@aws-cdk/app-delivery

Continuous Integration / Continuous Delivery for CDK Applications

This library includes a CodePipeline composite Action for deploying AWS CDK Applications.

This module is part of the AWS Cloud Development Kit project.

Limitations

The construct library in it's current form has the following limitations:

1. It can only deploy stacks that are hosted in the same AWS account and region as the CodePipeline is.
2. Stacks that make use of Assets cannot be deployed successfully.

Getting Started

In order to add the PipelineDeployStackAction to your CodePipeline, you need to have a CodePipeline artifact that contains the result of invoking cdk synth -o <dir> on your CDK App. You can for example achieve this using a CodeBuild project.

The example below defines a CDK App that contains 3 stacks:

• CodePipelineStack manages the CodePipeline resources, and self-updates before deploying any other stack
• ServiceStackA and ServiceStackB are service infrastructure stacks, and need to be deployed in this order

  ┏━━━━━━━━━━━━━━━━┓  ┏━━━━━━━━━━━━━━━━┓  ┏━━━━━━━━━━━━━━━━━┓  ┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
  ┃     Source     ┃  ┃     Build      ┃  ┃  Self-Update    ┃  ┃             Deploy              ┃
  ┃                ┃  ┃                ┃  ┃                 ┃  ┃                                 ┃
  ┃ ┌────────────┐ ┃  ┃ ┌────────────┐ ┃  ┃ ┌─────────────┐ ┃  ┃ ┌─────────────┐ ┌─────────────┐ ┃
  ┃ │   GitHub   ┣━╋━━╋━▶ CodeBuild  ┣━╋━━╋━▶Deploy Stack ┣━╋━━╋━▶Deploy Stack ┣━▶Deploy Stack │ ┃
  ┃ │            │ ┃  ┃ │            │ ┃  ┃ │PipelineStack│ ┃  ┃ │ServiceStackA│ │ServiceStackB│ ┃
  ┃ └────────────┘ ┃  ┃ └────────────┘ ┃  ┃ └─────────────┘ ┃  ┃ └─────────────┘ └─────────────┘ ┃
  ┗━━━━━━━━━━━━━━━━┛  ┗━━━━━━━━━━━━━━━━┛  ┗━━━━━━━━━━━━━━━━━┛  ┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛

index.ts

import codebuild = require('@aws-cdk/aws-codebuild');
import codepipeline = require('@aws-cdk/aws-codepipeline');
import codepipeline_actions = require('@aws-cdk/aws-codepipeline-actions');
import cdk = require('@aws-cdk/cdk');
import cicd = require('@aws-cdk/cicd');

const app = new cdk.App();

// We define a stack that contains the CodePipeline
const pipelineStack = new cdk.Stack(app, 'PipelineStack');
const pipeline = new codepipeline.Pipeline(pipelineStack, 'CodePipeline', {
  // Mutating a CodePipeline can cause the currently propagating state to be
  // "lost". Ensure we re-run the latest change through the pipeline after it's
  // been mutated so we're sure the latest state is fully deployed through.
  restartExecutionOnUpdate: true,
  /* ... */
});

// Configure the CodePipeline source - where your CDK App's source code is hosted
const sourceOutput = new codepipeline.Artifact();
const source = new codepipeline_actions.GitHubSourceAction({
  actionName: 'GitHub',
  output: sourceOutput,
  /* ... */
});
pipeline.addStage({
  name: 'source',
  actions: [source],
});

const project = new codebuild.PipelineProject(pipelineStack, 'CodeBuild', {
  /** 
  * Choose an environment configuration that meets your use case.
  * For NodeJS, this might be:
  *
  * environment: {
  *   buildImage: codebuild.LinuxBuildImage.UBUNTU_14_04_NODEJS_10_1_0,
  * },
  */
});
const synthesizedApp = new codepipeline.Artifact();
const buildAction = new codepipeline_actions.CodeBuildAction({
  actionName: 'CodeBuild',
  project,
  input: sourceOutput,
  output: synthesizedApp,
});
pipeline.addStage({
  name: 'build',
  actions: [buildAction],
});

// Optionally, self-update the pipeline stack
const selfUpdateStage = pipeline.addStage({ name: 'SelfUpdate' });
new cicd.PipelineDeployStackAction(pipelineStack, 'SelfUpdatePipeline', {
  stage: selfUpdateStage,
  stack: pipelineStack,
  input: synthesizedApp,
});

