■CodePipeline用Role作成
cmd
cd ~/environment
cat << EOF > assume-role-policy-document.json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "codepipeline.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
aws iam create-role \
--role-name ContainerHandsOnForPipeLine \
--assume-role-policy-document file://assume-role-policy-document.json
result
{
"Role": {
"Path": "/",
"RoleName": "ContainerHandsOnForPipeLine",
"RoleId": "AROASHENIAIFGCB5OQPDX",
"Arn": "arn:aws:iam::123456789012:role/ContainerHandsOnForPipeLine",
"CreateDate": "2022-09-15T12:22:42Z",
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "codepipeline.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
}
}
■CodePipeline用RoleにPolicyをアタッチ
cmd
cat << EOF > InlinePolicy.json
{
"Statement": [
{
"Action": [
"iam:PassRole"
],
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEqualsIfExists": {
"iam:PassedToService": [
"cloudformation.amazonaws.com",
"elasticbeanstalk.amazonaws.com",
"ec2.amazonaws.com",
"ecs-tasks.amazonaws.com"
]
}
}
},
{
"Action": [
"codecommit:CancelUploadArchive",
"codecommit:GetBranch",
"codecommit:GetCommit",
"codecommit:GetRepository",
"codecommit:GetUploadArchiveStatus",
"codecommit:UploadArchive"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"codedeploy:CreateDeployment",
"codedeploy:GetApplication",
"codedeploy:GetApplicationRevision",
"codedeploy:GetDeployment",
"codedeploy:GetDeploymentConfig",
"codedeploy:RegisterApplicationRevision"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"codestar-connections:UseConnection"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"elasticbeanstalk:*",
"ec2:*",
"elasticloadbalancing:*",
"autoscaling:*",
"cloudwatch:*",
"s3:*",
"sns:*",
"cloudformation:*",
"rds:*",
"sqs:*",
"ecs:*"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"lambda:InvokeFunction",
"lambda:ListFunctions"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"opsworks:CreateDeployment",
"opsworks:DescribeApps",
"opsworks:DescribeCommands",
"opsworks:DescribeDeployments",
"opsworks:DescribeInstances",
"opsworks:DescribeStacks",
"opsworks:UpdateApp",
"opsworks:UpdateStack"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"cloudformation:CreateStack",
"cloudformation:DeleteStack",
"cloudformation:DescribeStacks",
"cloudformation:UpdateStack",
"cloudformation:CreateChangeSet",
"cloudformation:DeleteChangeSet",
"cloudformation:DescribeChangeSet",
"cloudformation:ExecuteChangeSet",
"cloudformation:SetStackPolicy",
"cloudformation:ValidateTemplate"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"codebuild:BatchGetBuilds",
"codebuild:StartBuild",
"codebuild:BatchGetBuildBatches",
"codebuild:StartBuildBatch"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Effect": "Allow",
"Action": [
"devicefarm:ListProjects",
"devicefarm:ListDevicePools",
"devicefarm:GetRun",
"devicefarm:GetUpload",
"devicefarm:CreateUpload",
"devicefarm:ScheduleRun"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"servicecatalog:ListProvisioningArtifacts",
"servicecatalog:CreateProvisioningArtifact",
"servicecatalog:DescribeProvisioningArtifact",
"servicecatalog:DeleteProvisioningArtifact",
"servicecatalog:UpdateProduct"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"cloudformation:ValidateTemplate"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ecr:DescribeImages"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"states:DescribeExecution",
"states:DescribeStateMachine",
"states:StartExecution"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"appconfig:StartDeployment",
"appconfig:StopDeployment",
"appconfig:GetDeployment"
],
"Resource": "*"
}
],
"Version": "2012-10-17"
}
EOF
aws iam put-role-policy \
--role-name ContainerHandsOnForPipeLine \
--policy-name InlinePolicy \
--policy-document file://InlinePolicy.json
result
(なし)
■artifactStoreとしてS3を作成
cmd
!!! あなたのフルネームを記載下さい、英語小文字でお願いします !!!
