Part I - https://www.aaronmedacco.com/blog/post/2017/05/02/creating-a-ci-cd-pipeline-on-aws-part-i-codecommit Part II - https://www.aaronmedacco.com/blog/post/2017/05/05/creating-a-ci-cd-pipeline-on-aws-part-ii-codebuild Part III - https://www.aaronmedacco.com/blog/post/2017/05/14/creating-a-ci-cd-pipeline-on-aws-part-ii-codedeploy Part IV - https://www.aaronmedacco.com/blog/post/2017/05/16/creating-a-ci-cd-pipeline-on-aws-part-iv-codepipeline
aws codepipeline get-pipeline-state --name [PipelineName]
var express = require('express')
var app = express()
app.get('/', function (req, res) {
res.send('You suffer in measure to your authority.')
})
app.listen(3000, function () {
console.log('Example app listening on port 3000!')
})
aws codepipeline create-pipeline --cli-input-json file://pipeline.json
{
"pipeline": {
"roleArn": "[ServiceRoleARN]",
"stages": [
{
"name": "Source",
"actions": [
{
"inputArtifacts": [],
"name": "Source",
"actionTypeId": {
"category": "Source",
"owner": "AWS",
"version": "1",
"provider": "CodeCommit"
},
"outputArtifacts": [
{
"name": "MyApp"
}
],
"configuration": {
"BranchName": "master",
"RepositoryName": "[RepositoryName]"
},
"runOrder": 1
}
]
},
{
"name": "Build",
"actions": [
{
"inputArtifacts": [
{
"name": "MyApp"
}
],
"name": "CodeBuild",
"actionTypeId": {
"category": "Build",
"owner": "AWS",
"version": "1",
"provider": "CodeBuild"
},
"outputArtifacts": [
{
"name": "MyAppBuild"
}
],
"configuration": {
"ProjectName": "[ProjectName]"
},
"runOrder": 1
}
]
},
{
"name": "Staging",
"actions": [
{
"inputArtifacts": [
{
"name": "MyAppBuild"
}
],
"name": "[DeploymentGroupName]",
"actionTypeId": {
"category": "Deploy",
"owner": "AWS",
"version": "1",
"provider": "CodeDeploy"
},
"outputArtifacts": [],
"configuration": {
"ApplicationName": "[ApplicationName]",
"DeploymentGroupName": "[DeploymentGroupName]"
},
"runOrder": 1
}
]
}
],
"artifactStore": {
"type": "S3",
"location": "[ArtifactStoreBucketName]"
},
"name": "[PipelineName]",
"version": 1
}
}
aws iam put-role-policy --role-name CodePipelineServiceRole --policy-name CodePipelineServiceRolePolicy --policy-document file://put-role-policy.json
aws iam create-role --role-name CodePipelineServiceRole --assume-role-policy-document file://create-role.json
{
"Statement": [
{
"Action": [
"s3:GetObject",
"s3:GetObjectVersion",
"s3:GetBucketVersioning"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::codepipeline*",
"arn:aws:s3:::elasticbeanstalk*"
],
"Effect": "Allow"
},
{
"Action": [
"codecommit:CancelUploadArchive",
"codecommit:GetBranch",
"codecommit:GetCommit",
"codecommit:GetUploadArchiveStatus",
"codecommit:UploadArchive"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"codedeploy:CreateDeployment",
"codedeploy:GetApplicationRevision",
"codedeploy:GetDeployment",
"codedeploy:GetDeploymentConfig",
"codedeploy:RegisterApplicationRevision"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"elasticbeanstalk:*",
"ec2:*",
"elasticloadbalancing:*",
"autoscaling:*",
"cloudwatch:*",
"s3:*",
"sns:*",
"cloudformation:*",
"rds:*",
"sqs:*",
"ecs:*",
"iam:PassRole"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"lambda:InvokeFunction",
"lambda:ListFunctions"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"opsworks:CreateDeployment",
"opsworks:DescribeApps",
"opsworks:DescribeCommands",
"opsworks:DescribeDeployments",
"opsworks:DescribeInstances",
"opsworks:DescribeStacks",
"opsworks:UpdateApp",
"opsworks:UpdateStack"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"cloudformation:CreateStack",
"cloudformation:DeleteStack",
"cloudformation:DescribeStacks",
"cloudformation:UpdateStack",
"cloudformation:CreateChangeSet",
"cloudformation:DeleteChangeSet",
"cloudformation:DescribeChangeSet",
"cloudformation:ExecuteChangeSet",
"cloudformation:SetStackPolicy",
"cloudformation:ValidateTemplate",
"iam:PassRole"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"codebuild:BatchGetBuilds",
"codebuild:StartBuild"
],
"Resource": "*",
"Effect": "Allow"
}
],
"Version": "2012-10-17"
}
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "codepipeline.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
aws iam attach-user-policy --user-name [username] --policy-arn arn:aws:iam::aws:policy/AWSCodePipelineFullAccess
aws deploy create-deployment --application-name [ApplicationName] --deployment-config-name CodeDeployDefault.OneAtATime --deployment-group-name [DeploymentGroupName] --s3-location bucket=[BucketName],bundleType=zip,key=BuildOutput.zip
aws deploy create-deployment-group --application-name [ApplicationName] --deployment-group-name [DeploymentGroupName] --deployment-config-name CodeDeployDefault.OneAtATime --ec2-tag-filters Key=CodeDeploy,Value=Yes,Type=KEY_AND_VALUE --service-role-arn [ServiceRoleARN]
