This project contains a reference implementation (starter template and setup instructions) for an "infrastructure continuous delivery" architecture using GitHub, AWS CodePipeline and CloudFormation.
- Fork this repo.
- Bootstrap the CloudFormation stack:
a. a.
b. Enter the forked repo's owner in the
GitHubOwner
field. c. Create a New personal access token withrepo
andadmin:repo_hook
scopes, and enter the token in theGitHubToken
field. d. Enter the name of an existing S3 bucket for storing pipeline artifacts in theArtifactBucket
field. (Create a bucket first if necessary.) - Verify the newly-created stack and pipeline.
a. Check the CloudFormation Console to ensure your stack reaches the
CREATE_COMPLETE
state successfully. b. Check the CodePipeline Console to ensure the pipeline'sSource
andDeploy
stages both completed successfully. - Update the CloudFormation stack:
a. Modify
cfn-template.yml
in the Git repository and commit/push the change. b. For example, try renamingTopic
toNewTopic
. - Verify the stack update.
a. Check the CodePipeline Console to ensure the pipeline processes the new commit in both stages.
b. Check the CloudFormation Console to ensure your stack reaches the
UPDATE_COMPLETE
state successfully. c. Verify the created/updated resources. For example, check the SNS Topics Console for the newly-createdNewTopic
resource.
That's it!
Note: The CloudFormation Service Role (CFNRole
) allows full permissions ('*'
). For more restricted, fine-grained security, you should move the CFNRole
and PipelineRole
resources into a separate CloudFormation stack, reference them using Fn::ImportValue
, and ensure that CFNRole
grants least privilege.
Talk from re:Invent 2016, "Infrastructure Continuous Delivery Using AWS CloudFormation"