AWSTemplateFormatVersion: "2010-09-09" Transform: AWS::Serverless-2016-10-31 Description: > codebuild Sample SAM Template for codebuild Parameters: RepoName: Type: String Description: Name of the CodeCommit repository to build nightly. Must be in the same region. Resources: UpdateDependencies: Type: AWS::Serverless::StateMachine # More info about State Machine Resource: https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-resource-statemachine.html Properties: DefinitionUri: statemachine/updateDependencies.asl.json DefinitionSubstitutions: UpdateDependenciesBuildJob: !GetAtt UpdateDependenciesProject.Arn BuildStatusTopic: !Ref BuildResultsTopic Events: Nightly: Type: Schedule # More info about Schedule Event Source: https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-property-statemachine-schedule.html Properties: Description: Schedule to run the UpdateDependencies state machine every night Schedule: "cron(0 0 * * ? *)" # Run at midnight (UTC) every day. Format is cron(minutes hours day_of_month month day_of_week year) Role: !GetAtt StepFunctionsRole.Arn BuildResultsTopic: Type: AWS::SNS::Topic UpdateDependenciesProject: Type: AWS::CodeBuild::Project Properties: ServiceRole: !Ref CodeBuildRole Artifacts: Type: NO_ARTIFACTS Environment: Type: LINUX_CONTAINER ComputeType: BUILD_GENERAL1_SMALL Image: aws/codebuild/standard:2.0 Source: Type: CODECOMMIT Location: !Sub https://git-codecommit.${AWS::Region}.amazonaws.com/v1/repos/${RepoName} StepFunctionsRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: "sts:AssumeRole" Principal: Service: states.amazonaws.com Path: "/" Policies: - PolicyName: CodeBuildExecutionRolePolicy PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: - "sns:Publish" Resource: - !Ref BuildResultsTopic - Effect: Allow Action: - "codebuild:StartBuild" - "codebuild:StopBuild" - "codebuild:BatchGetBuilds" - "codebuild:BatchGetReports" Resource: "*" - Effect: Allow Action: - "events:PutTargets" - "events:PutRule" - "events:DescribeRule" Resource: - !Sub "arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:rule/StepFunctionsGetEventForCodeBuildStartBuildRule" CodeBuildRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: "sts:AssumeRole" Principal: Service: codebuild.amazonaws.com Path: / Policies: - PolicyName: CodeBuildServiceRolePolicy PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: - "logs:CreateLogGroup" - "logs:CreateLogStream" - "logs:PutLogEvents" - "codebuild:CreateReportGroup" - "codebuild:CreateReport" - "codebuild:UpdateReport" - "codebuild:BatchPutTestCases" Resource: "*" - Effect: Allow Action: - "codecommit:GitPull" Resource: !Sub arn:${AWS::Partition}:codecommit:${AWS::Region}:${AWS::AccountId}:${RepoName} Outputs: # StockTradingStateMachineHourlyTradingSchedule is an implicit Schedule event rule created out of Events key under Serverless::StateMachine # Find out more about other implicit resources you can reference within SAM # https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-specification-generated-resources.html UpdateDependenciesArn: Description: "Update Dependencies state machine ARN" Value: !Ref UpdateDependencies BuildResultsTopicName: Description: "Build Results SNS Topic name" Value: !GetAtt BuildResultsTopic.TopicName