Chapter 15

CodePipeline作成

ShigeruOda
ShigeruOda
2022.10.28に更新

■CodePipeline用Role作成

img

cmd

cd ~/environment
cat << EOF > assume-role-policy-document.json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": "codepipeline.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
EOF
aws iam create-role \
  --role-name ContainerHandsOnForPipeLine \
  --assume-role-policy-document file://assume-role-policy-document.json

result

{
    "Role": {
        "Path": "/",
        "RoleName": "ContainerHandsOnForPipeLine",
        "RoleId": "AROASHENIAIFGCB5OQPDX",
        "Arn": "arn:aws:iam::123456789012:role/ContainerHandsOnForPipeLine",
        "CreateDate": "2022-09-15T12:22:42Z",
        "AssumeRolePolicyDocument": {
            "Version": "2012-10-17",
            "Statement": [
                {
                    "Sid": "",
                    "Effect": "Allow",
                    "Principal": {
                        "Service": "codepipeline.amazonaws.com"
                    },
                    "Action": "sts:AssumeRole"
                }
            ]
        }
    }
}

■CodePipeline用RoleにPolicyをアタッチ

cmd

cat << EOF > InlinePolicy.json
{
    "Statement": [
        {
            "Action": [
                "iam:PassRole"
            ],
            "Resource": "*",
            "Effect": "Allow",
            "Condition": {
                "StringEqualsIfExists": {
                    "iam:PassedToService": [
                        "cloudformation.amazonaws.com",
                        "elasticbeanstalk.amazonaws.com",
                        "ec2.amazonaws.com",
                        "ecs-tasks.amazonaws.com"
                    ]
                }
            }
        },
        {
            "Action": [
                "codecommit:CancelUploadArchive",
                "codecommit:GetBranch",
                "codecommit:GetCommit",
                "codecommit:GetRepository",
                "codecommit:GetUploadArchiveStatus",
                "codecommit:UploadArchive"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "codedeploy:CreateDeployment",
                "codedeploy:GetApplication",
                "codedeploy:GetApplicationRevision",
                "codedeploy:GetDeployment",
                "codedeploy:GetDeploymentConfig",
                "codedeploy:RegisterApplicationRevision"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "codestar-connections:UseConnection"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "elasticbeanstalk:*",
                "ec2:*",
                "elasticloadbalancing:*",
                "autoscaling:*",
                "cloudwatch:*",
                "s3:*",
                "sns:*",
                "cloudformation:*",
                "rds:*",
                "sqs:*",
                "ecs:*"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "lambda:InvokeFunction",
                "lambda:ListFunctions"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "opsworks:CreateDeployment",
                "opsworks:DescribeApps",
                "opsworks:DescribeCommands",
                "opsworks:DescribeDeployments",
                "opsworks:DescribeInstances",
                "opsworks:DescribeStacks",
                "opsworks:UpdateApp",
                "opsworks:UpdateStack"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "cloudformation:CreateStack",
                "cloudformation:DeleteStack",
                "cloudformation:DescribeStacks",
                "cloudformation:UpdateStack",
                "cloudformation:CreateChangeSet",
                "cloudformation:DeleteChangeSet",
                "cloudformation:DescribeChangeSet",
                "cloudformation:ExecuteChangeSet",
                "cloudformation:SetStackPolicy",
                "cloudformation:ValidateTemplate"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "codebuild:BatchGetBuilds",
                "codebuild:StartBuild",
                "codebuild:BatchGetBuildBatches",
                "codebuild:StartBuildBatch"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Effect": "Allow",
            "Action": [
                "devicefarm:ListProjects",
                "devicefarm:ListDevicePools",
                "devicefarm:GetRun",
                "devicefarm:GetUpload",
                "devicefarm:CreateUpload",
                "devicefarm:ScheduleRun"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "servicecatalog:ListProvisioningArtifacts",
                "servicecatalog:CreateProvisioningArtifact",
                "servicecatalog:DescribeProvisioningArtifact",
                "servicecatalog:DeleteProvisioningArtifact",
                "servicecatalog:UpdateProduct"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "cloudformation:ValidateTemplate"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ecr:DescribeImages"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "states:DescribeExecution",
                "states:DescribeStateMachine",
                "states:StartExecution"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "appconfig:StartDeployment",
                "appconfig:StopDeployment",
                "appconfig:GetDeployment"
            ],
            "Resource": "*"
        }
    ],
    "Version": "2012-10-17"
}
EOF
aws iam put-role-policy \
  --role-name ContainerHandsOnForPipeLine \
  --policy-name InlinePolicy \
  --policy-document file://InlinePolicy.json

result

(なし)

■artifactStoreとしてS3を作成

img

cmd

!!! あなたのフルネームを記載下さい、英語小文字でお願いします !!!

