130 lines
3.9 KiB
YAML
130 lines
3.9 KiB
YAML
AWSTemplateFormatVersion: '2010-09-09'
|
|
|
|
Parameters:
|
|
BucketName:
|
|
Type: String
|
|
Description: "The name for the S3 bucket to be used for public website hosting (must be globally unique)"
|
|
Default: "naputo-blog-public"
|
|
|
|
Resources:
|
|
|
|
WebsiteBucket:
|
|
Type: AWS::S3::Bucket
|
|
Properties:
|
|
BucketName: !Ref BucketName
|
|
WebsiteConfiguration:
|
|
IndexDocument: index.html
|
|
ErrorDocument: error.html
|
|
|
|
WebsiteBucketPolicy:
|
|
Type: AWS::S3::BucketPolicy
|
|
Properties:
|
|
Bucket: !Ref WebsiteBucket
|
|
PolicyDocument:
|
|
Version: '2012-10-17'
|
|
Statement:
|
|
- Sid: AllowCodePipelineUpdates
|
|
Effect: Allow
|
|
Principal:
|
|
AWS: !GetAtt CodePipelineRole.Arn
|
|
Action:
|
|
- s3:PutObject
|
|
- s3:DeleteObject
|
|
Resource: !Sub "arn:aws:s3:::${WebsiteBucket}/*"
|
|
|
|
CodePipelineRole:
|
|
Type: AWS::IAM::Role
|
|
Properties:
|
|
AssumeRolePolicyDocument:
|
|
Version: '2012-10-17'
|
|
Statement:
|
|
- Effect: Allow
|
|
Principal:
|
|
Service:
|
|
- codepipeline.amazonaws.com
|
|
Action:
|
|
- sts:AssumeRole
|
|
Policies:
|
|
- PolicyName: CodePipelinePolicy
|
|
PolicyDocument:
|
|
Version: '2012-10-17'
|
|
Statement:
|
|
# Permissions for accessing the artifacts bucket
|
|
- Effect: Allow
|
|
Action:
|
|
- s3:GetObject
|
|
- s3:PutObject
|
|
- s3:GetBucketLocation
|
|
- s3:GetBucketVersioning
|
|
Resource:
|
|
- "arn:aws:s3:::codebuild-ap-northeast-1-692859919890-input-bucket"
|
|
- "arn:aws:s3:::codebuild-ap-northeast-1-692859919890-input-bucket/*"
|
|
# Permissions for CloudFormation actions
|
|
- Effect: Allow
|
|
Action:
|
|
- cloudformation:CreateStack
|
|
- cloudformation:DeleteStack
|
|
- cloudformation:UpdateStack
|
|
- cloudformation:DescribeStacks
|
|
- cloudformation:DescribeStackEvents
|
|
- cloudformation:ValidateTemplate
|
|
Resource: "*"
|
|
# Permissions for CodeBuild (if used)
|
|
- Effect: Allow
|
|
Action:
|
|
- codebuild:StartBuild
|
|
- codebuild:BatchGetBuilds
|
|
Resource: "*"
|
|
|
|
MyBlogPipeline:
|
|
Type: AWS::CodePipeline::Pipeline
|
|
Properties:
|
|
PipelineType: V2
|
|
ArtifactStore:
|
|
Type: S3
|
|
Location: "codebuild-ap-northeast-1-692859919890-input-bucket"
|
|
RoleArn: !GetAtt CodePipelineRole.Arn
|
|
Stages:
|
|
- Name: Source
|
|
Actions:
|
|
- Name: S3Source
|
|
ActionTypeId:
|
|
Category: Source
|
|
Owner: AWS
|
|
Provider: S3
|
|
Version: "1"
|
|
OutputArtifacts:
|
|
- Name: SourceArtifact
|
|
Configuration:
|
|
S3Bucket: naputo-blog-source
|
|
S3ObjectKey: source.zip
|
|
RunOrder: 1
|
|
- Name: Build
|
|
Actions:
|
|
- Name: CodeBuild
|
|
ActionTypeId:
|
|
Category: Build
|
|
Owner: AWS
|
|
Provider: CodeBuild
|
|
Version: "1"
|
|
Configuration:
|
|
ProjectName: "MyBlogCodeBuildProject"
|
|
OutputArtifacts:
|
|
- Name: BuildArtifact
|
|
InputArtifacts:
|
|
- Name: SourceArtifact
|
|
RunOrder: 1
|
|
- Name: Deploy
|
|
Actions:
|
|
- Name: S3Deploy
|
|
ActionTypeId:
|
|
Category: Deploy
|
|
Owner: AWS
|
|
Provider: S3
|
|
Version: "1"
|
|
InputArtifacts:
|
|
- Name: BuildArtifact
|
|
Configuration:
|
|
BucketName: !Ref WebsiteBucket
|
|
Extract: 'true'
|
|
RunOrder: 1
|