aws / aws-sam-cli-pipeline-init-templates Goto Github PK

CodePipeline build image references Amazon Linux 2 x86_64 standard:3.0 which is no longer supported.

Needs to be updated to Amazon Linux 2 x86_64 standard:5.0.

Hi team,
@aahung @c2tarun @SimonCMoore

It would be nice to add Bitbucket Pipelines as a CI/CD provider to AWS SAM Pipelines. More and more users request support for this feature.

Bitbucket Pipelines is an integrated CI/CD service built into Bitbucket. It allows you to automatically build, test, and even deploy your code based on a configuration file in your repository. Bitbucket Pipelines is one of the most used CI/CD services.

A pipeline is defined using a YAML file called bitbucket-pipelines.yml, which is located at the root of a repository. For more information on configuring a YAML file, refer to Configure bitbucket-pipelines.yml. The bitbucket-pipelines.yml file defines a Pipelines builds configuration.

An integration with AWS SAM is provided by Bitbucket Pipe: atlassian/aws-sam-deploy pipe.

The next PR will solve the issue provider Add provider Bitbucket Pipelines #43

Best regards,
Oleksandr Kyrdan

sam pipeline init --bootstrap

Only the first stage is creating the PipelineUser IAM User and Access/Secret keys, the 2nd stage of the SAM Pipeline is skipping the user creation which is also an error.

When creating a pipeline from a GitHub Actions template and using IAM authentication, the generated variable name for the access key and the secret access key are the actual access key and secret key values. That can reveal the secret key in plaintext.

For example, if your access key is QWERTY and secret access key is PASSWORD, the generated action will have the following code:

env:
  PIPELINE_USER_ACCESS_KEY_ID: ${{ secrets.QWERTY }}
  PIPELINE_USER_SECRET_ACCESS_KEY: ${{ secrets.PASSWORD }}

Expected output would be something that hides the sensitive values, like:

env:
  PIPELINE_USER_ACCESS_KEY_ID: ${{ secrets.ACCESS_KEY_ID }}
  PIPELINE_USER_SECRET_ACCESS_KEY: ${{ secrets.SECRET_ACCESS_KEY }}

A simple fix would be to replace 'arn:aws:' with 'arn:${AWS::Partition}:'

I am getting the following exception after running sam pipeline init --bootstrap

Error: 'Invalid question key "shared_values" referenced in default answer of question permissions_provider'

This started happening after creating the first two pipeline stages.

It seems to be related with this addition. But my experience here is limited

❯ sam pipeline init --bootstrap                                                                                                                         22:07:00

sam pipeline init generates a pipeline configuration file that your CI/CD system
can use to deploy serverless applications using AWS SAM.
We will guide you through the process to bootstrap resources for each stage,
then walk through the details necessary for creating the pipeline config file.

Please ensure you are in the root folder of your SAM application before you begin.

Select a pipeline template to get started:
  1 - AWS Quick Start Pipeline Templates
  2 - Custom Pipeline Template Location
Choice: 1

Cloning from https://github.com/aws/aws-sam-cli-pipeline-init-templates.git (process may take a moment)
Select CI/CD system
  1 - Jenkins
  2 - GitLab CI/CD
  3 - GitHub Actions
  4 - Bitbucket Pipelines
  5 - AWS CodePipeline
Choice: 3
You are using the 2-stage pipeline template.
_________    _________
|         |  |         |
| Stage 1 |->| Stage 2 |
|_________|  |_________|

Checking for existing stages...


This template configures a pipeline that deploys a serverless application to a testing and a production stage.

Error: 'Invalid question key "shared_values" referenced in default answer of question permissions_provider'

version = 0.1
[default]
[default.pipeline_bootstrap]
[default.pipeline_bootstrap.parameters]
pipeline_user = "arn:aws:iam::XXXXXXXXXXX:user/aws-sam-cli-managed-dev-pipeline-reso-PipelineUser-CCCCCCCC"

[dev]
[dev.pipeline_bootstrap]
[dev.pipeline_bootstrap.parameters]
pipeline_execution_role = "arn:aws:iam::XXXXXXXX:role/aws-sam-cli-managed-dev-pipe-PipelineExecutionRole-GGGGGGGGGG"
cloudformation_execution_role = "arn:aws:iam::XXXXXXXXX:role/aws-sam-cli-managed-dev-p-CloudFormationExecutionR-FFFFFFFFF"
artifacts_bucket = "aws-sam-cli-managed-dev-pipeline-artifactsbucket-BBBBBBBBB"
image_repository = ""
region = "eu-central-1"

[prod]
[prod.pipeline_bootstrap]
[prod.pipeline_bootstrap.parameters]
pipeline_execution_role = "arn:aws:iam::XXXXXXXX:role/aws-sam-cli-managed-prod-pip-PipelineExecutionRole-EEEEEEEEE"
cloudformation_execution_role = "arn:aws:iam::XXXXXXXXX:role/aws-sam-cli-managed-prod-CloudFormationExecutionR-DDDDDDDDD"
artifacts_bucket = "aws-sam-cli-managed-prod-pipeline-artifactsbucket-AAAAAAAAAAA"
image_repository = ""
region = "eu-central-1"

sam pipeline init erroring out on

Error: 'Invalid question key "shared_values" referenced in default answer of question permissions_provider'

Checking for shared_values in the repo, indeed it's only ever referenced and isn't defined anywhere

The Inline Code for the Serverless Function MonorepoTriggerFunction defined in the AWS-CodePipeline/sam-monorepo-pipeline-template/{{cookiecutter.outputDir}}/codepipeline.yaml has missing boto3 client for Amazon Simple Systems Manager (SSM).

The lambda threw an error when it was invoked on updates pushed to the branch in the Codecommit Repository.

Error -

[ERROR] NameError: name 'ssm' is not defined
Traceback (most recent call last):
  File "/opt/python/aws_lambda_powertools/logging/logger.py", line 354, in decorate
    return lambda_handler(event, context, *args, **kwargs)
  File "/var/task/index.py", line 22, in lambda_handler
    update_last_commit(repository, commit_id, branch_name)
  File "/var/task/index.py", line 47, in update_last_commit
    ssm.put_parameter(Name=param_name_last_commit(repository, branch_name),

It can be assigned to me so I can create a PR for the fix. Thanks!

The GitHub Actions integration is really nice since it automatically creates new stacks for feature branches (anything which starts with feature). However, those feature branch stacks add up and are not removed automatically. This puts the burden on the developer to 1) realize this behavior and 2) clean up unused feature stacks manually.

Steps to reproduce

1. Create a SAM Pipeline with GitHub Actions integration (using basic "hello world" SAM app will suffice)
2. Create a new branch named feature/my-test or feature-my-test
3. Note in the CloudFormation console that you get a new CFN stack named my-test, which is fully functional
4. Delete the feature branch
5. Note that the my-test stack remains

Expected behavior

After I delete a branch, the CFN feature stack is deleted.

Suggestions

This can be accomplished with the new sam delete command and tapping into the delete GitHub action. Trigger the delete GitHub action when the feature branch is deleted. Skip all testing and other building on the delete event. Make sure that the other Actions do not run on the delete GH Action.

Description:
SAM Quick start pipeline templates examples need improvements as they are currently not working.
I am creating this issue in order to propose a pull request.

Steps to reproduce:
sam init
AWS Quick Start Template
First template, Hello World Function
name: example

cd example
sam pipeline init --bootstrap
AWS Quick Start Pipeline Template
Gitlab
(configure pipelines)

git add . & git commit & git push

Observed result:
Pipelines failing for multiple reason

Expected result:
AWS Lambda would be deployed normally.