I have the following serverless yaml that I'm using to try to deploy my first step function:
org: bizrob
app: flexipod-2-queue
service: flexipod-2-queue
frameworkVersion: "2 || 3"
package:
exclude:
# list of biggest modules that are in devdepenedecies and similar
- node_modules/aws-sdk/**
- node_modules/serverless-domain-manager/**
- node_modules/#serverless
- node_modules/serverless
- node_modules/java-invoke-local
- node_modules/tabtab
- node_modules/snappy
custom:
region: eu-west-1
provider:
name: aws
runtime: nodejs14.x
plugins:
- serverless-step-functions
functions:
GetConfigDbConnection:
handler: flexipod-2-queue/dbConfig.getConfigDbConnection
environment:
REGION: ${self:custom.region}
GetConfigRec:
handler: flexipod-2-queue/dbConfig.getConfigRec
environment:
REGION: ${self:custom.region}
GetSelectQueries:
handler: flexipod-2-queue/dbConfig.getSelectQueries
environment:
REGION: ${self:custom.region}
PullSqlSvr:
handler: flexipod-2-queue/pullSqlSvrData.pullSqlSvr
environment:
REGION: ${self:custom.region}
API_VERSION_S3: "2006-03-01"
API_VERSION_SQS: "2012-11-05"
SQS_QUEUE_URL: !Ref "MyQueue"
SendToDataLake:
handler: queue-2-datalake/sendToDataLake.sendBatchToQueue
environment:
REGION: ${self:custom.region}
API_VERSION_S3: "2006-03-01"
API_VERSION_SQS: "2012-11-05"
stepFunctions:
stateMachines:
flexipodFlow:
name: flexipodFlow
definition:
StartAt: GetConfigDbConnection
States:
GetConfigDbConnection:
Type: Task
Resource:
Fn::GetAtt: [GetConfigDbConnection, Arn]
Next: GetConfigRec
GetConfigRec:
Type: Task
Resource:
Fn::GetAtt: [GetConfigRec, Arn]
Next: GetSelectQueries
GetSelectQueries:
Type: Task
Resource:
Fn::GetAtt: [GetSelectQueries, Arn]
ResultPath: $.queries
Next: Map
Map:
Type: Map
ItemsPath: $.queries
MaxConcurrency: 2
Next: Final State
Iterator:
StartAt: PullSql
States:
PullSql:
Type: Task
Resource:
Fn::GetAtt: [PullSqlSvr, Arn]
Final State:
Type: Pass
End: true
resources:
Resources:
MyQueue:
Type: "AWS::SQS::Queue"
Properties:
QueueName: "flexipod"
After running serverless deploy, I see get the following error in the vscode terminal:
Error:
TypeError: Cannot read property 'match' of null
at C:\GitBizTalkers\OLD_Wck_Flexipod\node_modules\serverless-step-functions\lib\deploy\stepFunctions\compileIamRole.js:472:61
at arrayMap (C:\GitBizTalkers\OLD_Wck_Flexipod\node_modules\lodash\lodash.js:653:23)
at map (C:\GitBizTalkers\OLD_Wck_Flexipod\node_modules\lodash\lodash.js:9622:14)
at Function.flatMap (C:\GitBizTalkers\OLD_Wck_Flexipod\node_modules\lodash\lodash.js:9325:26) at ServerlessStepFunctions.getIamPermissions (C:\GitBizTalkers\OLD_Wck_Flexipod\node_modules\serverless-step-functions\lib\deploy\stepFunctions\compileIamRole.js:413:12)
at C:\GitBizTalkers\OLD_Wck_Flexipod\node_modules\serverless-step-functions\lib\deploy\stepFunctions\compileIamRole.js:522:56
at Array.forEach (<anonymous>)
at ServerlessStepFunctions.compileIamRole (C:\GitBizTalkers\OLD_Wck_Flexipod\node_modules\serverless-step-functions\lib\deploy\stepFunctions\compileIamRole.js:511:32)
at ServerlessStepFunctions.tryCatcher (C:\GitBizTalkers\OLD_Wck_Flexipod\node_modules\bluebird\js\release\util.js:16:23)
at Promise._settlePromiseFromHandler (C:\GitBizTalkers\OLD_Wck_Flexipod\node_modules\bluebird\js\release\promise.js:547:31)
at Promise._settlePromise (C:\GitBizTalkers\OLD_Wck_Flexipod\node_modules\bluebird\js\release\promise.js:604:18)
at Promise._settlePromiseCtx (C:\GitBizTalkers\OLD_Wck_Flexipod\node_modules\bluebird\js\release\promise.js:641:10)
at _drainQueueStep (C:\GitBizTalkers\OLD_Wck_Flexipod\node_modules\bluebird\js\release\async.js:97:12)
at _drainQueue (C:\GitBizTalkers\OLD_Wck_Flexipod\node_modules\bluebird\js\release\async.js:86:9)
at Async._drainQueues (C:\GitBizTalkers\OLD_Wck_Flexipod\node_modules\bluebird\js\release\async.js:102:5)
at Immediate.Async.drainQueues [as _onImmediate] (C:\GitBizTalkers\OLD_Wck_Flexipod\node_modules\bluebird\js\release\async.js:15:14)
at processImmediate (node:internal/timers:464:21)
Anyone see what I've done wrong?
Problem was due to yaml formatting. Line 192
Fn::GetAtt: [PullSqlSvr, Arn]
This needed an extra tab to indent below "Resource:"
Related
We use API-Gateway and Lambda architecture..
config/function.yml
handler: ${self:custom.alias}/src/create_shipment.handler
name: ${self:service}-create-shipment-${self:provider.stage}
description: create shipment api service - ${self:provider.stage}
provisionedConcurrency: 1
concurrencyAutoscaling:
enabled: true
alias: v2
maximum: 10
minimum: 1
events:
- http:
path: /create/shipment
main serverless
service: test-poc
provider:
name: aws
runtime: python3.7
versionFunctions: true
stage: ${opt:stage, 'dev'}
region: us-east-1
custom:
alias: ${opt:alias, 'v1'}
serverless-layers:
functions:
- function
plugins:
- serverless-layers
- serverless-add-api-key
- serverless-aws-alias-fixed
package:
individually: true
exclude:
- "**/*"
- serverless.yaml
functions:
function: ${file(config/function.yml):function}
We have a latency from our api and lambda, we wanted to eliminate if this is due to cold start problem and wanted to use the provisioned-concurrency plugin..
plugins:
- serverless-provisioned-concurrency-autoscaling
function:
handler: ${self:custom.alias}/src/create_shipment.handler
name: ${self:service}-function-${self:provider.stage}
description: function - ${self:provider.stage}
provisionedConcurrency: 1
concurrencyAutoscaling:
enabled: true
alias: v2
maximum: 10
minimum: 1
After adding the required provisioned concurrency settings, we are doing a
sls deploy --alias v2 -s dev
Error --------------------------------------------------
Error: The CloudFormation template is invalid: Template error: instance of Fn::GetAtt references undefined resource functionDashLambdaVersiongJFUc5aoaeWG5RSH867TjWyZWnQwgUzGCr1iqC20FY
at /home/jenkins/workspace/test-poc/node_modules/serverless/lib/plugins/aws/deploy/lib/validateTemplate.js:20:13
at tryCatcher (/home/jenkins/workspace/test-poc/node_modules/bluebird/js/release/util.js:16:23)
at Promise._settlePromiseFromHandler (/home/jenkins/workspace/test-poc/node_modules/bluebird/js/release/promise.js:547:31)
at Promise._settlePromise (/home/jenkins/workspace/test-poc/node_modules/bluebird/js/release/promise.js:604:18)
at Promise._settlePromise0 (/home/jenkins/workspace/test-poc/node_modules/bluebird/js/release/promise.js:649:10)
at Promise._settlePromises (/home/jenkins/workspace/test-poc/node_modules/bluebird/js/release/promise.js:725:18)
at _drainQueueStep (/home/jenkins/workspace/test-poc/node_modules/bluebird/js/release/async.js:93:12)
at _drainQueue (/home/jenkins/workspace/test-poc/node_modules/bluebird/js/release/async.js:86:9)
at Async._drainQueues (/home/jenkins/workspace/test-poc/node_modules/bluebird/js/release/async.js:102:5)
at Immediate.Async.drainQueues [as _onImmediate] (/home/jenkins/workspace/test-poc/node_modules/bluebird/js/release/async.js:15:14)
at processImmediate (internal/timers.js:464:21)
I want to add SNS as a trigger for Lambda in CloudFormation template but I it is not working for me. Below is the code I applied and I get lambda, sns and lambda subscription to SNS but I can't add trigger to lambda. Does anyone have any idea how to do it?
