AWSTemplateFormatVersion: '2010-09-09' Description: 'AWS Cloudformation template to help create synthetic tests demo resources.' Parameters: DemoResourcesCodeCommitRepo: Description: AWS CodeCommit repository name which contains the demo resources Type: String Default: "aws-codepipeline-synthetic-tests" DemoResourcesCodeCommitRepoBranch: Description: AWS CodeCommit repository branch Type: String Default: "master" Resources: ArtifactStoreBucket: Type: AWS::S3::Bucket Pipeline: Type: AWS::CodePipeline::Pipeline Properties: ArtifactStore: Location: !Ref 'ArtifactStoreBucket' Type: S3 Name: "SetupTimeWindowsDemoResources-Pipeline" RoleArn: !GetAtt [PipelineRole, Arn] Stages: - Name: Source Actions: - Name: DemoResourcesSource ActionTypeId: Category: Source Owner: AWS Provider: CodeCommit Version: '1' Configuration: RepositoryName: !Ref DemoResourcesCodeCommitRepo BranchName: !Ref DemoResourcesCodeCommitRepoBranch OutputArtifacts: - Name: DemoArtifacts RunOrder: '1' - Name: CloudformationDeploy Actions: - Name: CreateDemoResources ActionTypeId: Category: Deploy Owner: AWS Provider: CloudFormation Version: '1' InputArtifacts: - Name: DemoArtifacts Configuration: ActionMode: CREATE_UPDATE RoleArn: !GetAtt [CloudFormationRole, Arn] StackName: TimeWindowDemoResources TemplatePath: DemoArtifacts::time-window-demo-resources.yml TemplateConfiguration: DemoArtifacts::time-window-demo-resources-parameters.json ParameterOverrides: | { "DemoResourcesS3BucketName" : { "Fn::GetArtifactAtt" : ["DemoArtifacts", "BucketName"]}, "DemoResourcesS3ObjectKey" : { "Fn::GetArtifactAtt" : ["DemoArtifacts", "ObjectKey"]} } Capabilities: CAPABILITY_IAM RunOrder: '1' CloudFormationRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Action: ['sts:AssumeRole'] Effect: Allow Principal: Service: [cloudformation.amazonaws.com] Version: '2012-10-17' Path: / Policies: - PolicyName: CloudFormationRole PolicyDocument: Version: '2012-10-17' Statement: - Action: '*' Effect: Allow Resource: '*' PipelineRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Action: ['sts:AssumeRole'] Effect: Allow Principal: Service: [codepipeline.amazonaws.com] Version: '2012-10-17' Path: / Policies: - PolicyName: CodePipelineAccess PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - "s3:GetObject" - "s3:PutObject" Resource: - "Fn::Join": ["", ["arn:aws:s3:::", {"Ref": "ArtifactStoreBucket"}, "/*" ]] - Effect: "Allow" Action: - "s3:ListBucket" Resource: - "Fn::Join": ["", ["arn:aws:s3:::", {"Ref": "ArtifactStoreBucket"}]] - Effect: Allow Action: - 'cloudformation:CreateStack' - 'cloudformation:DescribeStacks' - 'cloudformation:DeleteStack' - 'cloudformation:UpdateStack' - 'cloudformation:CreateChangeSet' - 'cloudformation:ExecuteChangeSet' - 'cloudformation:DeleteChangeSet' - 'cloudformation:DescribeChangeSet' - 'cloudformation:SetStackPolicy' Resource: - "Fn::Join": ["", ["arn:aws:cloudformation:", { "Ref" : "AWS::Region" }, ":", { "Ref" : "AWS::AccountId" }, ":stack/", "TimeWindowDemoResources"]] - "Fn::Join": ["", ["arn:aws:cloudformation:", { "Ref" : "AWS::Region" }, ":", { "Ref" : "AWS::AccountId" }, ":stack/", "TimeWindowDemoResources/*"]] - Effect: Allow Action: - 'iam:PassRole' Resource: - !GetAtt [CloudFormationRole, Arn] - Effect: Allow Action: - "codecommit:GetBranch" - "codecommit:GetCommit" - "codecommit:UploadArchive" - "codecommit:GetUploadArchiveStatus" - "codecommit:CancelUploadArchive" Resource: - "Fn::Join": ["", ["arn:aws:codecommit:", { "Ref" : "AWS::Region" }, ":", { "Ref" : "AWS::AccountId" }, ":", {"Ref" : "DemoResourcesCodeCommitRepo"}]]