Last active
April 18, 2020 23:13
-
-
Save mbarneyjr/96196dee32e53a8b21947665b3258859 to your computer and use it in GitHub Desktop.
Amplify Console app for manual releases, including user with required permissions to deploy app
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWSTemplateFormatVersion: '2010-09-09' | |
| Description: Static site hosted with Amplify Console | |
| Parameters: | |
| Domain: | |
| Type: String | |
| Description: Domain name to host application | |
| Default: '' | |
| ApplicationName: | |
| Type: String | |
| Description: The name of the application to deploy | |
| Default: amplify-app | |
| Conditions: | |
| CreateCustomDomain: !Not [ !Equals [ !Ref Domain, '' ] ] | |
| Resources: | |
| SiteBucket: | |
| Type: AWS::S3::Bucket | |
| AmplifyRole: | |
| Type: AWS::IAM::Role | |
| Properties: | |
| AssumeRolePolicyDocument: | |
| Version: '2012-10-17' | |
| Statement: | |
| - Effect: Allow | |
| Principal: | |
| Service: amplify.amazonaws.com | |
| Action: sts:AssumeRole | |
| Policies: | |
| - PolicyName: Amplify | |
| PolicyDocument: | |
| Version: '2012-10-17' | |
| Statement: | |
| - Effect: Allow | |
| Action: amplify:* | |
| Resource: '*' | |
| - Effect: Allow | |
| Action: s3:* | |
| Resource: '*' | |
| AmplifyApp: | |
| Type: AWS::Amplify::App | |
| Properties: | |
| IAMServiceRole: !GetAtt AmplifyRole.Arn | |
| Name: !Ref ApplicationName | |
| CustomRules: | |
| - Source: /<*> | |
| Target: / | |
| Status: '404 (Redirect)' | |
| AmplifyBranch: | |
| Type: AWS::Amplify::Branch | |
| Properties: | |
| BranchName: main | |
| AppId: !GetAtt AmplifyApp.AppId | |
| Stage: PRODUCTION | |
| AmplifyDomain: | |
| Type: AWS::Amplify::Domain | |
| Condition: CreateCustomDomain | |
| Properties: | |
| DomainName: !Ref Domain | |
| AppId: !GetAtt AmplifyApp.AppId | |
| SubDomainSettings: | |
| - BranchName: !GetAtt AmplifyBranch.BranchName | |
| Prefix: '' | |
| - BranchName: !GetAtt AmplifyBranch.BranchName | |
| Prefix: www | |
| SiteBucketSSM: | |
| Type: AWS::SSM::Parameter | |
| Properties: | |
| Type: String | |
| Name: !Sub /${ApplicationName}/site-bucket | |
| Value: !Ref SiteBucket | |
| AmplifyAppSSM: | |
| Type: AWS::SSM::Parameter | |
| Properties: | |
| Type: String | |
| Name: !Sub /${ApplicationName}/app-id | |
| Value: !GetAtt AmplifyApp.AppId | |
| AmplifyUser: | |
| Type: AWS::IAM::User | |
| Properties: | |
| Policies: | |
| - PolicyName: AllowAmplifyAppDeployment | |
| PolicyDocument: | |
| Version: '2012-10-17' | |
| Statement: | |
| - Sid: UploadSite | |
| Effect: Allow | |
| Action: s3:PutObject | |
| Resource: !Sub ${SiteBucket.Arn}/site.zip | |
| - Sid: SSM | |
| Effect: Allow | |
| Action: ssm:GetParameter | |
| Resource: | |
| - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter${SiteBucketSSM} | |
| - !Sub arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter${AmplifyAppSSM} | |
| - Sid: Amplify | |
| Effect: Allow | |
| Action: amplify:StartDeployment | |
| Resource: !Sub arn:${AWS::Partition}:amplify:${AWS::Region}:${AWS::AccountId}:apps/* | |
| - Sid: AmplifyS3 | |
| Effect: Allow | |
| Action: | |
| - s3:GetObjectAcl | |
| - s3:PutObjectAcl | |
| Resource: !Sub ${SiteBucket.Arn}/* | |
| # export SITE_BUCKET=$$(aws ssm get-parameter --name /${APP_NAME}/site-bucket --query Parameter.Value --output text) | |
| # export APP_ID=$$(aws ssm get-parameter --name /${APP_NAME}/app-id --query Parameter.Value --output text) | |
| # cd build && zip -qq -r ../site.zip ./* | |
| # aws s3 cp site.zip s3://$${SITE_BUCKET}/site.zip | |
| # aws amplify start-deployment | |
| # --app-id $${APP_ID} | |
| # --branch-name main | |
| # --source-url s3://$${SITE_BUCKET}/site.zip |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment