@ircc_djl/cdk-common-lib
v0.0.4
Published
PipelineStack with Cross-account deployment
Downloads
4
Readme
AWS Pipeline stack
Overview
PipelineStack with Cross-account deployment
This stack configures an AWS CodePipeline application which will deploy an instance of another "child" CDK stack based on any changes to the configured repository/branch.
Multi AWS Account
Instructions in this readme refer to two AWS accounts, The Pipeline account, which runs the AWS CodePipeline and the Target account where the "child" stack is deployed.
While both stacks (Pipeline and Target) could be the same, and these instructions should work in such a case, we have chosen to separate these for security reasons.
- Configure a CDK project on your local machine, run
cdk deploy
to create a CodePipeline in the pipeline acconut via CloudFormation. - Push the project code to a new git repository/branch
- CodePipeline Source stage picks up the change in the repository/branch and initiate the pipeline
- CodePipeline Deploy stage initiates Target Account Cloudformation stack creation/update
- TargetAccount's CloudFormation creates/configures/updates stack resources
How to use: Creating a new PipelineStack project
Install cdk first (npm install -g aws-cdk
, or this instruction) and follow the steps described below.
In order to have AWS Pipeline Account authorized to talk to the version control system, create CodeStar Connection. This is a one-off task between the two, though, hence reusable across multiple projects. Connecting to BitBucket, for example
Initialise a CDK project
$ npx cdk init app --language=typescript
Bootstrap the Target Account to grant the Pipeline Account permission to create resources within in. This is per-region basis.
$ env CDK_NEW_BOOTSTRAP=1 npx cdk bootstrap \ --profile <TargetAccountProfile> \ --cloudformation-execution-policies arn:aws:iam::aws:policy/AdministratorAccess \ --trust <ToolsAccountId> \ aws://<TargetAccountId>/<region>
Add this module to your project as a dependency
$ npm install @ircc_djl/cdk_common_lib
Create a CDK Typescript file which creates this stack.
The following CDK snippet can be used to provision a pipeline stack which deploys an empty stack into another AWS account. Remember to replace the properties.
import 'source-map-support/register';
import * as cdk from 'aws-cdk-lib';
import { PipelineStack } from '@ircc_djl/cdk_common_lib'
import { Stack, StackProps,Stage,StageProps } from 'aws-cdk-lib';
import { Construct } from 'constructs';
const subscriptionUsers = [
{ email: '[email protected]' },
];
const pipelineStackProps = {
env: {
region: 'ca-central-1',
account: 'account-id-goes-here',
},
owner: string;
repoArn: "arn:aws:codecommit:ca-central-1:{aws-account-num}:{reponame}",;
branch: 'dev';
connectionArn: string;
manualApprovals: boolean;
pipelineName: 'pipelineName',
stage :string;
role : Role;
subscriptionUsers: Array<User>,
apptype:string
buildtype :string,
}
const app = new cdk.App();
new PipelineStack(app, 'pipeline-stack', pipelineStackProps, (scope: Construct): void => {new Stack(scope, 'blank-stack', stackProps)});
Within the anonymous function in:
new PipelineStack(app, 'pipeline-stack', pipelineStackProps, (scope: Construct): void => {new Stack(scope, 'blank-stack', stackProps)});
The preferred stack type can be constructed.
Run
npm install
and updatecdk.json
:app
: replace<project_name.ts>
withpipeline.ts
.context
: add"@aws-cdk/core:newStyleStackSynthesis": true
Test by running
npx cdk synth
andnpx cdk ls
. For further testing and customisation, refer to the Local development section below. By now you are going to see two stacks per each environment; one for Pipeline deployment, the other for direct deployment. See Step 10 down below.Push the code to the relevant branch
Deploy the stack, e.g.
npx cdk deploy <target-environment> --profile <ToolsAccountProfile>
to create the CodePipeline, followed by TargetAccount resource creation.
Local development
NPM link can be used to develop the module locally.
- Pull this repository locally
cd
into this repository- run
npm link
cd
into the downstream repo (target project, etc) and runnpm link 'aws-pipeline-stack'
The downstream repository should now include a symlink to this module. Allowing local changes to be tested before pushing.