I've Codepipeline in Account A and AWS ECS in Account B. I've created two CDK stacks. One for Account A, creating Codepipeline stack. And second for Account B, creating ECS stack.
There is a IAM role present in Account B, which is used by Account A Codepipeline to deploy to ECS of Account B.
I need to pass ECS service name, ECS cluster name and IAM Role ARN of Account B to CDK stack of Account A. How I can do this using CDK?
Try passing the cluster name and service name from A to B instead. That worked for me.
Related
How can I deploy aws resources using external jenkins and terraform. (I don`t like my jenkins running in ec2 or in aws) because it may terminate at any time and every time I have to build from ami or all steps that I do on first time. I mean to say save all settings and credentials etc. So, I looking for some solution to install it on my VM/virtual box and then run pipeline job there and build aws resources/ services using terraform.
You can run terraform or jenkins from anywhere to create resources in AWS.
Jenkins is just an orchestrator tool which will use terraform to create resources.
We only need to change how terraform interact with your AWS environment.
if you are having terraform on one of the AWS EC2 you can utilize EC2 metadata to interact/authenticate with AWS.
now as you move towards your local system or VM you have to change the way how you authenticate with terraform.
you can use below code in terraform to authenticate with AWS
provider "aws" {
region = "us-west-2"
access_key = "my-access-key"
secret_key = "my-secret-key"
}
please refer terraform documentation for more authentication methods
https://registry.terraform.io/providers/hashicorp/aws/latest/docs#authentication-and-configuration
I am planning to create a CI/CD configuration inside a VPC which involves AWS BeanStalk (Host Environment), GitHub (Code Repository), CodePipeline, Jenkins (Code Build). The application located in the GitHub repository is supposed to run inside the BeanStalk environment, while any change to the GitHub repo should be reflected from the frontend.
I created a VPC with 2 public and private subnets each. And I have provisioned a BeanStalk environment with NodeJS platform (the application is NodeJS). Then I am configuring the CodePipeline, in which Add Source stage, I have successfully managed to connect to the GitHub repo. Now, I am at the Code Build stage which I want to add a Jenkins which runs in an EC2 instance. Therefore I am provisioning an EC2 instance which I plan to install Jenkins and then mention it in the Code Build stage.
However, I am not sure which subnet the Jenkins EC2 instance should be. Public or private?
For more secure architecture host jenkins in a private subnet and setup AWS codepipeline to use VPC endpoints, With VPC endpoints, no public IP addresses are required and traffic between the VPC and CodePipeline does not leave the Amazon network.
I am trying to integrate Jenkins with K8 secrets in a dedicated namespace but even after creating the service account and secret, I still see Test Connection failures.
You need to create the jenkins global credential with the secret for the cluster to be authenticated. Do try using default namespace initially. Also double check your k8 url by running #kubectl cluster-info.
I am using AWS CodeBuild and CodePipeline service to implement CI/CD in my project.
AWS CodeBuild using Bitbucket I am getting all repository of my Bitbucket account.
While Creating CodePipeLine and connect with my BitBucket, I can't get all repository of my BitBucket account.
I have admin access to BitBucket.
AWS CodeStar injected successfully in Bitbucket
So is there any extra setting need in the BitBucket account for implement AWS Codepipeline?
CodePipeline uses a Bitbucket App installed on your Bitbucket account to access repositories. Currently Bitbucket only allows Apps to access repositories on the same account that the App was installed on.1 I’ve passed this feedback onto the CodePipeline team who is partnering with Atlassian on this integration.
For now you can try this workaround:
Select the connection
Type the name of the Repo as <account>/<repository-name> in the "Repository name" field
Select the branch
CodePipeline connection should be able to retrieve the repo when you run the pipeline.
References
1: Bitbucket connections only provide access to repositories owned by the Bitbucket account that was used to create the connection.
Currently, Bitbucket only allows Apps to access repositories on the same account.
You can create a webhook from Bitbucket to GitHub and connect the correct Github repo to CodePipeline.
https://poeditor.com/blog/webhooks-solution-automate-sync-poeditor-github-bitbucket-repos/#:~:text=To%20add%20a%20webhook%20to,URL%20in%20the%20empty%20field.
We were able to get acces to the repositories in another workspace by giving, to our bitbucket service account, workspace administration rights.
We added it to a group that has the right to
Permission needed for account
For sure, you need a bitbucket administrator doing that for you.
Having done that, we can create a codestart connexion that access the repository in another workspace.
what's the process of create cloudant service that is resource group specific in jenkins. how can we made connection in jenkins of resource group of bluemix. I had tried and create service using cloud foundry plugins that is org and space specific but resource group services is not created Please guide