javascript - 如何将一组 EnvironmentVariables 作为参数传递给 AWS CodeBuild/CloudFormation 模板?
问题描述
我有一个 AWS CloudFormation CodeBuild 模板,我想将一组环境变量作为参数传递,这样我就可以将该模板用于多个 CloudFormation 项目。
我想将此部分作为参数传递。我该怎么做呢?
"environmentVariables": [{
"name": "$S3_BUCKET",
"value": "Parameter_Store_Variable_name",
"type": "PARAMETER_STORE"}
],
这是更大范围内的更多模板...
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Automate provisioning of CodeBuild with CodePipeline CodeCommit and CodeDeploy.",
"Parameters": {
"SourceLocation": {
"Type": "String",
"Description": "https://github.com/<account>/<repo>"
},
"AppName": {
"Type": "String",
"Description": "Name of the application."
}
},
"Resources": {
"CodeBuild": {
"Type": "AWS::CodeBuild::Project",
"DependsOn": "CodeBuildRole",
"Properties": {
"name": "test-project-name",
"description": "description",
"source": {
"type": "GITHUB",
"location": {
"Ref": "SourceLocation"
},
"gitCloneDepth": 1,
"buildspec": "",
"badgeEnabled": true,
"auth": {
"type": "OAUTH"
}
},
"artifacts": {
"type": "artifacts-type",
"location": "artifacts-location",
"path": "path",
"namespaceType": "namespaceType",
"name": "artifacts-name",
"packaging": "packaging"
},
"cache": {
"type": "NONE"
},
"ServiceRole": {
"Ref": "CodeBuildRole"
},
"timeoutInMinutes": 10,
"environment": {
"type": "LINUX_CONTAINER",
"image": "aws/codebuild/nodejs:8.11.0",
"computeType": "BUILD_GENERAL1_SMALL",
"environmentVariables": [{
"name": "$S3_BUCKET",
"value": "PARAMETERSTOREVARIABLENAMEHERE",
"type": "PARAMETER_STORE"
}],
"privilegedMode": false
}
}
},
"CodeBuildRole": {
"Description": "Creating service role in IAM for AWS CodeBuild",
"Type": "AWS::IAM::Role",
"Properties": {
"RoleName": {
"Fn::Sub": "codebuild-role-${AppName}"
},
"AssumeRolePolicyDocument": {
"Statement": [{
"Effect": "Allow",
"Principal": {
"Service": [
"codebuild.amazonaws.com"
]
},
"Action": "sts:AssumeRole"
}]
},
"Path": "/"
}
},
"CodeBuildPolicy": {
"Type": "AWS::IAM::Policy",
"DependsOn": "CodeBuildRole",
"Description": "Setting IAM policy for the service role for AWS CodeBuild",
"Properties": {
"PolicyName": {
"Fn::Sub": "codebuild-policy-${AppName}"
},
"PolicyDocument": {
"Statement": [{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Resource": [
"*"
],
"Action": [
"s3:*"
]
},
{
"Effect": "Allow",
"Resource": [
"*"
],
"Action": [
"kms:GenerateDataKey*",
"kms:Encrypt",
"kms:Decrypt"
]
},
{
"Effect": "Allow",
"Resource": [
"*"
],
"Action": [
"sns:SendMessage"
]
}
]
},
"Roles": [{
"Ref": "CodeBuildRole"
}]
}
}
},
"Outputs": {
"CodeBuildURL": {
"Description": "CodeBuild URL",
"Value": {
"Fn::Join": [
"", [
"https://console.aws.amazon.com/codebuild/home?region=",
{
"Ref": "AWS::Region"
},
"#/projects/",
{
"Ref": "CodeBuild"
},
"/view"
]
]
}
}
}
}
谢谢您的帮助!
解决方案
If your question is really about reusing SSM parameters and not reusing snippets, then I suggest you leverage the direct support ssm in codebuild. It can read your ssm parameters and make them available as environment variables. Here is an example of me connecting to gitlab with my user name and password.
env:
variables:
GITLAB_USER: 'jeshan'
parameter-store:
GITLAB_PASSWORD: 'gitlab-password'
In this case, jeshan
is a plain value while gitlab-password
is the name of my SSM parameter.
Doing it this way will avoid hardcoding variable in your codebuild project and the parameter can later be updated without redeploying your codebuild project.
Make sure that your codebuild's role has permission to read your parameters.
Related question: How to read SSM parameters when using AWS Codebuild?
推荐阅读
- python-2.7 - 如何使用自制软件卸载 Python 2.7.10?还安装了 Python 3.7。无法安装/使用 virtualenv 或 Flask
- javascript - 如何实现循环以使我的程序不会崩溃?
- c# - 如何在构造函数中创建一个稍后将使用的数组
- rabbitmq - rabbitmq 消费者监控
- flutter - 无法更改依赖项
- c# - 如何获取对象的实际类型
- mongodb - 使用 PyMongo 在 find_one_and_update 中使用文本搜索和排序
- mysql - 清理数据库、rake 任务或 sql 的更好方法是什么?
- php - 如何使用 src 使自动超链接正则表达式忽略 img 标签?
- python - 相交多个 2D np 阵列以确定空间上连续的区域