This page mentions two steps to get started:
https://github.com/awsdocs/aws-codepipeline-user-guide/blob/master/doc_source/detect-state-changes-cloudwatch-events.md

Complete the CloudWatch Events prerequisites. For information, see Amazon CloudWatch Events Prerequisites.
Familiarize yourself with events, rules, and targets in CloudWatch Events. For more information, see What Is Amazon CloudWatch Events.

However clicking the link "Amazon CloudWatch Events Prerequisites" directs the visitor to the "What Is Amazon CloudWatch Events" page. So these two steps should be combined.

aws-cloudformation/cloudformation-coverage-roadmap#360 (comment)
https://docs.aws.amazon.com/codepipeline/latest/userguide/limits.html
https://github.com/awsdocs/aws-codepipeline-user-guide/blob/master/doc_source/limits.md

The "Edit this page on GitHub" link at the bottom of
https://docs.aws.amazon.com/codepipeline/latest/userguide/update-github-action-connections.html
points to
https://github.com/awsdocs/aws-codepipeline-user-guide/tree/main/doc_source/update-github-action-connections.md,
which does not exist.

The documentation mentions the following. Whereas the called out constraint is correct for Source types ECR and CodeCommit, it does not apply to cross region S3 buckets.

"You cannot create cross-Region actions for the following action types:

• Source actions
• Third-party actions
• Custom actions"

On the docs page Integrations with CodePipeline action types
I see empty notes under the titles for:

• AWS Device Farm test actions https://github.com/awsdocs/aws-codepipeline-user-guide/blob/9342ae/doc_source/integrations-action-type.md?plain=1#L136
• AWS CloudFormation deploy actions https://github.com/awsdocs/aws-codepipeline-user-guide/blob/9342ae/doc_source/integrations-action-type.md?plain=1#L211
• Snyk invoke actions https://github.com/awsdocs/aws-codepipeline-user-guide/blob/9342ae/doc_source/integrations-action-type.md?plain=1#L305

I don't think this is intentional?

I have a CFN template creating a role to access Bitbucket Cloud as a CodeStar connection.

As per documentation (https://docs.aws.amazon.com/codepipeline/latest/userguide/connections-permissions.html) I have:

 - Effect: Allow
   Action:
       - 'codestar-connections:GetConnections'
       - 'codestar-connections:ListConnections'
       - 'codestar-connections:UseConnections'
       - 'codestar-connections:PassConnections'
    Resource: '*'

This fails, however and when I verify in IAM I see

Unrecognized services
codestar-connections

and accordingly, the permissions are not added to the policy.

As per

https://docs.aws.amazon.com/codepipeline/latest/userguide/security-iam.html#how-to-update-role-new-services

support for AWS CodeStar Connections was added on December 18, 2019. I see no mention that would be limited or restricted (it's IAM, it should be global!).

The result is that I receive "not authorised" in the Source stage when trying to use the connection.

I've created a pipeline manually in the console, letting it create a new role - and here too I see that the role created gives errors about codestar-connections being unrecognized, resulting in authorisation failure.

Am I missing something?

The link that should point to CloudWatchEvents actually points to CodeCommit.

As stated by documentation[1]:

Source Actions:

   *  Amazon ECR

   *  AWS CodeStar Source Connection (Bitbucket)

   *  AWS CodeStar Source Connection (GitHub)

    * AWS CodeStar Source Connection (GitHub Enterprise Server)

    * GitHub

This is inaccurate. The right options are:

  * CodeCommit 
  * ECR
  * S3
  * Github (Version 1)

Please reflect the right information in the docs for CodePipeline. Thanks

[1] AWS CodePipeline - How AWS CodePipeline Differs for AWS GovCloud (US) - https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-acp.html#govcloud-acp-diffs

Hi,

I hope this is the right place to ask this question. If not please refer me where. Thanks.

I am trying to get github BRANCH name as an env var in codepipeline.

I display all ENV, but none got the right information (e.g. dev, master).

Env variables:

CODEBUILD_SOURCE_VERSIONgives me an ARN

CODEBUILD_WEBHOOK_BASE_REF is empty.

I got no CODEBUILD_WEBHOOK_* variable. Where should I get them?

