aws-deployment-framework
aws-deployment-framework copied to clipboard
Published
20 hours ago •
awslabs
awslabs
S3 Role not working
I currently have this deploymentmap
pipelines:
- name: ben-test-pipeline
tags: &pipeline_tags
client: sandbox-ben
default_providers:
source:
provider: codecommit
properties:
account_id: &sandbox_ben "111111111111"
repository: adf-test-source
branch: main
targets:
- path: *sandbox_ben
provider: s3
properties:
bucket_name: demo-ben-202101
object_key: output/aws-landing-zone-configuration.zip
role: adf-custom-s3-role
That does however not generate the right pipeline, if I execute
aws codepipeline get-pipeline --name adf-pipeline-ben-test-pipeline --output yaml
I get
# Removed the irrelevant sections
# ...
pipeline:
name: adf-pipeline-ben-test-pipeline
# ...
roleArn: arn:aws:iam::222222222222:role/adf-codepipeline-role
stages:
- actions: # ...
name: Source-111111111111
- actions: # ...
name: Build
- actions:
- actionTypeId:
category: Deploy
owner: AWS
provider: S3
version: '1'
configuration:
BucketName: demo-ben-202101
Extract: 'false'
ObjectKey: output/aws-landing-zone-configuration.zip
inputArtifacts:
- name: ben-test-pipeline-build
name: AccountName-eu-west-1
outputArtifacts: []
region: eu-west-1
roleArn: arn:aws:iam::111111111111:role/adf-cloudformation-role
runOrder: 1
name: deployment-stage-1
version: 7
note that roleArn should be arn:aws:iam::111111111111:role/adf-custom-s3-role
I took a quick look at the code, and couldn't spot anything obvious that was wrong
I found the problem:
- The documentation indicates that you can override the role
- It's hardcoded here
It seems that the only non-hardcoded role is the cloudformation service / deployment role.
It might be better to add a a new parameter to every action (action_role? pipeline_role?) so we have one property-name for the RoleArn that is a direct child of the action, and one property-name (currently role) for the service-role used by CloudFormation
