Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

CdkPipeline: resource naming, compliance and customizations

See original GitHub issue

Hi,

Just wanted to clarify something for CdkPipeline, when it is declared the cdk creates pipeline stack with a LOT of things.

I’m working atm in a medium size enterprise and there are some standard, about naming convention, IAM policies etc.

My questions are:

Is there a way to re-use any of these between projects? These seems like waste of resources to create for each app. Unless this is designed to run in app-dedicated aws micro accounts.
Is there a way to customize any of these below? For example I could re-use some of existing roles, buckets… Or is it designed to go in all as one package?

Thank you!

// [+] AWS::KMS::Key Pipeline/Pipeline/ArtifactsBucketEncryptionKey PipelineArtifactsBucketEncryptionKeyF5BF0670
// [+] AWS::KMS::Alias Pipeline/Pipeline/ArtifactsBucketEncryptionKeyAlias PipelineArtifactsBucketEncryptionKeyAlias94A07392
// [+] AWS::S3::Bucket Pipeline/Pipeline/ArtifactsBucket PipelineArtifactsBucketAEA9A052
// [+] AWS::IAM::Role Pipeline/Pipeline/Role PipelineRoleB27FAA37
// [+] AWS::IAM::Policy Pipeline/Pipeline/Role/DefaultPolicy PipelineRoleDefaultPolicy7BDC1ABB
// [+] AWS::CodePipeline::Pipeline Pipeline/Pipeline Pipeline9850B417
// [+] AWS::IAM::Role Pipeline/Pipeline/Source/CodeCommit/CodePipelineActionRole PipelineSourceCodeCommitCodePipelineActionRole48F8DEFA
// [+] AWS::IAM::Policy Pipeline/Pipeline/Source/CodeCommit/CodePipelineActionRole/DefaultPolicy PipelineSourceCodeCommitCodePipelineActionRoleDefaultPolicy3CEB31C0
// [+] AWS::IAM::Role Pipeline/Pipeline/EventsRole PipelineEventsRole96280D9B
// [+] AWS::IAM::Policy Pipeline/Pipeline/EventsRole/DefaultPolicy PipelineEventsRoleDefaultPolicy62809D8F
// [+] AWS::IAM::Role Pipeline/Pipeline/Build/Synth/CodePipelineActionRole PipelineBuildSynthCodePipelineActionRole4E7A6C97
// [+] AWS::IAM::Policy Pipeline/Pipeline/Build/Synth/CodePipelineActionRole/DefaultPolicy PipelineBuildSynthCodePipelineActionRoleDefaultPolicy92C90290
// [+] AWS::IAM::Role Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role PipelineBuildSynthCdkBuildProjectRole231EEA2A
// [+] AWS::IAM::Policy Pipeline/Pipeline/Build/Synth/CdkBuildProject/Role/DefaultPolicy PipelineBuildSynthCdkBuildProjectRoleDefaultPolicyFB6C941C
// [+] AWS::CodeBuild::Project Pipeline/Pipeline/Build/Synth/CdkBuildProject PipelineBuildSynthCdkBuildProject6BEFA8E6
// [+] AWS::IAM::Role Pipeline/Pipeline/UpdatePipeline/SelfMutate/CodePipelineActionRole PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF
// [+] AWS::IAM::Policy Pipeline/Pipeline/UpdatePipeline/SelfMutate/CodePipelineActionRole/DefaultPolicy PipelineUpdatePipelineSelfMutateCodePipelineActionRoleDefaultPolicyE626265B
// [+] AWS::IAM::Role Pipeline/UpdatePipeline/SelfMutation/Role PipelineUpdatePipelineSelfMutationRole57E559E8
// [+] AWS::IAM::Policy Pipeline/UpdatePipeline/SelfMutation/Role/DefaultPolicy PipelineUpdatePipelineSelfMutationRoleDefaultPolicyA225DA4E
// [+] AWS::CodeBuild::Project Pipeline/UpdatePipeline/SelfMutation PipelineUpdatePipelineSelfMutationDAA41400

Issue Analytics

State:
Created 3 years ago
Reactions:1
Comments:9 (3 by maintainers)

Top GitHub Comments

1reaction

peterwoodworthcommented, Aug 20, 2021

@kennu the stack name will be generated if the stackName prop isn’t defined. The code which generates the stack name is here:

https://github.com/aws/aws-cdk/blob/2921d641171e0833b50f47418f444373a2592835/packages/%40aws-cdk/core/lib/stack.ts#L1065-L1089

To not have the name be automatically generated with the stagename at the beginning, you can use the stackName prop when creating the Stack construct

0reactions

github-actions[bot]commented, Sep 27, 2021

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.

Top Results From Across the Web

AWS::CodePipeline::Pipeline - AWS CloudFormation

The Amazon Resource Name (ARN) for CodePipeline to use to either perform actions with no actionRoleArn , or to use to assume roles...

Customizations for Control Tower (CfCT)

The Customizations for AWS Control Tower solution combines AWS Control Tower ... Custom CFN Resources - Create Additional IAM Role - name: create-iam-role ......

Tag a custom action in CodePipeline

Describes how to tag custom action resources in CodePipeline. ... run the tag-resource command, specifying the Amazon Resource Name (ARN) of the custom...

Continuous Compliance on AWS with CodePipeline and ...

AWS CloudFormation – All of the resource provisioning of this solution ... The name of the CodePipeline stage is Deploy (it can be...

Deploying AWS CloudFormation Templates Through ...

This is where services like AWS CodePipeline come in handy. ... AWS ecosystem, including the provisioning of resources using CloudFormation.