PipelineDeployStackAction

class aws_cdk.app_delivery.PipelineDeployStackAction(*, admin_permissions, input, stack, capabilities=None, change_set_name=None, create_change_set_action_name=None, create_change_set_run_order=None, execute_change_set_action_name=None, execute_change_set_run_order=None, role=None)

Bases: object

(deprecated) A class to deploy a stack that is part of a CDK App, using CodePipeline.

This composite Action takes care of preparing and executing a CloudFormation ChangeSet.

It currently does not support stacks that make use of ``Asset``s, and requires the deployed stack is in the same account and region where the CodePipeline is hosted.

Stability:

deprecated

ExampleMetadata:

infused

Example:

import aws_cdk.aws_codebuild as codebuild
import aws_cdk.aws_codepipeline as codepipeline
import aws_cdk.aws_codepipeline_actions as codepipeline_actions
import aws_cdk.core as cdk
import aws_cdk.app_delivery as cicd
import aws_cdk.aws_iam as iam

class MyServiceStackA(cdk.Stack):
    pass
class MyServiceStackB(cdk.Stack):
    pass

app = cdk.App()

# We define a stack that contains the CodePipeline
pipeline_stack = cdk.Stack(app, "PipelineStack")
pipeline = codepipeline.Pipeline(pipeline_stack, "CodePipeline",
    # Mutating a CodePipeline can cause the currently propagating state to be
    # "lost". Ensure we re-run the latest change through the pipeline after it's
    # been mutated so we're sure the latest state is fully deployed through.
    restart_execution_on_update=True
)

# Configure the CodePipeline source - where your CDK App's source code is hosted
source_output = codepipeline.Artifact()
source = codepipeline_actions.GitHubSourceAction(
    action_name="GitHub",
    output=source_output,
    owner="myName",
    repo="myRepo",
    oauth_token=cdk.SecretValue.unsafe_plain_text("secret")
)
pipeline.add_stage(
    stage_name="source",
    actions=[source]
)

project = codebuild.PipelineProject(pipeline_stack, "CodeBuild")
synthesized_app = codepipeline.Artifact()
build_action = codepipeline_actions.CodeBuildAction(
    action_name="CodeBuild",
    project=project,
    input=source_output,
    outputs=[synthesized_app]
)
pipeline.add_stage(
    stage_name="build",
    actions=[build_action]
)

# Optionally, self-update the pipeline stack
self_update_stage = pipeline.add_stage(stage_name="SelfUpdate")
self_update_stage.add_action(cicd.PipelineDeployStackAction(
    stack=pipeline_stack,
    input=synthesized_app,
    admin_permissions=True
))

# Now add our service stacks
deploy_stage = pipeline.add_stage(stage_name="Deploy")
service_stack_a = MyServiceStackA(app, "ServiceStackA")
# Add actions to deploy the stacks in the deploy stage:
deploy_service_aAction = cicd.PipelineDeployStackAction(
    stack=service_stack_a,
    input=synthesized_app,
    # See the note below for details about this option.
    admin_permissions=False
)
deploy_stage.add_action(deploy_service_aAction)
# Add the necessary permissions for you service deploy action. This role is
# is passed to CloudFormation and needs the permissions necessary to deploy
# stack. Alternatively you can enable [Administrator](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_administrator) permissions above,
# users should understand the privileged nature of this role.
my_resource_arn = "arn:partition:service:region:account-id:resource-id"
deploy_service_aAction.add_to_deployment_role_policy(iam.PolicyStatement(
    actions=["service:SomeAction"],
    resources=[my_resource_arn]
))

service_stack_b = MyServiceStackB(app, "ServiceStackB")
deploy_stage.add_action(cicd.PipelineDeployStackAction(
    stack=service_stack_b,
    input=synthesized_app,
    create_change_set_run_order=998,
    admin_permissions=True
))
Parameters:
  • admin_permissions (bool) – (deprecated) Whether to grant admin permissions to CloudFormation while deploying this template. Setting this to true affects the defaults for role and capabilities, if you don’t specify any alternatives. The default role that will be created for you will have admin (i.e., *) permissions on all resources, and the deployment will have named IAM capabilities (i.e., able to create all IAM resources). This is a shorthand that you can use if you fully trust the templates that are deployed in this pipeline. If you want more fine-grained permissions, use addToRolePolicy and capabilities to control what the CloudFormation deployment is allowed to do.

