AWSTemplateFormatVersion: 2010-09-09 Description: AWS CloudFormation Template to build pipelines for App Modernization Team\'s Monolith to Microservices Unicorn Lab. Assumes that you run the pipeline in us-east-1. Metadata: AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Hugo Pipeline Info Parameters: - HugoSourceRepo - HugoSourceBranch - Label: default: Legacy Monolith Application Info Parameters: - LegacySourceRepo - LegacySourceBranch - LegacyEBApplicationName - LegacyEBEnvironmentName - Label: default: Frontend Info Parameters: - FrontendSourceRepo - FrontendSourceBranch - FrontendBucketName - Label: default: Inventory Service Pipeline Info Parameters: - InventorySourceRepo - InventorySourceBranch - InventoryServiceECRName - Label: default: Basket Service Pipeline Info Parameters: - BasketSourceRepo - BasketSourceBranch - LambdaDeployAccessRoleARN - Label: default: Locust testing Info Parameters: - LocustSourceRepo - LocustSourceBranch - LocustEBApplicationName - LocustEBEnvironmentName - Label: default: S3 Bucket Info Parameters: - S3BucketName - OtherRegion1 - OtherRegion2 - OtherRegion3 - OtherRegion4 Parameters: HugoSourceRepo: Type: String Description: Name of CodeCommit repository for Hugo site Default: hugo HugoSourceBranch: Type: String Description: Name of CodeCommit Branch within HugoSourceRepo Default: master InventorySourceRepo: Type: String Description: Name of CodeCommit repository for inventory service Default: unicornstore InventorySourceBranch: Type: String Description: Name of CodeCommit Branch within InventorySourceRepo\ Default: master InventoryServiceECRName: Type: String Description: Name of ECR repository for inventory service Default: inventory_service LegacySourceRepo: Type: String Description: Name of CodeCommit repository for Legacy Monolith application Default: unicornstore LegacySourceBranch: Type: String Description: Name of CodeCommit Branch within LegacySourceRepo Default: master LegacyEBApplicationName: Type: String Description: EB application name for the legacy app. Default: LegacyApplication LegacyEBEnvironmentName: Type: String Description: EB environment name for the legacy app. Default: LegacyApplication FrontendSourceRepo: Type: String Description: Name of CodeCommit repository for application FrontEnd Default: unicornstore FrontendSourceBranch: Type: String Description: Name of CodeCommit Branch within FrontendSourceRepo Default: master FrontendBucketName: Type: String Description: Name of the S3 bucket used for static hosting front FrontEnd Default: unishopui BasketSourceRepo: Type: String Description: Name of CodeCommit repository for basket service Default: unicornstore BasketSourceBranch: Type: String Description: Name of CodeCommit Branch within BasketSourceRepo Default: master LambdaDeployAccessRoleARN: Type: String Description: ARN of the IAM role used to deploy lambda in Code Build LocustSourceRepo: Type: String Description: Name of CodeCommit repository for locust testing Default: unicornstore LocustSourceBranch: Type: String Description: Name of CodeCommit Branch within LocustSourceRepo Default: master LocustEBApplicationName: Type: String Description: EB application name for locust. Default: LoadGenerator LocustEBEnvironmentName: Type: String Description: EB environment name for locust. Default: LoadGenerator S3BucketName: Type: String Description: Name of the S3 bucket where all CodeBuild artifacts are stored and where the Hugo Site is hosted Default: unishop-store-dotnet OtherRegion1: Type: String Default: us-west-2 OtherRegion2: Type: String Default: ap-southeast-1 OtherRegion3: Type: String Default: eu-west-1 OtherRegion4: Type: String Default: us-east-1 Resources: # Service roles needed to use CodeBuild and CodePipeline (used by each pipeline) CodeBuildRole: Type: AWS::IAM::Role Description: Creating service role in IAM for AWS CodeBuild Properties: RoleName: CodeBuildServiceRole AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Principal: Service: - "codebuild.amazonaws.com" - "s3.amazonaws.com" Action: - "sts:AssumeRole" ManagedPolicyArns: - arn:aws:iam::aws:policy/AWSCodeBuildAdminAccess - arn:aws:iam::aws:policy/CloudWatchLogsFullAccess - arn:aws:iam::aws:policy/AmazonS3FullAccess - arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess - arn:aws:iam::aws:policy/AWSLambdaFullAccess CodePipelineRole: Type: "AWS::IAM::Role" Description: Creating service role in IAM for AWS CodeDeploy Properties: RoleName: CodePipelineServiceRole AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Principal: Service: - "codepipeline.amazonaws.com" Action: - "sts:AssumeRole" ManagedPolicyArns: - arn:aws:iam::aws:policy/AWSCodePipelineFullAccess - arn:aws:iam::aws:policy/AWSCodeBuildDeveloperAccess - arn:aws:iam::aws:policy/AmazonS3FullAccess - arn:aws:iam::aws:policy/AWSCodeCommitFullAccess - arn:aws:iam::aws:policy/AWSElasticBeanstalkFullAccess # Resources used to build and publish hugo site HugoCodeBuildProject: Type: AWS::CodeBuild::Project Properties: Name: HugoBuild Description: Build project to deploy Hugo docs. Source: Type: CODEPIPELINE BuildSpec: workshop/buildspec.yml Environment: Type: LINUX_CONTAINER ComputeType: BUILD_GENERAL1_SMALL Image: aws/codebuild/standard:4.0 EnvironmentVariables: - Name: S3_BUCKET_NAME Type: PLAINTEXT Value: !Ref 'S3BucketName' - Name: MAIN_REGION Type: PLAINTEXT Value: !Ref 'AWS::Region' - Name: OTHER_REGION_1 Type: PLAINTEXT Value: !Ref 'OtherRegion1' - Name: OTHER_REGION_2 Type: PLAINTEXT Value: !Ref 'OtherRegion2' - Name: OTHER_REGION_3 Type: PLAINTEXT Value: !Ref 'OtherRegion3' - Name: OTHER_REGION_4 Type: PLAINTEXT Value: !Ref 'OtherRegion4' ServiceRole: !Ref 'CodeBuildRole' Artifacts: Type: CODEPIPELINE HugoCodePipeline: Type: AWS::CodePipeline::Pipeline Properties: ArtifactStore: Location: !Ref S3BucketName Type: S3 Name: HugoCodePipeline RoleArn: !GetAtt 'CodePipelineRole.Arn' Stages: - Name: Source Actions: - Name: HugoCodeCommit InputArtifacts: [] ActionTypeId: Category: Source Owner: AWS Version: '1' Provider: CodeCommit OutputArtifacts: - Name: HugoSourceOutput Configuration: RepositoryName: !Ref 'HugoSourceRepo' BranchName: !Ref 'HugoSourceBranch' PollForSourceChanges: false RunOrder: 1 - Name: Build Actions: - Name: HugoCodeBuild InputArtifacts: - Name: HugoSourceOutput OutputArtifacts: - Name: HugoBuildOutput ActionTypeId: Category: Build Owner: AWS Provider: CodeBuild Version: '1' Configuration: ProjectName: !Ref 'HugoCodeBuildProject' RunOrder: 1 HugoCloudWatchEventRule: Type: AWS::Events::Rule Properties: EventPattern: source: - aws.codecommit detail-type: - 'CodeCommit Repository State Change' resources: - !Join [ '', [ 'arn:aws:codecommit:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref HugoSourceRepo ] ] detail: event: - referenceCreated - referenceUpdated referenceType: - branch referenceName: - master Targets: - Arn: !Join [ '', [ 'arn:aws:codepipeline:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref HugoCodePipeline ] ] RoleArn: !GetAtt AmazonCloudWatchEventRole.Arn Id: codepipeline-HugoPipeline # Resources needed to create the frontend pipeline FrontendCodeBuild: Type: AWS::CodeBuild::Project Properties: Name: FrontendCodeBuildProject Description: CodeBuild Project for the frontend Source: Type: CODEPIPELINE BuildSpec: FrontEnd/build/buildspec.yml Environment: Type: LINUX_CONTAINER ComputeType: BUILD_GENERAL1_SMALL