Create New Repositories To Store Your Code
Open Your Singapore Region AWS console and go to the codecommit page
Create your Repositories in codecommit
This part is use console create file (if you know how to use git, you can skip this step)
Create New File
Create buildspec.yml
version: 0.2
phases:
pre_build:
commands:
- echo Entered the pre_build phase...
- echo Validating a CloudFormation Code
- aws cloudformation validate-template --template-body file://wire.yaml
finally:
- echo This always runs even if the login command fails
build:
commands:
- echo Entered the build phase...
- echo Build started on `date`
- aws cloudformation create-stack --stack-name wire --template-body file://wire.yaml
finally:
- echo This always runs even if the install command fails
post_build:
commands:
- echo Entered the post_build phase...
- echo Build completed on `date`
add your cloudformaion file in this Repositories
Create Build Project
go to the build project and create new one
add the basic information
this is my suggest default setting, if you want you can change something
use buildspec file to config you want and remember open log function, it is help you to read the log in pipeline, then Create
Create policy json
Go the policy generator
Link: https://awspolicygen.s3.amazonaws.com/policygen.html
Follow the option
Copy the json code the use in IAM Role after
Warning: this policy have security issues, you should follow the resource to create it, something like if you need create ec2, you should pass ec2:RunInstances ec2:StartInstances, is not all allow
Setup the IAM Role
Go to the IAM page
Found the role name
Create the inline policy
Choose the json and paste the before code here
input the policy name and create
after you should see the policy in the role
Create Pipeline Flow
Create build project after go to create pipeline
input the project name and create the new role
add source and follow the default setting
use your before created build project
Skip the deploy stage, we are directly use codebuild to do some deployment
Skip
Review your setting and Create
Then it will created first cloudformation the stack name “wire”
Change the flow in pipeline
go back to the commit
change buildspec.yml cli create to update
version: 0.2
phases:
pre_build:
commands:
- echo Entered the pre_build phase...
- echo Validating a CloudFormation Code
- aws cloudformation validate-template --template-body file://wire.yaml
finally:
- echo This always runs even if the login command fails
build:
commands:
- echo Entered the build phase...
- echo Build started on `date`
- aws cloudformation update-stack --stack-name wire --template-body file://wire.yaml
finally:
- echo This always runs even if the install command fails
post_build:
commands:
- echo Entered the post_build phase...
- echo Build completed on `date`
then edit wire.yaml too
some change 22 to 23 just example
input some information
after you can see error in the codepipeline page, don’t worry, because build file changed to update but the wire nothing update too, so it will error in the first time
Second time, you can see succeeded in the codeipeline page, because the wire.yaml had been changed
In the cloudformation page, you can see it is update complate
confirmed it in the ec2 and security group 22 port changed to 23 port
Ref:
AWS CloudFormation to build your VPN(Wireguard)
AWS validation template
AWS IAM
Other Help:
GIT
Top comments (0)