AWSTemplateFormatVersion: '2010-09-09' Parameters: BucketName: Type: String Description: "The name for the S3 bucket to be used for public website hosting (must be globally unique)" Default: "naputo-blog-public" Resources: WebsiteBucket: Type: AWS::S3::Bucket Properties: BucketName: !Ref BucketName WebsiteConfiguration: IndexDocument: index.html ErrorDocument: error.html PublicAccessBlockConfiguration: BlockPublicAcls: false BlockPublicPolicy: false IgnorePublicAcls: false RestrictPublicBuckets: false WebsiteBucketPolicy: Type: AWS::S3::BucketPolicy Properties: Bucket: !Ref WebsiteBucket PolicyDocument: Version: '2012-10-17' Statement: - Sid: AllowCodePipelineUpdates Effect: Allow Principal: AWS: !GetAtt CodePipelineRole.Arn Action: - s3:PutObject - s3:DeleteObject Resource: !Sub "arn:aws:s3:::${WebsiteBucket}/*" - Sid: PublicReadGetObject Effect: Allow Principal: "*" Action: - s3:GetObject Resource: !Sub "arn:aws:s3:::${WebsiteBucket}/*" CodeBuildServiceRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: - codebuild.amazonaws.com Action: - sts:AssumeRole Policies: - PolicyName: CodeBuildPolicy PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: - logs:CreateLogGroup - logs:CreateLogStream - logs:PutLogEvents Resource: "*" - Effect: Allow Action: - s3:GetObject - s3:PutObject - s3:ListBucket Resource: - "arn:aws:s3:::codebuild-ap-northeast-1-692859919890-input-bucket" - "arn:aws:s3:::codebuild-ap-northeast-1-692859919890-input-bucket/*" - "arn:aws:s3:::naputo-blog-source" - "arn:aws:s3:::naputo-blog-source/*" MyBlogCodeBuildProject: Type: AWS::CodeBuild::Project Properties: ServiceRole: !GetAtt CodeBuildServiceRole.Arn Artifacts: Type: CODEPIPELINE Environment: ComputeType: BUILD_LAMBDA_1GB Image: aws/codebuild/amazonlinux-x86_64-lambda-standard:nodejs22 Type: LINUX_LAMBDA_CONTAINER Source: Type: CODEPIPELINE CodePipelineRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: - codepipeline.amazonaws.com Action: - sts:AssumeRole Policies: - PolicyName: CodePipelinePolicy PolicyDocument: Version: '2012-10-17' Statement: # Permissions for accessing the artifacts bucket - Effect: Allow Action: - s3:GetObject - s3:GetObjectVersion - s3:PutObject - s3:ListBucket - s3:GetBucketLocation - s3:GetBucketVersioning Resource: - "arn:aws:s3:::codebuild-ap-northeast-1-692859919890-input-bucket" - "arn:aws:s3:::codebuild-ap-northeast-1-692859919890-input-bucket/*" - "arn:aws:s3:::naputo-blog-source" - "arn:aws:s3:::naputo-blog-source/*" # Permissions for CloudFormation actions - Effect: Allow Action: - cloudformation:CreateStack - cloudformation:DeleteStack - cloudformation:UpdateStack - cloudformation:DescribeStacks - cloudformation:DescribeStackEvents - cloudformation:ValidateTemplate Resource: "*" # Permissions for CodeBuild (if used) - Effect: Allow Action: - codebuild:StartBuild - codebuild:BatchGetBuilds Resource: "*" # Permissions for manual approval actions in CodePipeline - Effect: Allow Action: - codepipeline:PutApprovalResult Resource: "*" MyBlogPipeline: Type: AWS::CodePipeline::Pipeline Properties: PipelineType: V2 ArtifactStore: Type: S3 Location: "codebuild-ap-northeast-1-692859919890-input-bucket" RoleArn: !GetAtt CodePipelineRole.Arn Tags: - Key: Project Value: Git-server Stages: - Name: Source Actions: - Name: S3Source ActionTypeId: Category: Source Owner: AWS Provider: S3 Version: "1" OutputArtifacts: - Name: SourceArtifact Configuration: S3Bucket: naputo-blog-source S3ObjectKey: source.zip RunOrder: 1 - Name: Build Actions: - Name: CodeBuild ActionTypeId: Category: Build Owner: AWS Provider: CodeBuild Version: "1" Configuration: ProjectName: !Ref MyBlogCodeBuildProject OutputArtifacts: - Name: BuildArtifact InputArtifacts: - Name: SourceArtifact RunOrder: 1 - Name: Approval Actions: - Name: ManualApproval ActionTypeId: Category: Approval Owner: AWS Provider: Manual Version: "1" RunOrder: 1 Configuration: CustomData: "Please review the build artifact and approve the deployment." - Name: Deploy Actions: - Name: S3Deploy ActionTypeId: Category: Deploy Owner: AWS Provider: S3 Version: "1" InputArtifacts: - Name: BuildArtifact Configuration: BucketName: !Ref WebsiteBucket Extract: 'true' RunOrder: 1