Image: aws/codebuild/standard:4.0 PrivilegedMode: true EnvironmentVariables: - Name: FRONTEND_BUCKET_NAME Type: PLAINTEXT Value: !Ref 'FrontendBucketName' ServiceRole: !Ref 'CodeBuildRole' Artifacts: Type: CODEPIPELINE FrontendCodePipeline: Type: AWS::CodePipeline::Pipeline Properties: ArtifactStore: Location: !Ref S3BucketName Type: S3 Name: FrontendCodePipeline RoleArn: !GetAtt 'CodePipelineRole.Arn' Stages: - Name: Source Actions: - Name: FrontendCodeCommit InputArtifacts: [] ActionTypeId: Category: Source Owner: AWS Version: '1' Provider: CodeCommit OutputArtifacts: - Name: FrontendSourceOutput Configuration: RepositoryName: !Ref 'FrontendSourceRepo' BranchName: !Ref 'FrontendSourceBranch' PollForSourceChanges: false RunOrder: 1 - Name: Build Actions: - Name: FrontendCodeBuild InputArtifacts: - Name: FrontendSourceOutput OutputArtifacts: - Name: FrontendBuildOutput ActionTypeId: Category: Build Owner: AWS Provider: CodeBuild Version: '1' Configuration: ProjectName: !Ref 'FrontendCodeBuild' RunOrder: 1 FrontendCloudWatchEventRule: Type: AWS::Events::Rule Properties: EventPattern: source: - aws.codecommit detail-type: - 'CodeCommit Repository State Change' resources: - !Join [ '', [ 'arn:aws:codecommit:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref FrontendSourceRepo ] ] detail: event: - referenceCreated - referenceUpdated referenceType: - branch referenceName: - master Targets: - Arn: !Join [ '', [ 'arn:aws:codepipeline:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref FrontendCodePipeline ] ] RoleArn: !GetAtt AmazonCloudWatchEventRole.Arn Id: codepipeline-HugoPipeline # Resources needed to create the legacy monolith application. Can be deployed on EBS instance LegacyCodeBuild: Type: AWS::CodeBuild::Project Properties: Name: LegacyCodeBuildProject Description: CodeBuild Project for the legacy application Source: Type: CODEPIPELINE BuildSpec: MonolithicApplication/build/buildspec.yml Environment: Type: WINDOWS_CONTAINER ComputeType: BUILD_GENERAL1_MEDIUM Image: mcr.microsoft.com/dotnet/framework/sdk:4.8 EnvironmentVariables: - Name: S3_BUCKET_NAME Type: PLAINTEXT Value: !Ref 'S3BucketName' - Name: MAIN_REGION Type: PLAINTEXT Value: !Ref 'AWS::Region' - Name: OTHER_REGION_1 Type: PLAINTEXT Value: !Ref 'OtherRegion1' - Name: OTHER_REGION_2 Type: PLAINTEXT Value: !Ref 'OtherRegion2' - Name: OTHER_REGION_3 Type: PLAINTEXT Value: !Ref 'OtherRegion3' - Name: OTHER_REGION_4 Type: PLAINTEXT Value: !Ref 'OtherRegion4' ServiceRole: !Ref 'CodeBuildRole' Artifacts: Type: CODEPIPELINE LegacyCodeTest: Type: AWS::CodeBuild::Project Properties: Name: LegacyCodeTestProject Description: CodeBuild Project for the legacy application unit tests. Source: Type: CODEPIPELINE BuildSpec: MonolithicApplication/build/TestBuildSpec.yml Environment: Type: WINDOWS_CONTAINER ComputeType: BUILD_GENERAL1_MEDIUM Image: mcr.microsoft.com/dotnet/framework/sdk:4.8 ServiceRole: !Ref 'CodeBuildRole' Artifacts: Type: CODEPIPELINE LegacyCodePipeline: Type: AWS::CodePipeline::Pipeline Properties: ArtifactStore: Location: !Ref S3BucketName Type: S3 Name: LegacyCodePipeline RoleArn: !GetAtt 'CodePipelineRole.Arn' Stages: - Name: Source Actions: - Name: LegacyCodeCommit InputArtifacts: [] ActionTypeId: Category: Source Owner: AWS Version: '1' Provider: CodeCommit OutputArtifacts: - Name: LegacySourceOutput Configuration: RepositoryName: !Ref 'LegacySourceRepo' BranchName: !Ref 'LegacySourceBranch' PollForSourceChanges: false RunOrder: 1 - Name: Build Actions: - Name: LegacyCodeBuild InputArtifacts: - Name: LegacySourceOutput OutputArtifacts: - Name: LegacyBuildOutput ActionTypeId: Category: Build Owner: AWS Provider: CodeBuild Version: '1' Configuration: