{
"Outputs": {
"RepositoryURL": {
"Description": "The docker repository URL",
"Value": {
"Fn::Join": [
"",
[
{
"Ref": "AWS::AccountId"
},
".dkr.ecr.",
{
"Ref": "AWS::Region"
},
".amazonaws.com/",
{
"Ref": "Repository"
}
]
]
}
}
},
"Resources": {
"BuildProject": {
"DependsOn": "CodeBuildServiceRolePolicy",
"Properties": {
"Artifacts": {
"Location": {
"Ref": "NginxBuildOutputBucket"
},
"Name": "artifacts",
"Type": "S3"
},
"Environment": {
"ComputeType": "BUILD_GENERAL1_SMALL",
"EnvironmentVariables": [
{
"Name": "AWS_ACCOUNT_ID",
"Value": {
"Ref": "AWS::AccountId"
}
},
{
"Name": "IMAGE_REPO_NAME",
"Value": {
"Ref": "Repository"
}
},
{
"Name": "IMAGE_TAG",
"Value": "latest"
}
],
"Image": "aws/codebuild/amazonlinux2-x86_64-standard:1.0",
"PrivilegedMode": "true",
"Type": "LINUX_CONTAINER"
},
"Name": "nginx-build",
"ServiceRole": {
"Ref": "CodeBuildServiceRole"
},
"Source": {
"Location": "https://github.com/jasonumiker/nginx-codebuild",
"Type": "GITHUB"
}
},
"Type": "AWS::CodeBuild::Project"
},
"CodeBuildServiceRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "codebuild.amazonaws.com"
}
}
]
}
},
"Type": "AWS::IAM::Role"
},
"CodeBuildServiceRolePolicy": {
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "CloudWatchLogsPolicy"
},
{
"Action": [
"codecommit:GitPull"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "CodeCommitPolicy"
},
{
"Action": [
"s3:GetObject",
"s3:GetObjectVersion"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "S3GetObjectPolicy"
},
{
"Action": [
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "S3PutObjectPolicy"
},
{
"Action": [
"ecr:GetAuthorizationToken"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ecr:*"
],
"Effect": "Allow",
"Resource": [
{
"Fn::Join": [
"",
[
"arn:aws:ecr:",
{
"Ref": "AWS::Region"
},
":",
{
"Ref": "AWS::AccountId"
},
":repository/",
{
"Ref": "Repository"
}
]
]
}
]
}
],
"Version": "2012-10-17"
},
"PolicyName": "CodeBuildServiceRolePolicy",
"Roles": [
{
"Ref": "CodeBuildServiceRole"
}
]
},
"Type": "AWS::IAM::Policy"
},
"CodePipelineServicePolicy": {
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": "iam:PassRole",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ecs:DescribeTaskDefinition",
"ecs:RegisterTaskDefinition",
"ecs:DescribeServices",
"ecs:UpdateService",
"ecs:DescribeTasks",
"ecs:ListTasks"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"codebuild:StartBuild",
"codebuild:BatchGetBuilds"
],
"Effect": "Allow",
"Resource": [
{
"Fn::Join": [
"",
[
"arn:aws:codebuild:",
{
"Ref": "AWS::Region"
},
":",
{
"Ref": "AWS::AccountId"
},
":project/",
{
"Ref": "BuildProject"
}
]
]
}
]
},
{
"Action": [
"s3:ListBucket",
"s3:PutObject",
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyName": "CodePipelineServicePolicy",
"Roles": [
{
"Ref": "CodePipelineServiceRole"
}
]
},
"Type": "AWS::IAM::Policy"
},
"CodePipelineServiceRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": [
"sts:AssumeRole"
],
"Effect": "Allow",
"Principal": {
"Service": [
"codepipeline.amazonaws.com"
]
}
}
]
}
},
"Type": "AWS::IAM::Role"
},
"NginxBuildOutputBucket": {
"Type": "AWS::S3::Bucket"
},
"Repository": {
"Properties": {
"RepositoryName": "nginx"
},
"Type": "AWS::ECR::Repository"
}
}
}