version: 0.0
os: windows
files:
- source: \app.js
destination: c:\host
- source: \node_modules
destination: c:\host\node_modules
aws deploy create-application --application-name [ApplicationName]
aws iam create-instance-profile --instance-profile-name CodeDeployDemo-EC2-Instance-Profile
aws iam add-role-to-instance-profile --instance-profile-name CodeDeployDemo-EC2-Instance-Profile --role-name CodeDeployDemo-EC2-Instance-Profile
aws iam put-role-policy --role-name CodeDeployDemo-EC2-Instance-Profile --policy-name CodeDeployDemo-EC2-Permissions --policy-document file://CodeDeployDemo-EC2-Permissions.json
aws iam create-role --role-name CodeDeployDemo-EC2-Instance-Profile --assume-role-policy-document file://CodeDeployDemo-EC2-Trust.json
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:Get*",
"s3:List*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
aws iam attach-role-policy --role-name CodeDeployServiceRole --policy-arn arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole
aws iam create-role --role-name CodeDeployServiceRole --assume-role-policy-document file://CodeDeployDemo-Trust.json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": [
"codedeploy.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
}
aws iam attach-user-policy --user-name [username] --policy-arn arn:aws:iam::aws:policy/AWSCodeDeployFullAccess
var assert = require('assert');
describe('String Tests', function() {
describe('Comparison', function() {
it('Should be equal when strings are the same.', function() {
assert.equal("No mercy for the misguided.", "No mercy for the wretched.");
});
});
});
aws codebuild start-build --project-name [ProjectName]
version: 0.1
phases:
install:
commands:
- echo Installing Express...
- npm install express
- echo Installing Mocha...
- npm install -g mocha
pre_build:
commands:
- echo Installing source NPM dependencies...
build:
commands:
- echo Build started on `date`
- echo Compiling the Node.js code
- echo Running tests...
- mocha test.js
post_build:
commands:
- echo Build completed on `date`
artifacts:
files:
- '**/*'
var assert = require('assert');
describe('String Tests', function() {
describe('Comparison', function() {
it('Should be equal when strings are the same.', function() {
assert.equal("No mercy for the misguided.", "No mercy for the misguided.");
});
});
});
aws codebuild create-project --name [ProjectName] --description "[ProjectDescription]" --source type="CODECOMMIT",location="[CloneUrlHttp]" --artifacts type="S3",location="[BucketName]",name="BuildOutput.zip",packaging="ZIP" --environment type="LINUX_CONTAINER",computeType="BUILD_GENERAL1_SMALL",image="aws/codebuild/nodejs:7.0.0" --service-role "[ServiceRoleARN]"
aws iam put-role-policy --role-name CodeBuildServiceRole --policy-name CodeBuildServiceRolePolicy --policy-document file://put-role-policy.json
aws iam create-role --role-name CodeBuildServiceRole --assume-role-policy-document file://create-role.json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "CloudWatchLogsPolicy",
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": [
"*"
]
},
{
"Sid": "CodeCommitPolicy",
"Effect": "Allow",
"Action": [
"codecommit:GitPull"
],
"Resource": [
"*"
]
},
{
"Sid": "S3GetObjectPolicy",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:GetObjectVersion"
],
"Resource": [
"*"
]
},
{
"Sid": "S3PutObjectPolicy",
"Effect": "Allow",
"Action": [
"s3:PutObject"
],
"Resource": [
"*"
]
}
]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "codebuild.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
aws s3 mb s3://[bucketname]
aws iam attach-user-policy --user-name [username] --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess
aws iam attach-user-policy --user-name [username] --policy-arn arn:aws:iam::aws:policy/AWSCodeBuildAdminAccess
aws codecommit get-branch --repository-name [repositoryname] --branch-name master
aws codecommit create-branch --repository-name [repositoryname] --branch-name [branchname] --commit-id [commitid]
git push origin
git clone [CloneUrlHttp] [localrepository]
aws codecommit create-repository --repository-name [repositoryname]
aws iam create-service-specific-credential --user-name [username] --service-name codecommit.amazonaws.com
aws iam attach-user-policy --user-name [username] --policy-arn arn:aws:iam::aws:policy/AWSCodeCommitFullAccess
aws iam attach-user-policy --user-name [username] --policy-arn arn:aws:iam::aws:policy/IAMReadOnlyAccess
aws iam attach-user-policy --user-name [username] --policy-arn arn:aws:iam::aws:policy/IAMSelfManageServiceSpecificCredentials