AWS::CodeCommit::ApprovalRuleTemplate

[benbridts]

2. Scope of request

AWS::CodeCommit::ApprovalRuleTemplate does not exist as a CloudFormation resource.

3. Expected behavior

It should manage the template and optionally the allowed approvers. The association with a repo will be better as a separate resource (so the association can live in a stack with the repo while the template is centrally managed), I can make a separate issue for that but releasing one without the other does not make a lot of sense.

5. Helpful Links to speed up research and evaluation

I'd expect the same attributes as the Create API call: https://docs.aws.amazon.com/codecommit/latest/APIReference/API_CreateApprovalRuleTemplate.html

6. Category (required) - Will help with tagging and be easier to find by other users to +1

Developer Tools (CodeStar, ...)

[arantespp]

+1

[mechanicalpete]

+1

[cramseyio]

+1

[farrantch]

+1

[usa-usa-usa-usa]

PLEASE! It's extremely frustrating to have features like this released well before cloudformation supports them.

[benbridts]

General reminder that pressing the 👍 is the best way to indicate you want this implemented. You can also subscribe to this issue (on the right hand side) to get notifications when there is a new comment. That's also the reason that voting with 👍 is preferred, as it will not send out emails to every subscriber.

(cc @arantespp @mechanicalpete @cramseyio @farrantch @jcwhisman )

[zxkane]

I implemented this via cfn custom resources. If anyone is interested in it, you can refer to the implementation.

[aro1976]

I spend the whole weekend working on templates for our devops team, it is very frustating to have to mix cloudformation with scripts and lambdas just because there is no native support.

[eduardomourar]

While this is not implemented with a public one, you can use this private resource type Community::CodeCommit::ApprovalRuleTemplate and Community::CodeCommit::RepositoryAssociation.

Installation instructions:

aws cloudformation register-type \
  --region <SELECTED_REGION> \
  --type-name "Community::CodeCommit::ApprovalRuleTemplate" \
  --schema-handler-package "s3://community-resource-provider-catalog/community-codecommit-approvalruletemplate-0.1.0.zip" \
  --type RESOURCE \
  --execution-role-arn <ROLE_ARN_WITH_ENOUGH_PRIVILEGE>

aws cloudformation register-type \
  --region <SELECTED_REGION> \
  --type-name "Community::CodeCommit::RepositoryAssociation" \
  --schema-handler-package "s3://community-resource-provider-catalog/community-codecommit-repositoryassociation-0.1.0.zip" \
  --type RESOURCE \
  --execution-role-arn <ROLE_ARN_WITH_ENOUGH_PRIVILEGE>

Usage example:

AWSTemplateFormatVersion: 2010-09-09

Parameters:
  ruleName:
    Type: String
    Default: "repo-rule"

  ruleDescription:
    Type: String
    Default: "rule description"

  repoName:
    Type: String
    Default: "repo"

Resources:
  Repo:
    Type: AWS::CodeCommit::Repository
    Properties:
      RepositoryName: !Ref repoName

  RuleTemplate:
    Type: Community::CodeCommit::ApprovalRuleTemplate
    Properties:
      Name: !Ref ruleName
      Description: !Ref ruleDescription
      Content:
        Version: "2018-11-08"
        DestinationReferences:
          - "refs/heads/master"
        Statements:
          - Type: "Approvers"
            NumberOfApprovalsNeeded: 1
            ApprovalPoolMembers:
              - "*"

  RepoAssociation:
    Type: Community::CodeCommit::RepositoryAssociation
    Properties:
      ApprovalRuleTemplateArn: !Ref RuleTemplate
      RepositoryNames: [!GetAtt Repo.Name]

Outputs:
  RuleTemplateArn:
    Value: !Ref RuleTemplate

[r2690698]

+1 to this

[jgh9]

+1 Yes!

[tonggremlin]

This is 2022 and I +1 this!

[KevinToala]

+1

[oussmoh]

+1

[aabid0193]

+1, still no progress on this?

[aabid0193]

While this is not implemented with a public one, you can use this private resource type Community::CodeCommit::ApprovalRuleTemplate and Community::CodeCommit::RepositoryAssociation.

Installation instructions:

aws cloudformation register-type \
  --region <SELECTED_REGION> \
  --type-name "Community::CodeCommit::ApprovalRuleTemplate" \
  --schema-handler-package "s3://community-resource-provider-catalog/community-codecommit-approvalruletemplate-0.1.0.zip" \
  --type RESOURCE \
  --execution-role-arn <ROLE_ARN_WITH_ENOUGH_PRIVILEGE>

aws cloudformation register-type \
  --region <SELECTED_REGION> \
  --type-name "Community::CodeCommit::RepositoryAssociation" \
  --schema-handler-package "s3://community-resource-provider-catalog/community-codecommit-repositoryassociation-0.1.0.zip" \
  --type RESOURCE \
  --execution-role-arn <ROLE_ARN_WITH_ENOUGH_PRIVILEGE>

Usage example:

AWSTemplateFormatVersion: 2010-09-09

Parameters:
  ruleName:
    Type: String
    Default: "repo-rule"

  ruleDescription:
    Type: String
    Default: "rule description"

  repoName:
    Type: String
    Default: "repo"

Resources:
  Repo:
    Type: AWS::CodeCommit::Repository
    Properties:
      RepositoryName: !Ref repoName

  RuleTemplate:
    Type: Community::CodeCommit::ApprovalRuleTemplate
    Properties:
      Name: !Ref ruleName
      Description: !Ref ruleDescription
      Content:
        Version: "2018-11-08"
        DestinationReferences:
          - "refs/heads/master"
        Statements:
          - Type: "Approvers"
            NumberOfApprovalsNeeded: 1
            ApprovalPoolMembers:
              - "*"

  RepoAssociation:
    Type: Community::CodeCommit::RepositoryAssociation
    Properties:
      ApprovalRuleTemplateArn: !Ref RuleTemplate
      RepositoryNames: [!GetAtt Repo.Name]

Outputs:
  RuleTemplateArn:
    Value: !Ref RuleTemplate

Does this still work? I had tried it but with no luck.