Using AWS CodeBuild to Deploy a Web Site
In this post I will describe how to use AWS CodeBuild to automatically deploy a web site to S3. I'll be using the resources I created in the previous post. I'm going to continue defining all my infrastructure using CloudFormation.
First, I'll create credentials to access GitHub. I'll place the credentials resource in it's own template. The token itself will need to be created on GitHub's web site. From account settings, go to developer settings. Create a new personal access token and select classic token. I will then store my new token in Secrets Manager in a secret named github where it can then be used by CloudFormation:
CodeBuildSourceCredential:
Type: AWS::CodeBuild::SourceCredential
Properties:
AuthType: PERSONAL_ACCESS_TOKEN
ServerType: GITHUB
Token: !Sub "{{resolve:secretsmanager:${SecretName}:SecretString}}"
Next, I'll define the IAM role for the CodeBuild Project. The rest of the resources will be defined in another template:
CodeBuildRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: [codebuild.amazonaws.com]
Action: ['sts:AssumeRole']
Policies:
- PolicyName: S3Policy
PolicyDocument:
Statement:
- Effect: Allow
Action:
- s3:GetObject
- s3:PutObject
- s3:ListBucket
Resource:
- !Sub 'arn:aws:s3:::${S3Bucket}'
- !Sub 'arn:aws:s3:::${S3Bucket}/*'
- PolicyName: CloudWatchPolicy
PolicyDocument:
Statement:
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:PutLogEvents
Resource:
- !Sub 'arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${ProjectName}:*'
And finally, the CodeBuild project:
CodeBuildProject:
Type: AWS::CodeBuild::Project
Properties:
Name: !Ref ProjectName
Source:
Type: GITHUB
Location: !Ref RepoURL
BuildSpec: |
version: 0.2
phases:
install:
commands:
- echo Installing dependencies...
- npm install
build:
commands:
- echo Building the project...
- npm run build
- aws s3 sync $OUTPUTFOLDER s3://$S3BUCKET
- echo Build completed on `date`
SourceVersion: !Ref BranchName
Environment:
Type: LINUX_CONTAINER
Image: aws/codebuild/standard:7.0
ComputeType: BUILD_GENERAL1_SMALL
EnvironmentVariables:
- Name: S3BUCKET
Value: !Ref S3Bucket
- Name: OUTPUTFOLDER
Value: !Ref OutputFolder
Artifacts:
Type: NO_ARTIFACTS
ServiceRole: !Ref CodeBuildRole
A GitHub Webhook is created which will run this codebuild job for any commits on the specified branch. The source credential template can be found here. The CodeBuild project template can be found here.