CodePipeline的Cloudformation模板 [英] Cloudformation template for CodePipeline

问题描述

我们有一个aws设置，其中有一个测试帐户和一个生产帐户. 我们的测试帐户中包含我们的代码提交(java lambda)，我们想使用CodePipeline将代码从此处部署到我们的测试帐户和生产帐户中.

We have an aws setup where we have a test account and a production account. Our code commit (java lambda's) is in our test account and we want to use CodePipeline to deploy code from here to our test account and production accounts.

我想知道是否有人知道任何可以执行此工作的现成的cloudformation(或cdk)模板?

I was wondering if anyone is aware of any ready made cloudformation (or cdk) templates that can perform this work?

谢谢 达米安(Damien)

Thanks Damien

推荐答案

几天前我已经实现了使用CDK的想法，目的是在目标环境上创建IAM角色，并在运行codebuild时承担该角色.作为代码管道的一部分运行.

I have implemented that a few days ago using CDK, the idea is to create an IAM Role on the target environment and assume this role when running the codebuild(which runs as part of the code pipeline).

就我而言，由于代码构建会创建CDK堆栈，因此我为此角色提供了AdministratorAccess策略.

In my case, since the codebuild creates CDK stacks I gave an AdministratorAccess policy to this role.

稍后，创建新的代码构建，并将权限附加到代码构建项目角色.

Later, create new codebuild and attach permissions to codebuild project role.

    // create the codebuild project used by the codepipeline
    const codeBuildProject = new codebuild.PipelineProject(scope, `${props.environment}-${props.pipelineNamePrefix}-codebuild`, {
      projectName: `${props.environment}-${props.pipelineNamePrefix}`,
      buildSpec: codebuild.BuildSpec.fromSourceFilename('buildspec.yml'),
      environment: {
        buildImage: codebuild.LinuxBuildImage.AMAZON_LINUX_2,
        privileged: true,
        environmentVariables: buildEnvVariables,
        computeType: props.computeType
      },
    })

    // attach permissions to codebuild project role
    codeBuildProject.addToRolePolicy(new PolicyStatement({
      effect: Effect.ALLOW,
      resources: [props.deploymentRoleArn],
      actions: ['sts:AssumeRole']
    }));

请注意，props.deploymentRoleArn是您在目标环境上创建的角色的ARN.

Be aware that props.deploymentRoleArn is the ARN of the role you created on the target environment.

然后，创建一个新管道并将codeBuildProject作为project添加到codepipelineActions.CodeBuildAction:

Then, create a new pipeline and add codeBuildProject to codepipelineActions.CodeBuildAction as project:

// create codepipeline to deploy cdk changes
    const codePipeline = new codepipeline.Pipeline(scope, `${props.environment}-${props.pipelineNamePrefix}-codepipeline`, {
      restartExecutionOnUpdate: false,
      pipelineName: `${props.environment}-${props.pipelineNamePrefix}`,
      stages: [
        {
          stageName: 'Source',
          actions: [
            new codepipelineActions.GitHubSourceAction({
              branch: props.targetBranch,
              oauthToken: gitHubToken,
              owner: props.githubRepositoryOwner,
              repo: props.githubRepositoryName,
              actionName: 'get-sources',
              output: pipelineSourceArtifact,
            })]
        },
        {
          stageName: 'Deploy',
          actions: [
            new codepipelineActions.CodeBuildAction({
              actionName: 'deploy-cdk',
              input: pipelineSourceArtifact,
              type: codepipelineActions.CodeBuildActionType.BUILD,
              project: codeBuildProject
            }),
          ]
        }
      ]
    });

上述代码段的相关部分是Deploy阶段.仅在您要从github获取源代码的情况下才需要其他阶段-更多信息

The relevant part from above code snippet is Deploy stage.The other stage is only required in case you want to get sources from github - More info here.

这是完整的解决方案，以防您想要实现其他问题，请阅读有关代码管道操作的更多信息

This is the full solution, in case you want to implement something else, Read more about code pipeline actions here.

这篇关于CodePipeline的Cloudformation模板的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！