Introduction: In the domain of DevOps, automation reigns supreme. As software development pipelines grow more intricate, automating the establishment of continuous integration and continuous deployment (CI/CD) processes becomes imperative. AWS offers robust tools like CodePipeline for orchestrating these workflows and CloudFormation for automating infrastructure setup. In this tutorial, we’ll delve into automating the creation of an AWS CodePipeline using CloudFormation, with a specific emphasis on replicating an existing pipeline.
Prerequisites: Before diving in, make sure you have:
- An AWS account with the necessary permissions to create IAM roles, CodeBuild projects, CodePipeline pipelines, and EventBridge rules.
- Basic knowledge of AWS CodePipeline, CodeBuild, IAM roles, and CloudFormation.
Step 1: Understanding the CloudFormation Template: Let’s dissect the CloudFormation template provided below. This template sets up a CodePipeline that clones an existing repository, triggers builds with CodeBuild, and uses EventBridge for event-driven triggers.
AWSTemplateFormatVersion: 2010-09-09
Description: CloudFormation template to create an AWS CodeBuild project with no source
Parameters:
CodeBuildProjectName:
Type: String
Description: Name of CodeBuild project
Default: ss-auto-pipeline-build
CodePipelineName:
Type: String
Description: Name of CodePipeline
Default: ss-auto-pipeline
EventBridgeRuleName:
Type: String
Description: Name of EventBridgeRule
Default: ss-auto-pipeline-EventBridgeRule
Resources:
CodeBuildServiceRole:
Type: 'AWS::IAM::Role'
Properties:
RoleName: !Sub '${CodeBuildProjectName}-ServiceRole'
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service: codebuild.amazonaws.com
Action: 'sts:AssumeRole'
Path: /
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/AWSCodeBuildDeveloperAccess'
- 'arn:aws:iam::aws:policy/CloudWatchFullAccess'
- 'arn:aws:iam::aws:policy/AmazonS3FullAccess'
- 'arn:aws:iam::aws:policy/AmazonAPIGatewayAdministrator'
- 'arn:aws:iam::aws:policy/AWSCloudFormationFullAccess'
- 'arn:aws:iam::aws:policy/AWSLambda_FullAccess'
CodePipelineServiceRole:
Type: 'AWS::IAM::Role'
Properties:
RoleName: !Sub '${CodePipelineName}-Role'
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service: codepipeline.amazonaws.com
Action: 'sts:AssumeRole'
Path: '/'
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/AmazonS3FullAccess'
- 'arn:aws:iam::aws:policy/AWSCodeCommitFullAccess'
- 'arn:aws:iam::aws:policy/AWSCodeBuildAdminAccess'
Policies:
- PolicyName: // provide PolicyName
PolicyDocument:
Version: 2012-10-17
Statement:
- Sid: VisualEditor0
Effect: Allow
Action:
- 'sts:AssumeRole'
Resource: #'arn:aws:iam::YOUR_ACCOUNT_ID:role/*'
CodeBuildProject:
Type: 'AWS::CodeBuild::Project'
Properties:
Name: !Ref CodeBuildProjectName
Description: CodeBuild project
Source:
Type: NO_SOURCE
BuildSpec: |
version: 0.2
phases:
build:
commands:
- echo 'This is a test'
- sleep 60
- echo 'completed'
Artifacts:
Type: NO_ARTIFACTS
Environment:
Type: LINUX_CONTAINER
ComputeType: BUILD_GENERAL1_SMALL
Image: 'aws/codebuild/amazonlinux2-x86_64-standard:3.0'
ServiceRole: !GetAtt CodeBuildServiceRole.Arn
TimeoutInMinutes: 5
CodePipeline:
Type: 'AWS::CodePipeline::Pipeline'
Properties:
Name: !Ref CodePipelineName
RoleArn: !GetAtt CodePipelineServiceRole.Arn
ArtifactStore:
Type: S3
Location: codepipeline-ap-south-1-675893268499
ArtifactStoreEncryption:
EncryptionKey: // provide EncryptionKey
Type: KMS
Stages:
- Name: Source
Actions:
- Name: SourceAction
ActionTypeId:
Category: Source
Owner: AWS
Provider: CodeCommit
Version: '1'
Configuration:
