---
Description: Automate provisioning of CodePipeline, CodeCommit, CodeBuild, CloudWatch Events and
  CodeDeploy. **WARNING** This template creates one or more Amazon EC2 instances.
  You will be billed for the AWS resources used if you create a stack from this template.
AWSTemplateFormatVersion: '2010-09-09'
Parameters:
  EmailAddress:
    Description: Email Address for sending SNS notifications for CodeCommit
    Type: String
  RepositoryBranch:
    Description: The name of the branch for the CodeCommit repo
    Type: String
    Default: master
    AllowedPattern: "[\\x20-\\x7E]*"
    ConstraintDescription: Can contain only ASCII characters.
  TagKey:
    Type: String
    Default: Name
    Description: The tag name that is associated with EC2 instances on which CodeDeploy
      agent is installed
  TagValue:
    Description: The tag value that identifies this as a target for deployments.
    Type: String
    Default: CodeDeployEC2Tag
    AllowedPattern: "[\\x20-\\x7E]*"
    ConstraintDescription: Can contain only ASCII characters.
  KeyName:
    Description: Name of an existing Amazon EC2 key pair to enable SSH access to the
      instances.
    Type: AWS::EC2::KeyPair::KeyName
  CodeCommitS3Bucket:
    Description: S3 bucket that holds zip of source code for CodeCommit Repo
    Type: String
  CodeCommitS3Key:
    Description: zipfile key located in CodeCommitS3Bucket 
    Type: String
  Environment: 
    Description: Flag to populate CodeCommit repo with files uploaded to S3
    Default: prod
    Type: String
    AllowedValues: 
      - test
      - prod
    ConstraintDescription: must specify create or donotcreate.
Conditions:
  ISProduction:
    !Equals [!Ref Environment, prod]
  # ISNotProduction:
  #   !Not [Condition: ISProduction]
Metadata:
  AWS::CloudFormation::Interface:
    ParameterGroups:
    - Label:
        default: Dynamic Configuration
      Parameters:
      - KeyName
      - RepositoryBranch
    ParameterLabels:
      KeyName:
        default: EC2 KeyPair Name
      RepositoryBranch:
        default: CodeCommit Repository Branch
Resources:
  EventRule: 
    Type: "AWS::Events::Rule"
    Properties: 
      Description: "EventRule"
      EventPattern: 
        source:
        - aws.codepipeline
        detail-type:
        - CodePipeline Pipeline Execution State Change
        detail:
          state:
          - FAILED
      State: "ENABLED"
      Targets: 
        - 
          Arn: 
            Ref: "MySNSTopic"
          Id: "PipelineNotificationTopic"
          InputTransformer:
            InputTemplate: '"The Pipeline <pipeline> has failed. Go to https://console.aws.amazon.com/codepipeline/home?region=us-east-1#/view/<pipeline>" '
            InputPathsMap:
              pipeline: "$.detail.pipeline" 
  ArtifactBucket:
    Type: AWS::S3::Bucket
    DeletionPolicy: Delete
  CodeBuildRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Statement:
        - Effect: Allow
          Principal:
            Service:
            - codebuild.amazonaws.com
          Action:
          - sts:AssumeRole
      Path: "/"
      Policies:
      - PolicyName: codebuild-service
        PolicyDocument:
          Statement:
          - Effect: Allow
            Action: "*"
            Resource: "*"
          Version: '2012-10-17'
  CodePipelineRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Statement:
        - Effect: Allow
          Principal:
            Service:
            - codepipeline.amazonaws.com
          Action:
          - sts:AssumeRole
      Path: "/"
      Policies:
      - PolicyName: codepipeline-service
        PolicyDocument:
          Statement:
          - Action:
            - codecommit:GetBranch
            - codecommit:GetCommit
            - codecommit:UploadArchive
            - codecommit:GetUploadArchiveStatus
            - codecommit:CancelUploadArchive
            - codebuild:*
            Resource: "*"
            Effect: Allow
          - Action:
            - s3:GetObject
            - s3:GetObjectVersion
            - s3:GetBucketVersioning
            Resource: "*"
            Effect: Allow
          - Action:
            - s3:PutObject
            Resource:
            - arn:aws:s3:::codepipeline*
            - arn:aws:s3:::elasticbeanstalk*
            Effect: Allow
          - Action:
            - codedeploy:CreateDeployment
            - codedeploy:GetApplicationRevision
            - codedeploy:GetDeployment
            - codedeploy:GetDeploymentConfig
            - codedeploy:RegisterApplicationRevision
            - codedeploy:CreateApplication
            Resource: "*"
            Effect: Allow
          - Action:
            - elasticbeanstalk:*
            - ec2:*
            - elasticloadbalancing:*
            - autoscaling:*
            - cloudwatch:*
            - s3:*
            - sns:*
            - cloudformation:*
            - rds:*
            - sqs:*
            - ecs:*
            - iam:PassRole
            Resource: "*"
            Effect: Allow
          - Action:
            - lambda:InvokeFunction
            - lambda:ListFunctions
            Resource: "*"
            Effect: Allow
          Version: '2012-10-17'
  CodeBuildWebsite:
    Type: AWS::CodeBuild::Project
    Properties:
      Name:
        Ref: AWS::StackName
      Description: Build application
      ServiceRole:
        Fn::GetAtt:
        - CodeBuildRole
        - Arn
      Artifacts:
        Type: NO_ARTIFACTS
      Environment:
        Type: LINUX_CONTAINER
        ComputeType: BUILD_GENERAL1_SMALL
        Image: aws/codebuild/eb-ruby-2.3-amazonlinux-64:2.1.6
      Source:
        Location:
          Fn::Join:
          - ''
          - - https://git-codecommit.
