Skip to content
/ aws-cf-codepipeline Public

Cloudformation template to create continuous delivery codepipeline

License

Apache-2.0 license
1 star 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

abiydv/aws-cf-codepipeline

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
codepipeline-access.yaml
codepipeline-access.yaml
 
 
codepipeline-base.yaml
codepipeline-base.yaml
 
 
codepipeline-stack.yaml
codepipeline-stack.yaml
 
 

Repository files navigation

AWS Cross Account Codepipeline

CodeFactor

cli cf github cp cb ecr iam sns s3 kms cwe ecsf

Use this to create a cross account AWS Codepipeline which runs in a dedicated account and deploys artifacts in other accounts

  • Source - github
  • Buid - AWS CodeBuild
  • Deploy - AWS Codepipeline ECS deployment

Architecture

This is a simplified view of the solution detailing out all the components in use.

cross-account-pipeline

The various pipeline stages can be visualized as -

pipeline-flow

How to use

To create the ECS clusters in the respective accounts, you can use the ecs templates. To setup the cross account codepipeline, follow these steps -

Step 1

First up, execute the base template codepipeline-base.yaml to setup the Codepipeline S3 artifact bucket, ECR repo and the KMS Key in the tools account (In the account where the pipeline will reside). Note down the ARN this template outputs, we will need it next.

aws cloudformation validate-template --template-body file:https://codepipeline-base.yaml \
--profile aws-tools-account

aws cloudformation create-stack --stack-name codepipeline-base-stack \ 
--template-body file:https://codepipeline-base.yaml \
--profile aws-tools-account --capabilities CAPABILITY_IAM

Step 2

Next, execute the codepipeline-access.yaml in ALL the accounts you want the codepipeline to deploy to. For example, you might run this in dev, qa and prod accounts where your ECS clusters are. This template needs the KMS Key ARN as input from step 1.

aws cloudformation validate-template --template-body file:https://codepipeline-access.yaml \
--profile aws-dev-account

aws cloudformation create-stack --stack-name codepipeline-access-stack \
--template-body file:https://codepipeline-access.yaml \
--parameters ParameterKey=KMSKeyArn,ParameterValue="KMS_KEY_ARN" \
--profile aws-dev-account --capabilities CAPABILITY_NAMED_IAM

aws cloudformation create-stack --stack-name codepipeline-access-stack \
--template-body file:https://codepipeline-access.yaml \
--parameters ParameterKey=KMSKeyArn,ParameterValue="KMS_KEY_ARN" \
--profile aws-qa-account --capabilities CAPABILITY_NAMED_IAM

aws cloudformation create-stack --stack-name codepipeline-access-stack \
--template-body file:https://codepipeline-access.yaml \
--parameters ParameterKey=KMSKeyArn,ParameterValue="KMS_KEY_ARN" \
--profile aws-prod-account --capabilities CAPABILITY_NAMED_IAM

Step 3

Finally, execute the codepipeline-stack.yaml in the tools AWS account to setup the codepipeline, codebuild project, IAM roles (for codepipeline, codebuild), SNS Topics (for approve/notify emails), cloudwatch event rules (for notifying on pipeline and buildproject state change).

aws cloudformation validate-template --template-body file:https://codepipeline-stack.yaml \
--profile aws-tools-account

aws cloudformation create-stack --stack-name codepipeline-stack \
--template-body file:https://codepipeline-stack.yaml \
--profile aws-tools-account --capabilities CAPABILITY_IAM

Contact

Drop me a note or open an issue if something doesn't work out.

Cheers! 👍

About

Cloudformation template to create continuous delivery codepipeline

Topics

aws aws-ecs codepipeline aws-codebuild aws-codepipeline aws-cloudformation codebuild cross-account

Resources

Readme

License

Apache-2.0 license
Activity

Stars

1 star

Watchers

0 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages