moduspwnens · December 2, 2016 14:31
diff --git a/codebuild-codepipeline-issue-2016-12-01.yaml b/codebuild-codepipeline-issue-2016-12-01.yaml
 ---
 AWSTemplateFormatVersion: '2010-09-09'
 Description: Sample CodePipeline project

 Resources:
  
  MainRepository:
    Type: AWS::CodeCommit::Repository
    Properties:
      RepositoryName:
        Fn::Sub: '${AWS::StackName}-project'
  
  ArtifactStoreBucket:
    Type: AWS::S3::Bucket
  
  CodeBuildProject:
    Type: AWS::CodeBuild::Project
    Properties:
      Artifacts:
        Type: CODEPIPELINE
      Environment:
        ComputeType: BUILD_GENERAL1_SMALL
        Image: 137112412989.dkr.ecr.${AWS::Region}.amazonaws.com/amazonlinux:latest
        Type: LINUX_CONTAINER
      Name:
        Fn::Sub: '${AWS::StackName}-project'
      ServiceRole:
        Fn::GetAtt:
          - CodeBuildRole
          - Arn
      Source:
        Location: CODEPIPELINE
        Type: CODEPIPELINE
  
  CodeBuildRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - codebuild.amazonaws.com
            Action:
              - sts:AssumeRole
      Path: "/"
      Policies:
        - PolicyName: CodeBuildRoleActions
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
              - Sid: CloudWatchLogsPolicy
                Effect: Allow
                Action:
                  - logs:CreateLogGroup
                  - logs:CreateLogStream
                  - logs:PutLogEvents
                Resource:
                - "*"
              - Sid: CodeCommitPolicy
                Effect: Allow
                Action:
                  - codecommit:GitPull
                Resource:
                  - "*"
              - Sid: S3GetObjectPolicy
                Effect: Allow
                Action:
                  - s3:GetObject
                  - s3:GetObjectVersion
                Resource:
                  - "*"
              - Sid: S3PutObjectPolicy
                Effect: Allow
                Action:
                  - s3:PutObject
                Resource:
                  - "*"
  
  BuildPipeline:
    Type: AWS::CodePipeline::Pipeline
    Properties:
      ArtifactStore:
        Location:
          Ref: ArtifactStoreBucket
        Type: S3
      RoleArn:
        Fn::GetAtt:
          - BuildPipelineRole
          - Arn
      Stages:
        - Name: Source
          Actions:
            - Name: Source
              ActionTypeId:
                Category: Source
                Owner: AWS
                Provider: CodeCommit
                Version: 1
              Configuration:
                BranchName: master
                RepositoryName:
                  Fn::Sub: '${AWS::StackName}-project'
              OutputArtifacts:
                - Name: MyApp
        - Name: Build
          Actions:
            - Name: Build
              ActionTypeId:
                Category: Build
                Owner: AWS
                Provider: AWS CodeBuild
                Version: 1
              Configuration:
                ProjectName:
                  Fn::Sub: '${AWS::StackName}-project'
              OutputArtifacts:
                - Name: MyAppBuild
    DependsOn:
      - CodeBuildProject
  
  BuildPipelineRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service:
                - codepipeline.amazonaws.com
            Action:
              - sts:AssumeRole
      Path: "/"
      Policies:
        - PolicyName: BuildPipelineRoleActions
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
              - Action:
                  - s3:GetObject
                  - s3:GetObjectVersion
                  - s3:GetBucketVersioning
                Resource: "*"
                Effect: Allow
              - Action:
                  - s3:PutObject
                Resource:
                  - arn:aws:s3:::codepipeline*
                  - arn:aws:s3:::elasticbeanstalk*
                Effect: Allow
              - Action:
                  - codecommit:CancelUploadArchive
                  - codecommit:GetBranch
                  - codecommit:GetCommit
                  - codecommit:GetUploadArchiveStatus
                  - codecommit:UploadArchive
                Resource: "*"
                Effect: Allow
              - Action:
                  - codedeploy:CreateDeployment
                  - codedeploy:GetApplicationRevision
                  - codedeploy:GetDeployment
                  - codedeploy:GetDeploymentConfig
                  - codedeploy:RegisterApplicationRevision
                Resource: "*"
                Effect: Allow
              - Action:
                  - elasticbeanstalk:*
                  - ec2:*
                  - elasticloadbalancing:*
                  - autoscaling:*
                  - cloudwatch:*
                  - s3:*
                  - sns:*
                  - cloudformation:*
                  - rds:*
                  - sqs:*
                  - ecs:*
                  - iam:PassRole
                Resource: "*"
                Effect: Allow
              - Action:
                  - lambda:InvokeFunction
                  - lambda:ListFunctions
                Resource: "*"
                Effect: Allow
              - Action:
                  - opsworks:CreateDeployment
                  - opsworks:DescribeApps
                  - opsworks:DescribeCommands
                  - opsworks:DescribeDeployments
                  - opsworks:DescribeInstances
                  - opsworks:DescribeStacks
                  - opsworks:UpdateApp
                  - opsworks:UpdateStack
                Resource: "*"
                Effect: Allow
          


 Outputs:
  ArtifactStoreBucket:
    Value:
      Ref: ArtifactStoreBucket
  RepositoryCloneUrlHttp:
    Value:
      Fn::GetAtt:
        - MainRepository
        - CloneUrlHttp
  RepositoryCloneUrlSsh:
    Value:
      Fn::GetAtt:
        - MainRepository
        - CloneUrlSsh
	---
	AWSTemplateFormatVersion: '2010-09-09'
	Description: Sample CodePipeline project

