gusdelact/CodePipelineHelloWorldLambda.yaml

## CodePipelineHelloWorldLambda.yaml
AWSTemplateFormatVersion: '2010-09-09'
Description: Pipeline Lambda Hola Mundo usando GitHub, CodePipeline, CodeBuild y SAM

Parameters:
  GitHubOwner:
    Type: String
    Description: Nombre del propietario del repo GitHub (ej: gusdelacruz)
  GitHubRepo:
    Type: String
    Description: Nombre del repositorio (ej: lambda-holamundo)
  GitHubBranch:
    Type: String
    Default: main
    Description: Rama principal del repo
  GitHubToken:
    Type: String
    Description: Token de acceso personal de GitHub (almacenado en Secrets Manager o SSM)
  ArtifactBucketName:
    Type: String
    Default: lambda-pipeline-artifacts
    Description: Nombre del bucket S3 para artefactos del pipeline

Resources:
  ArtifactBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Ref ArtifactBucketName

  CodeBuildRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Pcodebuild.amazonaws.com
            Action: sts:AssumeRole
      Policies:
        - PolicyName: CodeBuildPolicy
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
              - Effect: Allow
                Action:
                  - logs:*
                  - s3:*
                  - lambda:*
                  - cloudformation:*
                  - iam:PassRole
                Resource: "*"

  CodePipelineRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service: codepipeline.amazonaws.com
            Action: sts:AssumeRole
      Policies:
        - PolicyName: CodePipelinePolicy
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
              - Effect: Allow
                Action:
                  - codebuild:*
                  - codecommit:*
                  - co
                  - cloudformation:*
                  - s3:*
                  - iam:PassRole
                Resource: "*"

  CodeBuildProject:
    Type: AWS::CodeBuild::Project
    Properties:
      Name: LambdaHolaMundoBuild
      ServiceRole: !Ref CodeBuildRole
      Artifacts:
        Type: CODEPIPELINE
      Environment:
        ComputeType: BUILD_GENERAL1_SMALL
        Image: aws/codebuild/standard:7.0
        Type: LINUX_CONTAINER
      Source:
        Type: CODEPIPELINE
      TimeoutInMinutes: 10

  Pipeline:
    Type: AWS::CodePipeline::Pipeline
    Properties:
      RoleArn: !GetAtt CodePipelineRole.Arn
      ArtifactStore:
        Type: S3
        Location: !Ref ArtifactBucket
      Stages:
        - Name: Source
          Actions:
            - Name: GitHub_Source
              ActionTypeId:
                Category: Source
                Owner: ThirdParty
                Provider: GitHub
                Version: '1'
              OutputArtifacts:
            - Name: SourceOutput
              Configuration:
                Owner: !Ref GitHubOwner
                Repo: !Ref GitHubRepo
                Branch: !Ref GitHubBranch
                OAuthToken: !Ref GitHubToken
        - Name: Build
          Actions:
            - Name: BuildLambda
              ActionTypeId:
                Category: Build
                Owner: AWS
                Provider: CodeBuild
                Version: '1'
              InputArtifacts:
                - Name: SourceOutput
              OutputArtifacts:
                - Name: BuildOutput
              Configuration:
                ProjectName: !Ref CodeBuildProject
        - Name: Deploy
          Actions:
            - Name: SAM_Deploy
              ActionTypeId:
                Category: Deploy
                Owner: AWS
                Provider: CloudFormation
                Version: '1'
              InputArtifacts:
                - Name: BuildOutput
              Configuration:
         : CREATE_UPDATE
                Capabilities: CAPABILITY_IAM
                StackName: LambdaHolaMundo
                TemplatePath: BuildOutput::template.yaml

Outputs:
  PipelineName:
    Value: !Ref Pipeline
  ArtifactBucket:
    Value: !Ref ArtifactBucket
gusdelact@192 ~ % pwd
/Users/gusdelact
gusdelact@192 ~ % vi pipeline.yaml
gusdelact@192 ~ % vi pipeline.yaml
gusdelact@192 ~ % cat pipeline.yaml
AWSTemplateFormatVersion: '2010-09-09'
Description: >
  Pipeline Lambda Hola Mundo usando GitHub, CodePipeline, CodeBuild y SAM.
  Incluye bucket de artefactos, roles IAM y stages de Source, Build y Deploy.

