ref CodePipelineServiceRoleArn
       ArtifactStore:
         Type: S3
         Location: !Ref ArtifactBucket
@@ -252,7 +252,7 @@ Resources:
                   - s3:GetObject
                   - s3:PutObject
                   - s3:GetObjectVersion
-              - Resource: !GetAtt Repository.Arn
+              - Resource: "*" # !GetAtt Repository.Arn
                 Effect: Allow
                 Action:
                   - ecr:GetDownloadUrlForLayer