We are going to perform the following steps:
Here are the steps you need to follow to “Add the source code”
When you configured your product version, you specified the following:
Versions:
- Name: "v1"
Description: "v1 of aws-config-enable-config"
Active: True
Source:
Provider: "CodeCommit"
Configuration:
RepositoryName: "aws-config-enable-config"
BranchName: "main"
We now need to create the AWS CodeCommit repository and add the AWS CloudFormation template we are going to use for our product into that repository.
Navigate to AWS CodeCommit
Click Create repository
aws-config-enable-config
Copy the following snippet into the main input field:
AWSTemplateFormatVersion: 2010-09-09
Description: |
This template creates a Config Recorder and an Amazon S3 bucket where logs are published.
Resources:
ConfigRole:
Type: 'AWS::IAM::Role'
Description: The IAM role used to configure AWS Config
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Principal:
Service:
- config.amazonaws.com
Action:
- 'sts:AssumeRole'
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSConfigRole
Policies:
- PolicyName: root
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action: 's3:GetBucketAcl'
Resource: !Sub arn:aws:s3:::${S3ConfigBucket}
- Effect: Allow
Action: 's3:PutObject'
Resource: !Sub arn:aws:s3:::${S3ConfigBucket}/AWSLogs/${AWS::AccountId}/${AWS::Region}
Condition:
StringEquals:
's3:x-amz-acl': bucket-owner-full-control
- Effect: Allow
Action: 'config:Put*'
Resource: '*'
ConfigRecorder:
Type: 'AWS::Config::ConfigurationRecorder'
DependsOn: ConfigRole
Properties:
Name: default
RoleARN: !GetAtt ConfigRole.Arn
DeliveryChannel:
Type: 'AWS::Config::DeliveryChannel'
Properties:
ConfigSnapshotDeliveryProperties:
DeliveryFrequency: Six_Hours
S3BucketName: !Ref S3ConfigBucket
S3ConfigBucket:
DeletionPolicy: Retain
Description: S3 bucket with AES256 Encryption set
Type: AWS::S3::Bucket
Properties:
BucketName: !Sub config-bucket-${AWS::AccountId}
PublicAccessBlockConfiguration:
BlockPublicAcls: True
BlockPublicPolicy: True
IgnorePublicAcls: True
RestrictPublicBuckets: True
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: AES256
S3ConfigBucketPolicy:
Type: AWS::S3::BucketPolicy
Description: S3 bucket policy
Properties:
Bucket: !Ref S3ConfigBucket
PolicyDocument:
Version: 2012-10-17
Statement:
- Sid: AWSBucketPermissionsCheck
Effect: Allow
Principal:
Service:
- config.amazonaws.com
Action: s3:GetBucketAcl
Resource:
- !Sub "arn:aws:s3:::${S3ConfigBucket}"
- Sid: AWSBucketDelivery
Effect: Allow
Principal:
Service:
- config.amazonaws.com
Action: s3:PutObject
Resource: !Sub "arn:aws:s3:::${S3ConfigBucket}/AWSLogs/*/*"
Outputs:
ConfigRoleArn:
Value: !GetAtt ConfigRole.Arn
S3ConfigBucketArn:
Value: !GetAtt S3ConfigBucket.Arn
Set the File name to product.template.yaml
Set your Author name
Set your Email address
Set your Commit message
Using a good / unique commit message will help you understand what is going on later.
Creating that file should trigger your aws-config-enable-config-v1-pipeline.
Once the pipeline has completed it should show the Source, Package and Deploy stages in green to indicate they have completed successfully:
You should see your commit message on this screen, it will help you know which version of ServiceCatalogFactory repository the pipeline is processing.
Once you have verified the pipeline has run you can go to Service Catalog products to view your newly created version.
Click on the product and verify v1 is there
You have now successfully created a version for your product!
If you are using AWS CodeCommit as your SCM you are able to request the framework to create the git repository for you and you can specify an AWS S3 source for where the initial commit should come from:
- Name: "vpc"
Owner: "networking@example.com"
Description: "vpc"
Distributor: "cloud-engineering"
SupportDescription: "Speak to networking@example.com for help"
SupportEmail: "networking@example.com"
SupportUrl: "https://wiki.example.com/cloud-engineering/networking/vpc"
Source:
Provider: "CodeCommit"
Configuration:
RepositoryName: "networking-vpc"
Code:
S3:
Bucket: "service-catalog-tools-product-sets-eu-west-2"
Versions:
- Name: "v1"
Description: "v1 of vpc"
Active: True
Source:
Configuration:
BranchName: "v1"
Code:
S3:
Key: "product-sets/networking/vpc/v1/networking--vpc--v1.zip"
Portfolios:
- "demo-portfolio"
In the example above we are saying the initial source code should come from the S3 bucket named service-catalog-tools-product-sets-eu-west-2 using the key product-sets/networking/vpc/v1/networking–vpc–v1.zip
You can split the declaration between the product and version as we have in the example above or you could have specified all of the configuration under the version.