Parameters:
  GitHubOwner:
    Type: String
    Description: Nombre del propietario del repo
  GitHubRepo:
    Type: String
    Description: Nombre del repositorio
  GitHubBranch:
    Type: String
    Default: main
    Description: Rama principal del repo
  GitHubToken:
    Type: String
    Description: Token de acceso personal de GitHub
  ArtifactBucketName:
    Type: String
    Default: lambda-pipeline-artifacts
    Description: Nombre del bucket S3 para artefactos del pipeline

Resources:
  # ----------------------------
  # Bucket de artefactos del pipeline
  # ----------------------------
  ArtifactBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Ref ArtifactBucketName

  # ----------------------------
  # Rol para CodeBuild
  # ----------------------------
  CodeBuildRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub "LambdaHolaMundo-CodeBuildRole-${AWS::Region}"
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service: codebuild.amazonaws.com
            Action: sts:AssumeRole
      Policies:
        - PolicyName: CodeBuildPolicy
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
              - Effect: Allow
                Action:
                  - logs:*
                  - s3:*
                  - lambda:*
                  - cloudformation:*
                  - iam:PassRole
                Resource: "*"

  # ----------------------------
  # Rol para CodePipeline
  # ----------------------------
  CodePipelineRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub "LambdaHolaMundo-CodePipelineRole-${AWS::Region}"
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service: codepipeline.amazonaws.com
            Action: sts:AssumeRole
      Policies:
        - PolicyName: CodePipelinePolicy
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
              - Effect: Allow
                Action:
                  - codebuild:*
                  - codecommit:*
                  - codedeploy:*
                  - cloudformation:*
                  - s3:*
                  - iam:PassRole
                Resource: "*"

  # ----------------------------
  # Rol para CloudFormation (Deploy)
  # ----------------------------
  CloudFormationDeployRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub "LambdaHolaMundo-CloudFormationDeployRole-${AWS::Region}"
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: cloudformation.amazonaws.com
            Action: "sts:AssumeRole"
      Policies:
        - PolicyName: CloudFormationFullAccess
          PolicyDocument:
            Version: "2012-10-17"
            Statement:
              - Effect: Allow
                Action:
                  - s3:*
                  - lambda:*
                  - iam:*
                  - apigateway:*
                  - logs:*
                  - dynamodb:*
                  - cloudformation:*
                  - cloudwatch:*
                Resource: "*"

  # ----------------------------
  # Proyecto CodeBuild
  # ----------------------------
  CodeBuildProject:
    Type: AWS::CodeBuild::Project
    Properties:
      Name: LambdaHolaMundoBuild
      ServiceRole: !Ref CodeBuildRole
      Artifacts:
        Type: CODEPIPELINE
      Environment:
        ComputeType: BUILD_GENERAL1_SMALL
        Image: aws/codebuild/standard:7.0
        Type: LINUX_CONTAINER
        EnvironmentVariables:
          - Name: ARTIFACT_BUCKET
            Value: !Ref ArtifactBucketName   # ✅ Variable que usa buildspec.yml
      Source:
        Type: CODEPIPELINE
      TimeoutInMinutes: 10

  # ----------------------------
  # CodePipeline
  # ----------------------------
  Pipeline:
    Type: AWS::CodePipeline::Pipeline
    Properties:
      RoleArn: !GetAtt CodePipelineRole.Arn
      ArtifactStore:
        Type: S3
        Location: !Ref ArtifactBucket
      Stages:
        # --- Source Stage ---
        - Name: Source
          Actions:
            - Name: GitHub_Source
              ActionTypeId:
                Category: Source
                Owner: ThirdParty
                Provider: GitHub
                Version: '1'
              OutputArtifacts:
                - Name: SourceOutput
              Configuration:
                Owner: !Ref GitHubOwner
                Repo: !Ref GitHubRepo
                Branch: !Ref GitHubBranch
                OAuthToken: !Ref GitHubToken