YourName=shigeru-oda
cmd
S3Name=${YourName}-container-handson-`date +"%Y%m%d%H%M%S"`
clear; cat << EOF > ~/environment/export.log
export AccountID="${AccountID}"
export VpcId="${VpcId}"
export SubnetId1aPublic="${SubnetId1aPublic}"
export SubnetId1cPublic="${SubnetId1cPublic}"
export SubnetId1aPrivate="${SubnetId1aPrivate}"
export SubnetId1cPrivate="${SubnetId1cPrivate}"
export InternetGatewayId="${InternetGatewayId}"
export RouteTableIdPublic="${RouteTableIdPublic}"
export RouteTableIdPrivate="${RouteTableIdPrivate}"
export PublicSecurityGroupsId="${PublicSecurityGroupsId}"
export PrivateSecurityGroupsId="${PrivateSecurityGroupsId}"
export InstanceId="${InstanceId}"
export LoadBalancersDnsName="${LoadBalancersDnsName}"
export LoadBalancerArn="${LoadBalancerArn}"
export TargetGroupArn="${TargetGroupArn}"
export RevisionNo="${RevisionNo}"
export TargetGroupArn8080="${TargetGroupArn8080}"
export ListenerArn="${ListenerArn}"
export ListenerArn8080="${ListenerArn8080}"
export S3Name="${S3Name}"
EOF
cat ~/environment/export.log
result
これはサンプルです。export AccountID="123456789012"
これはサンプルです。export VpcId="vpc-010a940bbd8f747c2"
これはサンプルです。export SubnetId1aPublic="subnet-0356b36ba2daa766c"
これはサンプルです。export SubnetId1cPublic="subnet-0dabe411bfdc835fb"
これはサンプルです。export SubnetId1aPrivate="subnet-0d99180ac3baeb5fa"
これはサンプルです。export SubnetId1cPrivate="subnet-0a66f1c2d5ce3b939"
これはサンプルです。export InternetGatewayId="igw-082f42082d7748713"
これはサンプルです。export RouteTableIdPublic="rtb-000a11e6eacc5c263"
これはサンプルです。export RouteTableIdPrivate="rtb-077b87e7eb65d1f43"
これはサンプルです。export PublicSecurityGroupsId="sg-065a7c8eceb9759d4"
これはサンプルです。export PrivateSecurityGroupsId="sg-0f59547a1185820b5"
これはサンプルです。export InstanceId="i-0ddf413a91a008a52"
これはサンプルです。export LoadBalancersDnsName="ContainerHandsOn-681708310.ap-northeast-1.elb.amazonaws.com"
これはサンプルです。export LoadBalancerArn="arn:aws:elasticloadbalancing:ap-northeast-1:123456789012:loadbalancer/app/ContainerHandsOn/b392eaa096f09053"
これはサンプルです。export TargetGroupArn="arn:aws:elasticloadbalancing:ap-northeast-1:123456789012:targetgroup/ContainerHandsOn/b2da630c91ed7148"
これはサンプルです。export RevisionNo="11"
これはサンプルです。export TargetGroupArn8080="arn:aws:elasticloadbalancing:ap-northeast-1:123456789012:targetgroup/ContainerHandsOn8080/71b573e9a3227e50"
これはサンプルです。export ListenerArn="arn:aws:elasticloadbalancing:ap-northeast-1:123456789012:listener/app/ContainerHandsOn/b392eaa096f09053/b5d7e272d5152d8d"
これはサンプルです。export ListenerArn8080="arn:aws:elasticloadbalancing:ap-northeast-1:123456789012:listener/app/ContainerHandsOn/b392eaa096f09053/b27b8d32f0e78f30"
これはサンプルです。export S3Name="shigeru-oda-container-handson-20220915122328"
cmd
aws s3 mb s3://${S3Name}
result
make_bucket: shigeru-oda-container-handson-20220920055436
■CodePipelineを作成
cmd
cd ~/environment
cat << EOF > create-pipeline.json
{
"pipeline": {
"name": "ContainerHandsOn",
"roleArn": "arn:aws:iam::`echo ${AccountID}`:role/ContainerHandsOnForPipeLine",
"artifactStore": {
"type": "S3",
"location": "`echo ${S3Name}`"
},
"stages": [
{
"name": "Source",
"actions": [
{
"name": "Source",
"actionTypeId": {
"category": "Source",
"owner": "AWS",