  • input (Artifact) – (deprecated) The CodePipeline artifact that holds the synthesized app, which is the contents of the <directory> when running cdk synth -o <directory>.

  • stack (Stack) – (deprecated) The CDK stack to be deployed.

  • capabilities (Optional[Sequence[CloudFormationCapabilities]]) – (deprecated) Acknowledge certain changes made as part of deployment. For stacks that contain certain resources, explicit acknowledgement that AWS CloudFormation might create or update those resources. For example, you must specify AnonymousIAM if your stack template contains AWS Identity and Access Management (IAM) resources. For more information Default: [AnonymousIAM, AutoExpand], unless adminPermissions is true

  • change_set_name (Optional[str]) – (deprecated) The name to use when creating a ChangeSet for the stack. Default: CDK-CodePipeline-ChangeSet

  • create_change_set_action_name (Optional[str]) – (deprecated) The name of the CodePipeline action creating the ChangeSet. Default: ‘ChangeSet’

  • create_change_set_run_order (Union[int, float, None]) – (deprecated) The runOrder for the CodePipeline action creating the ChangeSet. Default: 1

  • execute_change_set_action_name (Optional[str]) – (deprecated) The name of the CodePipeline action creating the ChangeSet. Default: ‘Execute’

  • execute_change_set_run_order (Union[int, float, None]) – (deprecated) The runOrder for the CodePipeline action executing the ChangeSet. Default: createChangeSetRunOrder + 1

  • role (Optional[IRole]) – (deprecated) IAM role to assume when deploying changes. If not specified, a fresh role is created. The role is created with zero permissions unless adminPermissions is true, in which case the role will have admin permissions. Default: A fresh role with admin or no permissions (depending on the value of adminPermissions).

Stability:

deprecated

Methods

add_to_deployment_role_policy(statement)

(deprecated) Add policy statements to the role deploying the stack.

This role is passed to CloudFormation and must have the IAM permissions necessary to deploy the stack or you can grant this role adminPermissions by using that option during creation. If you do not grant adminPermissions you need to identify the proper statements to add to this role based on the CloudFormation Resources in your stack.

Parameters:

statement (PolicyStatement) –

Stability:

deprecated

Return type:

None

bind(scope, stage, *, bucket, role)

(deprecated) The callback invoked when this Action is added to a Pipeline.

Parameters:
Stability:

deprecated

Return type:

ActionConfig

on_state_change(name, target=None, *, description=None, enabled=None, event_bus=None, event_pattern=None, rule_name=None, schedule=None, targets=None)

(deprecated) Creates an Event that will be triggered whenever the state of this Action changes.

Parameters:
  • name (str) –

  • target (Optional[IRuleTarget]) –

  • description (Optional[str]) – A description of the rule’s purpose. Default: - No description.

  • enabled (Optional[bool]) – Indicates whether the rule is enabled. Default: true

  • event_bus (Optional[IEventBus]) – The event bus to associate with this rule. Default: - The default event bus.

  • event_pattern (Union[EventPattern, Dict[str, Any], None]) – Describes which events EventBridge routes to the specified target. These routed events are matched events. For more information, see Events and Event Patterns in the Amazon EventBridge User Guide. Default: - None.

  • rule_name (Optional[str]) – A name for the rule. Default: - AWS CloudFormation generates a unique physical ID and uses that ID for the rule name. For more information, see Name Type.

  • schedule (Optional[Schedule]) – The schedule or rate (frequency) that determines when EventBridge runs the rule. For more information, see Schedule Expression Syntax for Rules in the Amazon EventBridge User Guide. Default: - None.

  • targets (Optional[Sequence[IRuleTarget]]) – Targets to invoke when this rule matches an event. Input will be the full matched event. If you wish to specify custom target input, use addTarget(target[, inputOptions]). Default: - No targets.

Stability:

deprecated

Return type:

Rule

Attributes

action_properties

(deprecated) The simple properties of the Action, like its Owner, name, etc.

Note that this accessor will be called before the {@link bind} callback.

Stability:

deprecated

deployment_role

deprecated

Type:

stability