TL;DR
The following document provides an example of automating the release of a Lambda function in node.js. http://docs.aws.amazon.com/ja_jp/lambda/latest/dg/automating-deployment.html
In this document, we will write an app similar to this in Java and automate its release. Minimize the explanation of the meaning and role of each element. (I'm not sure. I'm sorry.) I will give an example of the minimum operation sample.
In this document, various settings are manually entered on the management console. The procedure may have changed due to future UI changes. Please forgive me.
--The code is placed on github. --You have a branch to detect updates. --In this example, assume that you have the master branch at the following URL: https://github.com/kazurof/minimum-java-lambda-with-codepipeline Sample code is also located here. --Build with Gradle. --There is an S3 bucket to put the intermediate files. As an example, let's say ʻauto-release-sample`.
Open the IAM Management Console and create a role as shown below.
| item | value | Remarks |
|---|---|---|
| name | cloudformation-lambda-execution-role | |
| Roll type | AWS CloudFormation | When creating, select from "AWS Service Role". On the created role screen, it will be displayed on the Trusts tab |
| Attached policy | AWSLambdaExecute | On the role screen, it appears in the Permissions tab => Administrative Policy |
After creating the role once, open the created role in the management console and click Add Inline Policy. After proceeding to Custom Policy-> Select, enter the following contents. Set the policy name as appropriate.
{
"Statement": [
{
"Action": [
"s3:GetObject",
"s3:GetObjectVersion",
"s3:GetBucketVersioning"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::codepipeline*"
],
"Effect": "Allow"
},
{
"Action": [
"lambda:*"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"iam:GetRole",
"iam:CreateRole",
"iam:DeleteRole"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"iam:AttachRolePolicy",
"iam:DetachRolePolicy"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"iam:PassRole"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"cloudformation:CreateChangeSet"
],
"Resource": [
"*"
],
"Effect": "Allow"
}
],
"Version": "2012-10-17"
}
Note: You may not have the minimum required permissions. I would like to reduce it as much as possible in future updates of this article.
Save the application source code on github.
Please refer to the sample repository for the specific contents of the file. https://github.com/kazurof/minimum-java-lambda-with-codepipeline Describe the directory structure of the file.
│ build.gradle
│ buildspec.yml
│ gradlew
│ gradlew.bat
│ minimum-lambda-java-model.yaml
│
│
├─gradle
│ └─wrapper
│ gradle-wrapper.jar
│ gradle-wrapper.properties
│
└─src
└─main
└─java
└─codepipelinesample
Main.java
buildspec.yml contains the name of the S3 repository to use. (First, ʻauto-release-sample`.) If you want to actually run it, change it to the repository name you prepared.
Open the AWS CodePipeline management console and create the pipeline as follows.
Anything you know about the pipeline name will do.
| item | value | Remarks |
|---|---|---|
| Source provider | GitHub | If you select GitHub, specify the URL and branch of the GitHub repository, perform OAuth authentication, and enable access to the specified GitHub repository from CodePipeline. |
| Action category | Source | You will not be prompted for input when creating. Anything that can be attached automatically is OK |
| Action name | Source | You will not be prompted for input when creating. You can use the name that is automatically assigned. |
| Output artifact name | MyApp | You will not be prompted for input when creating. You can use the name that is automatically assigned. |
| item | value | Remarks |
|---|---|---|
| Build provider | AWS CodeBuild | |
| Action category | Build | You will not be prompted for input when creating. |
| Action name | CodeBuild | You will not be prompted for input when creating. |
Select Create a new CodeBuild project. Anything is fine as long as you know the project name.
| item | value |
|---|---|
| Build environment | Ubuntu Java8 |
| Build specifications | Buildspec in the root directory of the source code.use yml |
note:
--At this time, the AWS CodeBuild service role is automatically created on your behalf. It will be in the form of code-build-<build project name> -service-role.
--In the action of this build, the following items are automatically set as follows.
| item | value |
|---|---|
| Input artifact | MyApp |
| Output artifact | MyAppBuild |
Click "Save Build Project" and then "Next Step".
| item | value | Remarks |
|---|---|---|
| Deployment provider | AWS CloudFormation | |
| Action mode | Create or replace change sets | |
| The name of the stack | MyBetaStack | Also used for action names. |
| Change set name | MyChangeSet | |
| Template file | packaged-minimum-lambda-java-model.yaml | |
| Capabilities | CAPABILITY_IAM | |
| Role name | cloudformation-lambda-execution-role | Specify the role created at the beginning of this procedure. |
| Action category | Deploy | Set automatically |
Make a new roll.
Reprinted the wording on the screen: "Create a service role in IAM for AWS CodePipeline to grant permissions to use resources in your account."
--Click "Create Role". --Press "Allow". --Click "Next Step".
The role name should be "AWS-CodePipeline-Service". (If it already exists, it will be added to the inline policy. It is unconfirmed.)
A confirmation screen of the contents entered so far is displayed. Click "Create Pipeline".
Modify the service role created for Codebuild so that it can access the prepared S3 bucket (ʻauto-release-sample`).
In the procedure so far, the role code-build- <build project name> -service-role has been generated, so modify it.
--From the IAM Management Console, select a role.
--Select code-build-<build project name> -service-role.
--"Access authority" tab => Click "Add inline policy".
--Select "Policy Generator" and select "Select".
--In "AWS Service", select "Amazon S3".
--In "Actions", select "PutObject".
--Enter ʻarn: aws: s3 ::: auto-release-sample * `in Amazon Resource Name (ARN). (Asterisk at the end is required!)
--Click "Add Statement" and then "Next Step".
--Click "Apply Policy".
--Go to AWS CodePipeline Management Console => Select the created pipeline --Click the edit button --Click the Staging pencil icon --Select the [+ Action] icon at the end of an existing action. --Enter as follows
| item | value |
|---|---|
| Action category | Deploy |
| Action name | execute_cs (Anything is fine if you know) |
| Deployment provider | AWS CloudFormation |
| Action mode | Run change set |
| The name of the stack | MyBetaStack |
| Change set name | MyChangeSet |
--Press "Update" to save --Press "Save Pipeline Changes" to save the entire pipeline
This completes Codepipeline creation. Try making some modifications to the master branch of your git repository. You can see where the pipeline works in the Codepipeline management console.
When it finishes successfully, open the Lambda management console. You should have created a Java Lambda function. You can run the test.
The procedure is long, probably because there are many elemental technologies involved. .. .. : sweat_smile:
Recommended Posts