YourName=shigeru-oda

cmd

S3Name=${YourName}-container-handson-`date +"%Y%m%d%H%M%S"`
clear; cat << EOF > ~/environment/export.log
export AccountID="${AccountID}"
export VpcId="${VpcId}"
export SubnetId1aPublic="${SubnetId1aPublic}"
export SubnetId1cPublic="${SubnetId1cPublic}"
export SubnetId1aPrivate="${SubnetId1aPrivate}"
export SubnetId1cPrivate="${SubnetId1cPrivate}"
export InternetGatewayId="${InternetGatewayId}"
export RouteTableIdPublic="${RouteTableIdPublic}"
export RouteTableIdPrivate="${RouteTableIdPrivate}"
export PublicSecurityGroupsId="${PublicSecurityGroupsId}"
export PrivateSecurityGroupsId="${PrivateSecurityGroupsId}"
export InstanceId="${InstanceId}"
export LoadBalancersDnsName="${LoadBalancersDnsName}"
export LoadBalancerArn="${LoadBalancerArn}"
export TargetGroupArn="${TargetGroupArn}"
export RevisionNo="${RevisionNo}"
export TargetGroupArn8080="${TargetGroupArn8080}"
export ListenerArn="${ListenerArn}"
export ListenerArn8080="${ListenerArn8080}"
export S3Name="${S3Name}"
EOF
cat ~/environment/export.log

result

これはサンプルです。export AccountID="123456789012"
これはサンプルです。export VpcId="vpc-010a940bbd8f747c2"
これはサンプルです。export SubnetId1aPublic="subnet-0356b36ba2daa766c"
これはサンプルです。export SubnetId1cPublic="subnet-0dabe411bfdc835fb"
これはサンプルです。export SubnetId1aPrivate="subnet-0d99180ac3baeb5fa"
これはサンプルです。export SubnetId1cPrivate="subnet-0a66f1c2d5ce3b939"
これはサンプルです。export InternetGatewayId="igw-082f42082d7748713"
これはサンプルです。export RouteTableIdPublic="rtb-000a11e6eacc5c263"
これはサンプルです。export RouteTableIdPrivate="rtb-077b87e7eb65d1f43"
これはサンプルです。export PublicSecurityGroupsId="sg-065a7c8eceb9759d4"
これはサンプルです。export PrivateSecurityGroupsId="sg-0f59547a1185820b5"
これはサンプルです。export InstanceId="i-0ddf413a91a008a52"
これはサンプルです。export LoadBalancersDnsName="ContainerHandsOn-681708310.ap-northeast-1.elb.amazonaws.com"
これはサンプルです。export LoadBalancerArn="arn:aws:elasticloadbalancing:ap-northeast-1:123456789012:loadbalancer/app/ContainerHandsOn/b392eaa096f09053"
これはサンプルです。export TargetGroupArn="arn:aws:elasticloadbalancing:ap-northeast-1:123456789012:targetgroup/ContainerHandsOn/b2da630c91ed7148"
これはサンプルです。export RevisionNo="11"
これはサンプルです。export TargetGroupArn8080="arn:aws:elasticloadbalancing:ap-northeast-1:123456789012:targetgroup/ContainerHandsOn8080/71b573e9a3227e50"
これはサンプルです。export ListenerArn="arn:aws:elasticloadbalancing:ap-northeast-1:123456789012:listener/app/ContainerHandsOn/b392eaa096f09053/b5d7e272d5152d8d"
これはサンプルです。export ListenerArn8080="arn:aws:elasticloadbalancing:ap-northeast-1:123456789012:listener/app/ContainerHandsOn/b392eaa096f09053/b27b8d32f0e78f30"
これはサンプルです。export S3Name="shigeru-oda-container-handson-20220915122328"

