AWSTemplateFormatVersion: '2010-09-09' Resources: CodeRepo: Type: AWS::CodeCommit::Repository Properties: Code: BranchName: master S3: Bucket: "{{resolve:ssm:code-bucket:1}}" Key: code.zip RepositoryName: aws-mlops-pipeline ImageCodeBuild: Type: AWS::CodeBuild::Project Properties: Artifacts: Type: CODEPIPELINE LogsConfig: CloudWatchLogs: Status: ENABLED Name: Build ServiceRole: !GetAtt BuildRole.Arn Source: BuildSpec: buildspec-docker.yml Type: CODEPIPELINE TimeoutInMinutes: 60 Environment: ComputeType: BUILD_GENERAL1_SMALL Image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 ImagePullCredentialsType: CODEBUILD PrivilegedMode: True Type: LINUX_CONTAINER EnvironmentVariables: - Name: IMAGE_REPO_NAME Type: PLAINTEXT Value: !Ref ECR SAMCodeBuild: Type: AWS::CodeBuild::Project Properties: Artifacts: Type: CODEPIPELINE LogsConfig: CloudWatchLogs: Status: ENABLED Name: Deploy ServiceRole: !GetAtt BuildRole.Arn Source: BuildSpec: buildspec-sam.yml Type: CODEPIPELINE TimeoutInMinutes: 60 Environment: ComputeType: BUILD_GENERAL1_SMALL Image: aws/codebuild/amazonlinux2-x86_64-standard:3.0 ImagePullCredentialsType: CODEBUILD PrivilegedMode: True Type: LINUX_CONTAINER EnvironmentVariables: - Name: BUCKET Type: PLAINTEXT Value: "{{resolve:ssm:code-bucket:1}}" CodePipeline: Type: AWS::CodePipeline::Pipeline Properties: ArtifactStore: Location: "{{resolve:ssm:code-bucket:1}}" Type: S3 Name: aws-mlops-pipeline RoleArn: !GetAtt PipelineRole.Arn Stages: - Name: Source Actions: - ActionTypeId: Category: Source Owner: AWS Version: '1' Provider: CodeCommit Configuration: BranchName: master RepositoryName: !GetAtt CodeRepo.Name Name: Source OutputArtifacts: - Name: SourceOutput RunOrder: 1 - Name: Deploy Actions: - ActionTypeId: Category: Build Owner: AWS Version: '1' Provider: CodeBuild Configuration: ProjectName: !Ref ImageCodeBuild PrimarySource: SourceOutput InputArtifacts: - Name: SourceOutput Name: Build RunOrder: 1 - ActionTypeId: Category: Build Owner: AWS Version: '1' Provider: CodeBuild Configuration: ProjectName: !Ref SAMCodeBuild PrimarySource: SourceOutput InputArtifacts: - Name: SourceOutput Name: Deploy RunOrder: 2 BuildRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Principal: Service: "codebuild.amazonaws.com" Action: - sts:AssumeRole Policies: - PolicyName: root PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: - '*' Resource: '*' Path: "/" RoleName: CodeBuildRole PipelineRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Principal: Service: "codepipeline.amazonaws.com" Action: - sts:AssumeRole Policies: - PolicyName: root PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: - iam:PassRole - codecommit:* - codedeploy:* - codestar-connections:UseConnection - elasticbeanstalk:* - ec2:* - elasticloadbalancing:* - autoscaling:* - cloudwatch:* - s3:* - sns:* - cloudformation:* - rds:* - sqs:* - ecs:* - lambda:InvokeFunction - lambda:ListFunctions - opsworks:* - codebuild:* - devicefarm:* - servicecatalog:* - ecr:DescribeImages - states:* - appconfig:* Resource: '*' Path: "/" RoleName: CodePipelineRole ECR: Type: AWS::ECR::Repository Properties: RepositoryName: mlops-image ECRSSM: Type: AWS::SSM::Parameter Properties: Name: ecr-uri Type: String Value: !GetAtt ECR.RepositoryUri