LambdaRole:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action:
- 'sts:AssumeRole'
Path: /
Policies:
- PolicyName: lambda_policy
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action: '*'
Resource: '*'
Lambdafunction:
Type: AWS::Lambda::Function
Properties:
Handler: index.handler
Role: !GetAtt LambdaRole.Arn
# Role: !GettAtt [LambdaRole, Arn]
Code:
S3Bucket: lambda-s3
S3Key: lambda.zip
Runtime: python3.9
Timeout: 30
PermissionSNStoLambda:
Type: 'AWS::Lambda::Permission'
Properties:
Action: 'lambda:InvokeFunction'
FunctionName: !Ref Lambdafunction
Principal: sns.amazonaws.com
test2Topic:
Type: 'AWS::SNS::Topic'
Properties:
DisplayName: Scale of Test Web group
Subscription:
- Protocol: lambda
Endpoint: !GetAtt Lambdafunction.Arn
SNSPolicy:
Type: 'AWS::SNS::TopicPolicy'
Properties:
Topics:
- !Ref test2Topic
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Principal: AWS: '*'
Action:
- 'SNS:GetTopicAttributes'
- 'SNS:SetTopicAttributes'
- 'SNS:AddPermission'
- 'SNS:RemovePermission'
- 'SNS:DeleteTopic'
- 'SNS:Subscribe'
- 'SNS:ListSubscriptionsByTopic'
- 'SNS:Publish'
- 'SNS:Receive'
Resource: !Ref test2Topic
This is the most logical for me to use to add the trigger, but no success:
SNSTriggersLambda:
Type: AWS::Lambda::EventInvokeConfig
Properties:
DestinationConfig:
OnFailure:
Destination: !Ref test2Topic
OnSuccess:
Destination: !Ref test2Topic
FunctionName: !Ref Lambdafunction
MaximumEventAgeInSeconds: 70
MaximumRetryAttempts: 1
Qualifier: $LATEST
I just managed to resolve the issue. I needed one extra line in permission section stating source ARN for SNS Topic:
PermissionSNStoLambda:
Type: 'AWS::Lambda::Permission'
Properties:
Action: 'lambda:InvokeFunction'
FunctionName: !Ref Lambdafunction
Principal: sns.amazonaws.com
SourceArn: !Ref test2Topic
It works now!
Can you please help with what is wrong here?
when I am trying to run this following cloud formation stack getting error. I am trying to create the lambda function with the sns role using cloud formation Invalid template resource property 'Policies'
AWSTemplateFormatVersion: '2010-09-09'
Description: VPC function.
Resources:
Function:
Type: AWS::Lambda::Function
Properties:
Handler: index.handler
Code:
S3Bucket: teste-artifact-bucket
S3Key: function.zip
Runtime: python3.6
Timeout: 5
TracingConfig:
Mode: Active
LambdaExecutionRole:
Description: Creating service role in IAM for AWS Lambda
Type: AWS::IAM::Role
Properties:
RoleName:
Fn::Sub: ${ProjectId}-execution
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service:
- lambda.amazonaws.com
Action: sts:AssumeRole
Path: /
Policies:
PolicyName: Lamda addtional access
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- sns:Subscribe
- sns:Publish
- sns:CreateTopic
- logs:PutLogEvents
- logs:CreateLogStream
- logs:CreateLogGroup
Resource: '*'
ManagedPolicyArns:
- !Sub 'arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole'
LambdaFunctionLogGroup:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: !Sub '/aws/lambda/${ProjectId}'
RetentionInDays: 60
Policies code block isn't indented far enough
I'm trying to add a dynamodb stream with the following template.yml
MyFunc:
Type: AWS::Serverless::Function
Properties:
CodeUri: ./myfunc
Handler: main
Runtime: go1.x
Events:
MyStream:
Type: DynamoDB
Properties:
Stream: !GetAtt MyTable.StreamArn
BatchSize: 1
StartingPosition: LATEST
Role:
Fn::ImportValue:
!Join ['-', [!Ref 'ProjectId', !Ref 'AWS::Region', 'LambdaTrustRole']]
However, I'm getting the following error during the deploy stage:
Please ensure the role can perform the GetRecords, GetShardIterator, DescribeStream, and ListStreams Actions on your stream in IAM.
Attempt 1
So I tried fixing the problem by adding the following policies to my IAM, CodeStarWorker-myproject-CloudFormation:
"dynamodb:GetRecords",
"dynamodb:GetShardIterator",
"dynamodb:DescribeStream",
"dynamodb:ListStreams",
That didn't work, still giving me the same error
Attempt 2
Tried using policies stead of role in template.yml
MyFunc:
Type: AWS::Serverless::Function
Properties:
CodeUri: ./myfunc
Handler: main
Runtime: go1.x
Events:
MyStream:
Type: DynamoDB
Properties:
Stream: !GetAtt MyTable.StreamArn
BatchSize: 1
StartingPosition: LATEST
Policies:
- IAMFullAccess
- AWSLambdaFullAccess
But it gave me the following error
API: iam:CreateRole User: arn:aws:sts::xxx:assumed-role/CodeStarWorker-xxx-CloudFormation/AWSCloudFormation is not authorized to perform: iam:CreateRole on resource: arn:aws:iam::xxx:role/awscodestar-xxx-lambda-MyFuncRole-1BO7G545IR5IC
Attempt 3
Specifying a role in template.yml
LambdaRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow #allow lambda to assume this role
Principal:
Service:
- lambda.amazonaws.com
Action:
- sts:AssumeRole
Path: "/"
Policies:
- PolicyName: LambdaRolePolicy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow # allow to write logs to cloudwatch
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource: arn:aws:logs:*:*:*
- Effect: Allow # allow lambda to read from the event stream
Action:
- dynamodb:DescribeStream
- dynamodb:GetRecords
- dynamodb:GetShardIterator
- dynamodb:ListStreams
Resource: "*"
And assign it to MyFunc
Role:
Fn::GetAtt: [ LambdaRole , Arn ]
However, it's also giving me the same error indicating that I'm not authorized to perform iam:CreateRole
Any help?
iam:CreateRole - you would need this action to create a role. The user that you use to run the Cloudformation template would need to include the "CreateRole" action.
I would like to automate deployment of AWS Lambda developed in java. For this I created CodePipeline which is triggered on git push command to CodeCommit repository. Next step in CodePipeline is CodeBuild project. CodeBuild uses following buildspec.yml file:
version: 0.1
phases:
build:
commands:
- echo Entering build phase...
- echo Build started on `date`
- mvn package shade:shade
- mv target/Output-1.0.jar .
artifacts:
files:
- Output-1.0.jar
When CodeBuild project is run manually it will upload jar file to s3 bucket. This jar file can be without any problem used to update lambda and everything works as expected. But if CodeBuild is run via CodePipeline, result is jar file wrapped inside zip. Since this zip cannot be used for updating lambda function, I am not sure what I should do here since CodePipeline overwrites any packaging set for CodeBuild project.
Idea is that CodePipeline triggers CodeBuild which produces output which additional lambda will took and update lambda function with it. Is it somehow possible that output of CodeBuild which is invoked from CodePipeline be jar instead of zip ? If not, what should I do here then ?
Any help is appreciated.
A zip or a jar file can both be used to update a Lambda Function, you just need to add a "Deploy Step" using Cloudformation to your CodePipeline.