I see these:

CODEBUILD_SOURCE_VERSION=arn:aws:s3:::codepipeline-hello/hello_dev/code/MCR1o4U.zip
DEP_VERSION=0.5.1
HOSTNAME=818ed2658298
PHP_SRC_DIR=/usr/src/php
GPG_KEY=E3FF2839C048B25C084DEBE9B26....
SBT_VERSION=1.2.8
LIBGIT2_PKG=https://rpmfind.net/linux/centos/7/extras/x86_64/Packages/libgit2-0.26.6-1.el7.x86_64.rpm
PHPPATH=/php
ANDROID_HOME=/usr/local/android-sdk-linux
ANDROID_SDK_EXTRAS=extras;android;m2repository extras;google;m2repository extras;google;google_play_services
POWERSHELL_VERSION=6.2.1
PHP_INI_DIR=/usr/local/etc/php
ANT_DOWNLOAD_SHA512=c1a9694c3018e248000ff6f46d48af85f537ef3935e0d5256543c58a240084c0aff5289fd9e94cbc40d5442f3cc43592398047f2548fded40d9882be2b40750d
AWS_CONTAINER_CREDENTIALS_RELATIVE_URI=/v2/credentials/f80eef12-063d-4e34-894e-9ad9a3bb6793
GOLANG_13_VERSION=1.13.4
...

Thank you for your help!

I can see that someone found the answer, but I don't see how, and I can not put comment there... get GitHub git branch for AWS CodeBuild

Thank you for your help! Greg.

When I stop a codepipeline execution it has a status of "STOPPED" but I don't seem to see this in the documentation. I also have trouble finding this status when trying to setup a notification event for the pipeline as well. Not sure if this is also the case for codebuild stages/actions, but it seems like this should be added to this documentation and updated for the notification events for cloudwatch rules and eventbus rules.

After searching through the documentation it's hard to figure out what the default of the value PollSourceForChanges is. The only documentation that mentions something about the default is:

For pipelines created or updated using the CLI, this parameter defaults to true, but this is not the recommended configuration. Instead, update your pipeline to use the recommended change-detection method and then set this parameter to false.
https://github.com/awsdocs/aws-codepipeline-user-guide/blob/master/doc_source/run-automatically-polling.md

Can this be clearer in the documentation? Creating a Codepipeline through Cloudformation and using a webhook for example to use as a change detection method, the Codepipeline might end up triggering twice when the PollSourceForChanges is left out defaulting back to True.

This was supposed to be a pull request for reference-pipeline-structure.md, but the code for the table displayed on the documentation is not present on this file.

Essentially, the table in Valid Action Types and Providers in CodePipeline lists CodeDeploy and Amazon ECS under the Deploy section, but it does not have a separate entry for CodeDeployToECS/Amazon ECS (Blue/Green), like it does on the table Action Configuration Properties for Provider Types further down the page.

This could lead to confusion and pipeline misconfigurations, where one could assume it should use one of the two entries for configuring ECS Blue/Green deployments. My suggestion is that a new line is added to that table to explicitly list what is seen on the AWS Console and other parts of the configuration, making distinction of this third option "Amazon ECS (Blue/Green)".

Thanks!

The Lambda example at this page

https://docs.aws.amazon.com/codepipeline/latest/userguide/actions-invoke-lambda-function.html

contains the following snippets

        if status not in ['CREATE_COMPLETE', 'ROLLBACK_COMPLETE', 'UPDATE_COMPLETE']:
            # If the CloudFormation stack is not in a state where
            # it can be updated again then fail the job right away.
            put_job_failure(job_id, 'Stack cannot be updated when status is: ' + status)
            return

but trying to update a stack with status ROLLBACK_COMPLETE ends up in

An error occurred (ValidationError) when calling the UpdateStack operation: Stack: XYZ is in ROLLBACK_COMPLETE state and can not be updated.

We are doing Control Tower Customization via Code pipeline which is integrated with Internal BitBucket.

Can someone please help on clarify below doubt?

For e.g.
On Day 1, I have bitbucket code (manifest) for creating 2 IAM resources and 1 SCP resources, which I ran via Code pipeline and it deployed successfully
On Day 2, I updated bitbucket code (manifest) and commented out 2 IAM resources (which I created on Day 1) and updated code for New SCP. QUESTION IS - if I run this pipeline, what happens to 2 IAM resources which i commented out? will they be ignored as i have commented out or they will be deleted?

In our case, if we re-run same pipeline with few sections commented out, instead of being ignored, they seems to get deleted or messed up

I hope I was able to articulate my concern properly but if its confusing, let me know.

In the Output variables section of the doc https://github.com/awsdocs/aws-codepipeline-user-guide/blob/main/doc_source/action-reference-CloudFormation.md I see a mode "ALWAYS_REPLACE". But this mode is not defined as an available mode on top of the page under the "Action Modes" section. Is this a typo?

How do I Use Amazon CloudWatch Events to Start a Pipeline on a Schedule via cloudformation?

I expected it to work like this, but I don't seem to be able to obtain the pipeline ARN. I can not find documentation relating to this.

  EventRule:
    Type: AWS::Events::Rule
    Properties:
      ScheduleExpression: rate(1 day)
      Targets:
        - Arn: !GetAtt Pipeline.Arn
          Id: id-here

  Pipeline:
    Type: AWS::CodePipeline::Pipeline
    ...