[AWS] CloudFormation Template Connect Github Version 2 Using CodeStar


Using CloudFormation template to create CodePipeline should be the best practice to maintain a pipeline. There are a lot of posts or videos online that can teach you how to do it, for example, this youtube video. The above tutorial is very good to teach you how to create a pipeline with yaml template file, the only thing is that it is still using Github Version 1 Connection which is not recommended by AWS anymore.


Recommended: The GitHub version 2 action uses Github app-based auth backed by a CodeStarSourceConnection for Bitbucket, GitHub, and GitHub Enterprise Server actions resource. It installs an AWS CodeStar Connections application into your GitHub organization so that you can manage access in GitHub.

Not recommended: The GitHub version 1 action uses OAuth tokens to authenticate with GitHub and uses a separate webhook to detect changes. This is no longer the recommended method.

The following is part of the CloudFormation template file that use CodeStar to create Github Version 2 Connection:


Parameters:
  GitHubOwner:
    Type: String
    AllowedPattern: '[A-Za-z0-9-]+'
    Default: <YourUserName>
  GitHubRepository:
    Type: String
    AllowedPattern: '[A-Za-z0-9-]+'
    Default: <YourRepo>
  GitHubBranch:
    Type: String
    AllowedPattern: '[A-Za-z0-9-]+'
    Default: master
Resources:
  CodePipelineServiceRole:
    Type: 'AWS::IAM::Role'
    Properties:
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal:
              Service: codepipeline.amazonaws.com
            Action: 'sts:AssumeRole'
      Policies:
        - PolicyName: root
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Sid: CodeStarConnectionPolicy
                Effect: Allow
                Action:
                  - 'codestar-connections:UseConnection'
                Resource: '*'
              - Sid: CloudWatchLogsPolicy
                Effect: Allow
                Action:
                  - 'logs:CreateLogGroup'
                  - 'logs:CreateLogStream'
                  - 'logs:PutLogEvents'
                Resource:
                  - '*'
              - Sid: S3GetObjectPolicy
                Effect: Allow
                Action:
                  - 's3:GetObject'
                  - 's3:GetObjectVersion'
                Resource:
                  - '*'
              - Sid: S3PutObjectPolicy
                Effect: Allow
                Action:
                  - 's3:PutObject'
                Resource:
                  - '*'
              - Sid: S3BucketIdentity
                Effect: Allow
                Action:
                  - 's3:GetBucketAcl'
                  - 's3:GetBucketLocation'
                Resource:
                  - '*'
              - Sid: CodeBuildPolicy
                Action:
                  - 'codebuild:BatchGetBuilds'
                  - 'codebuild:StartBuild'
                Resource: '*'
                Effect: Allow
  CodePipelineArtifactStore:
    Type: 'AWS::S3::Bucket'
    DeletionPolicy: Delete
    Properties:
      VersioningConfiguration:
        Status: Enabled
  CodeStarConnection:
    Type: 'AWS::CodeStarConnections::Connection'
    Properties:
      ConnectionName: SupGitHubConnection
      ProviderType: GitHub
  CodePipeline:
    Type: 'AWS::CodePipeline::Pipeline'
    Properties:
      Name: !Ref 'AWS::StackName'
      RoleArn: !GetAtt 
        - CodePipelineServiceRole
        - Arn
      ArtifactStore:
        Type: S3
        Location: !Ref CodePipelineArtifactStore
      Stages:
        - Name: Source
          Actions:
            - Name: Source
              ActionTypeId:
                Category: Source
                Owner: AWS
                Version: 1
                Provider: CodeStarSourceConnection
              Configuration:
                ConnectionArn: !Ref CodeStarConnection
                BranchName: !Ref GitHubBranch
                FullRepositoryId: !Sub ${GitHubOwner}/${GitHubRepository}
              OutputArtifacts:
                - Name: SourceCode

References:

Complete GitHub CI/CD Pipeline with AWS CodeBuild and AWS CodePipeline using CloudFormation template

Using Cloudformation To Automate Build, Test, And Deploy With Codepipeline (part 3)

Update a GitHub version 1 source action to a GitHub version 2 source action

posted @ 2022-09-05 07:16  Grandyang  阅读(203)  评论(0编辑  收藏  举报
Fork me on GitHub