DEV Community

AWS Community Builders profile image JImmyWong
JImmyWong for AWS Community Builders

Posted on • Originally published at Medium on

AWS CodePipeline(CI/CD) to deploy your CloudFormation

#cloudformation #devops #aws #native

Create New Repositories To Store Your Code


Open Your Singapore Region AWS console and go to the codecommit page


Create your Repositories in codecommit

This part is use console create file (if you know how to use git, you can skip this step)


Create New File


Create buildspec.yml

version: 0.2

phases:
  pre_build:
    commands:
      - echo Entered the pre_build phase...
      - echo Validating a CloudFormation Code
      - aws cloudformation validate-template --template-body file://wire.yaml
    finally:
      - echo This always runs even if the login command fails
  build:
    commands:
      - echo Entered the build phase...
      - echo Build started on `date`
      - aws cloudformation create-stack --stack-name wire --template-body file://wire.yaml
    finally:
      - echo This always runs even if the install command fails
  post_build:
    commands:
      - echo Entered the post_build phase...
      - echo Build completed on `date`
Enter fullscreen mode Exit fullscreen mode


add your cloudformaion file in this Repositories

Create Build Project


go to the build project and create new one


add the basic information


this is my suggest default setting, if you want you can change something


use buildspec file to config you want and remember open log function, it is help you to read the log in pipeline, then Create

Create policy json

Go the policy generator

Link: https://awspolicygen.s3.amazonaws.com/policygen.html


Follow the option


Copy the json code the use in IAM Role after

Warning: this policy have security issues, you should follow the resource to create it, something like if you need create ec2, you should pass ec2:RunInstances ec2:StartInstances, is not all allow

Setup the IAM Role


Go to the IAM page


Found the role name


Create the inline policy


Choose the json and paste the before code here


input the policy name and create


after you should see the policy in the role

Create Pipeline Flow


Create build project after go to create pipeline


input the project name and create the new role


add source and follow the default setting


use your before created build project


Skip the deploy stage, we are directly use codebuild to do some deployment


Skip


Review your setting and Create

Then it will created first cloudformation the stack name “wire”

Change the flow in pipeline


go back to the commit


change buildspec.yml cli create to update

version: 0.2

phases:
  pre_build:
    commands:
      - echo Entered the pre_build phase...
      - echo Validating a CloudFormation Code
      - aws cloudformation validate-template --template-body file://wire.yaml
    finally:
      - echo This always runs even if the login command fails
  build:
    commands:
      - echo Entered the build phase...
      - echo Build started on `date`
      - aws cloudformation update-stack --stack-name wire --template-body file://wire.yaml
    finally:
      - echo This always runs even if the install command fails
  post_build:
    commands:
      - echo Entered the post_build phase...
      - echo Build completed on `date`
Enter fullscreen mode Exit fullscreen mode


then edit wire.yaml too


some change 22 to 23 just example


input some information


after you can see error in the codepipeline page, don’t worry, because build file changed to update but the wire nothing update too, so it will error in the first time


Second time, you can see succeeded in the codeipeline page, because the wire.yaml had been changed


In the cloudformation page, you can see it is update complate


confirmed it in the ec2 and security group 22 port changed to 23 port

Ref:

AWS CloudFormation to build your VPN(Wireguard)

AWS validation template

AWS IAM

Other Help:

GIT

Top comments (0)