	Resources:

	MainRepository:
	Type: AWS::CodeCommit::Repository
	Properties:
	RepositoryName:
	Fn::Sub: '${AWS::StackName}-project'

	ArtifactStoreBucket:
	Type: AWS::S3::Bucket

	CodeBuildProject:
	Type: AWS::CodeBuild::Project
	Properties:
	Artifacts:
	Type: CODEPIPELINE
	Environment:
	ComputeType: BUILD_GENERAL1_SMALL
	Image: 137112412989.dkr.ecr.${AWS::Region}.amazonaws.com/amazonlinux:latest
	Type: LINUX_CONTAINER
	Name:
	Fn::Sub: '${AWS::StackName}-project'
	ServiceRole:
	Fn::GetAtt:
	- CodeBuildRole
	- Arn
	Source:
	Location: CODEPIPELINE
	Type: CODEPIPELINE

	CodeBuildRole:
	Type: AWS::IAM::Role
	Properties:
	AssumeRolePolicyDocument:
	Version: '2012-10-17'
	Statement:
	- Effect: Allow
	Principal:
	Service:
	- codebuild.amazonaws.com
	Action:
	- sts:AssumeRole
	Path: "/"
	Policies:
	- PolicyName: CodeBuildRoleActions
	PolicyDocument:
	Version: '2012-10-17'
	Statement:
	- Sid: CloudWatchLogsPolicy
	Effect: Allow
	Action:
	- logs:CreateLogGroup
	- logs:CreateLogStream
	- logs:PutLogEvents
	Resource:
	- "*"
	- Sid: CodeCommitPolicy
	Effect: Allow
	Action:
	- codecommit:GitPull
	Resource:
	- "*"
	- Sid: S3GetObjectPolicy
	Effect: Allow
	Action:
	- s3:GetObject
	- s3:GetObjectVersion
	Resource:
	- "*"
	- Sid: S3PutObjectPolicy
	Effect: Allow
	Action:
	- s3:PutObject
	Resource:
	- "*"

	BuildPipeline:
	Type: AWS::CodePipeline::Pipeline
	Properties:
	ArtifactStore:
	Location:
	Ref: ArtifactStoreBucket
	Type: S3
	RoleArn:
	Fn::GetAtt:
	- BuildPipelineRole
	- Arn
	Stages:
	- Name: Source
	Actions:
	- Name: Source
	ActionTypeId:
	Category: Source
	Owner: AWS
	Provider: CodeCommit
	Version: 1
	Configuration:
	BranchName: master
	RepositoryName:
	Fn::Sub: '${AWS::StackName}-project'
	OutputArtifacts:
	- Name: MyApp
	- Name: Build
	Actions:
	- Name: Build
	ActionTypeId:
	Category: Build
	Owner: AWS
	Provider: AWS CodeBuild
	Version: 1
	Configuration:
	ProjectName:
	Fn::Sub: '${AWS::StackName}-project'
	OutputArtifacts:
	- Name: MyAppBuild
	DependsOn:
	- CodeBuildProject

	BuildPipelineRole:
	Type: AWS::IAM::Role
	Properties:
	AssumeRolePolicyDocument:
	Version: '2012-10-17'
	Statement:
	- Effect: Allow
	Principal:
	Service:
	- codepipeline.amazonaws.com
	Action:
	- sts:AssumeRole
	Path: "/"
	Policies:
	- PolicyName: BuildPipelineRoleActions
	PolicyDocument:
	Version: '2012-10-17'
	Statement:
	- Action:
	- s3:GetObject
	- s3:GetObjectVersion
	- s3:GetBucketVersioning
	Resource: "*"
	Effect: Allow
	- Action:
	- s3:PutObject
	Resource:
	- arn:aws:s3:::codepipeline*
	- arn:aws:s3:::elasticbeanstalk*
	Effect: Allow
	- Action:
	- codecommit:CancelUploadArchive
	- codecommit:GetBranch
	- codecommit:GetCommit
	- codecommit:GetUploadArchiveStatus
	- codecommit:UploadArchive
	Resource: "*"
	Effect: Allow
	- Action:
	- codedeploy:CreateDeployment
	- codedeploy:GetApplicationRevision
	- codedeploy:GetDeployment
	- codedeploy:GetDeploymentConfig
	- codedeploy:RegisterApplicationRevision
	Resource: "*"
	Effect: Allow
	- Action:
	- elasticbeanstalk:*
	- ec2:*
	- elasticloadbalancing:*
	- autoscaling:*
	- cloudwatch:*
	- s3:*
	- sns:*
	- cloudformation:*
	- rds:*
	- sqs:*
	- ecs:*
	- iam:PassRole
	Resource: "*"
	Effect: Allow
	- Action:
	- lambda:InvokeFunction
	- lambda:ListFunctions
	Resource: "*"
	Effect: Allow
	- Action:
	- opsworks:CreateDeployment
	- opsworks:DescribeApps
	- opsworks:DescribeCommands
	- opsworks:DescribeDeployments
	- opsworks:DescribeInstances
	- opsworks:DescribeStacks
	- opsworks:UpdateApp
	- opsworks:UpdateStack
	Resource: "*"
	Effect: Allow



	Outputs:
	ArtifactStoreBucket:
	Value:
	Ref: ArtifactStoreBucket
	RepositoryCloneUrlHttp:
	Value:
	Fn::GetAtt:
	- MainRepository
	- CloneUrlHttp
	RepositoryCloneUrlSsh:
	Value:
	Fn::GetAtt:
	- MainRepository
	- CloneUrlSsh