# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 AWSTemplateFormatVersion: 2010-09-09 Transform: "AWS::Serverless-2016-10-31" Description: Windows Server container CI/CD pipeline Metadata: AWS::CloudFormation::Interface: ParameterGroups: - Label: default: "General" Parameters: - ProjectId ParameterLabels: ProjectId: default: "Project ID" Parameters: # You can provide these parameters in your CreateProject API call. ProjectId: Type: String Description: Prefix that will be used for AWS resources generated by the template. Default: windows-container-cicd RepositoryArn: Type: String Description: CodeCommit repository ARN from CDK Pipeline application. # Custom Action CustomActionProviderName: Type: String Description: Name of the custom action provider (used in CodePipeline Console UI). CustomActionProviderCategory: Type: String Description: Category of the custom action provider (used in CodePipeline Console UI). AllowedValues: - Build - Deploy - Invoke - Test CustomActionProviderVersion: Type: String Description: Version of the custom action provider (used in CodePipeline Console UI). LatestECSOptimizedAMI: Description: AMI ID Type: AWS::SSM::Parameter::Value Default: /aws/service/ami-windows-latest/Windows_Server-2019-English-Core-ECS_Optimized/image_id Resources: ArtifactsBucket: Type: AWS::S3::Bucket DeletionPolicy: Retain Description: Amazon S3 bucket for AWS CodePipeline artifacts Properties: BucketName: !Sub "${ProjectId}-${AWS::AccountId}-${AWS::Region}-artifacts" VersioningConfiguration: Status: Enabled BucketEncryption: ServerSideEncryptionConfiguration: - ServerSideEncryptionByDefault: SSEAlgorithm: AES256 DockerRepository: Type: AWS::ECR::Repository Properties: RepositoryName: "zoom-virtual-participant-windows" # Role for CI/CD pipeline execution CodePipelineRole: Type: AWS::IAM::Role Description: Creating service role in IAM for AWS CodePipeline Properties: AssumeRolePolicyDocument: Statement: - Action: sts:AssumeRole Effect: Allow Principal: Service: - codepipeline.amazonaws.com Sid: 1 Path: / Policies: - PolicyName: !Sub "${ProjectId}-codepipeline-policy" PolicyDocument: Statement: # Your pipeline will generally need permissions to store and retrieve artifacts in Amazon S3. # It will also need permissions to detect changes to your repository, start # a build against your AWS CodeBuild project, and create an AWS CloudFormation stack # containing your runtime resources. Adjust these policies as needed. - Action: - s3:PutObject - s3:ListObjects - s3:ListBucket - s3:GetObjectVersion - s3:GetObject - s3:GetBucketLocation - codecommit:GetCommit - codecommit:GetBranch - codecommit:UploadArchive - codecommit:GetUploadArchiveStatus - codebuild:StartBuild - codebuild:BatchGetBuilds Effect: Allow Resource: "*" AmazonCloudWatchEventRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - events.amazonaws.com Action: sts:AssumeRole Path: / Policies: - PolicyName: cwe-pipeline-execution PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: codepipeline:StartPipelineExecution Resource: !Sub "arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${WindowsContainerPipeline}" AmazonCloudWatchEventRule: Type: AWS::Events::Rule Properties: EventPattern: source: - aws.codecommit detail-type: - "CodeCommit Repository State Change" resources: - !Ref RepositoryArn detail: event: - referenceCreated - referenceUpdated referenceType: - branch referenceName: - main Targets: - Arn: !Sub "arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${WindowsContainerPipeline}" RoleArn: !GetAtt AmazonCloudWatchEventRole.Arn Id: windows-container-pipeline WindowsContainerPipeline: Type: AWS::CodePipeline::Pipeline Description: Creating a deployment pipeline for your project in AWS CodePipeline DependsOn: - ArtifactsBucket Properties: Name: !Sub "${ProjectId}-pipeline" ArtifactStore: Location: !Ref ArtifactsBucket Type: S3 RoleArn: !Sub "${CodePipelineRole.Arn}" Stages: - Name: Source Actions: - Name: SourceAction ActionTypeId: Category: Source Owner: AWS Version: 1 Provider: CodeCommit OutputArtifacts: - Name: Source Configuration: BranchName: main RepositoryName: !Select [5, !Split [":", !Ref RepositoryArn]] PollForSourceChanges: false RunOrder: 1 - Name: Package Actions: - Name: Publish-Docker-Image RunOrder: 1 ActionTypeId: Owner: Custom Category: !Ref CustomActionProviderCategory Provider: !Ref CustomActionProviderName Version: !Ref CustomActionProviderVersion Configuration: ImageId: !Ref LatestECSOptimizedAMI InstanceType: m5.2xlarge Command: !Sub "Set-Location 'src'; dir; .\\build-and-publish-docker-image.ps1 -accountId ${AWS::AccountId} -region ${AWS::Region} -repositoryName ${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/${DockerRepository}" InputArtifacts: - Name: Source Outputs: ArtifactsBucket: Description: Bucket for AWS CodePipeline artifacts Value: !Ref ArtifactsBucket DockerRepositoryName: Description: Docker container registry name Value: !Ref DockerRepository Export: Name: DockerRepositoryName DockerRepositoryArn: Description: Docker container registry ARN Value: !GetAtt DockerRepository.Arn Export: Name: DockerRepositoryArn