ProjectName: !Ref 'LegacyCodeBuild' RunOrder: 1 - Name: Test Actions: - Name: LegacyCodeTest InputArtifacts: - Name: LegacySourceOutput OutputArtifacts: - Name: LegacyTestOutput ActionTypeId: Category: Build Owner: AWS Provider: CodeBuild Version: '1' Configuration: ProjectName: !Ref 'LegacyCodeTest' RunOrder: 1 - Name: Deploy Actions: - Name: Deploy ActionTypeId: Category: Deploy Owner: AWS Version: 1 Provider: ElasticBeanstalk Configuration: ApplicationName: !Ref LegacyEBApplicationName EnvironmentName: !Ref LegacyEBEnvironmentName InputArtifacts: - Name: LegacyBuildOutput RunOrder: 1 LegacyCloudWatchEventRule: Type: AWS::Events::Rule Properties: EventPattern: source: - aws.codecommit detail-type: - 'CodeCommit Repository State Change' resources: - !Join [ '', [ 'arn:aws:codecommit:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref LegacySourceRepo ] ] detail: event: - referenceCreated - referenceUpdated referenceType: - branch referenceName: - master Targets: - Arn: !Join [ '', [ 'arn:aws:codepipeline:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref LegacyCodePipeline ] ] RoleArn: !GetAtt AmazonCloudWatchEventRole.Arn Id: codepipeline-HugoPipeline # Resources needed to create inventory service pipieline. User must manually create ECR and upload buildspec.yml URL in order # to push image to proper ECR repository in CodeBuild stage. InventoryServiceBuild: Type: AWS::CodeBuild::Project Properties: Name: InventoryServiceBuild Description: Build project to deploy Inventory Service. Source: Type: CODEPIPELINE BuildSpec: InventoryService/build/buildspec.yml Environment: Type: LINUX_CONTAINER ComputeType: BUILD_GENERAL1_SMALL Image: aws/codebuild/standard:4.0 PrivilegedMode: true EnvironmentVariables: - Name: MAIN_REGION Type: PLAINTEXT Value: !Ref 'AWS::Region' - Name: INVENTORY_ECR_NAME Type: PLAINTEXT Value: !Ref 'InventoryServiceECRName' - Name: AWS_ACCOUNT_ID Type: PLAINTEXT Value: !Ref AWS::AccountId ServiceRole: !Ref 'CodeBuildRole' Artifacts: Type: CODEPIPELINE InventoryServiceTest: Type: AWS::CodeBuild::Project Properties: Name: InventoryServiceTest Description: Run unit tests for the Inventory Service. Source: Type: CODEPIPELINE BuildSpec: InventoryService/build/TestBuildSpec.yml Environment: Type: LINUX_CONTAINER ComputeType: BUILD_GENERAL1_SMALL Image: aws/codebuild/standard:4.0 PrivilegedMode: true ServiceRole: !Ref 'CodeBuildRole' Artifacts: Type: CODEPIPELINE InventoryServiceCodePipeline: Type: AWS::CodePipeline::Pipeline Properties: ArtifactStore: Location: !Ref S3BucketName Type: S3 Name: InventoryServiceCodePipeline RoleArn: !GetAtt 'CodePipelineRole.Arn' Stages: - Name: Source Actions: - Name: CodeCommit InputArtifacts: [] ActionTypeId: Category: Source Owner: AWS Version: '1' Provider: CodeCommit OutputArtifacts: - Name: InventorySourceOutput Configuration: RepositoryName: !Ref 'InventorySourceRepo' BranchName: !Ref 'InventorySourceBranch' PollForSourceChanges: false RunOrder: 1 - Name: Build Actions: - Name: CodeBuild InputArtifacts: - Name: InventorySourceOutput OutputArtifacts: - Name: InventoryBuildOutput ActionTypeId: Category: Build Owner: AWS Provider: CodeBuild Version: '1' Configuration: ProjectName: !Ref 'InventoryServiceBuild' RunOrder: 1 - Name: Test Actions: - Name: CodeBuild InputArtifacts: - Name: InventorySourceOutput OutputArtifacts: - Name: InventoryTestOutput ActionTypeId: Category: Test Owner: AWS Provider: CodeBuild Version: '1' Configuration: ProjectName: !Ref 'InventoryServiceTest' RunOrder: 1 InventoryServiceECR: Type: AWS::ECR::Repository Properties: RepositoryName: !Ref InventoryServiceECRName InventoryCloudWatchEventRule: Type: AWS::Events::Rule Properties: EventPattern: source: - aws.codecommit detail-type: - 'CodeCommit Repository State Change' resources: - !Join [ '', [ 'arn:aws:codecommit:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref InventorySourceRepo ] ] detail: event: - referenceCreated - referenceUpdated referenceType: - branch referenceName: - master Targets: - Arn: !Join [ '', [ 'arn:aws:codepipeline:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref InventoryServiceCodePipeline ] ] RoleArn: !GetAtt AmazonCloudWatchEventRole.Arn Id: codepipeline-HugoPipeline # Resources needed to create inventory service pipieline. Currently buildspec.yml pushes image to ECR repo, but this will ultimately # be modfied to create a lambda package BasketServiceCodeBuildProject: Type: AWS::CodeBuild::Project Properties: Name: BasketServiceBuild Description: Build project to deploy Basket Service. Source: Type: CODEPIPELINE BuildSpec: BasketLambda/build/DeployBuildspec.yml Environment: Type: LINUX_CONTAINER ComputeType: BUILD_GENERAL1_SMALL Image: aws/codebuild/standard:4.0 PrivilegedMode: true EnvironmentVariables: - Name: MAIN_REGION Type: PLAINTEXT Value: !Ref 'AWS::Region' - Name: LAMBDA_DEPLOY_ARN Type: PLAINTEXT Value: !Ref 'LambdaDeployAccessRoleARN' ServiceRole: !Ref 'CodeBuildRole' Artifacts: Type: CODEPIPELINE BasketServiceCodeTestProject: Type: AWS::CodeBuild::Project Properties: Name: BasketServiceTest Description: Run unite tests for Basket Service. Source: Type: CODEPIPELINE BuildSpec: BasketLambda/build/TestBuildspec.yml Environment: Type: LINUX_CONTAINER ComputeType: BUILD_GENERAL1_SMALL Image: aws/codebuild/standard:4.0 PrivilegedMode: true EnvironmentVariables: - Name: MAIN_REGION Type: PLAINTEXT Value: !Ref 'AWS::Region' ServiceRole: !Ref 'CodeBuildRole' Artifacts: Type: CODEPIPELINE BasketServiceCodePipeline: Type: AWS::CodePipeline::Pipeline Properties: ArtifactStore: Location: !Ref S3BucketName Type: S3 Name: BasketServiceCodePipeline RoleArn: !GetAtt CodePipelineRole.Arn Stages: - Name: Source Actions: - Name: CodeCommit InputArtifacts: [] ActionTypeId: Category: Source Owner: AWS Version: '1' Provider: CodeCommit OutputArtifacts: - Name: BasketSourceOutput Configuration: RepositoryName: !Ref BasketSourceRepo BranchName: !Ref BasketSourceBranch PollForSourceChanges: false RunOrder: 1 - Name: Build Actions: - Name: CodeBuild InputArtifacts: - Name: BasketSourceOutput OutputArtifacts: - Name: BasketBuildOutput ActionTypeId: Category: Build Owner: AWS Provider: CodeBuild Version: '1' Configuration: ProjectName: !Ref 'BasketServiceCodeBuildProject' RunOrder: 1 - Name: Test Actions: - Name: CodeBuild InputArtifacts: - Name: BasketSourceOutput OutputArtifacts: - Name: BasketTestOutput ActionTypeId: Category: Test Owner: AWS Provider: CodeBuild Version: '1' Configuration: ProjectName: !Ref 'BasketServiceCodeTestProject' RunOrder: 1 BasketCloudWatchEventRule: Type: AWS::Events::Rule Properties: EventPattern: source: - aws.codecommit detail-type: - 'CodeCommit Repository State Change' resources: - !Join [ '', [ 'arn:aws:codecommit:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref BasketSourceRepo ] ] detail: event: - referenceCreated - referenceUpdated referenceType: - branch referenceName: - master Targets: - Arn: !Join [ '', [ 'arn:aws:codepipeline:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref BasketServiceCodePipeline ] ] RoleArn: !GetAtt AmazonCloudWatchEventRole.Arn Id: codepipeline-HugoPipeline # Resources needed to create the locust tests pipelines LocustTestBuild: Type: AWS::CodeBuild::Project Properties: Name: LocustTestCodeBuildProject Description: Build stage for Locust load testing application. Source: Type: CODEPIPELINE BuildSpec: Locust/build/buildspec.yml