Create an EventBridge rule for an Amazon ECR source (AWS CloudFormation template)

To use AWS CloudFormation to create a rule, use the template snippet as shown here.

To update your pipeline AWS CloudFormation template and create EventBridge rule

In the template, under Resources, use the AWS::IAM::Role AWS CloudFormation resource to configure the IAM role that allows your event to start your pipeline. This entry creates a role that uses two policies:

The first policy allows the role to be assumed.
The second policy provides permissions to start the pipeline.

Why am I making this change? You must create a role that can be assumed by EventBridge to start an execution in our pipeline.

YAML


  EventRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          -
            Effect: Allow
            Principal:
              Service:
                - events.amazonaws.com
            Action: sts:AssumeRole
      Path: /
      Policies:
        -
          PolicyName: eb-pipeline-execution
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              -
                Effect: Allow
                Action: codepipeline:StartPipelineExecution
                Resource: !Sub arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${AppPipeline}

JSON


{
    "EventRole": {
        "Type": "AWS::IAM::Role",
        "Properties": {
            "AssumeRolePolicyDocument": {
                "Version": "2012-10-17",
                "Statement": [
                    {
                        "Effect": "Allow",
                        "Principal": {
                            "Service": [
                                "events.amazonaws.com"
                            ]
                        },
                        "Action": "sts:AssumeRole"
                    }
                ]
            },
            "Path": "/",
            "Policies": [
                {
                    "PolicyName": "eb-pipeline-execution",
                    "PolicyDocument": {
                        "Version": "2012-10-17",
                        "Statement": [
                            {
                                "Effect": "Allow",
                                "Action": "codepipeline:StartPipelineExecution",
                                "Resource": {
                                    "Fn::Sub": "arn:aws:codepipeline:${AWS::Region}:${AWS::AccountId}:${AppPipeline}"
                                }
                            }
                        ]
                    }
                }
            ]
        }
    }
}
...

In the template, under Resources, use the AWS::Events::Rule AWS CloudFormation resource to add an EventBridge rule for the Amazon ECR source. This event pattern creates an event that monitors commits to your repository. When EventBridge detects a repository state change, the rule invokes StartPipelineExecution on your target pipeline.

Why am I making this change? You must create an event with a rule that specifies how an image push must be made, and a target that names the pipeline to be started by the event.

This snippet uses an image named eb-test with a tag of latest.

Note

To view the full event pattern supported for Amazon ECR events, see Amazon ECR Events and EventBridge or Amazon Elastic Container Registry Events.

Save the updated template to your local computer, and then open the AWS CloudFormation console.
Choose your stack, and then choose Create Change Set for Current Stack.
Upload the template, and then view the changes listed in AWS CloudFormation. These are the changes to be made to the stack. You should see your new resources in the list.
Choose Execute.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Create an EventBridge rule for an Amazon ECR source (CLI)

Amazon S3 source actions and EventBridge