Skip to content

Instantly share code, notes, and snippets.

@bmight

bmight/LICENSE

Last active December 17, 2018 14:53
Show Gist options
  • Save bmight/4e5d72f860a3e30e51f7be62c8d7a052 to your computer and use it in GitHub Desktop.
Save bmight/4e5d72f860a3e30e51f7be62c8d7a052 to your computer and use it in GitHub Desktop.
Download ZIP
Amazon Web Services (AWS) CloudFormation template for front-end application CI/CD
Raw
frontend-cicd-cloudformation.yml
# ------------------------------------------------------------------------------------
# License: ISC License, Copyright (c) 2018, Brandon Might <https://github.com/bmight>
# Authors: Brandon Might (@bmight), Ryan Miller (@ryanmillerc)
# ------------------------------------------------------------------------------------
AWSTemplateFormatVersion: '2010-09-09'
Description: 'Front-End Application CI/CD CloudFormation Template'
Parameters:
GitHubRepo:
Type: String
Description: 'Full URL to the GitHub.com repository for CodeBuild. Example: https://github.com/user/my-repo'
AllowedPattern: '^https?://github.com/.*/[a-z][A-Z]*((?!\.).)*$'
ConstraintDescription: 'Must be a github.com repository URL. Example: https://github.com/example/repo'
MinLength: 1
CodeBuildImage:
Type: String
Description: 'CodeBuild Docker Image Identifier. Available images can be found here, https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html'
Default: 'aws/codebuild/nodejs:10.14.1'
AllowedPattern: ^aws/codebuild/.*$
ConstraintDescription: 'Image identifiers must begin with "aws/codebuild" Example: aws/codebuild/aws/codebuild/nodejs:10.14.1'
MinLength: 1
BuildRetention:
Type: Number
Description: 'Number of days to retain builds under /dev in S3.'
Default: 28
MinValue: 1
LogRetention:
Type: Number
Description: 'Number of days to retain logs under /log in S3.'
Default: 28
MinValue: 1
AddCloudFront:
Description: 'Add CloudFront distribution connected to the S3 bucket.'
Default: 'No'
Type: String
AllowedValues:
- 'Yes'
- 'No'
ConstraintDescription: Must specify Yes or No.
Conditions:
CreateCloudFront: !Equals [ !Ref AddCloudFront, 'Yes' ]
Resources:
S3Bucket:
Type: 'AWS::S3::Bucket'
Description: Public deployment bucket for CodeBuild artifacts
Properties:
AccessControl: 'PublicRead'
BucketName: !Join
- '-'
- - !Ref 'AWS::StackName'
- 'bucket'
LifecycleConfiguration:
Rules:
- ExpirationInDays: !Ref BuildRetention
Id: !Sub delete-dev-builds-after-${BuildRetention}-days
Prefix: 'dev/'
Status: 'Enabled'
- ExpirationInDays: !Ref LogRetention
Id: !Sub delete-codebuild-logs-after-${LogRetention}-days
Prefix: 'log/'
Status: 'Enabled'
WebsiteConfiguration:
ErrorDocument: 'index.html'
IndexDocument: 'index.html'
S3BucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref S3Bucket
PolicyDocument:
Statement:
Effect: Allow
Principal: '*'
Action:
- "s3:GetObject"
Resource: !Join
- '/'
- - !GetAtt S3Bucket.Arn
- '*'
CodeBuildPolicy:
Type: AWS::IAM::Policy
Description: Setting IAM policy for service role for CodeBuild
Properties:
PolicyDocument:
Statement:
- Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Effect: Allow
Resource: '*'
- Action:
- s3:*
Effect: Allow
Resource: !Join
- '/'
- - !GetAtt S3Bucket.Arn
- '*'
PolicyName: !Join
- '-'
- - !Ref 'AWS::StackName'
- CodeBuildPolicy
Roles:
- !Ref 'CodeBuildRole'
CodeBuildRole:
Type: AWS::IAM::Role
Description: Creating service role in IAM for CodeBuild
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: sts:AssumeRole
Effect: Allow
Principal:
Service: codebuild.amazonaws.com
Path: /
RoleName: !Join
- '-'
- - !Ref 'AWS::StackName'
- CodeBuild
CodeBuild:
Type: 'AWS::CodeBuild::Project'
Description: CodeBuild Project used for building and deploying code to S3
Properties:
Name: !Join
- '-'
- - !Ref 'AWS::StackName'
- 'build'
Description: !Join
- ''
- - 'CodeBuild Project for '
- !Ref 'AWS::StackName'
Artifacts:
Type: NO_ARTIFACTS
BadgeEnabled: true
ServiceRole: !Ref 'CodeBuildRole'
Environment:
Type: 'LINUX_CONTAINER'
Image: !Ref CodeBuildImage
ComputeType: 'BUILD_GENERAL1_SMALL'
Cache:
Location: !Join
- '/'
- - !Ref 'S3Bucket'
- 'cache'
Type: S3
TimeoutInMinutes: 5
Source:
Type: GITHUB
Location: !Sub ${GitHubRepo}
Auth:
Type: OAUTH
GitCloneDepth: 5
ReportBuildStatus: true
Triggers:
Webhook: true
CloudFront:
Type: 'AWS::CloudFront::Distribution'
Description: CloudFront Distribution serving files from the S3 Bucket. Used for URL rewriting.
Condition: CreateCloudFront
Properties:
DistributionConfig:
Comment: String
DefaultCacheBehavior:
DefaultTTL: 0
ForwardedValues:
QueryString: true
MinTTL: 0
TargetOriginId: 'S3-Website'
ViewerProtocolPolicy: 'allow-all'
DefaultRootObject: 'index.html'
Enabled: True
Origins:
- CustomOriginConfig:
OriginProtocolPolicy: 'match-viewer'
DomainName: !Select [1, !Split ["//", !GetAtt S3Bucket.WebsiteURL]]
Id: S3-Website
PriceClass: 'PriceClass_100'
Outputs:
'S3BucketURL':
Description: 'S3 Bucket URL'
Value: !Join
- ''
- - 'https://'
- !GetAtt S3Bucket.DomainName
'S3WebsiteURL':
Description: 'Website URL for the S3 bucket'
Value: !GetAtt S3Bucket.WebsiteURL
'CloudFrontURL':
Description: 'CloudFront Distribution'
Condition: CreateCloudFront
Value: !GetAtt CloudFront.DomainName
Raw
LICENSE
ISC License
Copyright (c) 2018, Brandon Might <https://github.com/bmight>
Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment