AWSTemplateFormatVersion: 2010-09-09 Transform: 'AWS::Serverless-2016-10-31' Description: Windows Server container CI/CD pipeline Metadata: AWS::CloudFormation::Interface: ParameterGroups: - Label: default: "General" Parameters: - ProjectId ParameterLabels: ProjectId: default: "Project ID" Parameters: # You can provide these parameters in your CreateProject API call. ProjectId: Type: String Description: Prefix that will be used for AWS resources generated by the template. Default: windows-container-cicd # Custom Action CustomActionProviderName: Type: String Description: Name of the custom action provider (used in CodePipeline Console UI). CustomActionProviderCategory: Type: String Description: Category of the custom action provider (used in CodePipeline Console UI). AllowedValues: - Build - Deploy - Invoke - Test CustomActionProviderVersion: Type: String Description: Version of the custom action provider (used in CodePipeline Console UI). # S3 trigger properties SourceObjectKey: Type: String Default: src.zip Mappings: RegionMap: eu-north-1: HVM64: ami-0d3968ec4e235e0a1 ap-south-1: HVM64: ami-020d5d26350c17069 eu-west-3: HVM64: ami-07aee4f2846e5cf04 eu-west-2: HVM64: ami-0e7f0745d52979126 eu-west-1: HVM64: ami-0008603c05596a01f ap-northeast-3: HVM64: ami-0b8d76b796975015c ap-northeast-2: HVM64: ami-0633dd6a4c6881fd4 ap-northeast-1: HVM64: ami-0793bd62a98481bc7 sa-east-1: HVM64: ami-062f6ab8022513369 ca-central-1: HVM64: ami-0313d717e3c33049f ap-southeast-1: HVM64: ami-0c7d228aebc0fb621 ap-southeast-2: HVM64: ami-0196e690fc8d87c58 eu-central-1: HVM64: ami-07449593168be85e5 us-east-1: HVM64: ami-02a172b0393352993 us-east-2: HVM64: ami-002211350933f93e9 us-west-1: HVM64: ami-034db65b37f87170d us-west-2: HVM64: ami-0f82baff671697331 Resources: SourceBucket: Type: AWS::S3::Bucket Properties: BucketName: !Sub "${ProjectId}-${AWS::AccountId}-${AWS::Region}-source" VersioningConfiguration: Status: Enabled ArtifactsBucket: Type: AWS::S3::Bucket DeletionPolicy: Retain Description: Amazon S3 bucket for AWS CodePipeline artifacts Properties: BucketName: !Sub "${ProjectId}-${AWS::AccountId}-${AWS::Region}-artifacts" VersioningConfiguration: Status: Enabled DockerRepository: Type: AWS::ECR::Repository Properties: RepositoryName: "windows-images" # Role for CI/CD pipeline execution CodePipelineRole: Type: AWS::IAM::Role Description: Creating service role in IAM for AWS CodePipeline Properties: RoleName: !Sub "${ProjectId}-codepipeline-role" AssumeRolePolicyDocument: Statement: - Action: sts:AssumeRole Effect: Allow Principal: Service: - codepipeline.amazonaws.com Sid: 1 Path: / Policies: - PolicyName: !Sub "${ProjectId}-codepipeline-policy" PolicyDocument: Statement: # Your pipeline will generally need permissions to store and retrieve artifacts in Amazon S3. # It will also need permissions to detect changes to your repository, start # a build against your AWS CodeBuild project, and create an AWS CloudFormation stack # containing your runtime resources. Adjust these policies as needed. - Action: - s3:* - codecommit:* - codebuild:* - cloudformation:* Effect: Allow Resource: '*' AmazonCloudWatchEventRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - events.amazonaws.com Action: sts:AssumeRole Path: / Policies: - PolicyName: cwe-pipeline-execution PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: codepipeline:StartPipelineExecution Resource: !Sub 'arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${WindowsContainerPipeline}' AmazonCloudWatchEventRule: Type: AWS::Events::Rule Properties: EventPattern: source: - aws.s3 detail-type: - 'AWS API Call via CloudTrail' detail: eventSource: - s3.amazonaws.com eventName: - PutObject - CompleteMultipartUpload resources: ARN: - !Sub '${SourceBucket.Arn}/${SourceObjectKey}' Targets: - Arn: !Sub 'arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${WindowsContainerPipeline}' RoleArn: !GetAtt AmazonCloudWatchEventRole.Arn Id: windows-container-pipeline WindowsContainerPipeline: Type: AWS::CodePipeline::Pipeline Description: Creating a deployment pipeline for your project in AWS CodePipeline DependsOn: - ArtifactsBucket Properties: Name: !Sub "${ProjectId}-pipeline" ArtifactStore: Location: !Ref ArtifactsBucket Type: S3 RoleArn: !Sub "${CodePipelineRole.Arn}" Stages: - Name: Source Actions: - Name: Retrieve-Source-Code RunOrder: 1 ActionTypeId: Category: Source Owner: AWS Version: 1 Provider: S3 Configuration: S3Bucket: !Ref SourceBucket S3ObjectKey: !Ref SourceObjectKey PollForSourceChanges: false OutputArtifacts: - Name: Source - Name: Package Actions: - Name: Publish-Docker-Image RunOrder: 1 ActionTypeId: Owner: Custom Category: !Ref CustomActionProviderCategory Provider: !Ref CustomActionProviderName Version: !Ref CustomActionProviderVersion Configuration: ImageId: !FindInMap [RegionMap, !Ref "AWS::Region", HVM64] InstanceType: t3.large Command: !Sub "build-and-publish-docker-image.ps1 -accountId ${AWS::AccountId} -region ${AWS::Region} -repositoryName ${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/${DockerRepository}" InputArtifacts: - Name: Source Outputs: SourceBucket: Description: Bucket for source code Value: !Ref SourceBucket ArtifactsBucket: Description: Bucket for AWS CodePipeline artifacts Value: !Ref ArtifactsBucket DockerRepository: Description: Docker container registry Value: !Ref DockerRepository