AWSTemplateFormatVersion: 2010-09-09 Description: > This template deploys the Retail Demo Store Swagger UI deployment pipeline. Parameters: ResourceBucket: Type: String Description: S3Bucket Bucket where the deployment Resources are stored (cloudformation, images, lambda code) ResourceBucketRelativePath: Type: String Description: S3Bucket Path where the deployment Resources are stored (cloudformation, images, lambda code) (i.e. path/path2), can be empty if resources are at the root of the bucket. MUST contain trailing / SwaggerUICDN: Type: String Description: CloudFront distribution ID for the Swagger UI CDN SwaggerUIBucketName: Type: String Description: S3 bucket where Swagger UI assets stored for serving via CloudFront SwaggerUIRootUrl: Type: String Description: Public facing root URL where the Retail Demo Store Swagger UI is served. Used when building fully qualified URLs for the web user interface. AllowedPattern: "^https?://[^\\s/$.?#].[^\\s]*$" ConstraintDescription: Must be a valid URL referring to the root domain where web assets are located SourceDeploymentType: Type: String Description: Retail Demo Store source deployment type AllowedValues: - 'GitHub' - 'CodeCommit' Default: 'CodeCommit' GitHubRepo: Type: String GitHubBranch: Type: String Default: master GitHubToken: Type: String NoEcho: true GitHubUser: Type: String ProductsServiceExternalUrl: Type: String Default: none UsersServiceExternalUrl: Type: String Default: none CartsServiceExternalUrl: Type: String Default: none OrdersServiceExternalUrl: Type: String Default: none RecommendationsServiceExternalUrl: Type: String Default: none LocationServiceExternalUrl: Type: String Default: none SearchServiceExternalUrl: Type: String Default: none OffersServiceExternalUrl: Type: String Default: none VideosServiceExternalUrl: Type: String Default: none CleanupBucketLambdaArn: Type: String Description: Lambda Arn for cleanup function LoggingBucketName: Type: String Description: S3 Bucket For logging Conditions: LinkToGitHub: !Equals [ !Ref SourceDeploymentType, 'GitHub' ] LinkToCodeCommit: !Equals [ !Ref SourceDeploymentType, 'CodeCommit' ] Resources: CodeBuildServiceRole: Type: AWS::IAM::Role Properties: Path: / AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: codebuild.amazonaws.com Action: sts:AssumeRole Policies: - PolicyName: "logs" PolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Action: - logs:CreateLogGroup - logs:CreateLogStream - logs:PutLogEvents - ssm:GetParameters Resource: "*" - PolicyName: "invalidation" PolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Action: - 'cloudfront:CreateInvalidation' - 'cloudfront:GetInvalidation' Resource: !Sub arn:aws:cloudfront::${AWS::AccountId}:distribution/${SwaggerUICDN} - PolicyName: "S3" PolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Action: - s3:GetObject - s3:PutObject - s3:GetObjectVersion - 's3:GetBucketVersioning' Resource: - !Sub arn:aws:s3:::${ArtifactBucket}/* - !Sub arn:aws:s3:::${SwaggerUIBucketName}/* CodePipelineServiceRole: Type: AWS::IAM::Role Properties: Path: / AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: codepipeline.amazonaws.com Action: sts:AssumeRole Policies: - PolicyName: root PolicyDocument: Version: 2012-10-17 Statement: - Resource: - !Sub arn:aws:s3:::${ArtifactBucket}/* - !Sub arn:aws:s3:::${ArtifactBucket} Effect: Allow Action: - s3:PutObject - s3:GetObject - s3:GetObjectVersion - s3:GetBucketVersioning - Resource: "*" Effect: Allow Action: - codebuild:StartBuild - codebuild:BatchGetBuilds - Resource: !Sub 'arn:aws:codecommit:${AWS::Region}:${AWS::AccountId}:retaildemostore-src' Effect: Allow Action: - "codecommit:GetBranch" - "codecommit:GetCommit" - "codecommit:UploadArchive" - "codecommit:GetUploadArchiveStatus" - "codecommit:CancelUploadArchive" ArtifactBucket: Type: AWS::S3::Bucket Properties: VersioningConfiguration: Status: Enabled LoggingConfiguration: DestinationBucketName: !Ref LoggingBucketName LogFilePrefix: swaggerui-logs BucketEncryption: ServerSideEncryptionConfiguration: - ServerSideEncryptionByDefault: SSEAlgorithm: AES256 BucketKeyEnabled: true # Empties bucket when stack is deleted EmptyArtifactBucket: Type: Custom::EmptyArtifactBucket