From 0eea4a0abfdbf1225abd148eac0a7f151c1144b3 Mon Sep 17 00:00:00 2001 From: Kenny Ballou Date: Tue, 28 Jan 2020 21:49:30 -0700 Subject: code-{build,commit} auto build and deploy blog Create codecommit and codebuild resources to store and build web/blog content. Add in a lambda function to trigger the builds automatically to futher automate deployment and publishing of content. Signed-off-by: Kenny Ballou --- stacks/blog.tpl | 150 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 150 insertions(+) (limited to 'stacks/blog.tpl') diff --git a/stacks/blog.tpl b/stacks/blog.tpl index 454540c..3a6cd7f 100644 --- a/stacks/blog.tpl +++ b/stacks/blog.tpl @@ -230,6 +230,156 @@ "URIRewriteLambdaFunction", "Arn"]}, "Description": "Lambda Function performing URI rewriting" } + }, + "BlogContentRepository": { + "Type": "AWS::CodeCommit::Repository", + "Properties": { + "RepositoryDescription": "Blog Content Repository", + "RepositoryName": {"Ref": "BlogBucketName"}, + "Triggers": [ + { + "Name": "Build and Deploy", + "Branches": ["master"], + "DestinationArn": {"Ref": "CodeCommitEventsSnsTopic"}, + "Events": ["all"] + } + ] + } + }, + "BlogCodeBuildLogGroup": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "LogGroupName": {"Fn::Join": ["-", [ + "/aws/codebuild/CodeBuild", + {"Ref": "BlogBucketName"}]]}, + "RetentionInDays": 14 + } + }, + "BlogCodeBuild": { + "Type": "AWS::CodeBuild::Project", + "Properties": { + "Name": "BlogCI", + "Description": "Blog Build Project", + "Artifacts": { + "Type": "NO_ARTIFACTS" + }, + "Environment": { + "ComputeType": "BUILD_GENERAL1_SMALL", + "Image": "kennyballou/debian-pandoc:latest", + "Type": "LINUX_CONTAINER" + }, + "LogsConfig": { + "CloudWatchLogs": { + "GroupName": {"Fn::Join": ["-", [ + "/aws/codebuild/CodeBuild", + {"Ref": "BlogBucketName"} + ]]}, + "Status": "ENABLED" + } + }, + "ServiceRole": {"Ref": "CodeBuildIamServiceRole"}, + "Source": { + "Type": "CODECOMMIT", + "Location": {"Fn::GetAtt": ["BlogContentRepository", + "CloneUrlHttp"]} + } + } + }, + "CodeCommitEventsSnsTopic": { + "Type": "AWS::SNS::Topic", + "Properties": { + "DisplayName": "CodeCommit Events", + "TopicName": "codecommit-events" + } + }, + "CodeBuildIamManagedPolicy": { + "Type": "AWS::IAM::ManagedPolicy", + "Properties": { + "Description": "CodeBuild Service Policy", + "PolicyDocument": [+ INCLUDE "codebuild-service-role.json.in" +] + } + }, + "CodeBuildIamServiceRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Principal": { + "Service": "codebuild.amazonaws.com" + }, + "Effect": "Allow" + } + ] + }, + "ManagedPolicyArns": [ + {"Ref": "CodeBuildIamManagedPolicy"} + ] + } + }, + "LambdaCodeCommitBuildIamManagedPolicy": { + "Type": "AWS::IAM::ManagedPolicy", + "Properties": { + "Description": "Lambda CodeCommit-Build Execution Policy", + "PolicyDocument": [+ INCLUDE "codecommit-build-policy.json.in" +] + } + }, + "LambdaCodeCommitBuildIamServiceRole": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Principal": { + "Service": "lambda.amazonaws.com" + }, + "Effect": "Allow" + } + ] + }, + "ManagedPolicyArns": [ + {"Ref": "LambdaCodeCommitBuildIamManagedPolicy"} + ] + } + }, + "CodeCommitBuildLambdaPermission": { + "Type": "AWS::Lambda::Permission", + "Properties": { + "FunctionName": {"Fn::GetAtt": [ + "CodeCommitBuildLambdaFunction", "Arn"]}, + "Action": "lambda:InvokeFunction", + "Principal": "sns.amazonaws.com", + "SourceArn": {"Ref": "CodeCommitEventsSnsTopic"} + } + }, + "CodeCommitBuildLambdaFunction": { + "Type": "AWS::Lambda::Function", + "Properties": { + "FunctionName": "codecommit-build-bae089e8-3871-4067-9a3d-bac114f08438", + "Code": { + "ZipFile": [+ INCLUDE "codecommit-build.py.in" +] + }, + "Description": "Start builds on commit events", + "Handler": "index.handler", + "MemorySize": 128, + "Timeout": 3, + "Role": {"Fn::GetAtt": [ + "LambdaCodeCommitBuildIamServiceRole", "Arn"]}, + "Runtime": "python3.7" + } + }, + "CodeCommitBuildSnsSubscription": { + "Type": "AWS::SNS::Subscription", + "Properties": { + "Protocol": "lambda", + "Endpoint": {"Fn::GetAtt": [ + "CodeCommitBuildLambdaFunction", "Arn"]}, + "TopicArn": {"Ref": "CodeCommitEventsSnsTopic"} + } } } } -- cgit v1.2.1