At WebGate, we’re using AWS CodePipeline heavily for CI/CD of our serverless apps and we usually do 3-tier deployments (Dev, Test, Prod).
Therefore we were looking for an example which describes how you have to build such a solution. Unfortunately we didn’t found a source which had a full blown solution matching our needs. Luckily we found some examples which gave us some clues on how to build such a Pipeline.
Especially following two sites helped us to get started:
- Building a Secure Cross-Account Continuous Delivery Pipeline
- How do I use CodePipeline to deploy an AWS CloudFormation stack in a different account?
In this post I will show you an example which you can use for your own cross-account AWS CodePipelines.
We will have:
"Central Account" → App Repos, Pipelines…
"Dev Account" → Development Account for App
"Test Account" → Testing Account for App
"Prod Account" → Production Account for App
How to Deploy
You will find the source code of this example in this Github repo, let’s first deploy the prerequisites and later the sample repo.
There are 3 AWS CloudFormation templates which you will need to deploy this solution, let’s first have a look at them:
This template will deploy all needed resources in the "Central Account":
This template will deploy all needed resources in the "Dev Account", "Test Account" and "Prod Account":
This template will deploy the actual Code Pipeline in the "Central Account".
2. How to Deploy the Prerequisites
First logon to your Central Account and open up CloudFormation in the Region of choice.
Finish the stack deployment, it will take some minutes. When finished, open up the Outputs tab of the stack and take a note of the "ArtifactBucket" and "CMK" Key values.
Now logon to your Dev Account and open up CloudFormation in the same Region as used for the "Central Account"
Wait for the stack deployment to be finished.
Test Account / Prod Account
Now logon to your Test Account / Prod Account and repeat the steps for 02prereqs-accounts.yaml
Now you have to go back to your Central Account.
Do an update on the Prereqs Stack which you created some minutes ago. Choose "Use current template" and change the value of parameter PreReqsOnAccounts from false to true and update the stack:
This will update the S3 Artifact bucket and KMS Policies and will add access for to the "Dev/Test Prod Accounts".
3. Deploy Pipeline and App
Again in the Central Account create a CF stack with the 03central-pipeline.yaml template:
Stack Name i.e. kbild-serverless-pipeline
Project name i.e. serverless
RepoBranch → The Repo branch to which the Pipeline Webhook will listen too
Again wait for the stack deployment to be finished.
Before we run our Code Pipeline for the first time, we have to add our "Hello World" app to the freshly created CodeCommit Repo. *
First clone the newly created CodeCommit Repo locally to your machine.
(If you have never used git with CodeCommit, go to the repo and click on "Clone URL" at the top → "Connection steps").
I will use SSH:
git clone ssh://git-codecommit.eu-central-1.amazonaws.com/v1/repos/serverless-ProjectRepo
Now add the buildspec.yml and sam-app folder from the the Github repo to your local clone:
Now commit and push the new files to the CodeCommit Repo:
git add . git commit -a git push
This push should trigger the Code Pipeline, so go back to your AWS console of the "Central Account" and open up CodePipeline and the new serverless-Pipeline:
As you can see the pipeline was just triggered and you can follow how the Pipeline goes through all the stages:
If all stages have finished you can logon to your "Dev Account" and go to:
CloudFormation → cicd-codepipeline-Dev Stack → Outputs
Click on the value for the Key "HelloWorldApi", this will open the API Gateway Endpoint URL and will show you the "Hello World" example app.
If everything worked as expected you should see:
Now go to your Test/Prod Account and open the according API Gateway Endpoint URL as well, you should see environment specific "Hello World" pages:
I hope that this example helps you on your future CodePipeline journey!
In Part2 of this post I will get into more details how the CloudFormation templates work and how you may customize them.