はじめに
AWS CodeStarで流し込めるテンプレのサンプルを書いてみた。メモに近いので今後ブラッシュアップしていきます。
LambdaでPython等のコードを記述し、CloudWatchトリガで起動するだけのサンプルです。
buildspec.yml
version: 0.2
phases:
install:
runtime-versions:
python: 3.8
commands:
# pip(Pip Installs Packages)のアップグレード
- pip install --upgrade pip
# requimentsの内容をインストール(pipenvなどでも同じようにコマンド記述)
- pip install -t ./src -r requirements.txt
pre_build:
commands:
# unittest用 testsフォルダの中のモジュールを実行
#- python -m unittest discover tests
build:
commands:
# Use AWS SAM to package the application by using AWS CloudFormation
- aws cloudformation package --template template.yml --s3-bucket $S3_BUCKET --output-template template-export.yml
# Do not remove this statement. This command is required for AWS CodeStar projects.
# Update the AWS Partition, AWS Region, account ID and project ID in the project ARN on template-configuration.json file so AWS CloudFormation can tag project resources.
- sed -i.bak 's/\$PARTITION\$/'${PARTITION}'/g;s/\$AWS_REGION\$/'${AWS_REGION}'/g;s/\$ACCOUNT_ID\$/'${ACCOUNT_ID}'/g;s/\$PROJECT_ID\$/'${PROJECT_ID}'/g' template-configuration.json
artifacts:
type: zip
files:
- template-export.yml
- template-configuration.json
template.yml
AWSTemplateFormatVersion: 2010-09-09
Transform:
- AWS::Serverless-2016-10-31
- AWS::CodeStar
Parameters:
ProjectId:
Type: String
CodeDeployRole:
Type: String
Globals:
Function:
AutoPublishAlias: live
DeploymentPreference:
Enabled: true
Type: Canary10Percent5Minutes
Role: !Ref CodeDeployRole
Resources:
# LambdaFunction
LambdaName:
Type: AWS::Lambda::Function
Properties:
FunctionName: 'awscodestar-LambdaName-lambda'
Code: src
Handler: file_name.lambda_handler
MemorySize: 256
Runtime: python3.8
# 既存のロールは初期でデプロイする際はPassRoleできないので、CodeStarWorker-XXXXXXXXX-CloudFormationの
# IAMに「AWSLambdaFullAccess」をつけてあげると成功する。AWSは1つのLambdaに1権限作成することを推奨しているのでおすすめはしない
# もし権限をつくるなら「Role: !GetAtt 'LambdaExecutionRole.Arn'」を記述し、以下コメントアウトをはずす
Role: arn:aws:iam::1111111111111111:role/lambda-role
Timeout: 900
# VPCを設定
VpcConfig:
SecurityGroupIds:
- sg-0aaaaaaaaaaaaaaaa
- sg-0bbbbbbbbbbbbbbbb
SubnetIds:
- subnet-0ccccccccccccccc
# # Lambdaの実行IAMロール
# LambdaExecutionRole:
# Description: 'LambdaName用IAMロール'
# Type: AWS::IAM::Role
# Properties:
# RoleName: !Sub 'CodeStar-${ProjectId}-Execution'
# AssumeRolePolicyDocument:
# Statement:
# - Effect: Allow
# Principal:
# Service: [lambda.amazonaws.com]
# Action: sts:AssumeRole
# ManagedPolicyArns:
# - arn:aws:iam::aws:policy/AmazonEC2FullAccess
# - arn:aws:iam::aws:policy/AWSLambdaFullAccess
# - arn:aws:iam::aws:policy/AmazonS3FullAccess
# - arn:aws:iam::aws:policy/AmazonRDSReadOnlyAccess
# - arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser
# PermissionsBoundary: !Sub # 'arn:${AWS::Partition}:iam::${AWS::AccountId}:policy/CodeStar_${ProjectId}_PermissionsBoundary
# CloudWatchのルール定義
RuleLambdaName:
Type: AWS::Events::Rule
Properties:
Description: 'LambdaName用'
Name: LambdaNameSc
ScheduleExpression: 'cron(0/10 * * * ? *)'
State: ENABLED
Targets:
- Arn: !GetAtt 'LambdaName.Arn'
Id: LambdaName
# CloudWatchとLambdaの関連付け
PermissionForEventsToInvokeLambda:
Type: AWS::Lambda::Permission
Properties:
FunctionName: !Ref 'LambdaName'
Action: lambda:InvokeFunction
Principal: events.amazonaws.com
SourceArn: !GetAtt 'RuleLambdaName.Arn'