Skip to content

wjordan/aws-codepipeline-nested-stack

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
cfn-template.yml
cfn-template.yml
 
 
nested.yml
nested.yml
 
 
pre-commit
pre-commit
 
 

Repository files navigation

aws-codepipeline-nested-stack

This project demonstrates how to set up an "infrastructure continuous delivery" architecture using GitHub, AWS CodePipeline and CloudFormation, with a project containing a nested stack.

Getting Started

  1. Fork this repo.
  2. Bootstrap the CloudFormation stack:
    1. Launch Stack
    2. Enter the forked repo's owner in the GitHubOwner field.
    3. Create a New personal access token with repo and admin:repo_hook scopes, and enter the token in the GitHubToken field.
    4. Enter the name of an existing S3 bucket for storing pipeline artifacts in the ArtifactBucket field. (Create a bucket first if necessary.)
  3. Verify the newly-created stack and pipeline.
    1. Check the CloudFormation Console to ensure your stack reaches the CREATE_COMPLETE state successfully.
    2. Check the CodePipeline Console to ensure the pipeline's Source and Deploy stages both completed successfully.
  4. Update the parent CloudFormation stack:
    1. Modify cfn-template.yml in the Git repository, and commit/push the change.
    2. For example, try renaming the Dummy resource to dummy2.
  5. Update the child CloudFormation stack:
    1. Modify nested.yml in the Git repository, and commit/push the change.
    2. For example, try renaming the Dummy resource to Dummy2.
  6. Verify the stack update(s). a. Check the CodePipeline Console to ensure the pipeline processes the new commit in both stages. b. Check the CloudFormation Console to ensure your stack reaches the UPDATE_COMPLETE state successfully. c. Verify the created/updated resources in the Resources tab of the CloudFormation console match the values in the new template.

That's it!

Note: The CloudFormation Service Role (CFNRole) grans full admin permissions ('*') to your AWS account.

For more restricted, fine-grained security, you should move the CFNRole and PipelineRole resources into a separate CloudFormation stack (or just create them manually), reference them using Fn::ImportValue (or by a fixed-string name), and ensure that CFNRole grants least privilege depending on the Resources in your stack.

References

Talk from re:Invent 2016, "Infrastructure Continuous Delivery Using AWS CloudFormation"

About

No description, website, or topics provided.

Resources

Readme

License

MIT license

Code of conduct

Code of conduct
Activity

Stars

24 stars

Watchers

3 watching

Forks

18 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages