-
Notifications
You must be signed in to change notification settings - Fork 4
/
4-nested-stack-for-codedeploy.yaml
98 lines (90 loc) · 3.52 KB
/
4-nested-stack-for-codedeploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
AWSTemplateFormatVersion: '2010-09-09'
## =================== DESCRIPTION =================== ##
Description: >-
AWS CloudFormation sample template
- Create a new CodeDeploy application
- Create a new CodeDeploy deployment group for DEV env
- Create a new CodeDeploy deployment group for PROD env
- Create a new role for CodeDeploy deployment groups
## =================== PARAMETERS =================== ##
Parameters:
paramTagForDevEc2Instance:
Description: Specify an existing tag value for all DEV instances of CI/CD project
Type: String
Default: cicd-dev-ec2-instance
paramTagForProdEc2Instance:
Description: Specify an existing tag value for all PROD instances of CI/CD project
Type: String
Default: cicd-prod-ec2-instance
## =================== RESOURCES =================== ##
Resources:
# Create a new CodeDeploy application
myCodeDeployApplication:
Type: AWS::CodeDeploy::Application
Properties:
ApplicationName: cicd-codedeploy-application
ComputePlatform: Server # Allowed values: ECS | Lambda | Server
# Create a new CodeDeploy deployment group for DEV env
myCodeDeployDeploymentGroupForDev:
Type: AWS::CodeDeploy::DeploymentGroup
Properties:
DeploymentGroupName: cicd-codedeploy-group-for-dev
ApplicationName: !Ref myCodeDeployApplication
Ec2TagFilters:
- Key: Name
Value: cicd-dev-ec2-instance # get all EC2 instances with { Name: cicd-dev-ec2-instance } tag
Type: 'KEY_AND_VALUE'
ServiceRoleArn: !Sub arn:aws:iam::${AWS::AccountId}:role/${myCodeDeployRole}
# Create a new CodeDeploy deployment group for PROD env
myCodeDeployDeploymentGroupForProd:
Type: AWS::CodeDeploy::DeploymentGroup
Properties:
DeploymentGroupName: cicd-codedeploy-group-for-prod
ApplicationName: !Ref myCodeDeployApplication
Ec2TagFilters:
- Key: Name
Value: cicd-prod-ec2-instance # get all EC2 instances with { Name: cicd-prod-ec2-instance } tag
Type: 'KEY_AND_VALUE'
ServiceRoleArn: !Sub arn:aws:iam::${AWS::AccountId}:role/${myCodeDeployRole}
# Create a new role for CodeDeploy deployment groups
myCodeDeployRole:
Type: AWS::IAM::Role
Properties:
RoleName: cicd-codedeploy-role
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Action:
- 'sts:AssumeRole'
Effect: Allow
Principal:
Service:
- codedeploy.amazonaws.com
Path: /
Policies:
- PolicyName: cicd-codedeploy-policy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Action:
- 'ec2:DescribeInstances'
- 'ec2:DescribeInstanceStatus'
- 'ec2:TerminateInstances'
- 'tag:GetTags'
- 'tag:GetResources'
- 'sns:Publish'
- 'cloudwatch:DescribeAlarms'
- 'cloudwatch:PutMetricAlarm'
Effect: Allow
Resource: '*'
## =================== OUTPUT =================== ##
Outputs:
outputCodeDeployApplication:
Description: CodeDeploy application name
Value: !Ref myCodeDeployApplication
outputCodeDeployDeploymentGroupForDev:
Description: CodeDeploy deployment group name for DEV
Value: !Ref myCodeDeployDeploymentGroupForDev
outputCodeDeployDeploymentGroupForProd:
Description: CodeDeploy deployment group name for PROD
Value: !Ref myCodeDeployDeploymentGroupForProd