# Copyright 2012-2017 Amazon.com, Inc. or its affiliates. All Rights Reserved. # # Licensed under the Amazon Software License (the "License"). # You may not use this file except in compliance with the License. # A copy of the License is located at # # http://aws.amazon.com/asl/ # # or in the "license" file accompanying this file. This file is distributed # on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either # express or implied. See the License for the specific language governing # permissions and limitations under the License. AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Parameters: CodePipelineS3Bucket: Type: "String" Description: "CodePipeline S3 bucket" StateMachineS3Bucket: Type: "String" Description: "S3 bucket to fetch the state machine input parameters file from" StateMachineInputParamsFile: Type: "String" Default: "state_machine_input.json" Description: "State machine input parameters file" StateMachineStackName: Type: "String" Description: "State machine Cloudformation stack name" Resources: StateMachineTriggerLambdaRole: Type: "AWS::IAM::Role" Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Principal: Service: - "lambda.amazonaws.com" Action: - "sts:AssumeRole" Path: "/" Policies: - PolicyName: "lambdaexecute" PolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Action: - "logs:*" Resource: "arn:aws:logs:*:*:*" - Effect: "Allow" Action: - "s3:GetObject" - "s3:GPutbject" Resource: "arn:aws:s3:::*" - PolicyName: "stepfunctions" PolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Action: - "states:*" Resource: "*" # Fn::ImportValue: # !Sub "${StateMachineStackName}-CodePipelineStepFunctionsStateMachineArn" - PolicyName: "codepipeline" PolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Action: - "codepipeline:*" Resource: "*" StateMachineTriggerLambda: Type: AWS::Serverless::Function Properties: FunctionName: StateMachineTriggerLambda Handler: state_machine_trigger.index Runtime: nodejs10.x MemorySize: 128 Timeout: 30 Role: !GetAtt StateMachineTriggerLambdaRole.Arn Environment: Variables: stateMachineArn: Fn::ImportValue: !Sub "${StateMachineStackName}-CodePipelineStepFunctionsStateMachineArn" CodeCommitRepo: Type: "AWS::CodeCommit::Repository" Properties: RepositoryDescription: "AWS CodePipeline and Step Functions integration sample app repository" RepositoryName: "CodePipelineStepFunctionsRepo" CodePipelinePipelineRole: Type: "AWS::IAM::Role" Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Principal: Service: - "codepipeline.amazonaws.com" Action: - "sts:AssumeRole" Path: "/" Policies: - PolicyName: "lambda" PolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Action: - "lambda:*" Resource: !GetAtt StateMachineTriggerLambda.Arn - Effect: "Allow" Action: - "lambda:List*" Resource: "*" - PolicyName: "s3" PolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Action: - "s3:*" Resource: !Sub "arn:aws:s3:::${CodePipelineS3Bucket}/*" - PolicyName: "codecommit" PolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Action: - "codecommit:*" Resource: !GetAtt CodeCommitRepo.Arn CodePipelinePipeline: Type: "AWS::CodePipeline::Pipeline" Properties: Name: CodePipelineStepFunctionsPipeline RoleArn: !GetAtt CodePipelinePipelineRole.Arn ArtifactStore: Location: !Ref CodePipelineS3Bucket Type: S3 Stages: - Name: Source Actions: - Name: Source ActionTypeId: Category: Source Owner: AWS Version: 1 Provider: CodeCommit OutputArtifacts: - Name: SourceOutput Configuration: BranchName: master RepositoryName: !GetAtt CodeCommitRepo.Name RunOrder: 1 - Name: Prod Actions: - Name: Deploy InputArtifacts: - Name: SourceOutput ActionTypeId: Category: Invoke Owner: AWS Version: 1 Provider: Lambda Configuration: FunctionName: !Ref StateMachineTriggerLambda UserParameters: !Sub "{\"s3Bucket\": \"${StateMachineS3Bucket}\", \"stateMachineFile\": \"${StateMachineInputParamsFile}\"}" RunOrder: 1