pipeline_s3.yaml

AWSTemplateFormatVersion: '2010-09-09'
Description: >
  Pipeline Lambda Hola Mundo usando S3 como fuente, CodePipeline, CodeBuild y SAM.
  Ideal para laboratorios sin integración GitHub.

Parameters:
  SourceBucketName:
    Type: String
    Description: Bucket S3 donde se sube el código fuente ZIP
  SourceObjectKey:
    Type: String
    Description: Archivo ZIP
  ArtifactBucketName:
    Type: String
    Default: lambda-pipeline-artifacts
    Description: Nombre del bucket S3 para artefactos del pipeline

Resources:
  # ----------------------------
  # Bucket para artefactos del pipeline
  # ----------------------------
  ArtifactBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Ref ArtifactBucketName

  # ----------------------------
  # Rol para CodeBuild
  # ----------------------------
  CodeBuildRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub "LambdaHolaMundo-CodeBuildRoleS3-${AWS::Region}"
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service: codebuild.amazonaws.com
            Action: sts:AssumeRole
      Policies:
        - PolicyName: CodeBuildPolicy
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
              - Effect: Allow
                Action:
                  - logs:*
                  - s3:*
                  - lambda:*
                  - cloudformation:*
                  - iam:PassRole
                Resource: "*"

  # ----------------------------
  # Rol para CodePipeline
  # ----------------------------
  CodePipelineRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub "LambdaHolaMundoS3-CodePipelineRole-${AWS::Region}"
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service: codepipeline.amazonaws.com
            Action: sts:AssumeRole
      Policies:
        - PolicyName: CodePipelinePolicy
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
              - Effect: Allow
                Action:
                  - codebuild:*
                  - cloudformation:*
                  - s3:*
                  - iam:PassRole
                Resource: "*"

  # ----------------------------
  # Rol para CloudFormation (Deploy)
  # ----------------------------
  CloudFormationDeployRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub "LambdaHolaMundoS3-CloudFormationDeployRole-${AWS::Region}"
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: cloudformation.amazonaws.com
            Action: "sts:AssumeRole"
      Policies:
        - PolicyName: CloudFormationFullAccess
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Action:
                  - s3:*
                  - lambda:*
                  - iam:*
                  - apigateway:*
                  - logs:*
                  - dynamodb:*
                  - cloudformation:*
                  - cloudwatch:*
                Resource: "*"

  # ----------------------------
  # Proyecto CodeBuild
  # ----------------------------
  CodeBuildProject:
    Type: AWS::CodeBuild::Project
    Properties:
      Name: LambdaHolaMundoBuildS3
      ServiceRole: !Ref CodeBuildRole
      Artifacts:
        Type: CODEPIPELINE
      Environment:
        ComputeType: BUILD_GENERAL1_SMALL
        Image: aws/codebuild/standard:7.0
        Type: LINUX_CONTAINER
        EnvironmentVariables:
          - Name: ARTIFACT_BUCKET
            Value: !Ref ArtifactBucketName
      Source:
        Type: CODEPIPELINE
      TimeoutInMinutes: 10

  # ----------------------------
  # CodePipeline con fuente S3
  # ----------------------------
  Pipeline:
    Type: AWS::CodePipeline::Pipeline
    Properties:
      RoleArn: !GetAtt CodePipelineRole.Arn
      ArtifactStore:
        Type: S3
        Location: !Ref ArtifactBucket
      Stages:
        - Name: Source
          Actions:
            - Name: S3_Source
              ActionTypeId:
                Category: Source
                Owner: AWS
                Provider: S3
                Version: '1'
              OutputArtifacts:
                - Name: SourceOutput
              Configuration:
                S3Bucket: !Ref SourceBucketName
                S3ObjectKey: !Ref SourceObjectKey
              RunOrder: 1

        - Name: Build
          Actions:
            - Name: BuildLambda
              ActionTypeId:
                Category: Build
                Owner: AWS
                Provider: CodeBuild
                Version: '1'
              InputArtifacts:
                - Name: SourceOutput
              OutputArtifacts:
                - Name: BuildOutput
              Configuration:
                ProjectName: !Ref CodeBuildProject

        - Name: Deploy
          Actions:
            - Name: SAM_Deploy
              ActionTypeId:
                Category: Deploy
                Owner: AWS
                Provider: CloudFormation
                Version: '1'
              InputArtifacts:
                - Name: BuildOutput
              Configuration:
                ActionMode: CREATE_UPDATE
                Capabilities: CAPABILITY_IAM,CAPABILITY_AUTO_EXPAND
                StackName: LambdaHolaMundo
                TemplatePath: BuildOutput::template.yaml
                RoleArn: !GetAtt CloudFormationDeployRole.Arn

Outputs:
  PipelineName:
    Description: Nombre del pipeline creado
    Value: !Ref Pipeline

  ArtifactBucket:
    Description: Bucket S3 utilizado para artefactos
    Value: !Ref ArtifactBucket

  CloudFormationDeployRoleArn:
    Description: ARN del rol usado por CloudFormation en la etapa de despliegue
    Value: !GetAtt CloudFormationDeployRole.Arn