        # --- Build Stage ---
        - Name: Build
          Actions:
            - Name: BuildLambda
              ActionTypeId:
                Category: Build
                Owner: AWS
                Provider: CodeBuild
                Version: '1'
              InputArtifacts:
                - Name: SourceOutput
              OutputArtifacts:
                - Name: BuildOutput
              Configuration:
                ProjectName: !Ref CodeBuildProject

        # --- Deploy Stage ---
        - Name: Deploy
          Actions:
            - Name: SAM_Deploy
              ActionTypeId:
                Category: Deploy
                Owner: AWS
                Provider: CloudFormation
                Version: '1'
              InputArtifacts:
                - Name: BuildOutput
              Configuration:
                ActionMode: CREATE_UPDATE
                Capabilities: CAPABILITY_IAM,CAPABILITY_AUTO_EXPAND
                StackName: LambdaHolaMundo
                TemplatePath: BuildOutput::template.yaml
                RoleArn: !GetAtt CloudFormationDeployRole.Arn   # Rol para CloudFormation

Outputs:
  PipelineName:
    Description: Nombre del pipeline creado
    Value: !Ref Pipeline

  ArtifactBucket:
    Description: Bucket S3 utilizado para artefactos
    Value: !Ref ArtifactBucket

  CloudFormationDeployRoleArn:
    Description: ARN del rol usado por CloudFormation en la etapa de despliegue
    Value: !GetAtt CloudFormationDeployRole.Arn
	AWSTemplateFormatVersion: '2010-09-09'
	Description: Pipeline Lambda Hola Mundo usando GitHub, CodePipeline, CodeBuild y SAM

	Parameters:
	GitHubOwner:
	Type: String
	Description: Nombre del propietario del repo GitHub (ej: gusdelacruz)
	GitHubRepo:
	Type: String
	Description: Nombre del repositorio (ej: lambda-holamundo)
	GitHubBranch:
	Type: String
	Default: main
	Description: Rama principal del repo
	GitHubToken:
	Type: String
	Description: Token de acceso personal de GitHub (almacenado en Secrets Manager o SSM)
	ArtifactBucketName:
	Type: String
	Default: lambda-pipeline-artifacts
	Description: Nombre del bucket S3 para artefactos del pipeline

	Resources:
	ArtifactBucket:
	Type: AWS::S3::Bucket
	Properties:
	BucketName: !Ref ArtifactBucketName

	CodeBuildRole:
	Type: AWS::IAM::Role
	Properties:
	AssumeRolePolicyDocument:
	Version: '2012-10-17'
	Statement:
	- Effect: Allow
	Pcodebuild.amazonaws.com
	Action: sts:AssumeRole
	Policies:
	- PolicyName: CodeBuildPolicy
	PolicyDocument:
	Version: '2012-10-17'
	Statement:
	- Effect: Allow
	Action:
	- logs:*
	- s3:*
	- lambda:*
	- cloudformation:*
	- iam:PassRole
	Resource: "*"

	CodePipelineRole:
	Type: AWS::IAM::Role
	Properties:
	AssumeRolePolicyDocument:
	Version: '2012-10-17'
	Statement:
	- Effect: Allow
	Principal:
	Service: codepipeline.amazonaws.com
	Action: sts:AssumeRole
	Policies:
	- PolicyName: CodePipelinePolicy
	PolicyDocument:
	Version: '2012-10-17'
	Statement:
	- Effect: Allow
	Action:
	- codebuild:*
	- codecommit:*
	- co
	- cloudformation:*
	- s3:*
	- iam:PassRole
	Resource: "*"

	CodeBuildProject:
	Type: AWS::CodeBuild::Project
	Properties:
	Name: LambdaHolaMundoBuild
	ServiceRole: !Ref CodeBuildRole
	Artifacts:
	Type: CODEPIPELINE
	Environment:
	ComputeType: BUILD_GENERAL1_SMALL
	Image: aws/codebuild/standard:7.0
	Type: LINUX_CONTAINER
	Source:
	Type: CODEPIPELINE
	TimeoutInMinutes: 10

