I have a CodePipeline setup. But now I want to only have my Pipeline run when I trigger it manually, is that possible?
This worked for me:
Set up a regular pipeline with Github webhook set.
This will create and register an internal aws webhook.
Then simply deregister and remove the webhooks like it is written in the aws docs via aws-cli.
Adjust the following to your region, mine is us-east-2:
Find out the name of the webhook:
aws codepipeline list-webhooks
De-register:
aws codepipeline deregister-webhook-with-third-party --webhook-name <webhook-name>
Delete:
aws codepipeline delete-webhook --name <webhook-name>
Note:
It's necessary to have the source step configured to use the Github webhook.
Now you can trigger your pipeline manually via AWS Console or via aws-cli with:
aws codepipeline start-pipeline-execution --name <pipeline-name>
You need configure your CodePipeline to be triggered by CloudWatch event. Once you've done that, an event rule under CloudWatch named "codepipeline-{repository_name}" will be created.
Disabling this rule will stop CodePipeline from been triggered by CodeCommit. When you need a build, just click 'Release Change' button.
You can use CloudWatch Events, to never trigger your pipeline:
https://docs.aws.amazon.com/codepipeline/latest/userguide/pipelines-trigger-source-schedule-console.html
Set up a cronjob that will never execute, and then you can manually trigger the pipeline whenever you want by clicking on the 'Release change' button.
I haven't tested, but I think it should work.
Related
The code I am working on is stored in a CodeCommit repository. I have set up an event in EventBridge that triggers a CodeBuild project to start building when a pull request is created. However, there is one issue - the build status of the CodeBuild project is not being displayed in the pull request's activity section.
I have searched but haven't found any solution related to CodeCommit repository. Most of them related to GitHub repository. However, there is a way to post comment from CodeBuild to the pull request and I am trying to follow the below link. But the problem is to configure the buildspec I don't know how can I get the pull request id when the event is triggered.
aws codecommit post-comment-for-pull-request --pull-request-id $PULL_REQUEST_ID --repository-name $REPOSITORY_NAME --before-commit-id $DESTINATION_COMMIT --after-commit-id $SOURCE_COMMIT --content "$content"
https://devato.com/post/codecommit-codebuild-pull-request-workflow
Can anyone give me some ideas. Thanks!
Could you use EventBridge input transformer to get pull request id from a codecommit pull request event and pass it to a codebuild project target? EventBridge StartBuild request has environmentVariablesOverride which can be used to store pr id as env var.
https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-transform-target-input.html
I am using terraform to create all the infra(CodePipeline, lambda, buckets) on AWS
currently, I've created a pipeline that builds the source zip file and puts it on s3 bucket but the lambda still keeps using the older source. So, I update the URL manually in the AWS console and it works.
Now I want to automate the flow but available solutions are:
AWS SAM + CFT
Codebuild Stage to update the source using AWS CLI
Create a lambda that updates the source
Code Deploy + AWS SAM + CFT
I am not willing to use CFT at all since all of our code is in terraform and CFT requires me to create new lambdas instead of using old ones.
is there any other simpler way to update the lambda source through Codepipeline
The preferred way to deploy a Lambda via CodePipeline is using a CloudFormation Deploy action [1]. Since you are not looking to use CloudFormation, next option could be to run your terraform plan/apply commands from within a CodeBuild job that is part of the pipeline. You will need to provide the CodeBuild role required permission for resource creation (or export the credentials in Environment variabels for TF to use via this [2] method) and install the TF binary within install phase of buildspec.
Ref:
[1] Building a Continuous Delivery Pipeline for a Lambda Application with AWS CodePipeline - https://docs.aws.amazon.com/lambda/latest/dg/build-pipeline.html
[2] How to retrieve Secret Manager data in buildspec.yaml
I am exploring CodeStar using a basic project created with the Python 3.7 Lambda template following the Serverless Project Tutorial in the AWS CodeStar documentation:
https://docs.aws.amazon.com/codestar/latest/userguide/sam-tutorial.html
My build and deploy are successful. However a see a warning in my CloudFormation event log:
The IAM user doesn't allow CloudFormation to call lambda:GetAlias, this could result in formulating a appspec file with stale CurrentVersion for CodeDeploy deployment. Please fix it to avoid any possible CodeDeploy deployment failures.
I am just using the AWS resources created automatically by the CodeStar console.
What do I do to fix this warning?
Details
The CodeDeploy step in the CodePipeline deploys the lambda function by updating a CloudFormation stack named: awscodestar-<codestar project name>-lambda.
When I looked in the event log for this stack, I noticed the above warning for the resource named HelloWorldAliaslive
To fix this, add the lambda:GetAlias permission to the inline policy associated with the IAM role named CodeStarWorker-<project>-CloudFormation
Open the AWS Console for CodeStar
Click Project in the left navbar
Find the Project Resources section. One of the AWS IAM resources will have a name CodeStarWorker-<project>-CloudFormation. Click the link in the ARN column of the table to open the role in IAM.
Locate the inline policy named CodeStarWorkerCloudFormationRolePolicy and click the Edit button.
Add the "lambda:GetAlias" action to this policy.
This policy is created automatically by CodeStar. In my account, the policy included several Statements. I chose to add the "lambda:GetAlias" action to the statement which already had "lambda:CreateAlias" action.
After making this change, the warning no longer appeared in my CloudFormation event logs.
AWS CodeBuild has an option in the UI to upload build output logs to CloudWatch and/or publish the logs to S3 but I do not see an option in Terraform to enable this feature through the "aws_codebuild_project" resource.
Here is a link to the Terraform docs:
https://www.terraform.io/docs/providers/aws/r/codebuild_project.html
Is there another way to possibly enable this feature via Terraform?
I can create a CloudWatch Event to capture CodeBuild events but that doesn't give me the full logs.
So even thought the Terraform documentation does not specify support for enabling CloudWatch logs for CodeBuild jobs, if you create a CodeBuild job with the AWS CodeBuild Project resource it will by default enable that checkbox for you, at least as of the date of this answer.
The Cloudwatch log Log Group will be created with the following format: aws/codebuild/codebuild_project_name
There is an open PR for a Github issue to enable CodeBuild CloudWatch logs, so hopefully we will be able to use the following config soon:
logs_config {
cloudwatch_logs {
status = "ENABLED|DISABLED"
group_name = "..."
stream_name = "..."
}
}
Unable to create a recurring schedule for lambda.
What I did:
1) Created the function and successfully tested it.
2) Went to event source section in the AWS mgmt console.
3) clicked on add event source.
4) with default settings of rate(5 minutes) clicked on submit.
Got the error:
There was an error creating the event source mapping: Could not create
scheduled-event event source
I went through the docs and ran this statement via AWS CLI:
aws lambda add-permission --statement-id Allow-scheduled-events --action lambda:InvokeFunction --principal events.amazonaws.com --function-name function:myfunction
The above statement went through successfully, I tried running it again and it said the permission already exists confirming that it ran.
I tried adding the schedule again but got the same error.
Am i supposed to change the role or something? Can't anything else in the docs. The lambda is running with basic lambda execution role.
UPDATE
I temporarily gave the role under which the Lambda is executing admin access, still the same error.
Workaround
FYI... for people facing this problem, I could achieve the same result by going to cloudwatch and adding an event targeting lambda from there... same thing, that still does not answer this question though. I cant imagine that AWS console has such a gaping bug that they aren't doing anything about.
In my case my Lambda and S3 were not in the same region. I found out by, instead of adding the trigger on the Lambda, adding the event from s3.