// Now add our service stacks
const deployStage = pipeline.addStage({ name: 'Deploy' });
const serviceStackA = new MyServiceStackA(app, 'ServiceStackA', { /* ... */ });
// Add actions to deploy the stacks in the deploy stage:
const deployServiceAAction = new cicd.PipelineDeployStackAction(pipelineStack, 'DeployServiceStackA', {
  stage: deployStage,
  stack: serviceStackA,
  input: synthesizedApp,
  // See the note below for details about this option.
  adminPermissions: false, 
});
// Add the necessary permissions for you service deploy action. This role is
// is passed to CloudFormation and needs the permissions necessary to deploy
// stack. Alternatively you can enable [Administrator](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_administrator) permissions above, 
// users should understand the privileged nature of this role.
deployServiceAAction.addToRolePolicy(
  new iam.PolicyStatement()
    .addAction('service:SomeAction')
    .addResource(myResource.myResourceArn)
    // add more Action(s) and/or Resource(s) here, as needed
);

const serviceStackB = new MyServiceStackB(app, 'ServiceStackB', { /* ... */ });
new cicd.PipelineDeployStackAction(pipelineStack, 'DeployServiceStackB', {
  stage: deployStage,
  stack: serviceStackB,
  input: synthesizedApp,
  createChangeSetRunOrder: 998,
  adminPermissions: true, // no need to modify the role with admin
}); 

buildspec.yml

The repository can contain a file at the root level named buildspec.yml, or you can in-line the buildspec. Note that buildspec.yaml is not compatible.

For example, a TypeScript or Javascript CDK App can add the following buildspec.yml at the root of the repository:

version: 0.2
phases:
  install:
    commands:
      # Installs the npm dependencies as defined by the `package.json` file
      # present in the root directory of the package
      # (`cdk init app --language=typescript` would have created one for you)
      - npm install
  build:
    commands:
      # Builds the CDK App so it can be synthesized
      - npm run build
      # Synthesizes the CDK App and puts the resulting artifacts into `dist`
      - npm run cdk synth -- -o dist
artifacts:
  # The output artifact is all the files in the `dist` directory
  base-directory: dist
  files: '**/*'

The PipelineDeployStackAction expects it's input to contain the result of synthesizing a CDK App using the cdk synth -o <directory>.

Changelog

0.29.0 (2019-04-24)

Bug Fixes

• acm: enabled validation of certificates on the zone name (#2133) (f216f96)
• aws-apigateway: add integrationHttpMethod prop to AwsIntegration (#2160) (dfc6665), closes #2105
• aws-cloudwatch: remove workaround on optional DashboardName (6c73d8a), closes #213
• aws-ecs: fix default daemon deploymentConfig values (#2210) (c2e806b), closes #2209
• aws-ecs: handle long ARN formats for services (#2176) (66df1c8), closes #1849
• aws-lambda: fix circular dependency with lambda and codedeploy (#2236) (382da6a)
• certificatemanager: remove bundled lambda devdependencies (#2186) (6728b41)
• codebuild: add validation for Source when the badge property is true (#2242) (07812b2), closes #1749
• core: allow CfnMapping.findInMap to use pseudo functions/params (#2220) (464cb6f), closes #1363
• core: Use different symbol for Stack.isStack versus CfnReference.isCfnReference (#2305) (c1e41ed)
• decdk: set the timeout in the schema tests to 10 seconds. (#2250) (8521b6f)
• dynamodb: remove global secondary index limit (#2301) (43afa3a), closes #2262
• ecr: Fix typo in ImportRepository error message (#2217) (b7c9b21)
• elasticloadbalancingv2: dependency between ALB and logging bucket (#2221) (99e085d), closes #1633
• java-app-template: invoke app.run() (#2300) (47ff448), closes #2289 awslabs/jsii#456
• lambda: avoid OperationAbortedException when using log retention (#2237) (12a118c)
• s3: Add validations for S3 bucket names (#2256) (f810265), closes #1308
• servicediscovery: allow to register multiple instances on a service (#2207) (9f88696)
• toolkit: don't fail when terminal width is 0 (#2355) (9c2220c), closes #2253
• toolkit: fix broken confirmation prompt (#2333) (4112c84)
• toolkit: options requiring arguments fail if not supplied (#2197) (0f6ce56), closes #2192
• toolkit: remove metadata warning if region does not have resource (#2216) (22ed67c)
• toolkit: stop 'cdk doctor' from printing AWS_ variables (#2357) (6209c6b), closes #1931
• codebuild: remove oauthToken property from source (#2252) (8705af3), closes #2252 #2199
• aws-ec2: correct InstanceSize.Nano spelling (#2215) (d22a154), closes #2215 #2214

