AWSTemplateFormatVersion: "2010-09-09" Parameters: ConnectionArn: Type: String Description: The ARN of the CodeStar Connection to GitHub RepositoryName: Type: String Description: The name of the GitHub repository / "user/repo" BranchName: Type: String Description: The name of the GitHub branch to deploy Default: master DetectChanges: Type: String Description: Whether to detect changes in the GitHub repository Default: "true" AllowedValues: - "true" - "false" BuildCompute: Type: String Description: The compute type for the CodeBuild project Default: BUILD_GENERAL1_SMALL AllowedValues: - BUILD_GENERAL1_SMALL - BUILD_GENERAL1_MEDIUM - BUILD_GENERAL1_LARGE DeployBucketName: Type: String Description: The name of the S3 bucket to deploy the website to Default: "" DeployApplicationName: Type: String Description: The name of the Elastic Beanstalk application to deploy the backend to Default: "" DeployEnvironmentName: Type: String Description: The name of the Elastic Beanstalk environment to deploy the backend to Default: "" EmptyBucketLambda: Type: String Description: The name of the function Utils lambda for bucket deletion Default: EmptyBucketLambda Conditions: DeployWebsite: !Not [!Equals [!Ref DeployBucketName, ""]] DeployBackend: !Not [!Equals [!Ref DeployApplicationName, ""]] Resources: ArtifactsBucket: Type: AWS::S3::Bucket Properties: BucketName: !Sub ${AWS::StackName}-artifacts-${AWS::AccountId} ArtifactsBucketPreDeletion: Type: Custom::BucketPreDeletion Properties: ServiceToken: !Sub arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${EmptyBucketLambda} BucketName: !Ref ArtifactsBucket Pipeline: Type: AWS::CodePipeline::Pipeline Properties: Name: !Sub ${AWS::StackName}-pipeline RoleArn: !GetAtt PipelineRole.Arn RestartExecutionOnUpdate: false ArtifactStore: Location: !Ref ArtifactsBucket Type: S3 Stages: - Name: Source Actions: - Name: GitHubSource InputArtifacts: [] OutputArtifacts: - Name: SourceArtifact RunOrder: 1 ActionTypeId: Category: Source Owner: AWS Provider: CodeStarSourceConnection Version: "1" Configuration: ConnectionArn: !Ref ConnectionArn FullRepositoryId: !Ref RepositoryName BranchName: !Ref BranchName DetectChanges: !Ref DetectChanges OutputArtifactFormat: CODE_ZIP - Name: Build Actions: - Name: Build InputArtifacts: - Name: SourceArtifact OutputArtifacts: - !If [ DeployWebsite, Name: WebsiteArtifact, !Ref "AWS::NoValue", ] - !If [ DeployBackend, Name: BackendArtifact, !Ref "AWS::NoValue", ] RunOrder: 1 ActionTypeId: Category: Build Owner: AWS Provider: CodeBuild Version: "1" Configuration: ProjectName: !Ref BuildProject - Name: Deploy Actions: - !If - DeployWebsite - Name: DeployWebsite InputArtifacts: - Name: WebsiteArtifact OutputArtifacts: [] RunOrder: 2 ActionTypeId: Category: Deploy Owner: AWS Provider: S3 Version: "1" Configuration: Extract: true BucketName: !Ref DeployBucketName - !Ref "AWS::NoValue" - !If - DeployBackend - Name: DeployBackend InputArtifacts: - Name: BackendArtifact OutputArtifacts: [] RunOrder: 1 ActionTypeId: Category: Deploy Owner: AWS Provider: ElasticBeanstalk Version: "1" Configuration: ApplicationName: !Ref DeployApplicationName EnvironmentName: !Ref DeployEnvironmentName - !Ref "AWS::NoValue" BuildProject: Type: AWS::CodeBuild::Project Properties: Name: !Sub ${AWS::StackName}-build-project ConcurrentBuildLimit: 1 Source: Type: CODEPIPELINE Environment: ComputeType: !Ref BuildCompute Image: aws/codebuild/standard:6.0 Type: LINUX_CONTAINER ServiceRole: !GetAtt BuildRole.Arn Artifacts: Type: CODEPIPELINE BuildRole: Type: AWS::IAM::Role Properties: RoleName: !Sub ${AWS::StackName}-build-role AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: - codebuild.amazonaws.com Action: - sts:AssumeRole