nakada0907/n-daisuke-blog-deployment-source
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Restructure project layout and add ECR repository CloudFormation template

Browse source 
- Move application entrypoint to cmd/lambda/
- Move Dockerfile to docker/ for clearer build context separation
- Promote go.mod/go.sum to project root
- Move CloudFormation templates under infra/cfn/ for consistent infra layout
- Add new template-container-repository.yaml defining ECR repository (blog-deployment)
- Move Lambda test files to test/ directory
This commit is contained in:
Daisuke Nakahara 2025-12-31 19:24:08 +09:00
parent aa1f4a91bf
commit 0b67765510
11 changed files with 21 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

216
template-codepipeline.yaml
View file

@ -1,216 +0,0 @@
AWSTemplateFormatVersion: '2010-09-09'
Parameters:
BucketName:
Type: String
Description: "The name for the S3 bucket to be used for public website hosting (must be globally unique)"
Default: "naputo-blog-public"
Resources:
WebsiteBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Ref BucketName
PublicAccessBlockConfiguration:
BlockPublicAcls: true
BlockPublicPolicy: true
IgnorePublicAcls: true
RestrictPublicBuckets: true
WebsiteBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref WebsiteBucket
PolicyDocument:
Version: '2012-10-17'
Statement:
- Sid: AllowCodePipelineUpdates
Effect: Allow
Principal:
AWS: !GetAtt CodePipelineRole.Arn
Action:
- s3:PutObject
- s3:DeleteObject
Resource: !Sub "arn:aws:s3:::${WebsiteBucket}/*"
- Sid: AllowCloudFrontOACGetObject
Effect: Allow
Principal:
Service: cloudfront.amazonaws.com
Action:
- s3:GetObject
Resource: !Sub "arn:aws:s3:::${WebsiteBucket}/*"
Condition:
StringEquals:
AWS:SourceArn:
Fn::Sub:
- arn:aws:cloudfront::${AWS::AccountId}:distribution/${MyCloudFrontDistribution}
- MyCloudFrontDistribution:
Fn::ImportValue: BlogCloudFrontDistribution-ID
CodeBuildServiceRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service:
- codebuild.amazonaws.com
Action:
- sts:AssumeRole
Policies:
- PolicyName: CodeBuildPolicy
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource: "*"
- Effect: Allow
Action:
- s3:GetObject
- s3:PutObject
- s3:ListBucket
Resource:
- "arn:aws:s3:::codebuild-ap-northeast-1-692859919890-input-bucket"
- "arn:aws:s3:::codebuild-ap-northeast-1-692859919890-input-bucket/*"
- "arn:aws:s3:::naputo-blog-source"
- "arn:aws:s3:::naputo-blog-source/*"
MyBlogCodeBuildProject:
Type: AWS::CodeBuild::Project
Properties:
ServiceRole: !GetAtt CodeBuildServiceRole.Arn
Artifacts:
Type: CODEPIPELINE
Environment:
ComputeType: BUILD_LAMBDA_1GB
Image: aws/codebuild/amazonlinux-x86_64-lambda-standard:nodejs22
Type: LINUX_LAMBDA_CONTAINER
Source:
Type: CODEPIPELINE
CodePipelineRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- codepipeline.amazonaws.com
Action:
- sts:AssumeRole
Policies:
- PolicyName: CodePipelinePolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
# Permissions for accessing the artifacts bucket
- Effect: Allow
Action:
- s3:GetObject
- s3:GetObjectVersion
- s3:PutObject
- s3:ListBucket
- s3:GetBucketLocation
- s3:GetBucketVersioning
Resource:
- "arn:aws:s3:::codebuild-ap-northeast-1-692859919890-input-bucket"
- "arn:aws:s3:::codebuild-ap-northeast-1-692859919890-input-bucket/*"
- "arn:aws:s3:::naputo-blog-source"
- "arn:aws:s3:::naputo-blog-source/*"
# Permissions for CloudFormation actions
- Effect: Allow
Action:
- cloudformation:CreateStack
- cloudformation:DeleteStack
- cloudformation:UpdateStack
- cloudformation:DescribeStacks
- cloudformation:DescribeStackEvents
- cloudformation:ValidateTemplate
Resource: "*"
# Permissions for CodeBuild (if used)
- Effect: Allow
Action:
- codebuild:StartBuild
- codebuild:BatchGetBuilds
Resource: "*"
# Permissions for manual approval actions in CodePipeline
- Effect: Allow
Action:
- codepipeline:PutApprovalResult
Resource: "*"
MyBlogPipeline:
Type: AWS::CodePipeline::Pipeline
Properties:
PipelineType: V2
ArtifactStore:
Type: S3
Location: "codebuild-ap-northeast-1-692859919890-input-bucket"
RoleArn: !GetAtt CodePipelineRole.Arn
Tags:
- Key: Project
Value: Git-server
Stages:
- Name: Source
Actions:
- Name: S3Source
ActionTypeId:
Category: Source
Owner: AWS
Provider: S3
Version: "1"
OutputArtifacts:
- Name: SourceArtifact
Configuration:
S3Bucket: naputo-blog-source
S3ObjectKey: source.zip
RunOrder: 1
- Name: Build
Actions:
- Name: CodeBuild
ActionTypeId:
Category: Build
Owner: AWS
Provider: CodeBuild
Version: "1"
Configuration:
ProjectName: !Ref MyBlogCodeBuildProject
OutputArtifacts:
- Name: BuildArtifact
InputArtifacts:
- Name: SourceArtifact
RunOrder: 1
- Name: Approval
Actions:
- Name: ManualApproval
ActionTypeId:
Category: Approval
Owner: AWS
Provider: Manual
Version: "1"
RunOrder: 1
Configuration:
CustomData: "Please review the build artifact and approve the deployment."
- Name: Deploy
Actions:
- Name: S3Deploy
ActionTypeId:
Category: Deploy
Owner: AWS
Provider: S3
Version: "1"
InputArtifacts:
- Name: BuildArtifact
Configuration:
BucketName: !Ref WebsiteBucket
Extract: 'true'
RunOrder: 1