"provider": "CodeCommit",
"version": "1"
},
"runOrder": 1,
"configuration": {
"BranchName": "master",
"OutputArtifactFormat": "CODE_ZIP",
"PollForSourceChanges": "false",
"RepositoryName": "ContainerHandsOn"
},
"outputArtifacts": [
{
"name": "SourceArtifact"
}
],
"inputArtifacts": [],
"region": "ap-northeast-1",
"namespace": "SourceVariables"
}
]
},
{
"name": "Build",
"actions": [
{
"name": "Build",
"actionTypeId": {
"category": "Build",
"owner": "AWS",
"provider": "CodeBuild",
"version": "1"
},
"runOrder": 1,
"configuration": {
"ProjectName": "ContainerHandsOn"
},
"outputArtifacts": [
{
"name": "BuildArtifact"
}
],
"inputArtifacts": [
{
"name": "SourceArtifact"
}
],
"region": "ap-northeast-1",
"namespace": "BuildVariables"
}
]
},
{
"name": "Deploy",
"actions": [
{
"name": "Deploy",
"actionTypeId": {
"category": "Deploy",
"owner": "AWS",
"provider": "CodeDeployToECS",
"version": "1"
},
"runOrder": 1,
"configuration": {
"AppSpecTemplateArtifact": "SourceArtifact",
"ApplicationName": "ContainerHandsOn",
"DeploymentGroupName": "ContainerHandsOn",
"Image1ArtifactName": "BuildArtifact",
"Image1ContainerName": "IMAGE_NAME",
"TaskDefinitionTemplateArtifact": "SourceArtifact"
},
"outputArtifacts": [],
"inputArtifacts": [
{
"name": "BuildArtifact"
},
{
"name": "SourceArtifact"
}
],
"region": "ap-northeast-1",
"namespace": "DeployVariables"
}
]
}
],
"version": 1
}
}
EOF
aws codepipeline create-pipeline --cli-input-json file://create-pipeline.json
result
{
"pipeline": {
"name": "ContainerHandsOn",
"roleArn": "arn:aws:iam::123456789012:role/ContainerHandsOnForPipeLine",
"artifactStore": {
"type": "S3",
"location": "shigeru-oda-container-handson-20220915122328"
},
"stages": [
{
"name": "Source",
"actions": [
{
"name": "Source",
"actionTypeId": {
"category": "Source",
"owner": "AWS",
"provider": "CodeCommit",
"version": "1"
},
"runOrder": 1,
"configuration": {
"BranchName": "master",
"OutputArtifactFormat": "CODE_ZIP",
"PollForSourceChanges": "false",
"RepositoryName": "ContainerHandsOn"
},
"outputArtifacts": [
{
"name": "SourceArtifact"
}
],
"inputArtifacts": [],
"region": "ap-northeast-1",
"namespace": "SourceVariables"
}
]
},
{
"name": "Build",
"actions": [
{
"name": "Build",
"actionTypeId": {
"category": "Build",
"owner": "AWS",
"provider": "CodeBuild",
"version": "1"
},
"runOrder": 1,
"configuration": {
"ProjectName": "ContainerHandsOn"
},
"outputArtifacts": [
{
"name": "BuildArtifact"
}
],
"inputArtifacts": [
{
"name": "SourceArtifact"
}
],
"region": "ap-northeast-1",
"namespace": "BuildVariables"
}
]
},
{
"name": "Deploy",
"actions": [
{
"name": "Deploy",
"actionTypeId": {
"category": "Deploy",
"owner": "AWS",
"provider": "CodeDeployToECS",
"version": "1"
},
"runOrder": 1,
"configuration": {
"AppSpecTemplateArtifact": "SourceArtifact",
"ApplicationName": "ContainerHandsOn",
"DeploymentGroupName": "ContainerHandsOn",
"Image1ArtifactName": "BuildArtifact",
"Image1ContainerName": "IMAGE_NAME",
"TaskDefinitionTemplateArtifact": "SourceArtifact"
},
"outputArtifacts": [],
"inputArtifacts": [
{
"name": "BuildArtifact"
},
{
"name": "SourceArtifact"
}
],
"region": "ap-northeast-1",
"namespace": "DeployVariables"
}
]
}
],
"version": 1
}
}