--- AWSTemplateFormatVersion: '2010-09-09' Description: Atlassian Connect Add-on for Jira Software Data Provider APIs - AWS Code Suite. Metadata: LICENSE: |- Copyright 2019 Amazon Web Services Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. AWS::CloudFormation::Interface: ParameterGroups: - Label: default: AWS Code Suite and Atlassian Connect Configuration Parameters: - ProjectName ParameterLabels: ProjectName: default: Project Name Parameters: ProjectName: Description: Desired name for your project. Type: String Default: atlassian-connect Resources: GitRepo: Type: AWS::CodeCommit::Repository Properties: RepositoryName: !Ref 'ProjectName' CodeBuildServiceRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: codebuild.amazonaws.com Action: sts:AssumeRole Path: / Policies: - PolicyName: !Sub ${ProjectName}-codebuild-policy PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - s3:GetObject - s3:GetObjectVersion - s3:PutObject Resource: '*' - Effect: Allow Action: - logs:CreateLogGroup - logs:CreateLogStream - logs:PutLogEvents Resource: '*' - Effect: Allow Action: - ecr:DescribeRepositories - ecr:GetDownloadUrlForLayer - ecr:BatchGetImage - ecr:BatchCheckLayerAvailability - ecr:PutImage - ecr:InitiateLayerUpload - ecr:UploadLayerPart - ecr:CompleteLayerUpload - ecr:GetAuthorizationToken Resource: '*' CodePipelineServiceRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: codepipeline.amazonaws.com Action: sts:AssumeRole Path: / Policies: - PolicyName: !Sub ${ProjectName}-pipeline-policy PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - s3:GetObject - s3:GetObjectVersion - s3:GetBucketVersioning Resource: '*' - Effect: Allow Action: - codecommit:CancelUploadArchive - codecommit:GetBranch - codecommit:GetCommit - codecommit:GetUploadArchiveStatus - codecommit:UploadArchive Resource: '*' - Effect: Allow Action: - codedeploy:CreateDeployment - codedeploy:GetApplicationRevision - codedeploy:GetDeployment - codedeploy:GetDeploymentConfig - codedeploy:RegisterApplicationRevision Resource: '*' - Effect: Allow Action: - elasticbeanstalk:* - ec2:* - elasticloadbalancing:* - autoscaling:* - cloudwatch:* - s3:* - sns:* - cloudformation:* - rds:* - sqs:* - ecs:* - iam:PassRole Resource: '*' - Effect: Allow Action: - lambda:InvokeFunction - lambda:ListFunctions Resource: '*' - Effect: Allow Action: - cloudformation:CreateStack - cloudformation:DeleteStack - cloudformation:DescribeStacks - cloudformation:UpdateStack - cloudformation:CreateChangeSet - cloudformation:DeleteChangeSet - cloudformation:DescribeChangeSet - cloudformation:ExecuteChangeSet - cloudformation:SetStackPolicy - cloudformation:ValidateTemplate - iam:PassRole Resource: '*' - Effect: Allow Action: - codebuild:BatchGetBuilds - codebuild:StartBuild Resource: '*' ArtifactBucket: Type: AWS::S3::Bucket DeletionPolicy: Retain Pipeline: Type: AWS::CodePipeline::Pipeline Properties: Name: !Sub ${ProjectName} RoleArn: Fn::GetAtt: CodePipelineServiceRole.Arn ArtifactStore: Type: S3 Location: Ref: ArtifactBucket Stages: - Name: Source Actions: - Name: Source ActionTypeId: Category: Source Owner: AWS Version: '1' Provider: CodeCommit OutputArtifacts: - Name: atlassian-connect-src Configuration: BranchName: master PollForSourceChanges: true RepositoryName: !GetAtt GitRepo.Name RunOrder: 1 - Name: Build Actions: - Name: Build ActionTypeId: Category: Build Owner: AWS Version: '1' Provider: CodeBuild Configuration: ProjectName: Ref: CodeBuildProject InputArtifacts: - Name: !Sub ${ProjectName}-src OutputArtifacts: - Name: !Sub ${ProjectName}-build RunOrder: 1 - Name: Deploy Actions: - Name: Deploy ActionTypeId: Category: Deploy Owner: AWS Version: '1' Provider: ECS Configuration: ClusterName: !Sub ${ProjectName} FileName: imagedefinitions.json ServiceName: !Sub ${ProjectName} InputArtifacts: - Name: !Sub ${ProjectName}-build RunOrder: 1 CodeBuildProject: Type: AWS::CodeBuild::Project Properties: Name: !Sub ${AWS::StackName}-${ProjectName} Description: Build of Atlassian Connect Application Artifacts: Type: CODEPIPELINE Name: !Sub ${ProjectName}-container Packaging: NONE Source: Type: CODEPIPELINE BuildSpec: content/60_pipeline/buildspec.yml Environment: ComputeType: BUILD_GENERAL1_LARGE Image: aws/codebuild/docker:17.09.0 Type: LINUX_CONTAINER EnvironmentVariables: - Name: AWS_DEFAULT_REGION Value: Ref: AWS::Region - Name: REPO_URI Value: !Sub ${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/${ProjectName} - Name: AWS_ACCOUNT Value: Ref: AWS::AccountId ServiceRole: Ref: CodeBuildServiceRole Outputs: GitRepo: Description: Clone URL for AWS CodeCommit Atlassian Connect repository Value: !GetAtt GitRepo.CloneUrlHttp