Policies: - PolicyName: CodeBuildPolicy PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Resource: - !Sub arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${AWS::StackName}-build-project - !Sub arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${AWS::StackName}-build-project:* Action: - logs:CreateLogGroup - logs:CreateLogStream - logs:PutLogEvents - Effect: Allow Resource: - !Sub arn:aws:s3:::${ArtifactsBucket} - !Sub arn:aws:s3:::${ArtifactsBucket}/* Action: - s3:PutObject - s3:GetObject - s3:GetObjectVersion - s3:GetBucketAcl - s3:GetBucketLocation - Effect: Allow Action: - codebuild:CreateReportGroup - codebuild:CreateReport - codebuild:UpdateReport - codebuild:BatchPutTestCases - codebuild:BatchPutCodeCoverages Resource: - !Sub arn:aws:codebuild:${AWS::Region}:${AWS::AccountId}:report-group/${AWS::StackName}-build-project-* PipelineRole: Type: AWS::IAM::Role Properties: RoleName: !Sub ${AWS::StackName}-pipeline-role AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: - codepipeline.amazonaws.com Action: - sts:AssumeRole Policies: - PolicyName: CodePipelinePolicy PolicyDocument: Version: "2012-10-17" Statement: - Action: - iam:PassRole Resource: "*" Effect: Allow Condition: StringEqualsIfExists: iam:PassedToService: - cloudformation.amazonaws.com - elasticbeanstalk.amazonaws.com - ec2.amazonaws.com - ecs-tasks.amazonaws.com - Action: - codecommit:CancelUploadArchive - codecommit:GetBranch - codecommit:GetCommit - codecommit:GetRepository - codecommit:GetUploadArchiveStatus - codecommit:UploadArchive Resource: "*" Effect: Allow - Action: - codedeploy:CreateDeployment - codedeploy:GetApplication - codedeploy:GetApplicationRevision - codedeploy:GetDeployment - codedeploy:GetDeploymentConfig - codedeploy:RegisterApplicationRevision Resource: "*" Effect: Allow - Action: - codestar-connections:UseConnection Resource: "*" Effect: Allow - Action: - elasticbeanstalk:* - ec2:* - elasticloadbalancing:* - autoscaling:* - cloudwatch:* - s3:* - sns:* - cloudformation:* - rds:* - sqs:* - ecs:* Resource: "*" Effect: Allow - Action: - lambda:InvokeFunction - lambda:ListFunctions Resource: "*" Effect: Allow - Action: - opsworks:CreateDeployment - opsworks:DescribeApps - opsworks:DescribeCommands - opsworks:DescribeDeployments - opsworks:DescribeInstances - opsworks:DescribeStacks - opsworks:UpdateApp - opsworks:UpdateStack Resource: "*" Effect: Allow - Action: - cloudformation:CreateStack - cloudformation:DeleteStack - cloudformation:DescribeStacks - cloudformation:UpdateStack - cloudformation:CreateChangeSet - cloudformation:DeleteChangeSet - cloudformation:DescribeChangeSet - cloudformation:ExecuteChangeSet - cloudformation:SetStackPolicy - cloudformation:ValidateTemplate Resource: "*" Effect: Allow - Action: - codebuild:BatchGetBuilds - codebuild:StartBuild - codebuild:BatchGetBuildBatches - codebuild:StartBuildBatch Resource: "*" Effect: Allow - Effect: Allow Action: - devicefarm:ListProjects - devicefarm:ListDevicePools - devicefarm:GetRun - devicefarm:GetUpload - devicefarm:CreateUpload - devicefarm:ScheduleRun Resource: "*" - Effect: Allow Action: - servicecatalog:ListProvisioningArtifacts - servicecatalog:CreateProvisioningArtifact - servicecatalog:DescribeProvisioningArtifact - servicecatalog:DeleteProvisioningArtifact - servicecatalog:UpdateProduct Resource: "*" - Effect: Allow Action: - cloudformation:ValidateTemplate Resource: "*" - Effect: Allow Action: - ecr:DescribeImages Resource: "*" - Effect: Allow Action: - states:DescribeExecution - states:DescribeStateMachine - states:StartExecution Resource: "*" - Effect: Allow Action: - appconfig:StartDeployment - appconfig:StopDeployment - appconfig:GetDeployment Resource: "*"