go/microservices
1
0
Fork 0
mirror of https://github.com/ebosas/microservices.git synced 2025-06-24 22:26:56 +02:00
Code Issues Releases Activity

Build S3 trigger

Browse Source
This commit is contained in:
ebosas
2021-11-12 10:57:01 +02:00
parent 028d11f36f
commit b3cda9035d
3 changed files with 8 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
deployments/buildspec/service.yml
View File

@ -14,4 +14,5 @@ phases:
- docker push $REPO_URI:latest
- docker push $REPO_URI:$TAG
- printf '[{"name":"%s","imageUri":"%s"}]' $SERVICE $REPO_URI:$TAG > imagedefinitions.json
- aws s3 cp imagedefinitions.json s3://$ARTIFACT_BUCKET/$SERVICE/imagedefinitions.json
- zip $SERVICE.zip imagedefinitions.json
- aws s3 cp imagedefinitions.json s3://$ARTIFACT_BUCKET/imagedefinitions/$SERVICE.zip

5
deployments/pipeline-infrastructure.yml
View File

@ -37,14 +37,15 @@ Resources:
Statement:
# Allow codepipeline to put artifacts in the S3 bucket
# as well as get artifacts back out of it.
- Resource:
- !Sub arn:aws:s3:::${ArtifactBucket}/*
- Resource: "*"
# - !Sub arn:aws:s3:::${ArtifactBucket}/*
Effect: Allow
Action:
- s3:PutObject
- s3:GetObject
- s3:GetObjectVersion
- s3:GetBucketVersioning
- s3:*
# Allow codepipeline to build code builds
- Resource: "*"
Effect: Allow

73
deployments/pipeline-service.yml
View File

@ -116,7 +116,7 @@ Resources:
requestParameters:
bucketName: [!Ref ArtifactBucket]
key:
- !Sub ${ServiceName}/imagedefinitions.json
- !Sub imagedefinitions/${ServiceName}.json
detail-type: [AWS API Call via CloudTrail]
source: [aws.s3]
Targets:
@ -141,7 +141,7 @@ Resources:
Pipeline:
Type: AWS::CodePipeline::Pipeline
Properties:
RoleArn: !GetAtt CodePipelineServiceRole.Arn
RoleArn: !Ref CodePipelineServiceRoleArn
ArtifactStore:
Type: S3
Location: !Ref ArtifactBucket
@ -175,7 +175,7 @@ Resources:
Provider: S3
Configuration:
S3Bucket: !Ref ArtifactBucket
S3ObjectKey: !Sub ${ServiceName}/imagedefinitions.json
S3ObjectKey: !Sub imagedefinitions/${ServiceName}.json
PollForSourceChanges: false
OutputArtifacts:
- Name: Image
@ -309,73 +309,6 @@ Resources:
Action: codepipeline:StartPipelineExecution
Resource: !Sub arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${Pipeline}
#-----------------------------------------------------------------------------#
# Role for CodePipeline service
#-----------------------------------------------------------------------------#
CodePipelineServiceRole:
Type: AWS::IAM::Role
Properties:
Path: /
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service: codepipeline.amazonaws.com
Action: sts:AssumeRole
Policies:
- PolicyName: root
PolicyDocument:
Version: 2012-10-17
Statement:
# Allow codepipeline to put artifacts in the S3 bucket
# as well as get artifacts back out of it.
- Resource: "*"
Effect: Allow
Action:
- s3:PutObject
- s3:GetObject
- s3:GetObjectVersion
- s3:GetBucketVersioning
- s3:*
# Allow codepipeline to build code builds
- Resource: "*"
Effect: Allow
Action:
- codebuild:StartBuild
- codebuild:BatchGetBuilds
- iam:PassRole
# Allow codepipeline to deploy cloudformation stacks
- Effect: Allow
Action:
- cloudformation:CreateChangeSet
- cloudformation:CreateStack
- cloudformation:CreateUploadBucket
- cloudformation:DeleteStack
- cloudformation:Describe*
- cloudformation:List*
- cloudformation:UpdateStack
- cloudformation:ValidateTemplate
- cloudformation:ExecuteChangeSet
Resource: "*"
# Allow codepipeline to get images from ECR
- Effect: Allow
Action:
- ecr:GetAuthorizationToken
- ecr:BatchCheckLayerAvailability
- ecr:GetDownloadUrlForLayer
- ecr:GetRepositoryPolicy
- ecr:DescribeRepositories
- ecr:ListImages
- ecr:DescribeImages
- ecr:BatchGetImage
- ecr:GetLifecyclePolicy
- ecr:GetLifecyclePolicyPreview
- ecr:ListTagsForResource
- ecr:DescribeImageScanFindings
Resource: "*"
Outputs:
PipelineUrl:
Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${Pipeline}