nakada0907/n-daisuke-blog-deployment-source
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add Cloudformation template to make CodePipeline

Browse source
This commit is contained in:
Daisuke Nakahara 2025-05-06 20:06:52 +09:00
parent bba136cb12
commit 5de667341c
2 changed files with 130 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

130
template-codepipeline.yaml Normal file
View file

@ -0,0 +1,130 @@
AWSTemplateFormatVersion: '2010-09-09'
Parameters:
BucketName:
Type: String
Description: "The name for the S3 bucket to be used for public website hosting (must be globally unique)"
Default: "naputo-blog-public"
Resources:
WebsiteBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: !Ref BucketName
WebsiteConfiguration:
IndexDocument: index.html
ErrorDocument: error.html
WebsiteBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref WebsiteBucket
PolicyDocument:
Version: '2012-10-17'
Statement:
- Sid: AllowCodePipelineUpdates
Effect: Allow
Principal:
AWS: !GetAtt CodePipelineRole.Arn
Action:
- s3:PutObject
- s3:DeleteObject
Resource: !Sub "arn:aws:s3:::${WebsiteBucket}/*"
CodePipelineRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal:
Service:
- codepipeline.amazonaws.com
Action:
- sts:AssumeRole
Policies:
- PolicyName: CodePipelinePolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
# Permissions for accessing the artifacts bucket
- Effect: Allow
Action:
- s3:GetObject
- s3:PutObject
- s3:GetBucketLocation
- s3:GetBucketVersioning
Resource:
- "arn:aws:s3:::codebuild-ap-northeast-1-692859919890-input-bucket"
- "arn:aws:s3:::codebuild-ap-northeast-1-692859919890-input-bucket/*"
# Permissions for CloudFormation actions
- Effect: Allow
Action:
- cloudformation:CreateStack
- cloudformation:DeleteStack
- cloudformation:UpdateStack
- cloudformation:DescribeStacks
- cloudformation:DescribeStackEvents
- cloudformation:ValidateTemplate
Resource: "*"
# Permissions for CodeBuild (if used)
- Effect: Allow
Action:
- codebuild:StartBuild
- codebuild:BatchGetBuilds
Resource: "*"
MyBlogPipeline:
Type: AWS::CodePipeline::Pipeline
Properties:
PipelineType: V2
ArtifactStore:
Type: S3
Location: "codebuild-ap-northeast-1-692859919890-input-bucket"
RoleArn: !GetAtt CodePipelineRole.Arn
Stages:
- Name: Source
Actions:
- Name: S3Source
ActionTypeId:
Category: Source
Owner: AWS
Provider: S3
Version: "1"
OutputArtifacts:
- Name: SourceArtifact
Configuration:
S3Bucket: naputo-blog-source
S3ObjectKey: source.zip
RunOrder: 1
- Name: Build
Actions:
- Name: CodeBuild
ActionTypeId:
Category: Build
Owner: AWS
Provider: CodeBuild
Version: "1"
Configuration:
ProjectName: "MyBlogCodeBuildProject"
OutputArtifacts:
- Name: BuildArtifact
InputArtifacts:
- Name: SourceArtifact
RunOrder: 1
- Name: Deploy
Actions:
- Name: S3Deploy
ActionTypeId:
Category: Deploy
Owner: AWS
Provider: S3
Version: "1"
InputArtifacts:
- Name: BuildArtifact
Configuration:
BucketName: !Ref WebsiteBucket
Extract: 'true'
RunOrder: 1

0
template.yaml → template-lambda-function.yaml
View file