You've already forked microservices
mirror of
https://github.com/ebosas/microservices.git
synced 2025-08-24 20:08:55 +02:00
Build S3 trigger
This commit is contained in:
ebosas
@@ -359,6 +359,7 @@ Resources:
|
||||
- s3:GetObject
|
||||
- s3:GetObjectVersion
|
||||
- s3:GetBucketVersioning
|
||||
- s3:*
|
||||
# Allow codepipeline to build code builds
|
||||
- Resource: "*"
|
||||
Effect: Allow
|
||||
@@ -433,6 +434,7 @@ Resources:
|
||||
- "codepipeline:*"
|
||||
- "events:*"
|
||||
- "ecs:*"
|
||||
- "s3:*"
|
||||
Resource: "*"
|
||||
|
||||
#-----------------------------------------------------------------------------#
|
||||
|
||||
@@ -52,7 +52,7 @@ Resources:
|
||||
# Token: !Ref GitHubToken
|
||||
# ServerType: GITHUB
|
||||
# AuthType: PERSONAL_ACCESS_TOKEN
|
||||
|
||||
|
||||
|
||||
CodeBuildProject:
|
||||
Type: AWS::CodeBuild::Project
|
||||
@@ -141,7 +141,7 @@ Resources:
|
||||
Pipeline:
|
||||
Type: AWS::CodePipeline::Pipeline
|
||||
Properties:
|
||||
RoleArn: !Ref CodePipelineServiceRoleArn
|
||||
RoleArn: !GetAtt CodePipelineServiceRole.Arn
|
||||
ArtifactStore:
|
||||
Type: S3
|
||||
Location: !Ref ArtifactBucket
|
||||
@@ -168,7 +168,6 @@ Resources:
|
||||
# RunOrder: 1
|
||||
|
||||
- Name: Image
|
||||
Namespace: ImageVariables
|
||||
ActionTypeId:
|
||||
Category: Source
|
||||
Owner: AWS
|
||||
@@ -310,6 +309,72 @@ Resources:
|
||||
Action: codepipeline:StartPipelineExecution
|
||||
Resource: !Sub arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${Pipeline}
|
||||
|
||||
#-----------------------------------------------------------------------------#
|
||||
# Role for CodePipeline service
|
||||
#-----------------------------------------------------------------------------#
|
||||
CodePipelineServiceRole:
|
||||
Type: AWS::IAM::Role
|
||||
Properties:
|
||||
Path: /
|
||||
AssumeRolePolicyDocument:
|
||||
Version: 2012-10-17
|
||||
Statement:
|
||||
- Effect: Allow
|
||||
Principal:
|
||||
Service: codepipeline.amazonaws.com
|
||||
Action: sts:AssumeRole
|
||||
Policies:
|
||||
- PolicyName: root
|
||||
PolicyDocument:
|
||||
Version: 2012-10-17
|
||||
Statement:
|
||||
# Allow codepipeline to put artifacts in the S3 bucket
|
||||
# as well as get artifacts back out of it.
|
||||
- Resource: "*"
|
||||
Effect: Allow
|
||||
Action:
|
||||
- s3:PutObject
|
||||
- s3:GetObject
|
||||
- s3:GetObjectVersion
|
||||
- s3:GetBucketVersioning
|
||||
- s3:*
|
||||
# Allow codepipeline to build code builds
|
||||
- Resource: "*"
|
||||
Effect: Allow
|
||||
Action:
|
||||
- codebuild:StartBuild
|
||||
- codebuild:BatchGetBuilds
|
||||
- iam:PassRole
|
||||
# Allow codepipeline to deploy cloudformation stacks
|
||||
- Effect: Allow
|
||||
Action:
|
||||
- cloudformation:CreateChangeSet
|
||||
- cloudformation:CreateStack
|
||||
- cloudformation:CreateUploadBucket
|
||||
- cloudformation:DeleteStack
|
||||
- cloudformation:Describe*
|
||||
- cloudformation:List*
|
||||
- cloudformation:UpdateStack
|
||||
- cloudformation:ValidateTemplate
|
||||
- cloudformation:ExecuteChangeSet
|
||||
Resource: "*"
|
||||
# Allow codepipeline to get images from ECR
|
||||
- Effect: Allow
|
||||
Action:
|
||||
- ecr:GetAuthorizationToken
|
||||
- ecr:BatchCheckLayerAvailability
|
||||
- ecr:GetDownloadUrlForLayer
|
||||
- ecr:GetRepositoryPolicy
|
||||
- ecr:DescribeRepositories
|
||||
- ecr:ListImages
|
||||
- ecr:DescribeImages
|
||||
- ecr:BatchGetImage
|
||||
- ecr:GetLifecyclePolicy
|
||||
- ecr:GetLifecyclePolicyPreview
|
||||
- ecr:ListTagsForResource
|
||||
- ecr:DescribeImageScanFindings
|
||||
Resource: "*"
|
||||
|
||||
Outputs:
|
||||
PipelineUrl:
|
||||
Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${Pipeline}
|
||||
|
||||
Reference in New Issue
Block a user