[AWS] CloudFormation Template Connect Github Version 2 Using CodeStar
Using CloudFormation template to create CodePipeline should be the best practice to maintain a pipeline. There are a lot of posts or videos online that can teach you how to do it, for example, this youtube video. The above tutorial is very good to teach you how to create a pipeline with yaml template file, the only thing is that it is still using Github Version 1 Connection which is not recommended by AWS anymore.
Recommended: The GitHub version 2 action uses Github app-based auth backed by a CodeStarSourceConnection for Bitbucket, GitHub, and GitHub Enterprise Server actions resource. It installs an AWS CodeStar Connections application into your GitHub organization so that you can manage access in GitHub.
Not recommended: The GitHub version 1 action uses OAuth tokens to authenticate with GitHub and uses a separate webhook to detect changes. This is no longer the recommended method.
The following is part of the CloudFormation template file that use CodeStar to create Github Version 2 Connection:
Parameters:
GitHubOwner:
Type: String
AllowedPattern: '[A-Za-z0-9-]+'
Default: <YourUserName>
GitHubRepository:
Type: String
AllowedPattern: '[A-Za-z0-9-]+'
Default: <YourRepo>
GitHubBranch:
Type: String
AllowedPattern: '[A-Za-z0-9-]+'
Default: master
Resources:
CodePipelineServiceRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service: codepipeline.amazonaws.com
Action: 'sts:AssumeRole'
Policies:
- PolicyName: root
PolicyDocument:
Version: 2012-10-17
Statement:
- Sid: CodeStarConnectionPolicy
Effect: Allow
Action:
- 'codestar-connections:UseConnection'
Resource: '*'
- Sid: CloudWatchLogsPolicy
Effect: Allow
Action:
- 'logs:CreateLogGroup'
- 'logs:CreateLogStream'
- 'logs:PutLogEvents'
Resource:
- '*'
- Sid: S3GetObjectPolicy
Effect: Allow
Action:
- 's3:GetObject'
- 's3:GetObjectVersion'
Resource:
- '*'
- Sid: S3PutObjectPolicy
Effect: Allow
Action:
- 's3:PutObject'
Resource:
- '*'
- Sid: S3BucketIdentity
Effect: Allow
Action:
- 's3:GetBucketAcl'
- 's3:GetBucketLocation'
Resource:
- '*'
- Sid: CodeBuildPolicy
Action:
- 'codebuild:BatchGetBuilds'
- 'codebuild:StartBuild'
Resource: '*'
Effect: Allow
CodePipelineArtifactStore:
Type: 'AWS::S3::Bucket'
DeletionPolicy: Delete
Properties:
VersioningConfiguration:
Status: Enabled
CodeStarConnection:
Type: 'AWS::CodeStarConnections::Connection'
Properties:
ConnectionName: SupGitHubConnection
ProviderType: GitHub
CodePipeline:
Type: 'AWS::CodePipeline::Pipeline'
Properties:
Name: !Ref 'AWS::StackName'
RoleArn: !GetAtt
- CodePipelineServiceRole
- Arn
ArtifactStore:
Type: S3
Location: !Ref CodePipelineArtifactStore
Stages:
- Name: Source
Actions:
- Name: Source
ActionTypeId:
Category: Source
Owner: AWS
Version: 1
Provider: CodeStarSourceConnection
Configuration:
ConnectionArn: !Ref CodeStarConnection
BranchName: !Ref GitHubBranch
FullRepositoryId: !Sub ${GitHubOwner}/${GitHubRepository}
OutputArtifacts:
- Name: SourceCode
References:
Complete GitHub CI/CD Pipeline with AWS CodeBuild and AWS CodePipeline using CloudFormation template
Using Cloudformation To Automate Build, Test, And Deploy With Codepipeline (part 3)
Update a GitHub version 1 source action to a GitHub version 2 source action