            - Ref: AWS::Region
            - ".amazonaws.com/v1/repos/"
            - Ref: AWS::StackName
        Type: CODECOMMIT
      TimeoutInMinutes: 10
      Tags:
      - Key: Owner
        Value: MyCodeBuildProject
  MySNSTopic:
    Type: AWS::SNS::Topic
    Properties:
      Subscription:
      - Endpoint:
          Ref: EmailAddress
        Protocol: email
  CodeDeployEC2InstancesStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      TemplateURL: http://s3.amazonaws.com/aws-codedeploy-us-east-1/templates/latest/CodeDeploy_SampleCF_Template.json
      TimeoutInMinutes: 60
      Parameters:
        TagValue:
          Ref: TagValue
        KeyPairName:
          Ref: KeyName
  CodeCommitRepo:
    Type: AWS::CodeCommit::Repository
    Condition: ISProduction
    Properties:
      RepositoryName:
        Ref: AWS::StackName
      RepositoryDescription: CodeCommit Repository for Sample EC2 CodeDeploy Solution
      Code:
        S3:
          Bucket: !Ref CodeCommitS3Bucket
          Key: !Ref CodeCommitS3Key
      Triggers:
      - Name: MasterTrigger
        CustomData:
          Ref: AWS::StackName
        DestinationArn:
          Ref: MySNSTopic
        Events:
        - all
  MyApplication:
    Type: AWS::CodeDeploy::Application
    DependsOn: CodeDeployEC2InstancesStack
  MyDeploymentGroup:
    Type: AWS::CodeDeploy::DeploymentGroup
    Properties:
      ApplicationName:
        Ref: MyApplication
      DeploymentConfigName: CodeDeployDefault.OneAtATime
      Ec2TagFilters:
      - Key:
          Ref: TagKey
        Value:
          Ref: TagValue
        Type: KEY_AND_VALUE
      ServiceRoleArn:
        Fn::GetAtt:
        - CodeDeployEC2InstancesStack
        - Outputs.CodeDeployTrustRoleARN
  CodePipelineStack:
    Type: AWS::CodePipeline::Pipeline
    Properties:
      RoleArn:
        Fn::Join:
        - ''
        - - 'arn:aws:iam::'
          - Ref: AWS::AccountId
          - ":role/"
          - Ref: CodePipelineRole
      Stages:
      - Name: Source
        Actions:
        - InputArtifacts: []
          Name: Source
          ActionTypeId:
            Category: Source
            Owner: AWS
            Version: '1'
            Provider: CodeCommit
          OutputArtifacts:
          - Name: MyApp
          Configuration:
            BranchName:
              Ref: RepositoryBranch
            RepositoryName:
              Ref: AWS::StackName
          RunOrder: 1
      - Name: Build
        Actions:
        - InputArtifacts:
          - Name: MyApp
          Name: cfn_nag
          ActionTypeId:
            Category: Test
            Owner: AWS
            Version: '1'
            Provider: CodeBuild
          OutputArtifacts: []
          Configuration:
            ProjectName:
              Ref: CodeBuildWebsite
          RunOrder: 1
        - InputArtifacts:
          - Name: MyApp
          Name: Build
          ActionTypeId:
            Category: Build
            Owner: AWS
            Version: '1'
            Provider: CodeBuild
          OutputArtifacts:
          - Name: MyAppBuild
          Configuration:
            ProjectName:
              Ref: CodeBuildWebsite
          RunOrder: 1
      - Name: Deploy
        Actions:
        - InputArtifacts:
          - Name: MyAppBuild
          Name: DeployToProd
          ActionTypeId:
            Category: Deploy
            Owner: AWS
            Version: '1'
            Provider: CodeDeploy
          OutputArtifacts: []
          Configuration:
            ApplicationName:
              Ref: MyApplication
            DeploymentGroupName:
              Ref: MyDeploymentGroup
          RunOrder: 1
      ArtifactStore:
        Type: S3
        Location: !Ref ArtifactBucket
Outputs:
  PipelineUrl:
    Value:
      Fn::Join:
      - ''
      - - https://console.aws.amazon.com/codepipeline/home?region=
        - Ref: AWS::Region
        - "#/view/"
        - Ref: CodePipelineStack
    Description: CodePipeline URL
  CodeDeployURL:
    Value:
      Fn::Join:
      - ''
      - - https://console.aws.amazon.com/codedeploy/home?region=
        - Ref: AWS::Region
        - "#/deployments/"
    Description: CodeDeploy URL
  GitCloneCommand:
    Value:
      Fn::Join:
      - ''
      - - "git clone https://git-codecommit."
        - Ref: AWS::Region
        - ".amazonaws.com/v1/repos/"
        - Ref: AWS::StackName
        - "/"
    Description: Git Repository URL