Add the source code


What are we going to do?

We are going to perform the following steps:

  • Add the source code for the version of the AWS Service Catalog product we have just created

Step by step guide

Here are the steps you need to follow to “Add the source code”

Add the source code for your product

When you configured your product version, you specified the following:

    Versions:
      - Name: "v1"
        Description: "v1 of aws-config-enable-config"
        Active: True
        Source:
          Provider: "CodeCommit"
          Configuration:
            RepositoryName: "aws-config-enable-config"
            BranchName: "master"
  

We now need to create the AWS CodeCommit repository and add the AWS CloudFormation template we are going to use for our product into that repository.

  • Input the name aws-config-enable-config
  • Click Create
  • Scroll down to the bottom of the page and hit the Create file button
  • Copy the following snippet into the main input field:

    AWSTemplateFormatVersion: 2010-09-09
    Description: |
      This template creates a Config Recorder and an Amazon S3 bucket where logs are published.
    
    Resources:
      ConfigRole:
        Type: 'AWS::IAM::Role'
        Description: The IAM role used to configure AWS Config
        Properties:
          AssumeRolePolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: Allow
                Principal:
                  Service:
                    - config.amazonaws.com
                Action:
                  - 'sts:AssumeRole'
          ManagedPolicyArns:
            - arn:aws:iam::aws:policy/service-role/AWSConfigRole
          Policies:
            - PolicyName: root
              PolicyDocument:
                Version: 2012-10-17
                Statement:
                  - Effect: Allow
                    Action: 's3:GetBucketAcl'
                    Resource: !Sub arn:aws:s3:::${S3ConfigBucket}
                  - Effect: Allow
                    Action: 's3:PutObject'
                    Resource: !Sub arn:aws:s3:::${S3ConfigBucket}/AWSLogs/${AWS::AccountId}/${AWS::Region}
                    Condition:
                      StringEquals:
                        's3:x-amz-acl': bucket-owner-full-control
                  - Effect: Allow
                    Action: 'config:Put*'
                    Resource: '*'
      ConfigRecorder:
        Type: 'AWS::Config::ConfigurationRecorder'
        DependsOn: ConfigRole
        Properties:
          Name: default
          RoleARN: !GetAtt ConfigRole.Arn
    
      DeliveryChannel:
        Type: 'AWS::Config::DeliveryChannel'
        Properties:
          ConfigSnapshotDeliveryProperties:
            DeliveryFrequency: Six_Hours
          S3BucketName: !Ref S3ConfigBucket
    
      S3ConfigBucket:
        DeletionPolicy: Retain
        Description: S3 bucket with AES256 Encryption set
        Type: AWS::S3::Bucket
        Properties:
          BucketName: !Sub config-bucket-${AWS::AccountId}
          PublicAccessBlockConfiguration:
            BlockPublicAcls: True
            BlockPublicPolicy: True
            IgnorePublicAcls: True
            RestrictPublicBuckets: True
          BucketEncryption:
            ServerSideEncryptionConfiguration:
              - ServerSideEncryptionByDefault:
                  SSEAlgorithm: AES256
    
      S3ConfigBucketPolicy:
        Type: AWS::S3::BucketPolicy
        Description: S3 bucket policy
        Properties:
          Bucket: !Ref S3ConfigBucket
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Sid: AWSBucketPermissionsCheck
                Effect: Allow
                Principal:
                  Service:
                    - config.amazonaws.com
                Action: s3:GetBucketAcl
                Resource:
                  - !Sub "arn:aws:s3:::${S3ConfigBucket}"
              - Sid: AWSBucketDelivery
                Effect: Allow
                Principal:
                  Service:
                    - config.amazonaws.com
                Action: s3:PutObject
                Resource: !Sub "arn:aws:s3:::${S3ConfigBucket}/AWSLogs/*/*"
    
    Outputs:
      ConfigRoleArn:
        Value: !GetAtt ConfigRole.Arn
      S3ConfigBucketArn:
        Value: !GetAtt S3ConfigBucket.Arn
       
    
  • Set the File name to product.template.yaml

  • Set your Author name

  • Set your Email address

  • Set your Commit message

Using a good / unique commit message will help you understand what is going on later.

Creating that file should trigger your aws-config-enable-config-v1-pipeline.

Once the pipeline has completed it should show the Source, Package and Deploy stages in green to indicate they have completed successfully:

You should see your commit message on this screen, it will help you know which version of ServiceCatalogFactory repository the pipeline is processing.

Once you have verified the pipeline has run you can go to Service Catalog products to view your newly created version.

You should see the product you created listed:

Click on the product and verify v1 is there

You have now successfully created a version for your product!