我有一个AWS CloudFormation CodeBuild模板,我希望将一组环境变量作为参数传递,这样我就可以将模板重用于多个CloudFormation项目。
我想将此部分作为参数传递。我该怎么做?
"environmentVariables": [{
"name": "$S3_BUCKET",
"value": "Parameter_Store_Variable_name",
"type": "PARAMETER_STORE"}
],
以下是更大背景的更多模板......
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Automate provisioning of CodeBuild with CodePipeline CodeCommit and CodeDeploy.",
"Parameters": {
"SourceLocation": {
"Type": "String",
"Description": "https://github.com/<account>/<repo>"
},
"AppName": {
"Type": "String",
"Description": "Name of the application."
}
},
"Resources": {
"CodeBuild": {
"Type": "AWS::CodeBuild::Project",
"DependsOn": "CodeBuildRole",
"Properties": {
"name": "test-project-name",
"description": "description",
"source": {
"type": "GITHUB",
"location": {
"Ref": "SourceLocation"
},
"gitCloneDepth": 1,
"buildspec": "",
"badgeEnabled": true,
"auth": {
"type": "OAUTH"
}
},
"artifacts": {
"type": "artifacts-type",
"location": "artifacts-location",
"path": "path",
"namespaceType": "namespaceType",
"name": "artifacts-name",
"packaging": "packaging"
},
"cache": {
"type": "NONE"
},
"ServiceRole": {
"Ref": "CodeBuildRole"
},
"timeoutInMinutes": 10,
"environment": {
"type": "LINUX_CONTAINER",
"image": "aws/codebuild/nodejs:8.11.0",
"computeType": "BUILD_GENERAL1_SMALL",
"environmentVariables": [{
"name": "$S3_BUCKET",
"value": "PARAMETERSTOREVARIABLENAMEHERE",
"type": "PARAMETER_STORE"
}],
"privilegedMode": false
}
}
},
"CodeBuildRole": {
"Description": "Creating service role in IAM for AWS CodeBuild",
"Type": "AWS::IAM::Role",
"Properties": {
"RoleName": {
"Fn::Sub": "codebuild-role-${AppName}"
},
"AssumeRolePolicyDocument": {
"Statement": [{
"Effect": "Allow",
"Principal": {
"Service": [
"codebuild.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}]
},
"Path": "/"
}
},
"CodeBuildPolicy": {
"Type": "AWS::IAM::Policy",
"DependsOn": "CodeBuildRole",
"Description": "Setting IAM policy for the service role for AWS CodeBuild",
"Properties": {
"PolicyName": {
"Fn::Sub": "codebuild-policy-${AppName}"
},
"PolicyDocument": {
"Statement": [{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Resource": [
"*"
],
"Action": [
"s3:*"
]
},
{
"Effect": "Allow",
"Resource": [
"*"
],
"Action": [
"kms:GenerateDataKey*",
"kms:Encrypt",
"kms:Decrypt"
]
},
{
"Effect": "Allow",
"Resource": [
"*"
],
"Action": [
"sns:SendMessage"
]
}
]
},
"Roles": [{
"Ref": "CodeBuildRole"
}]
}
}
},
"Outputs": {
"CodeBuildURL": {
"Description": "CodeBuild URL",
"Value": {
"Fn::Join": [
"", [
"https://console.aws.amazon.com/codebuild/home?region=",
{
"Ref": "AWS::Region"
},
"#/projects/",
{
"Ref": "CodeBuild"
},
"/view"
]
]
}
}
}
}
感谢您的帮助!
答案 0 :(得分:1)
如果您的问题是关于重用SSM参数而不是重复使用代码段,那么我建议您在代码构建中利用直接支持ssm。它可以读取您的ssm参数并使其可用作环境变量。这是我用我的用户名和密码连接到gitlab的一个例子。
env:
variables:
GITLAB_USER: 'jeshan'
parameter-store:
GITLAB_PASSWORD: 'gitlab-password'
在这种情况下,jeshan是普通值,而gitlab-password是我的SSM参数的名称。
这样做可以避免代码生成项目中的硬编码变量,以后可以在不重新部署代码生成项目的情况下更新参数。
确保您的codebuild角色有权阅读您的参数。