interface PipelineDeployStackActionProps
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AppDelivery.PipelineDeployStackActionProps |
 Java | software.amazon.awscdk.appdelivery.PipelineDeployStackActionProps |
 Python | aws_cdk.app_delivery.PipelineDeployStackActionProps |
 TypeScript (source) | @aws-cdk/app-delivery » PipelineDeployStackActionProps |
⚠️ Deprecated: undefined
Example
import * as codebuild from '@aws-cdk/aws-codebuild';
import * as codepipeline from '@aws-cdk/aws-codepipeline';
import * as codepipeline_actions from '@aws-cdk/aws-codepipeline-actions';
import * as cdk from '@aws-cdk/core';
import * as cicd from '@aws-cdk/app-delivery';
import * as iam from '@aws-cdk/aws-iam';
class MyServiceStackA extends cdk.Stack {}
class MyServiceStackB extends cdk.Stack {}
const app = new cdk.App();
// We define a stack that contains the CodePipeline
const pipelineStack = new cdk.Stack(app, 'PipelineStack');
const pipeline = new codepipeline.Pipeline(pipelineStack, 'CodePipeline', {
// Mutating a CodePipeline can cause the currently propagating state to be
// "lost". Ensure we re-run the latest change through the pipeline after it's
// been mutated so we're sure the latest state is fully deployed through.
restartExecutionOnUpdate: true,
/* ... */
});
// Configure the CodePipeline source - where your CDK App's source code is hosted
const sourceOutput = new codepipeline.Artifact();
const source = new codepipeline_actions.GitHubSourceAction({
actionName: 'GitHub',
output: sourceOutput,
owner: 'myName',
repo: 'myRepo',
oauthToken: cdk.SecretValue.unsafePlainText('secret'),
});
pipeline.addStage({
stageName: 'source',
actions: [source],
});
const project = new codebuild.PipelineProject(pipelineStack, 'CodeBuild', {
/**
* Choose an environment configuration that meets your use case.
* For NodeJS, this might be:
*
* environment: {
* buildImage: codebuild.LinuxBuildImage.UBUNTU_14_04_NODEJS_10_1_0,
* },
*/
});
const synthesizedApp = new codepipeline.Artifact();
const buildAction = new codepipeline_actions.CodeBuildAction({
actionName: 'CodeBuild',
project,
input: sourceOutput,
outputs: [synthesizedApp],
});
pipeline.addStage({
stageName: 'build',
actions: [buildAction],
});
// Optionally, self-update the pipeline stack
const selfUpdateStage = pipeline.addStage({ stageName: 'SelfUpdate' });
selfUpdateStage.addAction(new cicd.PipelineDeployStackAction({
stack: pipelineStack,
input: synthesizedApp,
adminPermissions: true,
}));
// Now add our service stacks
const deployStage = pipeline.addStage({ stageName: 'Deploy' });
const serviceStackA = new MyServiceStackA(app, 'ServiceStackA', { /* ... */ });
// Add actions to deploy the stacks in the deploy stage:
const deployServiceAAction = new cicd.PipelineDeployStackAction({
stack: serviceStackA,
input: synthesizedApp,
// See the note below for details about this option.
adminPermissions: false,
});
deployStage.addAction(deployServiceAAction);
// Add the necessary permissions for you service deploy action. This role is
// is passed to CloudFormation and needs the permissions necessary to deploy
// stack. Alternatively you can enable [Administrator](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_administrator) permissions above,
// users should understand the privileged nature of this role.
const myResourceArn = 'arn:partition:service:region:account-id:resource-id';
deployServiceAAction.addToDeploymentRolePolicy(new iam.PolicyStatement({
actions: ['service:SomeAction'],
resources: [myResourceArn],
// add more Action(s) and/or Resource(s) here, as needed
}));
const serviceStackB = new MyServiceStackB(app, 'ServiceStackB', { /* ... */ });
deployStage.addAction(new cicd.PipelineDeployStackAction({
stack: serviceStackB,
input: synthesizedApp,
createChangeSetRunOrder: 998,
adminPermissions: true, // no need to modify the role with admin
}));
Properties
| Name | Type | Description |
|---|---|---|
| admin | boolean | Whether to grant admin permissions to CloudFormation while deploying this template. |
| input | Artifact | The CodePipeline artifact that holds the synthesized app, which is the contents of the <directory> when running cdk synth -o <directory>. |
| stack | Stack | The CDK stack to be deployed. |
| capabilities? | Cloud[] | Acknowledge certain changes made as part of deployment. |
| change | string | The name to use when creating a ChangeSet for the stack. |
| create | string | The name of the CodePipeline action creating the ChangeSet. |
| create | number | The runOrder for the CodePipeline action creating the ChangeSet. |
| execute | string | The name of the CodePipeline action creating the ChangeSet. |
| execute | number | The runOrder for the CodePipeline action executing the ChangeSet. |
| role? | IRole | IAM role to assume when deploying changes. |
adminPermissions
⚠️ Deprecated: undefined
Type:
boolean
Whether to grant admin permissions to CloudFormation while deploying this template.
Setting this to true affects the defaults for role and capabilities, if you
don't specify any alternatives.
The default role that will be created for you will have admin (i.e., *)
permissions on all resources, and the deployment will have named IAM
capabilities (i.e., able to create all IAM resources).
This is a shorthand that you can use if you fully trust the templates that
are deployed in this pipeline. If you want more fine-grained permissions,
use addToRolePolicy and capabilities to control what the CloudFormation
deployment is allowed to do.
input
⚠️ Deprecated: undefined
Type:
Artifact
The CodePipeline artifact that holds the synthesized app, which is the contents of the <directory> when running cdk synth -o <directory>.
stack
⚠️ Deprecated: undefined
Type:
Stack
The CDK stack to be deployed.
capabilities?
⚠️ Deprecated: undefined
Type:
Cloud[]
(optional, default: [AnonymousIAM, AutoExpand], unless adminPermissions is true)
Acknowledge certain changes made as part of deployment.
For stacks that contain certain resources, explicit acknowledgement that AWS CloudFormation might create or update those resources. For example, you must specify AnonymousIAM if your stack template contains AWS Identity and Access Management (IAM) resources. For more information
changeSetName?
⚠️ Deprecated: undefined
Type:
string
(optional, default: CDK-CodePipeline-ChangeSet)
The name to use when creating a ChangeSet for the stack.
createChangeSetActionName?
⚠️ Deprecated: undefined
Type:
string
(optional, default: 'ChangeSet')
The name of the CodePipeline action creating the ChangeSet.
createChangeSetRunOrder?
⚠️ Deprecated: undefined
Type:
number
(optional, default: 1)
The runOrder for the CodePipeline action creating the ChangeSet.
executeChangeSetActionName?
⚠️ Deprecated: undefined
Type:
string
(optional, default: 'Execute')
The name of the CodePipeline action creating the ChangeSet.
executeChangeSetRunOrder?
⚠️ Deprecated: undefined
Type:
number
(optional, default: createChangeSetRunOrder + 1)
The runOrder for the CodePipeline action executing the ChangeSet.
role?
⚠️ Deprecated: undefined
Type:
IRole
(optional, default: A fresh role with admin or no permissions (depending on the value of adminPermissions).)
IAM role to assume when deploying changes.
If not specified, a fresh role is created. The role is created with zero
permissions unless adminPermissions is true, in which case the role will have
admin permissions.