Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.
Buat pipeline dengan sumber S3 yang diaktifkan untuk acara (template)AWS CloudFormation
Prosedur ini untuk pipeline di mana bucket sumber mengaktifkan peristiwa.
Gunakan langkah-langkah ini untuk membuat pipeline dengan sumber Amazon S3 untuk deteksi perubahan berbasis peristiwa.
Untuk membuat pipeline berbasis peristiwa dengan Amazon S3, Anda mengedit PollForSourceChanges parameter pipeline, lalu menambahkan sumber daya berikut ke templat:
Jika Anda menggunakan AWS CloudFormation untuk membuat dan mengelola pipeline Anda, template Anda menyertakan konten seperti berikut ini.
ConfigurationProperti dalam tahap sumber disebutPollForSourceChanges. Jika template Anda tidak menyertakan properti itu, maka PollForSourceChanges disetel ke secara true default.
- YAML
-
AppPipeline:
Type: AWS::CodePipeline::Pipeline
Properties:
RoleArn: !GetAtt CodePipelineServiceRole.Arn
Stages:
-
Name: Source
Actions:
-
Name: SourceAction
ActionTypeId:
Category: Source
Owner: AWS
Version: 1
Provider: S3
OutputArtifacts:
-
Name: SourceOutput
Configuration:
S3Bucket: !Ref SourceBucket
S3ObjectKey: !Ref S3SourceObjectKey
PollForSourceChanges: true
RunOrder: 1
...
- JSON
-
"AppPipeline": {
"Type": "AWS::CodePipeline::Pipeline",
"Properties": {
"RoleArn": {
"Fn::GetAtt": ["CodePipelineServiceRole", "Arn"]
},
"Stages": [
{
"Name": "Source",
"Actions": [
{
"Name": "SourceAction",
"ActionTypeId": {
"Category": "Source",
"Owner": "AWS",
"Version": 1,
"Provider": "S3"
},
"OutputArtifacts": [
{
"Name": "SourceOutput"
}
],
"Configuration": {
"S3Bucket": {
"Ref": "SourceBucket"
},
"S3ObjectKey": {
"Ref": "SourceObjectKey"
},
"PollForSourceChanges": true
},
"RunOrder": 1
}
]
},
...
Untuk membuat EventBridge aturan dengan Amazon S3 sebagai sumber peristiwa dan CodePipeline sebagai target dan menerapkan kebijakan izin
-
Di template, di bawahResources, gunakan AWS::IAM::Role AWS CloudFormation sumber daya untuk mengonfigurasi peran IAM yang memungkinkan acara Anda memulai pipeline. Entri ini membuat peran yang menggunakan dua kebijakan:
Mengapa saya membuat perubahan ini? Menambahkan AWS::IAM::Role sumber daya memungkinkan AWS CloudFormation untuk membuat izin untuk EventBridge. Sumber daya ini ditambahkan ke AWS CloudFormation tumpukan Anda.
- YAML
-
EventRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
-
Effect: Allow
Principal:
Service:
- events.amazonaws.com
Action: sts:AssumeRole
Path: /
Policies:
-
PolicyName: eb-pipeline-execution
PolicyDocument:
Version: 2012-10-17
Statement:
-
Effect: Allow
Action: codepipeline:StartPipelineExecution
Resource: !Join [ '', [ 'arn:aws:codepipeline:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref AppPipeline ] ]
...
- JSON
-
"EventRole": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"events.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}
]
},
"Path": "/",
"Policies": [
{
"PolicyName": "eb-pipeline-execution",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "codepipeline:StartPipelineExecution",
"Resource": {
"Fn::Join": [
"",
[
"arn:aws:codepipeline:",
{
"Ref": "AWS::Region"
},
":",
{
"Ref": "AWS::AccountId"
},
":",
{
"Ref": "AppPipeline"
}
]
]
...
-
Gunakan AWS::Events::Rule AWS CloudFormation sumber daya untuk menambahkan EventBridge aturan. Pola peristiwa ini membuat peristiwa yang memantau pembuatan atau penghapusan objek di bucket sumber Amazon S3 Anda. Selain itu, sertakan target pipa Anda. Ketika sebuah objek dibuat, aturan ini dipanggil StartPipelineExecution pada pipeline target Anda.
Mengapa saya membuat perubahan ini? Menambahkan AWS::Events::Rule sumber daya memungkinkan AWS CloudFormation untuk membuat acara. Sumber daya ini ditambahkan ke AWS CloudFormation tumpukan Anda.
- YAML
-
EventRule:
Type: AWS::Events::Rule
Properties:
EventBusName: default
EventPattern:
source:
- aws.s3
detail-type:
- Object Created
detail:
bucket:
name:
- !Ref SourceBucket
Name: EnabledS3SourceRule
State: ENABLED
Targets:
-
Arn:
!Join [ '', [ 'arn:aws:codepipeline:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref AppPipeline ] ]
RoleArn: !GetAtt EventRole.Arn
Id: codepipeline-AppPipeline
...
