{ "Outputs": { "RepositoryURL": { "Description": "The docker repository URL", "Value": { "Fn::Join": [ "", [ { "Ref": "AWS::AccountId" }, ".dkr.ecr.", { "Ref": "AWS::Region" }, ".amazonaws.com/", { "Ref": "Repository" } ] ] } } }, "Resources": { "BuildProject": { "DependsOn": "CodeBuildServiceRolePolicy", "Properties": { "Artifacts": { "Location": { "Ref": "NginxBuildOutputBucket" }, "Name": "artifacts", "Type": "S3" }, "Environment": { "ComputeType": "BUILD_GENERAL1_SMALL", "EnvironmentVariables": [ { "Name": "AWS_ACCOUNT_ID", "Value": { "Ref": "AWS::AccountId" } }, { "Name": "IMAGE_REPO_NAME", "Value": { "Ref": "Repository" } }, { "Name": "IMAGE_TAG", "Value": "latest" } ], "Image": "aws/codebuild/amazonlinux2-x86_64-standard:1.0", "PrivilegedMode": "true", "Type": "LINUX_CONTAINER" }, "Name": "nginx-build", "ServiceRole": { "Ref": "CodeBuildServiceRole" }, "Source": { "Location": "https://github.com/jasonumiker/nginx-codebuild", "Type": "GITHUB" } }, "Type": "AWS::CodeBuild::Project" }, "CodeBuildServiceRole": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "codebuild.amazonaws.com" } } ] } }, "Type": "AWS::IAM::Role" }, "CodeBuildServiceRolePolicy": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect": "Allow", "Resource": [ "*" ], "Sid": "CloudWatchLogsPolicy" }, { "Action": [ "codecommit:GitPull" ], "Effect": "Allow", "Resource": [ "*" ], "Sid": "CodeCommitPolicy" }, { "Action": [ "s3:GetObject", "s3:GetObjectVersion" ], "Effect": "Allow", "Resource": [ "*" ], "Sid": "S3GetObjectPolicy" }, { "Action": [ "s3:PutObject" ], "Effect": "Allow", "Resource": [ "*" ], "Sid": "S3PutObjectPolicy" }, { "Action": [ "ecr:GetAuthorizationToken" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Action": [ "ecr:*" ], "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ "arn:aws:ecr:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":repository/", { "Ref": "Repository" } ] ] } ] } ], "Version": "2012-10-17" }, "PolicyName": "CodeBuildServiceRolePolicy", "Roles": [ { "Ref": "CodeBuildServiceRole" } ] }, "Type": "AWS::IAM::Policy" }, "CodePipelineServicePolicy": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": "iam:PassRole", "Effect": "Allow", "Resource": "*" }, { "Action": [ "ecs:DescribeTaskDefinition", "ecs:RegisterTaskDefinition", "ecs:DescribeServices", "ecs:UpdateService", "ecs:DescribeTasks", "ecs:ListTasks" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "codebuild:StartBuild", "codebuild:BatchGetBuilds" ], "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ "arn:aws:codebuild:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":project/", { "Ref": "BuildProject" } ] ] } ] }, { "Action": [ "s3:ListBucket", "s3:PutObject", "s3:GetObject" ], "Effect": "Allow", "Resource": [ "*" ] } ], "Version": "2012-10-17" }, "PolicyName": "CodePipelineServicePolicy", "Roles": [ { "Ref": "CodePipelineServiceRole" } ] }, "Type": "AWS::IAM::Policy" }, "CodePipelineServiceRole": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": [ "sts:AssumeRole" ], "Effect": "Allow", "Principal": { "Service": [ "codepipeline.amazonaws.com" ] } } ] } }, "Type": "AWS::IAM::Role" }, "NginxBuildOutputBucket": { "Type": "AWS::S3::Bucket" }, "Repository": { "Properties": { "RepositoryName": "nginx" }, "Type": "AWS::ECR::Repository" } } }