diff --git a/deployments/pipeline-infrastructure.yml b/deployments/pipeline-infrastructure.yml index 42ac807..22f4ba2 100644 --- a/deployments/pipeline-infrastructure.yml +++ b/deployments/pipeline-infrastructure.yml @@ -31,51 +31,6 @@ Resources: # DeletionPolicy: Retain # UpdateReplacePolicy: Retain - # # A role used to give CodeBuild permission to access code, - # # build it, and upload the build results to ECR - # CodeBuildServiceRole: - # Type: AWS::IAM::Role - # Properties: - # Path: / - # AssumeRolePolicyDocument: - # Version: 2012-10-17 - # Statement: - # - Effect: Allow - # Principal: - # Service: codebuild.amazonaws.com - # Action: sts:AssumeRole - # Policies: - # - PolicyName: root - # PolicyDocument: - # Version: 2012-10-17 - # Statement: - # - Resource: "*" - # Effect: Allow - # Action: - # - logs:CreateLogGroup - # - logs:CreateLogStream - # - logs:PutLogEvents - # - ecr:GetAuthorizationToken - # - Resource: !Sub arn:aws:s3:::${ArtifactBucket}/* - # Effect: Allow - # Action: - # - s3:GetObject - # - s3:PutObject - # - s3:GetObjectVersion - # - Resource: - # - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/${ServerRepository} - # - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/${CacheRepository} - # - !Sub arn:aws:ecr:${AWS::Region}:${AWS::AccountId}:repository/${DatabaseRepository} - # Effect: Allow - # Action: - # - ecr:GetDownloadUrlForLayer - # - ecr:BatchGetImage - # - ecr:BatchCheckLayerAvailability - # - ecr:PutImage - # - ecr:InitiateLayerUpload - # - ecr:UploadLayerPart - # - ecr:CompleteLayerUpload - # Role used to give CodePipeline to release a build. CodePipelineServiceRole: Type: AWS::IAM::Role @@ -123,6 +78,13 @@ Resources: - cloudformation:ValidateTemplate - cloudformation:ExecuteChangeSet Resource: "*" + # Allow codepipeline use codestar connections + - Effect: Allow + Action: + - codestar-connections:GetConnection + - codestar-connections:UseConnection + - codestar-connections:ListConnections + Resource: "*" # CloudFormation deployment role. This role is passed by CodeBuild to # CloudFormation to use when setting up the application resources @@ -165,58 +127,26 @@ Resources: Properties: BucketName: !Sub microservices-infrastructure-${AWS::AccountId} - # # This is the definition of how to build the code in the repository - # CodeBuildProject: - # Type: AWS::CodeBuild::Project - # Properties: - # Artifacts: - # Type: CODEPIPELINE - # Source: - # Type: CODEPIPELINE - # BuildSpec: | - # version: 0.2 - # phases: - # pre_build: - # commands: - # - aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com - # - TAG=$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | head -c 8) - # - IMAGE_SERVER_URI=$REPO_SERVER_URI:$TAG - # - IMAGE_CACHE_URI=$REPO_CACHE_URI:$TAG - # - IMAGE_DB_URI=$REPO_DB_URI:$TAG - # build: - # commands: - # - docker build -t $IMAGE_SERVER_URI -f server.Dockerfile . - # - docker build -t $IMAGE_CACHE_URI -f cache.Dockerfile . - # - docker build -t $IMAGE_DB_URI -f database.Dockerfile . - # post_build: - # commands: - # - docker push $IMAGE_SERVER_URI - # - docker push $IMAGE_CACHE_URI - # - docker push $IMAGE_DB_URI - # - printf '{"ImageServerUri":"%s", "ImageCacheUri":"%s", "ImageDatabaseUri":"%s"}' $IMAGE_SERVER_URI $IMAGE_CACHE_URI $IMAGE_DB_URI > build.json - # artifacts: - # files: build.json - # Environment: - # ComputeType: BUILD_GENERAL1_SMALL - # Image: aws/codebuild/standard:5.0 - # Type: LINUX_CONTAINER - # PrivilegedMode: true - # ServiceRole: !Ref CodeBuildServiceRole - - # A Webhook for the pipeline which is set for manual action only - PipelineWebhook: - Type: AWS::CodePipeline::Webhook + CodeStarConnection: + Type: AWS::CodeStarConnections::Connection Properties: - AuthenticationConfiguration: - SecretToken: !Ref GitHubToken - Filters: - - JsonPath: "$.ref" - MatchEquals: refs/heads/{Branch} - Authentication: GITHUB_HMAC - TargetPipeline: !Ref Pipeline - TargetAction: Source - TargetPipelineVersion: !GetAtt Pipeline.Version - RegisterWithThirdParty: false # only manual action + ConnectionName: MyGitHubConnection + ProviderType: GitHub + + # # A Webhook for the pipeline which is set for manual action only + # PipelineWebhook: + # Type: AWS::CodePipeline::Webhook + # Properties: + # AuthenticationConfiguration: + # SecretToken: !Ref GitHubToken + # Filters: + # - JsonPath: "$.ref" + # MatchEquals: refs/heads/{Branch} + # Authentication: GITHUB_HMAC + # TargetPipeline: !Ref Pipeline + # TargetAction: Source + # TargetPipelineVersion: !GetAtt Pipeline.Version + # RegisterWithThirdParty: false # only manual action # This pipeline defines the steps to build, deploy, and release the application Pipeline: @@ -234,18 +164,32 @@ Resources: - Name: Source ActionTypeId: Category: Source - Owner: ThirdParty + Owner: AWS Version: 1 - Provider: GitHub + Provider: CodeStarSourceConnection Configuration: - Owner: !Ref GitHubUser - Repo: !Ref GitHubRepo - Branch: !Ref GitHubBranch - OAuthToken: !Ref GitHubToken - PollForSourceChanges: false + ConnectionArn: !Ref CodeStarConnection + BranchName: !Ref GitHubBranch + FullRepositoryId: !Sub ${GitHubUser}/${GitHubRepo} + # PollForSourceChanges: false OutputArtifacts: - Name: Source RunOrder: 1 + # - Name: Source + # ActionTypeId: + # Category: Source + # Owner: ThirdParty + # Version: 1 + # Provider: GitHub + # Configuration: + # Owner: !Ref GitHubUser + # Repo: !Ref GitHubRepo + # Branch: !Ref GitHubBranch + # OAuthToken: !Ref GitHubToken + # PollForSourceChanges: false + # OutputArtifacts: + # - Name: Source + # RunOrder: 1 # Now we deploy the network resources: VPC, subnets, etc. - Name: Network @@ -271,126 +215,34 @@ Resources: OutputArtifacts: - Name: Network - # Deploy the base resources: databases, the load balancer, - # and the ECS/Fargate cluster - - Name: BaseResources - Actions: - # Deploy the resources: Rabbit, Redis, and Postgres - - Name: DeployResources - ActionTypeId: - Category: Deploy - Owner: AWS - Version: 1 - Provider: CloudFormation - Configuration: - ActionMode: CREATE_UPDATE - RoleArn: !GetAtt CloudFormationDeployRole.Arn - StackName: !Sub ${EnvironmentName}-Resources - TemplatePath: Source::deployments/resources.yml - Capabilities: CAPABILITY_IAM - ParameterOverrides: !Sub | - { - "EnvironmentName": "${EnvironmentName}" - } - InputArtifacts: - - Name: Source - OutputArtifacts: - - Name: Resources - - # Deploy the application load balancer - - Name: DeployLoadBalancer - ActionTypeId: - Category: Deploy - Owner: AWS - Version: 1 - Provider: CloudFormation - Configuration: - ActionMode: CREATE_UPDATE - RoleArn: !GetAtt CloudFormationDeployRole.Arn - StackName: !Sub ${EnvironmentName}-LoadBalancer - TemplatePath: Source::deployments/alb.yml - Capabilities: CAPABILITY_IAM - ParameterOverrides: !Sub | - { - "EnvironmentName": "${EnvironmentName}" - } - InputArtifacts: - - Name: Source - OutputArtifacts: - - Name: LoadBalancer - - # Deploy the ECS/Fargate cluster - - Name: DeployCluster - ActionTypeId: - Category: Deploy - Owner: AWS - Version: 1 - Provider: CloudFormation - Configuration: - ActionMode: CREATE_UPDATE - RoleArn: !GetAtt CloudFormationDeployRole.Arn - StackName: !Sub ${EnvironmentName}-Cluster - TemplatePath: !Sub Source::deployments/cluster-${DeploymentType}.yml - Capabilities: CAPABILITY_IAM - ParameterOverrides: !Sub | - { - "EnvironmentName": "${EnvironmentName}" - } - InputArtifacts: - - Name: Source - OutputArtifacts: - - Name: Cluster - - # # Now we build the service images - # - Name: ServiceImages + # # Deploy the base resources: databases, the load balancer, + # # and the ECS/Fargate cluster + # - Name: BaseResources # Actions: - # - Name: Build + # # Deploy the resources: Rabbit, Redis, and Postgres + # - Name: DeployResources # ActionTypeId: - # Category: Build + # Category: Deploy # Owner: AWS # Version: 1 - # Provider: CodeBuild + # Provider: CloudFormation # Configuration: - # ProjectName: !Ref CodeBuildProject - # EnvironmentVariables: !Sub | - # [ - # { - # "name":"AWS_DEFAULT_REGION", - # "value":"${AWS::Region}", - # "type":"PLAINTEXT" - # }, - # { - # "name":"AWS_ACCOUNT_ID", - # "value":"${AWS::AccountId}", - # "type":"PLAINTEXT" - # }, - # { - # "name":"REPO_SERVER_URI", - # "value":"${ServerRepository.RepositoryUri}", - # "type":"PLAINTEXT" - # }, - # { - # "name":"REPO_CACHE_URI", - # "value":"${CacheRepository.RepositoryUri}", - # "type":"PLAINTEXT" - # }, - # { - # "name":"REPO_DB_URI", - # "value":"${DatabaseRepository.RepositoryUri}", - # "type":"PLAINTEXT" - # } - # ] + # ActionMode: CREATE_UPDATE + # RoleArn: !GetAtt CloudFormationDeployRole.Arn + # StackName: !Sub ${EnvironmentName}-Resources + # TemplatePath: Source::deployments/resources.yml + # Capabilities: CAPABILITY_IAM + # ParameterOverrides: !Sub | + # { + # "EnvironmentName": "${EnvironmentName}" + # } # InputArtifacts: # - Name: Source # OutputArtifacts: - # - Name: BuildOutput - # RunOrder: 1 + # - Name: Resources - # # Finally we deploy the ECS/Fargate services to the cluster - # - Name: Deploy - # Actions: - # # Deploy the server service - # - Name: DeployServer + # # Deploy the application load balancer + # - Name: DeployLoadBalancer # ActionTypeId: # Category: Deploy # Owner: AWS @@ -399,22 +251,20 @@ Resources: # Configuration: # ActionMode: CREATE_UPDATE # RoleArn: !GetAtt CloudFormationDeployRole.Arn - # StackName: !Sub ${EnvironmentName}-ServerService - # TemplatePath: !Sub Source::deployments/services-${DeploymentType}/server.yml + # StackName: !Sub ${EnvironmentName}-LoadBalancer + # TemplatePath: Source::deployments/alb.yml # Capabilities: CAPABILITY_IAM # ParameterOverrides: !Sub | # { - # "EnvironmentName": "${EnvironmentName}", - # "ImageUrl": { - # "Fn::GetParam" : ["BuildOutput", "build.json", "ImageServerUri"] - # } + # "EnvironmentName": "${EnvironmentName}" # } # InputArtifacts: # - Name: Source - # - Name: BuildOutput + # OutputArtifacts: + # - Name: LoadBalancer - # # Deploy the cache service - # - Name: DeployCache + # # Deploy the ECS/Fargate cluster + # - Name: DeployCluster # ActionTypeId: # Category: Deploy # Owner: AWS @@ -423,43 +273,17 @@ Resources: # Configuration: # ActionMode: CREATE_UPDATE # RoleArn: !GetAtt CloudFormationDeployRole.Arn - # StackName: !Sub ${EnvironmentName}-CacheService - # TemplatePath: !Sub Source::deployments/services-${DeploymentType}/cache.yml + # StackName: !Sub ${EnvironmentName}-Cluster + # TemplatePath: !Sub Source::deployments/cluster-${DeploymentType}.yml # Capabilities: CAPABILITY_IAM # ParameterOverrides: !Sub | # { - # "EnvironmentName": "${EnvironmentName}", - # "ImageUrl": { - # "Fn::GetParam" : ["BuildOutput", "build.json", "ImageCacheUri"] - # } + # "EnvironmentName": "${EnvironmentName}" # } # InputArtifacts: # - Name: Source - # - Name: BuildOutput - - # # Deploy the database service - # - Name: DeployDatabase - # ActionTypeId: - # Category: Deploy - # Owner: AWS - # Version: 1 - # Provider: CloudFormation - # Configuration: - # ActionMode: CREATE_UPDATE - # RoleArn: !GetAtt CloudFormationDeployRole.Arn - # StackName: !Sub ${EnvironmentName}-DatabaseService - # TemplatePath: !Sub Source::deployments/services-${DeploymentType}/database.yml - # Capabilities: CAPABILITY_IAM - # ParameterOverrides: !Sub | - # { - # "EnvironmentName": "${EnvironmentName}", - # "ImageUrl": { - # "Fn::GetParam" : ["BuildOutput", "build.json", "ImageDatabaseUri"] - # } - # } - # InputArtifacts: - # - Name: Source - # - Name: BuildOutput + # OutputArtifacts: + # - Name: Cluster Outputs: PipelineUrl: diff --git a/deployments/pipeline-new.yml b/deployments/pipeline-new.yml index 9763026..3d6612c 100644 --- a/deployments/pipeline-new.yml +++ b/deployments/pipeline-new.yml @@ -188,7 +188,7 @@ Resources: Configuration: ActionMode: CREATE_UPDATE RoleArn: !GetAtt CloudFormationDeployRole.Arn - StackName: !Sub ${EnvironmentName}-Server + StackName: !Sub ${EnvironmentName}-Service-Server TemplatePath: !Sub Source::deployments/services-${DeploymentType}/server.yml Capabilities: CAPABILITY_IAM ParameterOverrides: !Sub | @@ -209,7 +209,7 @@ Resources: Configuration: ActionMode: CREATE_UPDATE RoleArn: !GetAtt CloudFormationDeployRole.Arn - StackName: !Sub ${EnvironmentName}-Cache + StackName: !Sub ${EnvironmentName}-Service-Cache TemplatePath: !Sub Source::deployments/services-${DeploymentType}/cache.yml Capabilities: CAPABILITY_IAM ParameterOverrides: !Sub | @@ -230,7 +230,7 @@ Resources: Configuration: ActionMode: CREATE_UPDATE RoleArn: !GetAtt CloudFormationDeployRole.Arn - StackName: !Sub ${EnvironmentName}-Database + StackName: !Sub ${EnvironmentName}-Service-Database TemplatePath: !Sub Source::deployments/services-${DeploymentType}/database.yml Capabilities: CAPABILITY_IAM ParameterOverrides: !Sub | diff --git a/deployments/pipeline-service.yml b/deployments/pipeline-service.yml index 009100f..0044990 100644 --- a/deployments/pipeline-service.yml +++ b/deployments/pipeline-service.yml @@ -193,6 +193,10 @@ Resources: ClusterName: Fn::ImportValue: !Sub ${EnvironmentName}:ClusterName ServiceName: !Ref ServiceName + # Needs imagedefinitions.json but ECR produces imageDetail.json. + # Need a build stage to build images or transform imageDetail.json + # as described here: https://stackoverflow.com/a/57015190 + # Or use blue/green deployment FileName: imageDetail.json InputArtifacts: - Name: Image diff --git a/deployments/test.yml b/deployments/test.yml new file mode 100644 index 0000000..6ed401b --- /dev/null +++ b/deployments/test.yml @@ -0,0 +1,25 @@ +# Parameters: +# GitHubRepo: +# Type: String +# GitHubBranch: +# Type: String +# GitHubToken: +# Type: String +# NoEcho: true +# GitHubUser: +# Type: String +# EnvironmentName: +# Type: String +# Default: production +# DeploymentType: +# Type: String +# Default: fargate +# AllowedValues: [ecs, fargate] + +Resources: + + CodeStarConnection: + Type: AWS::CodeStarConnections::Connection + Properties: + ConnectionName: MyGitHubConnection + ProviderType: GitHub