This is a nodejs build/pipeline, try to adapt to your java project:
Project Files
buildspec.yml
version: 0.2
phases:
install:
commands:
- echo install phase
pre_build:
commands:
- echo pre_build phase
build:
commands:
- npm install --production
post_build:
commands:
- echo post build
artifacts:
type: zip
files:
- index.js
- node_modules/**/*
- package.json
- template.yml
- configuration.json
discard-paths: no
configuration.json
{
"Parameters": {
"BucketName" : { "Fn::GetArtifactAtt" : ["Build", "BucketName"]},
"ObjectKey" : { "Fn::GetArtifactAtt" : ["Build", "ObjectKey"]}
}
}
template.yml (you need to add a AWS::Lambda::Permission)
AWSTemplateFormatVersion: "2010-09-09"
Description: "My Lambda Template"
Parameters:
BucketName:
Type: String
ObjectKey:
Type: String
Roles:
Type: String
Default: Roles
LambdaRole:
Type: String
Default: LambdaRole
Resources:
MyLambdaFunction:
Type: AWS::Lambda::Function
Properties:
Description: 'My Lambda Handler'
Handler: index.handler
Runtime: nodejs6.10
Timeout: 5
Code:
S3Bucket:
Ref: BucketName
S3Key:
Ref: ObjectKey
Role:
Fn::Join:
- ""
- - "arn:aws:iam::"
- !Ref AWS::AccountId
- ":role/"
- Fn::ImportValue:
Fn::Join:
- ""
- - Ref: Roles
- "-"
- Ref: LambdaRole
Roles Template
AWSTemplateFormatVersion: '2010-09-09'
Description: 'The AWS Resource Roles'
Resources:
CodeBuildRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
Effect: Allow
Principal:
Service: codebuild.amazonaws.com
Action: sts:AssumeRole
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AWSCodeBuildAdminAccess
- arn:aws:iam::aws:policy/CloudWatchFullAccess
- arn:aws:iam::aws:policy/AWSCodeCommitFullAccess
- arn:aws:iam::aws:policy/AmazonS3FullAccess
CodePipelineRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
Effect: Allow
Principal:
Service: codepipeline.amazonaws.com
Action: sts:AssumeRole
Policies:
-
PolicyName: CloudFormationFullAccess
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action:
- "cloudformation:*"
Resource: "*"
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AWSCodePipelineFullAccess
- arn:aws:iam::aws:policy/AWSCodeCommitFullAccess
- arn:aws:iam::aws:policy/AmazonS3FullAccess
- arn:aws:iam::aws:policy/AWSCodeBuildAdminAccess
- arn:aws:iam::aws:policy/AWSLambdaFullAccess
CloudFormationRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
Effect: Allow
Principal:
Service: cloudformation.amazonaws.com
Action: sts:AssumeRole
Policies:
-
PolicyName: CloudFormationFullAccess
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action: "cloudformation:*"
Resource: "*"
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AWSCodePipelineFullAccess
- arn:aws:iam::aws:policy/AWSCodeCommitFullAccess
- arn:aws:iam::aws:policy/AmazonS3FullAccess
- arn:aws:iam::aws:policy/AWSCodeBuildAdminAccess
- arn:aws:iam::aws:policy/AWSLambdaFullAccess
- arn:aws:iam::aws:policy/AmazonAPIGatewayAdministrator
LambdaRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action: sts:AssumeRole
Policies:
-
PolicyName: CloudFormationFullAccess
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: "Allow"
Action: "cloudformation:*"
Resource: "*"
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AWSLambdaFullAccess
- arn:aws:iam::aws:policy/AWSCodePipelineFullAccess
- arn:aws:iam::aws:policy/AmazonSESFullAccess
Outputs:
CodeBuildRoleOutput:
Description: 'Maybe API CodeBuildRole ARN'
Value: !Ref 'CodeBuildRole'
Export:
Name: !Sub '${AWS::StackName}-CodeBuildRole'
CodePipelineRoleOutput:
Description: 'Maybe API CodePipelineRole ARN'
Value: !Ref 'CodePipelineRole'
Export:
Name: !Sub '${AWS::StackName}-CodePipelineRole'
CloudFormationRoleOutput:
Description: 'Maybe API CloudFormationRole ARN'
Value: !Ref 'CloudFormationRole'
Export:
Name: !Sub '${AWS::StackName}-CloudFormationRole'