Properties: ServiceToken: !Ref CleanupBucketLambdaArn BucketName: !Ref ArtifactBucket # Retail Demo Store CodeBuild project for Swagger UI CodeBuildProject: Type: 'AWS::CodeBuild::Project' Properties: Name: !Ref AWS::StackName Description: !Sub 'Building stage for ${AWS::StackName}' Artifacts: Type: CODEPIPELINE Source: Type: CODEPIPELINE BuildSpec: src/swagger-ui/buildspec.yml ServiceRole: !Ref CodeBuildServiceRole Environment: ComputeType: BUILD_GENERAL1_SMALL EnvironmentVariables: - Name: SWAGGER_UI_BUCKET_NAME Value: !Ref SwaggerUIBucketName - Name: CLOUDFRONT_DIST_ID Value: !Ref SwaggerUICDN - Name: PRODUCTS_SERVICE_URL Value: !Sub ${ProductsServiceExternalUrl} - Name: USERS_SERVICE_URL Value: !Sub ${UsersServiceExternalUrl} - Name: CARTS_SERVICE_URL Value: !Sub ${CartsServiceExternalUrl} - Name: ORDERS_SERVICE_URL Value: !Sub ${OrdersServiceExternalUrl} - Name: RECOMMENDATIONS_SERVICE_URL Value: !Sub ${RecommendationsServiceExternalUrl} - Name: LOCATION_SERVICE_URL Value: !Sub ${LocationServiceExternalUrl} - Name: SEARCH_SERVICE_URL Value: !Sub ${SearchServiceExternalUrl} - Name: VIDEOS_SERVICE_URL Value: !Sub ${VideosServiceExternalUrl} - Name: OFFERS_SERVICE_URL Value: !Sub ${OffersServiceExternalUrl} - Name: DEPLOYED_REGION Value: !Ref AWS::Region - Name: SWAGGER_UI_ROOT_URL Value: !Ref SwaggerUIRootUrl Image: 'aws/codebuild/standard:2.0' Type: LINUX_CONTAINER PipelineGitHub: Condition: LinkToGitHub Type: AWS::CodePipeline::Pipeline Properties: RoleArn: !GetAtt CodePipelineServiceRole.Arn Tags: - Key: RetailDemoStoreServiceName Value: swagger-ui ArtifactStore: Type: S3 Location: !Ref ArtifactBucket Stages: - Name: Source Actions: - Name: App ActionTypeId: Category: Source Owner: ThirdParty Version: '1' Provider: GitHub Configuration: Owner: !Ref GitHubUser Repo: !Ref GitHubRepo Branch: !Ref GitHubBranch OAuthToken: !Ref GitHubToken OutputArtifacts: - Name: App RunOrder: 1 - Name: Build Actions: - Name: Build-and-Deploy InputArtifacts: - Name: App ActionTypeId: Category: Build Owner: AWS Version: '1' Provider: CodeBuild OutputArtifacts: - Name: BuildOutput Configuration: ProjectName: !Ref CodeBuildProject RunOrder: 1 PipelineCodeCommit: Condition: LinkToCodeCommit Type: AWS::CodePipeline::Pipeline Properties: RoleArn: !GetAtt CodePipelineServiceRole.Arn Tags: - Key: RetailDemoStoreServiceName Value: swagger-ui ArtifactStore: Type: S3 Location: !Ref ArtifactBucket Stages: - Name: Source Actions: - Name: App ActionTypeId: Category: Source Owner: AWS Version: '1' Provider: CodeCommit Configuration: RepositoryName: retaildemostore-src BranchName: main PollForSourceChanges: false OutputArtifacts: - Name: App RunOrder: 1 - Name: Build Actions: - Name: Build-and-Deploy InputArtifacts: - Name: App ActionTypeId: Category: Build Owner: AWS Version: '1' Provider: CodeBuild OutputArtifacts: - Name: BuildOutput Configuration: ProjectName: !Ref CodeBuildProject RunOrder: 1 EventRole: Condition: LinkToCodeCommit Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Principal: Service: - events.amazonaws.com Action: sts:AssumeRole Path: / Policies: - PolicyName: eb-pipeline-execution PolicyDocument: Version: 2012-10-17 Statement: - Effect: Allow Action: codepipeline:StartPipelineExecution Resource: !Join [ '', [ 'arn:aws:codepipeline:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref PipelineCodeCommit ] ] EventRule: Condition: LinkToCodeCommit Type: AWS::Events::Rule Properties: EventPattern: source: - aws.codecommit detail-type: - 'CodeCommit Repository State Change' resources: - !Join [ '', [ 'arn:aws:codecommit:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', 'retaildemostore-src' ] ] detail: event: - referenceCreated - referenceUpdated referenceType: - branch referenceName: - main Targets: - Arn: !Join [ '', [ 'arn:aws:codepipeline:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref PipelineCodeCommit ] ] RoleArn: !GetAtt EventRole.Arn Id: codepipeline-AppPipeline Outputs: PipelineForGitHubUrl: Condition: LinkToGitHub Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${PipelineGitHub} PipelineForCodeCommitUrl: Condition: LinkToCodeCommit Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${PipelineCodeCommit}