Environment: Type: LINUX_CONTAINER ComputeType: BUILD_GENERAL1_SMALL Image: aws/codebuild/standard:1.0 EnvironmentVariables: - Name: S3_BUCKET_NAME Type: PLAINTEXT Value: !Ref 'S3BucketName' - Name: MAIN_REGION Type: PLAINTEXT Value: !Ref 'AWS::Region' - Name: OTHER_REGION_1 Type: PLAINTEXT Value: !Ref 'OtherRegion1' - Name: OTHER_REGION_2 Type: PLAINTEXT Value: !Ref 'OtherRegion2' - Name: OTHER_REGION_3 Type: PLAINTEXT Value: !Ref 'OtherRegion3' - Name: OTHER_REGION_4 Type: PLAINTEXT Value: !Ref 'OtherRegion4' ServiceRole: !Ref 'CodeBuildRole' Artifacts: Type: CODEPIPELINE LocustCodePipeline: Type: AWS::CodePipeline::Pipeline Properties: ArtifactStore: Location: !Ref S3BucketName Type: S3 Name: LocustCodePipeline RoleArn: !GetAtt 'CodePipelineRole.Arn' Stages: - Name: Source Actions: - Name: LocustCodeCommit InputArtifacts: [] ActionTypeId: Category: Source Owner: AWS Version: '1' Provider: CodeCommit OutputArtifacts: - Name: LocustSourceOutput Configuration: RepositoryName: !Ref 'LocustSourceRepo' BranchName: !Ref 'LocustSourceBranch' PollForSourceChanges: false RunOrder: 1 - Name: Build Actions: - Name: LocustCodeBuild InputArtifacts: - Name: LocustSourceOutput OutputArtifacts: - Name: LocustBuildOutput ActionTypeId: Category: Build Owner: AWS Provider: CodeBuild Version: '1' Configuration: ProjectName: !Ref 'LocustTestBuild' RunOrder: 1 - Name: Deploy Actions: - Name: Deploy ActionTypeId: Category: Deploy Owner: AWS Version: 1 Provider: ElasticBeanstalk Configuration: ApplicationName: !Ref LocustEBApplicationName EnvironmentName: !Ref LocustEBEnvironmentName InputArtifacts: - Name: LocustBuildOutput RunOrder: 1 LocustCloudWatchEventRule: Type: AWS::Events::Rule Properties: EventPattern: source: - aws.codecommit detail-type: - 'CodeCommit Repository State Change' resources: - !Join [ '', [ 'arn:aws:codecommit:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref LocustSourceRepo ] ] detail: event: - referenceCreated - referenceUpdated referenceType: - branch referenceName: - master Targets: - Arn: !Join [ '', [ 'arn:aws:codepipeline:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref LocustCodePipeline ] ] RoleArn: !GetAtt AmazonCloudWatchEventRole.Arn Id: codepipeline-HugoPipeline AmazonCloudWatchEventRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - events.amazonaws.com Action: sts:AssumeRole Path: / Policies: - PolicyName: cwe-pipeline-execution-hugo PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: codepipeline:StartPipelineExecution Resource: !Join [ '', [ 'arn:aws:codepipeline:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref HugoCodePipeline ] ] - PolicyName: cwe-pipeline-execution-legacy PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: codepipeline:StartPipelineExecution Resource: !Join [ '', [ 'arn:aws:codepipeline:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref LegacyCodePipeline ] ] - PolicyName: cwe-pipeline-execution-inventory PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: codepipeline:StartPipelineExecution Resource: !Join [ '', [ 'arn:aws:codepipeline:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref InventoryServiceCodePipeline ] ] - PolicyName: cwe-pipeline-execution-basket PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: codepipeline:StartPipelineExecution Resource: !Join [ '', [ 'arn:aws:codepipeline:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref BasketServiceCodePipeline ] ] - PolicyName: cwe-pipeline-execution-locust PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: codepipeline:StartPipelineExecution Resource: !Join [ '', [ 'arn:aws:codepipeline:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref LocustCodePipeline ] ]