Archivo de configuración buildspec.yaml utilizado en AWS CodeBuild.
version: 0.2
phases:
pre_build:
commands:
- echo Logging in to Amazon ECR...
- aws --version
- AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
- aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin ${AWS_ACCOUNT_ID}.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com
- REPOSITORY_URI=<IMAGE_URI>
- COMMIT_HASH=$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | cut -c 1-7)
- IMAGE_TAG=build-$(echo $CODEBUILD_BUILD_ID | awk -F":" '{print $2}')
build:
commands:
- echo Build started on date
- echo Building the Docker image...
- docker build -t $REPOSITORY_URI:latest .
- docker image tag $REPOSITORY_URI:latest $REPOSITORY_URI:$IMAGE_TAG
post_build:
commands:
- echo Build completed on date
- echo Pushing the Docker images...
- docker push $REPOSITORY_URI:latest
- docker push $REPOSITORY_URI:$IMAGE_TAG
- printf '{"ImageURI":"%s"}' $REPOSITORY_URI:$IMAGE_TAG > imageDetail.json
artifacts:
files:
- 'image*.json'
- 'appspec.yaml'
- 'taskdef.json'
secondary-artifacts:
DefinitionArtifact:
files:
- appspec.yaml
- taskdef.json
ImageArtifact:
files:
- imageDetail.json
Política utilizada en AWS CodeBuild:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": [
"*"
],
"Effect": "Allow",
"Sid": "CloudWatchLogsPolicy"
},
{
"Action": [
"s3:GetObject",
"s3:GetObjectVersion"
],
"Resource": [
"*"
],
"Effect": "Allow",
"Sid": "S3GetObjectPolicy"
},
{
"Action": [
"s3:PutObject"
],
"Resource": [
"*"
],
"Effect": "Allow",
"Sid": "S3PutObjectPolicy"
},
{
"Action": [
"codeartifact:DisassociateExternalConnection",
"codeartifact:AssociateWithDownstreamRepository",
"codeartifact:GetPackageVersionReadme",
"codeartifact:PutRepositoryPermissionsPolicy",
"codeartifact:DeletePackageVersions",
"codeartifact:ListRepositoriesInDomain",
"codeartifact:DescribePackageVersion",
"codeartifact:GetDomainPermissionsPolicy",
"codeartifact:ListDomains",
"codeartifact:DisposePackageVersions",
"codeartifact:ListPackageVersionDependencies",
"codeartifact:GetAuthorizationToken",
"codeartifact:ListPackages",
"codeartifact:ReadFromRepository",
"codeartifact:GetPackageVersionAsset",
"codeartifact:CreateDomain",
"codeartifact:DescribeRepository",
"codeartifact:ListPackageVersionAssets",
"codeartifact:DescribeDomain",
"codeartifact:AssociateExternalConnection",
"codeartifact:UpdateRepository",
"codeartifact:DeleteDomain",
"codeartifact:CopyPackageVersions",
"codeartifact:PutPackageMetadata",
"codeartifact:DeleteRepository",
"codeartifact:ListRepositories",
"codeartifact:UpdatePackageVersionsStatus",
"codeartifact:GetRepositoryEndpoint",
"codeartifact:CreateRepository",
"codeartifact:PublishPackageVersion",
"codeartifact:GetRepositoryPermissionsPolicy",
"codeartifact:ListPackageVersions",
"codeartifact:PutDomainPermissionsPolicy"
],
"Resource": [
"*"
],
"Effect": "Allow",
"Sid": "CodeArtifactPolicy"
},
{
"Action": [
"ssm:GetParameters",
"ecr:*"
],
"Resource": [
"*"
],
"Effect": "Allow",
"Sid": "OtherPolicies"
}
]
}
Política utilizada en AWS CodePipeline:
{
"Statement": [
{
"Action": [
"s3:*"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"codecommit:GetBranch",
"codecommit:GetCommit",
"codecommit:UploadArchive",
"codecommit:GetUploadArchiveStatus",
"codecommit:CancelUploadArchive"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"codepipeline:*",
"iam:ListRoles",
"iam:PassRole",
"codedeploy:CreateDeployment",
"codedeploy:GetApplication",
"codedeploy:GetApplicationRevision",
"codedeploy:GetDeployment",
"codedeploy:GetDeploymentConfig",
"codedeploy:RegisterApplicationRevision",
"lambda:*",
"sns:*",
"ecs:*",
"ecr:*"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"codebuild:StartBuild",
"codebuild:StopBuild",
"codebuild:BatchGet*",
"codebuild:Get*",
"codebuild:List*",
"codecommit:GetBranch",
"codecommit:GetCommit",
"codecommit:GetRepository",
"codecommit:ListBranches",
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"logs:GetLogEvents"
],
"Resource": "arn:aws:logs:*:*:log-group:/aws/codebuild/*:log-stream:*",
"Effect": "Allow"
}
]
}