queirozsc
8/30/2017 - 4:43 PM

Creating a CI/CD Pipeline on AWS

aws codepipeline get-pipeline-state --name [PipelineName]
var express = require('express')
var app = express()
 
app.get('/', function (req, res) {
  res.send('You suffer in measure to your authority.')
})
 
app.listen(3000, function () {
  console.log('Example app listening on port 3000!')
})
aws codepipeline create-pipeline --cli-input-json file://pipeline.json
{
    "pipeline": {
        "roleArn": "[ServiceRoleARN]",
        "stages": [
            {
                "name": "Source",
                "actions": [
                    {
                        "inputArtifacts": [],
                        "name": "Source",
                        "actionTypeId": {
                            "category": "Source",
                            "owner": "AWS",
                            "version": "1",
                            "provider": "CodeCommit"
                        },
                        "outputArtifacts": [
                            {
                                "name": "MyApp"
                            }
                        ],
                        "configuration": {
                            "BranchName": "master",
                            "RepositoryName": "[RepositoryName]"
                        },
                        "runOrder": 1
                    }
                ]
            },
            {
                "name": "Build",
                "actions": [
                    {
                        "inputArtifacts": [
                            {
                                "name": "MyApp"
                            }
                        ],
                        "name": "CodeBuild",
                        "actionTypeId": {
                            "category": "Build",
                            "owner": "AWS",
                            "version": "1",
                            "provider": "CodeBuild"
                        },
                        "outputArtifacts": [
                            {
                                "name": "MyAppBuild"
                            }
                        ],
                        "configuration": {
                            "ProjectName": "[ProjectName]"
                        },
                        "runOrder": 1
                    }
                ]
            },
            {
                "name": "Staging",
                "actions": [
                    {
                        "inputArtifacts": [
                            {
                                "name": "MyAppBuild"
                            }
                        ],
                        "name": "[DeploymentGroupName]",
                        "actionTypeId": {
                            "category": "Deploy",
                            "owner": "AWS",
                            "version": "1",
                            "provider": "CodeDeploy"
                        },
                        "outputArtifacts": [],
                        "configuration": {
                            "ApplicationName": "[ApplicationName]",
                            "DeploymentGroupName": "[DeploymentGroupName]"
                        },
                        "runOrder": 1
                    }
                ]
            }
        ],
        "artifactStore": {
            "type": "S3",
            "location": "[ArtifactStoreBucketName]"
        },
        "name": "[PipelineName]",
        "version": 1
    }
}
aws iam put-role-policy --role-name CodePipelineServiceRole --policy-name CodePipelineServiceRolePolicy --policy-document file://put-role-policy.json
aws iam create-role --role-name CodePipelineServiceRole --assume-role-policy-document file://create-role.json
{
  "Statement": [
    {
      "Action": [
        "s3:GetObject",
        "s3:GetObjectVersion",
        "s3:GetBucketVersioning"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "s3:PutObject"
      ],
      "Resource": [
        "arn:aws:s3:::codepipeline*",
        "arn:aws:s3:::elasticbeanstalk*"
      ],
      "Effect": "Allow"
    },
    {
      "Action": [
        "codecommit:CancelUploadArchive",
        "codecommit:GetBranch",
        "codecommit:GetCommit",
        "codecommit:GetUploadArchiveStatus",
        "codecommit:UploadArchive"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "codedeploy:CreateDeployment",
        "codedeploy:GetApplicationRevision",
        "codedeploy:GetDeployment",
        "codedeploy:GetDeploymentConfig",
        "codedeploy:RegisterApplicationRevision"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "elasticbeanstalk:*",
        "ec2:*",
        "elasticloadbalancing:*",
        "autoscaling:*",
        "cloudwatch:*",
        "s3:*",
        "sns:*",
        "cloudformation:*",
        "rds:*",
        "sqs:*",
        "ecs:*",
        "iam:PassRole"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "lambda:InvokeFunction",
        "lambda:ListFunctions"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "opsworks:CreateDeployment",
        "opsworks:DescribeApps",
        "opsworks:DescribeCommands",
        "opsworks:DescribeDeployments",
        "opsworks:DescribeInstances",
        "opsworks:DescribeStacks",
        "opsworks:UpdateApp",
        "opsworks:UpdateStack"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "cloudformation:CreateStack",
        "cloudformation:DeleteStack",
        "cloudformation:DescribeStacks",
        "cloudformation:UpdateStack",
        "cloudformation:CreateChangeSet",
        "cloudformation:DeleteChangeSet",
        "cloudformation:DescribeChangeSet",
        "cloudformation:ExecuteChangeSet",
        "cloudformation:SetStackPolicy",
        "cloudformation:ValidateTemplate",
        "iam:PassRole"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "codebuild:BatchGetBuilds",
        "codebuild:StartBuild"
      ],
      "Resource": "*",
      "Effect": "Allow"
    }
  ],
  "Version": "2012-10-17"
}
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "codepipeline.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
aws iam attach-user-policy --user-name [username] --policy-arn arn:aws:iam::aws:policy/AWSCodePipelineFullAccess
aws deploy create-deployment --application-name [ApplicationName] --deployment-config-name CodeDeployDefault.OneAtATime --deployment-group-name [DeploymentGroupName] --s3-location bucket=[BucketName],bundleType=zip,key=BuildOutput.zip
aws deploy create-deployment-group --application-name [ApplicationName] --deployment-group-name [DeploymentGroupName] --deployment-config-name CodeDeployDefault.OneAtATime --ec2-tag-filters Key=CodeDeploy,Value=Yes,Type=KEY_AND_VALUE --service-role-arn [ServiceRoleARN]
version: 0.0
os: windows
files:
  - source: \app.js
    destination: c:\host
  - source: \node_modules
    destination: c:\host\node_modules
aws deploy create-application --application-name [ApplicationName]
aws iam create-instance-profile --instance-profile-name CodeDeployDemo-EC2-Instance-Profile
aws iam add-role-to-instance-profile --instance-profile-name CodeDeployDemo-EC2-Instance-Profile --role-name CodeDeployDemo-EC2-Instance-Profile
aws iam put-role-policy --role-name CodeDeployDemo-EC2-Instance-Profile --policy-name CodeDeployDemo-EC2-Permissions --policy-document file://CodeDeployDemo-EC2-Permissions.json
aws iam create-role --role-name CodeDeployDemo-EC2-Instance-Profile --assume-role-policy-document file://CodeDeployDemo-EC2-Trust.json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:Get*",
        "s3:List*"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
aws iam attach-role-policy --role-name CodeDeployServiceRole --policy-arn arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole
aws iam create-role --role-name CodeDeployServiceRole --assume-role-policy-document file://CodeDeployDemo-Trust.json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": [
          "codedeploy.amazonaws.com"
        ]
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
aws iam attach-user-policy --user-name [username] --policy-arn arn:aws:iam::aws:policy/AWSCodeDeployFullAccess
var assert = require('assert');
describe('String Tests', function() {
  describe('Comparison', function() {
    it('Should be equal when strings are the same.', function() {
      assert.equal("No mercy for the misguided.", "No mercy for the wretched.");
    });
  });
});
aws codebuild start-build --project-name [ProjectName]
version: 0.1
 