- JSON
-
"EventRule": {
"Type": "AWS::Events::Rule",
"Properties": {
"EventBusName": "default",
"EventPattern": {
"source": [
"aws.s3"
],
"detail-type": [
"Object Created"
],
"detail": {
"bucket": {
"name": [
"s3-pipeline-source-fra-bucket"
]
}
}
},
"Name": "EnabledS3SourceRule",
"State": "ENABLED",
"Targets": [
{
"Arn": {
"Fn::Join": [
"",
[
"arn:aws:codepipeline:",
{
"Ref": "AWS::Region"
},
":",
{
"Ref": "AWS::AccountId"
},
":",
{
"Ref": "AppPipeline"
}
]
]
},
"RoleArn": {
"Fn::GetAtt": [
"EventRole",
"Arn"
]
},
"Id": "codepipeline-AppPipeline"
}
]
}
}
},
...
-
Simpan template Anda yang diperbarui ke komputer lokal Anda, dan buka AWS CloudFormation
konsol.
-
Pilih tumpukan Anda, lalu pilih Create Change Set for Current Stack.
-
Unggah template Anda yang diperbarui, lalu lihat perubahan yang tercantum di dalamnya AWS CloudFormation. Ini adalah perubahan yang akan dilakukan pada tumpukan. Anda harus melihat sumber daya baru Anda dalam daftar.
-
Pilih Eksekusi.
Untuk mengedit PollForSourceChanges parameter pipeline
Saat Anda membuat pipeline dengan metode ini, PollForSourceChanges parameter default ke true jika tidak secara eksplisit disetel ke false. Saat Anda menambahkan deteksi perubahan berbasis peristiwa, Anda harus menambahkan parameter ke output Anda dan mengaturnya ke false untuk menonaktifkan polling. Jika tidak, pipeline Anda dimulai dua kali untuk satu perubahan sumber. Lihat perinciannya di Pengaturan yang valid untuk PollForSourceChanges parameter.
-
Dalam template, ubah PollForSourceChanges kefalse. Jika Anda tidak menyertakan PollForSourceChanges dalam definisi pipeline Anda, tambahkan dan atur kefalse.
Mengapa saya membuat perubahan ini? Mengubah PollForSourceChanges untuk false mematikan pemeriksaan berkala sehingga Anda hanya dapat menggunakan deteksi perubahan berbasis peristiwa.
- YAML
-
Name: Source
Actions:
-
Name: SourceAction
ActionTypeId:
Category: Source
Owner: AWS
Version: 1
Provider: S3
OutputArtifacts:
- Name: SourceOutput
Configuration:
S3Bucket: !Ref SourceBucket
S3ObjectKey: !Ref SourceObjectKey
PollForSourceChanges: false
RunOrder: 1
- JSON
-
{
"Name": "SourceAction",
"ActionTypeId": {
"Category": "Source",
"Owner": "AWS",
"Version": 1,
"Provider": "S3"
},
"OutputArtifacts": [
{
"Name": "SourceOutput"
}
],
"Configuration": {
"S3Bucket": {
"Ref": "SourceBucket"
},
"S3ObjectKey": {
"Ref": "SourceObjectKey"
},
"PollForSourceChanges": false
},
"RunOrder": 1
}
Saat Anda menggunakan AWS CloudFormation untuk membuat sumber daya ini, pipeline Anda dipicu saat file di repositori dibuat atau diperbarui.
Jangan berhenti di sini. Meskipun pipeline Anda dibuat, Anda harus membuat AWS CloudFormation template kedua untuk pipeline Amazon S3 Anda. Jika Anda tidak membuat template kedua, pipeline Anda tidak memiliki fungsi deteksi perubahan.
- YAML
-
Parameters:
SourceObjectKey:
Description: 'S3 source artifact'
Type: String
Default: SampleApp_Linux.zip
ApplicationName:
Description: 'CodeDeploy application name'
Type: String
Default: DemoApplication
BetaFleet:
Description: 'Fleet configured in CodeDeploy'
Type: String
Default: DemoFleet
Resources:
SourceBucket:
Type: AWS::S3::Bucket
Properties:
NotificationConfiguration:
EventBridgeConfiguration:
EventBridgeEnabled: true
VersioningConfiguration:
Status: Enabled
CodePipelineArtifactStoreBucket:
Type: AWS::S3::Bucket
CodePipelineArtifactStoreBucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref CodePipelineArtifactStoreBucket
PolicyDocument:
Version: 2012-10-17
Statement:
-
Sid: DenyUnEncryptedObjectUploads
Effect: Deny
Principal: '*'
Action: s3:PutObject
Resource: !Join [ '', [ !GetAtt CodePipelineArtifactStoreBucket.Arn, '/*' ] ]
Condition:
StringNotEquals:
s3:x-amz-server-side-encryption: aws:kms
-
Sid: DenyInsecureConnections
Effect: Deny
Principal: '*'
Action: s3:*
Resource: !Sub ${CodePipelineArtifactStoreBucket.Arn}/*
Condition:
Bool:
aws:SecureTransport: false
CodePipelineServiceRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
-
Effect: Allow
Principal:
Service:
- codepipeline.amazonaws.com
Action: sts:AssumeRole
Path: /
Policies:
-
PolicyName: AWS-CodePipeline-Service-3
PolicyDocument:
Version: 2012-10-17
Statement:
-
Effect: Allow
Action:
- codecommit:CancelUploadArchive
- codecommit:GetBranch
- codecommit:GetCommit
- codecommit:GetUploadArchiveStatus
- codecommit:UploadArchive
Resource: 'resource_ARN'
-
Effect: Allow
Action:
- codedeploy:CreateDeployment
- codedeploy:GetApplicationRevision
- codedeploy:GetDeployment
- codedeploy:GetDeploymentConfig
- codedeploy:RegisterApplicationRevision
Resource: 'resource_ARN'
-
Effect: Allow
Action:
- codebuild:BatchGetBuilds
- codebuild:StartBuild
Resource: 'resource_ARN'
-
Effect: Allow
Action:
- devicefarm:ListProjects
- devicefarm:ListDevicePools
- devicefarm:GetRun
- devicefarm:GetUpload
- devicefarm:CreateUpload
- devicefarm:ScheduleRun
Resource: 'resource_ARN'
-
Effect: Allow
Action:
- lambda:InvokeFunction
- lambda:ListFunctions
Resource: 'resource_ARN'
-
Effect: Allow
Action:
- iam:PassRole
Resource: 'resource_ARN'
-
Effect: Allow
Action:
- elasticbeanstalk:*
- ec2:*
- elasticloadbalancing:*
- autoscaling:*
- cloudwatch:*
- s3:*
- sns:*
- cloudformation:*
- rds:*
- sqs:*
- ecs:*
Resource: 'resource_ARN'
AppPipeline:
Type: AWS::CodePipeline::Pipeline
Properties:
Name: s3-events-pipeline
RoleArn:
!GetAtt CodePipelineServiceRole.Arn
Stages:
-
Name: Source
Actions:
-
Name: SourceAction
ActionTypeId:
Category: Source
Owner: AWS
Version: 1
Provider: S3
OutputArtifacts:
- Name: SourceOutput
Configuration:
S3Bucket: !Ref SourceBucket
S3ObjectKey: !Ref SourceObjectKey
PollForSourceChanges: false
RunOrder: 1
-
Name: Beta
Actions:
-
Name: BetaAction
InputArtifacts:
- Name: SourceOutput
ActionTypeId:
Category: Deploy
Owner: AWS
Version: 1
Provider: CodeDeploy
Configuration:
ApplicationName: !Ref ApplicationName
DeploymentGroupName: !Ref BetaFleet
RunOrder: 1
ArtifactStore:
Type: S3
Location: !Ref CodePipelineArtifactStoreBucket
EventRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
-
Effect: Allow
Principal:
Service:
- events.amazonaws.com
Action: sts:AssumeRole
Path: /
Policies:
-
PolicyName: eb-pipeline-execution
PolicyDocument:
Version: 2012-10-17
Statement:
-
Effect: Allow
Action: codepipeline:StartPipelineExecution
Resource: !Join [ '', [ 'arn:aws:codepipeline:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref AppPipeline ] ]
EventRule:
Type: AWS::Events::Rule
Properties:
EventBusName: default
EventPattern:
source:
- aws.s3
detail-type:
- Object Created
detail:
bucket:
name:
- !Ref SourceBucket
Name: EnabledS3SourceRule
State: ENABLED
Targets:
-
Arn:
!Join [ '', [ 'arn:aws:codepipeline:', !Ref 'AWS::Region', ':', !Ref 'AWS::AccountId', ':', !Ref AppPipeline ] ]
RoleArn: !GetAtt EventRole.Arn
Id: codepipeline-AppPipeline
- JSON
-
JSON
- JSON
-
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"appconfig:StartDeployment",
"appconfig:StopDeployment",
"appconfig:GetDeployment"
],
"Resource": [
"arn:aws:appconfig:*:111122223333:application/[[Application]]",
"arn:aws:appconfig:*:111122223333:application/[[Application]]/*",
"arn:aws:appconfig:*:111122223333:deploymentstrategy/*"
],
"Effect": "Allow"
}
]
}