Features

• aws-dynamodb-global: global dynamodb tables (experimental) (#2251) (ec367c8)
• aws-events-targets: centralized module for cloudwatch event targets (#2343) (1069938)
• cdk-dasm: generate cdk code from cloudformation (#2244) (b707782)
• cloudwatch: add support for time ranges in dashboards (#2248) (18c1723)
• codebuild: add support for more images (#2233) (87b1ea0), closes #2079
• codepipeline: add ECS deploy Action. (#2050) (d46b814), closes #1386
• codepipeline: change to stand-alone Artifacts. (#2338) (b778e10)
• codepipeline: make the default CodePipeline Bucket have an encryption key (#2241) (ef9bba5), closes #1924
• core: verify CfnOutput has a value and fix VPC export (#2219) (9e87661), closes #2012
• events-targets: LambdaFunction (#2350) (48d536b), closes #1663
• ec2: add support for vpc endpoints (#2104) (bbb3f34)
• lambda: introduce a new kind of Code, CfnParametersCode. (#2027) (4247966)
• cfnspec: update CloudFormation resources to v2.30.0 (#2239) (aebcde5)
• toolkit: stage assets under .cdk.assets (#2182) (2f74eb4), closes #1716 #2096

BREAKING CHANGES TO EXPERIMENTAL FEATURES

• cloudwatch: Renamed MetricCustomization to MetricOptions.
• codepipeline: CodePipeline Actions no longer have the outputArtifact and outputArtifacts properties.
• codepipeline: inputArtifact(s) and additionalInputArtifacts properties were renamed to input(s) and extraInputs.
• codepipeline: outputArtifactName(s) and additionalOutputArtifactNames properties were renamed to output(s) and extraOutputs.
• codepipeline: The classes CodeBuildBuildAction and CodeBuildTestAction were merged into one class CodeBuildAction.
• codepipeline: The classes JenkinsBuildAction and JenkinsTestAction were merged into one class JenkinsAction.
• events-targets: lambda.Function no longer implements IEventRuleTarget. Instead, use @aws-cdk/aws-events-targets.LambdaFunction.
• aws-events-targets: sns.Topic no longer implements IEventRuleTarget. Use @aws-cdk/aws-events-targets.SnsTopic instead.
• codebuild: codebuild.Project no longer implements IEventRuleTarget. Use @aws-cdk/aws-events-targets.CodeBuildProject.
• core: the cdk.Root construct has been removed. Use cdk.App instead.
• stepfunctions: In stepfunctions.WaitProps: the props seconds, timestamp, secondsPath and timestampPath are now duration of a union-like class WaitDuration (e.g. duration: WaitDuration.seconds(n))
• codedeploy: In codedeploy.ServerDeploymentConfigProps: the props minHealthyHostCount and minHealthyHostPercentage are now minimumHealthyHosts of union-like class MinimumHealthyHosts (e.g. minimumHealthyHosts: MinimumHealthyHosts.percentage(50))
• cloudformation: In cloudformation.CustomResourceProps: the props topicProvider and lambdaProvider are now provider of union-like class CustomResourceProvider (e.g. CustomResourceProvider.lambda(fn)
• cloudformation: cloudformation.CustomResource no longer extends CfnCustomResource.
• ssm: ssm.ParameterProps renamed to ssm.ParameterOptions.
• codepipeline: customers who use GitHub, GitHubEnterprise or Bitbucket as source will need to remove the oauthToken field as it's no longer available.
• codebuild: change the default image from UBUNTU_14_04_BASE to UBUNTU_18_04_STANDARD.
• ec2: aws-ec2.InstanceSize.None was renamed to InstanceSize.Nano
• ec2: * vpc.selectSubnetIds(...) has been replaced with vpc.selectSubnets(...).subnetIds.
• You will not be able to combine jsii libraries written against previous versions of jsii with this version of the CDK.