The best way to automate the creation of CI/CD pipelines is by launching them programmatically. This is specially useful in a microservices environment, where you create a pipeline per microservice, which potentially means dozens of pipelines, if not more. Having an automated way to launch pipelines enables developers to create as many as they need without having to build them manually from the console every single time.
CloudFormation is just one of the many ways you can go about automating Pipeline creation. But there are a few other mechanisms we see customers use as pipeline vending machines. The following list describes some of the most common ones:
For this workshop, we are going to use CloudFormation as the vending mechanism. And we have already built a template that will help you get started. From your terminal, download the CloudFormation template:
Let’s take a moment to understand the key components of the CloudFormation template.
This is the artifact store for your pipeline. CodePipeline will use this bucket to pass artifacts to the downstream jobs. This is also where SAM will upload the artifacts during the build process.
The source stage is the first step of any pipeline and it points to your source code. It determines when to trigger the pipeline based on new changes (i.e. git push). This pipeline uses AWS CodeCommit as the source provider, but CodePipeline also supports S3, GitHub and Amazon ECR as source providers.
The build phase uses AWS CodeBuild as the build provider. But CodePipeline supports other providers like Jenkins, TeamCity or CloudBees. CodeBuild is a great option because you only pay for the time when your build is running, which makes it very cost effective.
A CodeBuild project has information about the build environment. A build environment represents a combination of operating system (Linux or Windows), compute size (Small, Medium, Large) and a Docker image where the build runs. You can bring your own Docker image or use the managed images provided by the service. In this case, we are using the managed image for Amazon Linux 2: aws/codebuild/amazonlinux2-x86_64-standard:1.0.
This pipeline uses CloudFormation ChangeSets to deploy the SAM application. This is why the deployment stage is composed of 2 steps, the CreateChangeSet and the ExecuteChangeSet. The main thing to highlight here is the
TemplatePath, notice how our deployment artifact is the
packaged.yaml produced by the SAM build.
The pipeline definition is very straightforward. You specify the bucket for artifacts and a list of Stages, which in this case we have 3:
1. Source -> 2. Build -> 3. Deploy to Dev. The configuration for each stage is ommited in the following image because it has already been shown in the screenshots above.
In case you haven’t noticed. This pipeline involves 3 different IAM Roles. It’s important to be aware of them in case you need to troubleshoot a permissions error, depending on what stage of the pipeline you got it, you know what role to modify.
If you are curious, you can explore the IAM policies for each of these roles in the CloudFormation template.