【问题标题】:How to pass an array of EnvironmentVariables as Parameters to an AWS CodeBuild/CloudFormation Template?如何将一组 EnvironmentVariables 作为参数传递给 AWS CodeBuild/CloudFormation 模板?
【发布时间】:2018-11-15 10:08:33
【问题描述】:

我有一个 AWS CloudFormation CodeBuild 模板,我想将一组环境变量作为参数传递,这样我就可以将该模板用于多个 CloudFormation 项目。

我想将此部分作为参数传递。我该怎么做?

"environmentVariables": [{
    "name": "$S3_BUCKET",
    "value": "Parameter_Store_Variable_name",
    "type": "PARAMETER_STORE"}
],

这里是更大上下文的更多模板...

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Description": "Automate provisioning of CodeBuild with CodePipeline CodeCommit and CodeDeploy.",
  "Parameters": {
    "SourceLocation": {
        "Type": "String",
        "Description": "https://github.com/<account>/<repo>"
    },
    "AppName": {
        "Type": "String",
        "Description": "Name of the application."
    }
  },
  "Resources": {
    "CodeBuild": {
      "Type": "AWS::CodeBuild::Project",
      "DependsOn": "CodeBuildRole",
      "Properties": {
        "name": "test-project-name",
        "description": "description",
        "source": {
          "type": "GITHUB",
          "location": {
            "Ref": "SourceLocation"
          },
          "gitCloneDepth": 1,
          "buildspec": "",
          "badgeEnabled": true,
          "auth": {
            "type": "OAUTH"
          }
        },
        "artifacts": {
          "type": "artifacts-type",
          "location": "artifacts-location",
          "path": "path",
          "namespaceType": "namespaceType",
          "name": "artifacts-name",
          "packaging": "packaging"
        },
        "cache": {
          "type": "NONE"
        },
        "ServiceRole": {
          "Ref": "CodeBuildRole"
        },
        "timeoutInMinutes": 10,
        "environment": {
          "type": "LINUX_CONTAINER",
          "image": "aws/codebuild/nodejs:8.11.0",
          "computeType": "BUILD_GENERAL1_SMALL",
          "environmentVariables": [{
            "name": "$S3_BUCKET",
            "value": "PARAMETERSTOREVARIABLENAMEHERE",
            "type": "PARAMETER_STORE"
          }],
          "privilegedMode": false
        }
      }
    },
    "CodeBuildRole": {
      "Description": "Creating service role in IAM for AWS CodeBuild",
      "Type": "AWS::IAM::Role",
      "Properties": {
        "RoleName": {
          "Fn::Sub": "codebuild-role-${AppName}"
        },
        "AssumeRolePolicyDocument": {
          "Statement": [{
            "Effect": "Allow",
            "Principal": {
              "Service": [
                "codebuild.amazonaws.com"
              ]
            },
            "Action": "sts:AssumeRole"
          }]
        },
        "Path": "/"
      }
    },
    "CodeBuildPolicy": {
      "Type": "AWS::IAM::Policy",
      "DependsOn": "CodeBuildRole",
      "Description": "Setting IAM policy for the service role for AWS CodeBuild",
      "Properties": {
        "PolicyName": {
          "Fn::Sub": "codebuild-policy-${AppName}"
        },
        "PolicyDocument": {
          "Statement": [{
              "Effect": "Allow",
              "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
              ],
              "Resource": [
                "*"
              ]
            },
            {
              "Effect": "Allow",
              "Resource": [
                "*"
              ],
              "Action": [
                "s3:*"
              ]
            },
            {
              "Effect": "Allow",
              "Resource": [
                "*"
              ],
              "Action": [
                "kms:GenerateDataKey*",
                "kms:Encrypt",
                "kms:Decrypt"
              ]
            },
            {
              "Effect": "Allow",
              "Resource": [
                "*"
              ],
              "Action": [
                "sns:SendMessage"
              ]
            }
          ]
        },
        "Roles": [{
          "Ref": "CodeBuildRole"
        }]
      }
    }
  },
  "Outputs": {
    "CodeBuildURL": {
      "Description": "CodeBuild URL",
      "Value": {
        "Fn::Join": [
          "", [
            "https://console.aws.amazon.com/codebuild/home?region=",
            {
              "Ref": "AWS::Region"
            },
            "#/projects/",
            {
              "Ref": "CodeBuild"
            },
            "/view"
          ]
        ]
      }
    }
  }
}

感谢您的帮助!

【问题讨论】:

    标签: javascript amazon-cloudformation aws-codebuild


    【解决方案1】:

    如果您的问题真的是关于重用 SSM 参数而不是重用 sn-ps,那么我建议您在 codebuild 中利用直接支持 ssm。它可以读取您的 ssm 参数并将它们用作环境变量。这是我使用我的用户名和密码连接到 gitlab 的示例。

    env:
     variables:
       GITLAB_USER: 'jeshan'
     parameter-store:
       GITLAB_PASSWORD: 'gitlab-password'
    

    在这种情况下,jeshan 是一个普通值,而gitlab-password 是我的 SSM 参数的名称。 这样做可以避免在您的 codebuild 项目中硬编码变量,并且以后可以在不重新部署您的 codebuild 项目的情况下更新参数。

    确保您的代码构建角色有权读取您的参数。

    相关问题: How to read SSM parameters when using AWS Codebuild?

    【讨论】:

    • 这太棒了!谢谢@Jeshan。当我可以直接从文件中请求它们时,我试图将变量传递给 buildspec.yml 文件。谢谢!
    猜你喜欢
    • 2021-03-27
    • 1970-01-01
    • 2011-09-14
    • 2019-03-11
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2017-09-09
    • 2018-09-28
    相关资源
    最近更新 更多