RepositoryName: cft_test
BranchName: master
OutputArtifacts:
- Name: SourceOutput
- Name: Build
Actions:
- Name: BuildAction
ActionTypeId:
Category: Build
Owner: AWS
Provider: CodeBuild
Version: '1'
Configuration:
ProjectName: !Ref CodeBuildProjectName
InputArtifacts:
- Name: SourceOutput
OutputArtifacts:
- Name: BuildOutput
DependsOn: CodeBuildProject
EventBridgeRole:
Type: 'AWS::IAM::Role'
Properties:
RoleName: !Sub '${CodePipelineName}-EventBridgeRole'
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- events.amazonaws.com
Action: 'sts:AssumeRole'
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/AWSCodePipeline_FullAccess'
Policies:
- PolicyName: EventBridgePolicy
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- 'codepipeline:StartPipelineExecution'
Resource:
- !Sub >-
arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${CodePipelineName}
DependsOn: CodePipeline
EventBridgeRule:
Type: 'AWS::Events::Rule'
Properties:
Name: !Ref EventBridgeRuleName
Description: >-
This rule triggers the CodePipeline when the specified event pattern is
matched.
EventBusName: default
EventPattern:
detail:
pipeline_name:
- !Ref CodePipelineName
branch_name:
- master
repository:
- cft_test
Targets:
- Arn: !Sub >-
arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${CodePipelineName}
Id: CFTCodePipelineTarget
RoleArn: !GetAtt EventBridgeRole.Arn
DependsOn: CodePipelineStep 2: Parameters Explanation:
- The template defines parameters for customizing the CodeBuild project name, CodePipeline name, and EventBridge rule name, offering flexibility in naming conventions.
Step 3: Resource Setup:
- CodeBuildServiceRole: Defines an IAM role for the CodeBuild project with necessary permissions for CodeBuild to access resources like S3, CloudWatch, and Lambda.
- CodePipelineServiceRole: Establishes an IAM role for the CodePipeline with permissions to access resources like S3 and CodeBuild, crucial for pipeline orchestration.
- CodeBuildProject: Sets up the CodeBuild project, specifying build commands, environment details, and linking to the CodeBuild service role.
- CodePipeline: Creates the CodePipeline, specifying source (CodeCommit), build (CodeBuild), and linking to the CodePipeline service role. It depends on the CodeBuild project to ensure proper sequencing.
- EventBridgeRole: Establishes an IAM role for EventBridge with permissions to start pipeline executions. It depends on the CodePipeline to ensure it’s created before the EventBridge rule.
- EventBridgeRule: Defines an EventBridge rule to trigger the CodePipeline when specific events occur, such as repository changes. It depends on the CodePipeline to ensure its availability.
Step 4: Deploying the CloudFormation Stack: To deploy this CloudFormation stack:
- Save the CloudFormation template to a file, e.g.,
codepipeline-template.yaml. - Open the AWS Management Console, navigate to CloudFormation, and click “Create stack”.
- Upload the template file, configure parameters as needed, and proceed with the stack creation.
Conclusion: In this tutorial, we’ve explored how to automate the setup of an AWS CodePipeline using CloudFormation. By defining infrastructure as code, you can efficiently manage, version, and reproduce your CI/CD pipelines. This approach fosters consistency, reliability, and scalability in your software delivery processes, ultimately enhancing your DevOps practices.
Dive into our comprehensive tutorial on automating AWS CodePipeline creation using CloudFormation. Streamline your deployment processes, foster consistency, and enhance your DevOps practices effortlessly. Get started now!