phases:
  install:
    commands:
      - echo Installing Express...
      - npm install express
      - echo Installing Mocha...
      - npm install -g mocha
  pre_build:
    commands:
      - echo Installing source NPM dependencies...
  build:
    commands:
      - echo Build started on `date`
      - echo Compiling the Node.js code
      - echo Running tests...
      - mocha test.js
  post_build:
    commands:
      - echo Build completed on `date`
artifacts:
  files:
    - '**/*'
var assert = require('assert');
describe('String Tests', function() {
  describe('Comparison', function() {
    it('Should be equal when strings are the same.', function() {
      assert.equal("No mercy for the misguided.", "No mercy for the misguided.");
    });
  });
});
aws codebuild create-project --name [ProjectName] --description "[ProjectDescription]" --source type="CODECOMMIT",location="[CloneUrlHttp]" --artifacts type="S3",location="[BucketName]",name="BuildOutput.zip",packaging="ZIP" --environment type="LINUX_CONTAINER",computeType="BUILD_GENERAL1_SMALL",image="aws/codebuild/nodejs:7.0.0" --service-role "[ServiceRoleARN]"
aws iam put-role-policy --role-name CodeBuildServiceRole --policy-name CodeBuildServiceRolePolicy --policy-document file://put-role-policy.json
aws iam create-role --role-name CodeBuildServiceRole --assume-role-policy-document file://create-role.json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "CloudWatchLogsPolicy",
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Sid": "CodeCommitPolicy",
      "Effect": "Allow",
      "Action": [
        "codecommit:GitPull"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Sid": "S3GetObjectPolicy",
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:GetObjectVersion"
      ],
      "Resource": [
        "*"
      ]
    },
    {
      "Sid": "S3PutObjectPolicy",
      "Effect": "Allow",
      "Action": [
        "s3:PutObject"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "codebuild.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
aws s3 mb s3://[bucketname]
aws iam attach-user-policy --user-name [username] --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess
aws iam attach-user-policy --user-name [username] --policy-arn arn:aws:iam::aws:policy/AWSCodeBuildAdminAccess
aws codecommit get-branch --repository-name [repositoryname] --branch-name master
aws codecommit create-branch --repository-name [repositoryname] --branch-name [branchname] --commit-id [commitid]
git clone [CloneUrlHttp] [localrepository]
aws codecommit create-repository --repository-name [repositoryname]
aws iam create-service-specific-credential --user-name [username] --service-name codecommit.amazonaws.com
aws iam attach-user-policy --user-name [username] --policy-arn arn:aws:iam::aws:policy/AWSCodeCommitFullAccess
aws iam attach-user-policy --user-name [username] --policy-arn arn:aws:iam::aws:policy/IAMReadOnlyAccess
aws iam attach-user-policy --user-name [username] --policy-arn arn:aws:iam::aws:policy/IAMSelfManageServiceSpecificCredentials