-
Notifications
You must be signed in to change notification settings - Fork 0
/
pipeline.yml
125 lines (119 loc) · 4.57 KB
/
pipeline.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
AWSTemplateFormatVersion: '2010-09-09'
Description: Pipeline SSO Automation
Parameters:
GithubBranch:
Type: String
Description: Github Branch to pull from
Default: main
MasterAccountID:
Type: String
Description: Root account for AWS or Account where SSO sits
ProjectName:
Type: String
Description: Project Name for the Pipeline
Default: "AWSSSO"
ArtifactBucketName:
Type: AWS::SSM::Parameter::Value<String>
Description: Bucket Name for the Artifact Bucket
Default: /examplecompany/S3/SSO/ArtifactBucketName
Resources:
AWSSSOCodeBuildProject:
Type: AWS::CodeBuild::Project
Properties:
Name: !Sub "${ProjectName}-Codebuild"
ServiceRole: "{{resolve:ssm:/examplecompany/IAM/SSO/CodeBuildRoleArn:1}}"
Artifacts:
Type: CODEPIPELINE
Environment:
ComputeType: "BUILD_GENERAL1_SMALL"
Image: "aws/codebuild/amazonlinux2-aarch64-standard:2.0"
Type: "ARM_CONTAINER"
EnvironmentVariables:
- Name: BUILD_ARTIFACT_BUCKET
Value: "{{resolve:ssm:/examplecompany/S3/SSO/ArtifactBucketName:1}}"
- Name: ARTIFACT_KMS_KEY
Value: "{{resolve:ssm:/examplecompany/KMS/SSO/ArtifactBucketKeyID:1}}"
Source:
Type: CODEPIPELINE
TimeoutInMinutes: 10
AWSSSOPipeline:
Type: AWS::CodePipeline::Pipeline
Properties:
RoleArn: "{{resolve:ssm:/examplecompany/IAM/SSO/CodePipelineRoleArn:1}}"
Stages:
- Name: Source
Actions:
- Name: SourceAction
ActionTypeId:
Version: '1'
Owner: AWS
Category: Source
Provider: CodeStarSourceConnection
OutputArtifacts:
- Name: SourceArtifact
RunOrder: 1
Configuration:
ConnectionArn: "{{resolve:ssm:/examplecompany/Github/CodeStarConnectionArn:1}}"
FullRepositoryId: "DMEvanCT/aws-sso"
BranchName: !Ref GithubBranch
OutputArtifactFormat: "CODE_ZIP"
- Name: Build
Actions:
- Name: !Sub Build-${ProjectName}
ActionTypeId:
Category: Build
Owner: AWS
Version: 1
Provider: CodeBuild
InputArtifacts:
- Name: SourceArtifact
Configuration:
ProjectName: !Sub "${ProjectName}-Codebuild"
RunOrder: 1
- Name: Release
Actions:
- Name: CreateChangeSet
ActionTypeId:
Category: Deploy
Owner: AWS
Version: 1
Provider: CloudFormation
InputArtifacts:
- Name: SourceArtifact
Configuration:
ActionMode: CHANGE_SET_REPLACE
ChangeSetName: ExampleCompany-SSO-ChangeSet
Capabilities: CAPABILITY_IAM
StackName: ExampleCompany-SSO-Stack
TemplatePath: SourceArtifact::template.yml
ParameterOverrides: !Sub |-
{
"ArtifactBucketName" : "${ArtifactBucketName}"
}
RoleArn: !Sub "arn:${AWS::Partition}:iam::${MasterAccountID}:role/examplecompany/ExampleCompanyCloudformationRole"
RoleArn: !Sub "arn:${AWS::Partition}:iam::${MasterAccountID}:role/examplecompany/ExampleCompanyMasterDevopsRole"
RunOrder: 1
- Name: ExecuteChangeSet
ActionTypeId:
Category: Deploy
Owner: AWS
Version: 1
Provider: CloudFormation
Configuration:
StackName: ExampleCompany-SSO-Stack
ActionMode: CHANGE_SET_EXECUTE
ChangeSetName: ExampleCompany-SSO-ChangeSet
ParameterOverrides: !Sub |-
{
"ArtifactBucketName": "${ArtifactBucketName}"
}
RoleArn: !Sub "arn:${AWS::Partition}:iam::${MasterAccountID}:role/examplecompany/ExampleCompanyCloudformationRole"
RoleArn: !Sub "arn:${AWS::Partition}:iam::${MasterAccountID}:role/examplecompany/ExampleCompanyMasterDevopsRole"
RunOrder: 2
ArtifactStore:
Type: S3
Location: "{{resolve:ssm:/examplecompany/S3/SSO/ArtifactBucketName:1}}"
EncryptionKey:
Id: !Sub "arn:${AWS::Partition}:kms:${AWS::Region}:${AWS::AccountId}:key/{{resolve:ssm:/examplecompany/KMS/SSO/ArtifactBucketKeyID:1}}"
Type: KMS
Name: ExampleCompanySSO-Pipeline