cmd

aws s3 mb s3://${S3Name}

result

make_bucket: shigeru-oda-container-handson-20220920055436

■CodePipelineを作成

img

cmd

cd ~/environment
cat << EOF > create-pipeline.json
{
    "pipeline": {
        "name": "ContainerHandsOn",
        "roleArn": "arn:aws:iam::`echo ${AccountID}`:role/ContainerHandsOnForPipeLine",
        "artifactStore": {
            "type": "S3",
            "location": "`echo ${S3Name}`"
        },
        "stages": [
            {
                "name": "Source",
                "actions": [
                    {
                        "name": "Source",
                        "actionTypeId": {
                            "category": "Source",
                            "owner": "AWS",
                            "provider": "CodeCommit",
                            "version": "1"
                        },
                        "runOrder": 1,
                        "configuration": {
                            "BranchName": "master",
                            "OutputArtifactFormat": "CODE_ZIP",
                            "PollForSourceChanges": "false",
                            "RepositoryName": "ContainerHandsOn"
                        },
                        "outputArtifacts": [
                            {
                                "name": "SourceArtifact"
                            }
                        ],
                        "inputArtifacts": [],
                        "region": "ap-northeast-1",
                        "namespace": "SourceVariables"
                    }
                ]
            },
            {
                "name": "Build",
                "actions": [
                    {
                        "name": "Build",
                        "actionTypeId": {
                            "category": "Build",
                            "owner": "AWS",
                            "provider": "CodeBuild",
                            "version": "1"
                        },
                        "runOrder": 1,
                        "configuration": {
                            "ProjectName": "ContainerHandsOn"
                        },
                        "outputArtifacts": [
                            {
                                "name": "BuildArtifact"
                            }
                        ],
                        "inputArtifacts": [
                            {
                                "name": "SourceArtifact"
                            }
                        ],
                        "region": "ap-northeast-1",
                        "namespace": "BuildVariables"
                    }
                ]
            },
            {
                "name": "Deploy",
                "actions": [
                    {
                        "name": "Deploy",
                        "actionTypeId": {
                            "category": "Deploy",
                            "owner": "AWS",
                            "provider": "CodeDeployToECS",
                            "version": "1"
                        },
                        "runOrder": 1,
                        "configuration": {
                            "AppSpecTemplateArtifact": "SourceArtifact",
                            "ApplicationName": "ContainerHandsOn",
                            "DeploymentGroupName": "ContainerHandsOn",
                            "Image1ArtifactName": "BuildArtifact",
                            "Image1ContainerName": "IMAGE_NAME",
                            "TaskDefinitionTemplateArtifact": "SourceArtifact"
                        },
                        "outputArtifacts": [],
                        "inputArtifacts": [
                            {
                                "name": "BuildArtifact"
                            },
                            {
                                "name": "SourceArtifact"
                            }
                        ],
                        "region": "ap-northeast-1",
                        "namespace": "DeployVariables"
                    }
                ]
            }
        ],
        "version": 1
    }
}
EOF
aws codepipeline create-pipeline --cli-input-json file://create-pipeline.json

result

{
    "pipeline": {
        "name": "ContainerHandsOn",
        "roleArn": "arn:aws:iam::123456789012:role/ContainerHandsOnForPipeLine",
        "artifactStore": {
            "type": "S3",
            "location": "shigeru-oda-container-handson-20220915122328"
        },
        "stages": [
            {
                "name": "Source",
                "actions": [
                    {
                        "name": "Source",
                        "actionTypeId": {
                            "category": "Source",
                            "owner": "AWS",
                            "provider": "CodeCommit",
                            "version": "1"
                        },
                        "runOrder": 1,
                        "configuration": {
                            "BranchName": "master",
                            "OutputArtifactFormat": "CODE_ZIP",
                            "PollForSourceChanges": "false",
                            "RepositoryName": "ContainerHandsOn"
                        },
                        "outputArtifacts": [
                            {
                                "name": "SourceArtifact"
                            }
                        ],
                        "inputArtifacts": [],
                        "region": "ap-northeast-1",
                        "namespace": "SourceVariables"
                    }
                ]
            },
            {
                "name": "Build",
                "actions": [
                    {
                        "name": "Build",
                        "actionTypeId": {
                            "category": "Build",
                            "owner": "AWS",
                            "provider": "CodeBuild",
                            "version": "1"
                        },
                        "runOrder": 1,
                        "configuration": {
                            "ProjectName": "ContainerHandsOn"
                        },
                        "outputArtifacts": [
                            {
                                "name": "BuildArtifact"
                            }
                        ],
                        "inputArtifacts": [
                            {
                                "name": "SourceArtifact"
                            }
                        ],
                        "region": "ap-northeast-1",
                        "namespace": "BuildVariables"
                    }
                ]
            },
            {
                "name": "Deploy",
                "actions": [
                    {
                        "name": "Deploy",
                        "actionTypeId": {
                            "category": "Deploy",
                            "owner": "AWS",
                            "provider": "CodeDeployToECS",
                            "version": "1"
                        },
                        "runOrder": 1,
                        "configuration": {
                            "AppSpecTemplateArtifact": "SourceArtifact",
                            "ApplicationName": "ContainerHandsOn",
                            "DeploymentGroupName": "ContainerHandsOn",
                            "Image1ArtifactName": "BuildArtifact",
                            "Image1ContainerName": "IMAGE_NAME",
                            "TaskDefinitionTemplateArtifact": "SourceArtifact"
                        },
                        "outputArtifacts": [],
                        "inputArtifacts": [
                            {
                                "name": "BuildArtifact"
                            },
                            {
                                "name": "SourceArtifact"
                            }
                        ],
                        "region": "ap-northeast-1",
                        "namespace": "DeployVariables"
                    }
                ]
            }
        ],
        "version": 1
    }
}