LambdaRoleOutput:
Description: 'Maybe API LambdaRole ARN'
Value: !Ref 'LambdaRole'
Export:
Name: !Sub '${AWS::StackName}-LambdaRole'
CodePipeline Bucket
AWSTemplateFormatVersion: '2010-09-09'
Description: 'The AWS S3 CodePipeline Bucket'
Resources:
CodePipelineBucket:
Type: AWS::S3::Bucket
DeletionPolicy: Retain
Properties:
BucketName: my-code-pipeline-bucket
VersioningConfiguration:
Status: Enabled
AccessControl: BucketOwnerFullControl
Outputs:
CodePipelineBucketOutput:
Description: 'CodePipeline Bucket Ref'
Value: !Ref CodePipelineBucket
Export:
Name: !Sub '${AWS::StackName}-CodePipelineBucketRef'
CodeBuild Template
AWSTemplateFormatVersion: '2010-09-09'
Description: 'Nodejs CodeBuild Template'
Parameters:
Artifact:
Type: String
Default: artifact
Roles:
Type: String
Default: Roles
CodeBuildRole:
Type: String
Default: CodeBuildRole
Resources:
NodejsCodeBuild:
Type: AWS::CodeBuild::Project
DeletionPolicy: Retain
Properties:
ServiceRole:
Fn::ImportValue:
Fn::Join:
- ""
- - Ref: Roles
- "-"
- Ref: CodeBuildRole
Artifacts:
Type: no_artifacts
Environment:
ComputeType: BUILD_GENERAL1_SMALL
Image: aws/codebuild/eb-nodejs-6.10.0-amazonlinux-64:4.0.0
Type: LINUX_CONTAINER
Source:
Type: S3
Location: !Ref Artifact
Outputs:
NodejsCodeBuildOutput:
Description: 'Nodejs CodeBuild Ref'
Value: !Ref 'NodejsCodeBuild'
Export:
Name: !Sub '${AWS::StackName}-NodejsCodeBuildRef'
CodePipeline Template
AWSTemplateFormatVersion: '2010-09-09'
Description: 'CodePipeline for Nodejs Applications'
Parameters:
Roles:
Type: String
Default: Roles
CodePipelineRole:
Type: String
Default: CodePipelineRole
CloudFormationRole:
Type: String
Default: CloudFormationRole
CodePipelineBucket:
Type: String
Default: CodePipelineBucket
CodePipelineBucketRef:
Type: String
Default: CodePipelineBucketRef
PipelineName:
Type: String
Default: PipelineName
CodeBuildProject:
Type: String
Default: NodejsCodeBuild
CodeBuildProjectRef:
Type: String
Default: NodejsCodeBuildRef
Branch:
Type: String
Default: master
Repository:
Type: String
Default: my-repository-name
LambdaStack:
Type: String
Default: LambdaStack
Resources:
NodejsCodePipeline:
Type: AWS::CodePipeline::Pipeline
Properties:
Name: !Ref PipelineName
RoleArn:
Fn::Join:
- ""
- - "arn:aws:iam::"
- !Ref AWS::AccountId
- ":role/"
- Fn::ImportValue:
Fn::Join:
- ""
- - Ref: Roles
- "-"
- Ref: CodePipelineRole
ArtifactStore:
Location:
Fn::Join:
- ""
- - Fn::ImportValue:
Fn::Join:
- ""
- - Ref: CodePipelineBucket
- "-"
- Ref: CodePipelineBucketRef
Type: S3
Stages:
- Name: Source
Actions:
- InputArtifacts: []
Name: Source
ActionTypeId:
Category: Source
Owner: AWS
Version: 1
Provider: CodeCommit
OutputArtifacts:
- Name: Master
Configuration:
BranchName: !Ref Branch
RepositoryName: !Ref Repository
RunOrder: 1
- Name: Build
Actions:
- Name: Build
ActionTypeId:
Category: Build
Owner: AWS
Version: 1
Provider: CodeBuild
InputArtifacts:
- Name: Master
OutputArtifacts:
- Name: Build
Configuration:
ProjectName:
Fn::Join:
- ""
- - Fn::ImportValue:
Fn::Join:
- ""
- - Ref: CodeBuildProject
- "-"
- Ref: CodeBuildProjectRef
RunOrder: 1
- Name: Stage
Actions:
- Name: Sandbox
ActionTypeId:
Category: Deploy
Owner: AWS
Version: 1
Provider: CloudFormation
InputArtifacts:
- Name: Build
OutputArtifacts:
- Name: Deploy
Configuration:
StackName: !Ref LambdaStack
ActionMode: CREATE_UPDATE
Capabilities: CAPABILITY_IAM
TemplateConfiguration: Build::configuration.json
TemplatePath: Build::template.yml
ParameterOverrides: |
{
"BucketName" : { "Fn::GetArtifactAtt" : ["Build", "BucketName"]},
"ObjectKey" : { "Fn::GetArtifactAtt" : ["Build", "ObjectKey"]}
}
RoleArn:
Fn::Join:
- ""
- - "arn:aws:iam::"
- !Ref AWS::AccountId
- ":role/"
- Fn::ImportValue:
Fn::Join:
- ""
- - Ref: Roles
- "-"
- Ref: CloudFormationRole
RunOrder: 1