	Pipeline:
	Type: AWS::CodePipeline::Pipeline
	Properties:
	RoleArn: !GetAtt CodePipelineRole.Arn
	ArtifactStore:
	Type: S3
	Location: !Ref ArtifactBucket
	Stages:
	- Name: Source
	Actions:
	- Name: GitHub_Source
	ActionTypeId:
	Category: Source
	Owner: ThirdParty
	Provider: GitHub
	Version: '1'
	OutputArtifacts:
	- Name: SourceOutput
	Configuration:
	Owner: !Ref GitHubOwner
	Repo: !Ref GitHubRepo
	Branch: !Ref GitHubBranch
	OAuthToken: !Ref GitHubToken
	- Name: Build
	Actions:
	- Name: BuildLambda
	ActionTypeId:
	Category: Build
	Owner: AWS
	Provider: CodeBuild
	Version: '1'
	InputArtifacts:
	- Name: SourceOutput
	OutputArtifacts:
	- Name: BuildOutput
	Configuration:
	ProjectName: !Ref CodeBuildProject
	- Name: Deploy
	Actions:
	- Name: SAM_Deploy
	ActionTypeId:
	Category: Deploy
	Owner: AWS
	Provider: CloudFormation
	Version: '1'
	InputArtifacts:
	- Name: BuildOutput
	Configuration:
	: CREATE_UPDATE
	Capabilities: CAPABILITY_IAM
	StackName: LambdaHolaMundo
	TemplatePath: BuildOutput::template.yaml

	Outputs:
	PipelineName:
	Value: !Ref Pipeline
	ArtifactBucket:
	Value: !Ref ArtifactBucket
	gusdelact@192 ~ % pwd
	/Users/gusdelact
	gusdelact@192 ~ % vi pipeline.yaml
	gusdelact@192 ~ % vi pipeline.yaml
	gusdelact@192 ~ % cat pipeline.yaml
	AWSTemplateFormatVersion: '2010-09-09'
	Description: >
	Pipeline Lambda Hola Mundo usando GitHub, CodePipeline, CodeBuild y SAM.
	Incluye bucket de artefactos, roles IAM y stages de Source, Build y Deploy.

	Parameters:
	GitHubOwner:
	Type: String
	Description: Nombre del propietario del repo
	GitHubRepo:
	Type: String
	Description: Nombre del repositorio
	GitHubBranch:
	Type: String
	Default: main
	Description: Rama principal del repo
	GitHubToken:
	Type: String
	Description: Token de acceso personal de GitHub
	ArtifactBucketName:
	Type: String
	Default: lambda-pipeline-artifacts
	Description: Nombre del bucket S3 para artefactos del pipeline

	Resources:
	# ----------------------------
	# Bucket de artefactos del pipeline
	# ----------------------------
	ArtifactBucket:
	Type: AWS::S3::Bucket
	Properties:
	BucketName: !Ref ArtifactBucketName

	# ----------------------------
	# Rol para CodeBuild
	# ----------------------------
	CodeBuildRole:
	Type: AWS::IAM::Role
	Properties:
	RoleName: !Sub "LambdaHolaMundo-CodeBuildRole-${AWS::Region}"
	AssumeRolePolicyDocument:
	Version: '2012-10-17'
	Statement:
	- Effect: Allow
	Principal:
	Service: codebuild.amazonaws.com
	Action: sts:AssumeRole
	Policies:
	- PolicyName: CodeBuildPolicy
	PolicyDocument:
	Version: '2012-10-17'
	Statement:
	- Effect: Allow
	Action:
	- logs:*
	- s3:*
	- lambda:*
	- cloudformation:*
	- iam:PassRole
	Resource: "*"

	# ----------------------------
	# Rol para CodePipeline
	# ----------------------------
	CodePipelineRole:
	Type: AWS::IAM::Role
	Properties:
	RoleName: !Sub "LambdaHolaMundo-CodePipelineRole-${AWS::Region}"
	AssumeRolePolicyDocument:
	Version: '2012-10-17'
	Statement:
	- Effect: Allow
	Principal:
	Service: codepipeline.amazonaws.com
	Action: sts:AssumeRole
	Policies:
	- PolicyName: CodePipelinePolicy
	PolicyDocument:
	Version: '2012-10-17'
	Statement:
	- Effect: Allow
	Action:
	- codebuild:*
	- codecommit:*
	- codedeploy:*
	- cloudformation:*
	- s3:*
	- iam:PassRole
	Resource: "*"

