diff --git a/README.md b/README.md index c933404..727f61a 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,8 @@ [![Build Status](https://samhstn.com/badge)](https://console.aws.amazon.com/codesuite/codebuild/projects/Push) -# samhstn.com +# [samhstn.com](https://samhstn.com) -[samhstn.com](http://samhstn.com) - -### What - -My personal website +### My personal website ### Quick start diff --git a/infra/README.md b/infra/README.md index cc4ffb9..9ee9bd0 100644 --- a/infra/README.md +++ b/infra/README.md @@ -9,15 +9,13 @@ IAM user name: admin The password will be given to you by whoever ran the steps described in [AWS base setup](./base/README.md). -This must be updated after the first login. - -To access our Route53 domain configuraion, we will need to switch roles. This can be done in the top right dropdown. +For our Route53 configuration, we use this role: Account: samhstn-base Role: SamhstnBase Display Name: base -For admin access to the `aws+samhstn@samhstn.com` account, we need to switch roles to: +For everything else we use this role: Account: samhstn Role: Admin @@ -61,9 +59,9 @@ For the next steps we will assume that this environment variable will have been ### Domain -Ensure we have purchased your domain from [`Route53`](https://console.aws.amazon.com/route53) with the route account. +Ensure we have purchased our domain from [`Route53`](https://console.aws.amazon.com/route53) with the route account. -To see your purchased domains, with the `samhstn-base` profile, run: +To see our purchased domains, run: ```bash aws route53 list-hosted-zones --query 'HostedZones[*].Name' --output text @@ -77,7 +75,7 @@ We will need to create a Github personal access token for `aws` to use. + Go to your [Github personal access tokens](https://github.com/settings/tokens). + Click `Generate new token`. -+ Give the `token` a description of `Full repo access`. ++ Give the `token` a description of `samhstn`. + Tick the `repo` scope. + Tick the `admin:repo_hook` scope. + Click Generate token. @@ -86,7 +84,7 @@ Now set this token as an environment variable called `SAMHSTN_PA_TOKEN`. ### Configure our Ssl certificate -Assuming the `samhstn-admin` role, run the following commands: +Run the following commands: ```bash aws cloudformation create-stack \ @@ -97,37 +95,7 @@ aws cloudformation wait stack-create-complete --stack-name acm We will now need to add a `CNAME` record set as described in the acm console. -This can be done with the commands: - -```bash -CERTIFICATE_ARN=$(\ - aws acm list-certificates \ - --query 'CertificateSummaryList[?DomainName == `samhstn.com`].CertificateArn | [0]' \ - --output text\ -) -HOSTED_ZONE_ID=$(\ - AWS_DEFAULT_PROFILE=samhstn-base aws route53 list-hosted-zones \ - --query 'HostedZones[?Name == `samhstn.com.`].Id | [0]' \ - --output text\ -) -RECORD_SET_NAME=$(\ - aws acm describe-certificate \ - --certificate-arn $CERTIFICATE_ARN \ - --query 'Certificate.DomainValidationOptions[0].ResourceRecord.Name' \ - --output text\ -) -RECORD_SET_VALUE=$(\ - aws acm describe-certificate \ - --certificate-arn $CERTIFICATE_ARN \ - --query 'Certificate.DomainValidationOptions[0].ResourceRecord.Value' \ - --output text\ -) -AWS_DEFAULT_PROFILE=samhstn-base aws route53 change-resource-record-sets \ - --hosted-zone-id $HOSTED_ZONE_ID \ - --change-batch "{\"Changes\": [{\"Action\": \"CREATE\", \"ResourceRecordSet\": {\"Name\": \"$RECORD_SET_NAME\", \"Type\": \"CNAME\", \"TTL\": 300, \"ResourceRecords\": [{\"Value\": \"$RECORD_SET_VALUE\"}]}}]}" -``` - -Or we can visit the `Route53` console as the samhstn-base `base` role and add a `CNAME` record set as described in the acm console for the samhstn `admin` role. +This can be done by visiting the `Route53` console as the `samhstn-base` role and add a `CNAME` record set as described in the acm console for the samhstn `admin` role. This takes around 30 minutes to complete. @@ -213,7 +181,7 @@ Run the following command to build our pipeline stack: ```bash aws cloudformation create-stack \ --stack-name master-pipeline \ - --template-body file://infra/master_pipeline.yaml \ + --template-body file://infra/master-pipeline.yaml \ --parameters ParameterKey=GithubPAToken,ParameterValue=$SAMHSTN_PA_TOKEN \ --capabilities CAPABILITY_NAMED_IAM aws cloudformation wait stack-create-complete --stack-name master-pipeline diff --git a/infra/buildspecs/build.yaml b/infra/buildspecs/build.yaml index 8fbbb8f..c1844a3 100644 --- a/infra/buildspecs/build.yaml +++ b/infra/buildspecs/build.yaml @@ -3,6 +3,22 @@ version: 0.2 phases: build: commands: + - | + STACKS=(acm s3 cloudfront codebuild master-pipeline) + for stack in $STACKS;do + if diff --ignore-blank-lines $FILE <( + aws cloudformation get-template --stack-name $stack --query TemplateBody --output text + );then + aws cloudformation update-stack \ + --stack-name $stack \ + --template-body file://infra/$stack.yaml \ + --capabilities CAPABILITY_NAMED_IAM \ + --parameters ParameterKey=GithubPAToken,UsePreviousValue=true + aws cloudformation wait stack-update-complete --stack-name $stack + else + echo "Template $stack is up to date!" + fi + done - aws s3 sync static s3://samhstn.com --delete --exclude badge - | CODEBUILD_BADGE_URL=$(\ diff --git a/infra/codebuild.yaml b/infra/codebuild.yaml index ba219e3..a7ee2a0 100644 --- a/infra/codebuild.yaml +++ b/infra/codebuild.yaml @@ -41,6 +41,7 @@ Resources: PolicyDocument: Version: 2012-10-17 Statement: + # todo: add separate test and build roles - Effect: Allow Action: - logs:CreateLogGroup @@ -91,6 +92,13 @@ Resources: - s3:PutObject - s3:DeleteObject Resource: arn:aws:s3:::samhstn.com/* + - Effect: Allow + Action: + - cloudformation:ValidateTemplate + - cloudformation:GetTemplate + - cloudformation:CreateStack + - cloudformation:UpdateStack + Resource: "*" Push: Type: AWS::CodeBuild::Project diff --git a/infra/master_pipeline.yaml b/infra/master-pipeline.yaml similarity index 100% rename from infra/master_pipeline.yaml rename to infra/master-pipeline.yaml