	# ----------------------------
	# Rol para CloudFormation (Deploy)
	# ----------------------------
	CloudFormationDeployRole:
	Type: AWS::IAM::Role
	Properties:
	RoleName: !Sub "LambdaHolaMundo-CloudFormationDeployRole-${AWS::Region}"
	AssumeRolePolicyDocument:
	Version: "2012-10-17"
	Statement:
	- Effect: Allow
	Principal:
	Service: cloudformation.amazonaws.com
	Action: "sts:AssumeRole"
	Policies:
	- PolicyName: CloudFormationFullAccess
	PolicyDocument:
	Version: "2012-10-17"
	Statement:
	- Effect: Allow
	Action:
	- s3:*
	- lambda:*
	- iam:*
	- apigateway:*
	- logs:*
	- dynamodb:*
	- cloudformation:*
	- cloudwatch:*
	Resource: "*"

	# ----------------------------
	# Proyecto CodeBuild
	# ----------------------------
	CodeBuildProject:
	Type: AWS::CodeBuild::Project
	Properties:
	Name: LambdaHolaMundoBuild
	ServiceRole: !Ref CodeBuildRole
	Artifacts:
	Type: CODEPIPELINE
	Environment:
	ComputeType: BUILD_GENERAL1_SMALL
	Image: aws/codebuild/standard:7.0
	Type: LINUX_CONTAINER
	EnvironmentVariables:
	- Name: ARTIFACT_BUCKET
	Value: !Ref ArtifactBucketName # ✅ Variable que usa buildspec.yml
	Source:
	Type: CODEPIPELINE
	TimeoutInMinutes: 10

	# ----------------------------
	# CodePipeline
	# ----------------------------
	Pipeline:
	Type: AWS::CodePipeline::Pipeline
	Properties:
	RoleArn: !GetAtt CodePipelineRole.Arn
	ArtifactStore:
	Type: S3
	Location: !Ref ArtifactBucket
	Stages:
	# --- Source Stage ---
	- Name: Source
	Actions:
	- Name: GitHub_Source
	ActionTypeId:
	Category: Source
	Owner: ThirdParty
	Provider: GitHub
	Version: '1'
	OutputArtifacts:
	- Name: SourceOutput
	Configuration:
	Owner: !Ref GitHubOwner
	Repo: !Ref GitHubRepo
	Branch: !Ref GitHubBranch
	OAuthToken: !Ref GitHubToken

	# --- Build Stage ---
	- Name: Build
	Actions:
	- Name: BuildLambda
	ActionTypeId:
	Category: Build
	Owner: AWS
	Provider: CodeBuild
	Version: '1'
	InputArtifacts:
	- Name: SourceOutput
	OutputArtifacts:
	- Name: BuildOutput
	Configuration:
	ProjectName: !Ref CodeBuildProject

	# --- Deploy Stage ---
	- Name: Deploy
	Actions:
	- Name: SAM_Deploy
	ActionTypeId:
	Category: Deploy
	Owner: AWS
	Provider: CloudFormation
	Version: '1'
	InputArtifacts:
	- Name: BuildOutput
	Configuration:
	ActionMode: CREATE_UPDATE
	Capabilities: CAPABILITY_IAM,CAPABILITY_AUTO_EXPAND
	StackName: LambdaHolaMundo
	TemplatePath: BuildOutput::template.yaml
	RoleArn: !GetAtt CloudFormationDeployRole.Arn # Rol para CloudFormation

	Outputs:
	PipelineName:
	Description: Nombre del pipeline creado
	Value: !Ref Pipeline

	ArtifactBucket:
	Description: Bucket S3 utilizado para artefactos
	Value: !Ref ArtifactBucket

	CloudFormationDeployRoleArn:
	Description: ARN del rol usado por CloudFormation en la etapa de despliegue
	Value: !GetAtt CloudFormationDeployRole.Arn
No results found