AWS CodePipeline - how to deploy dozens of CloudFormation / Stackset / Lambda resources without manually...
Is flight data recorder erased after every flight?
Apparent duplicates between Haynes service instructions and MOT
What do the Banks children have against barley water?
Lightning Grid - Columns and Rows?
Can someone be penalized for an "unlawful" act if no penalty is specified?
What is the meaning of the verb "bear" in this context?
Why was M87 targetted for the Event Horizon Telescope instead of Sagittarius A*?
Is this app Icon Browser Safe/Legit?
What could be the right powersource for 15 seconds lifespan disposable giant chainsaw?
"as much details as you can remember"
Is there any way to tell whether the shot is going to hit you or not?
Why is the maximum length of OpenWrt’s root password 8 characters?
Why can Shazam fly?
What is the motivation for a law requiring 2 parties to consent for recording a conversation
Is an up-to-date browser secure on an out-of-date OS?
Why didn't the Event Horizon Telescope team mention Sagittarius A*?
What does Linus Torvalds mean when he says that Git "never ever" tracks a file?
Time travel alters history but people keep saying nothing's changed
How to support a colleague who finds meetings extremely tiring?
Landlord wants to switch my lease to a "Land contract" to "get back at the city"
How are circuits which use complex ICs normally simulated?
Why isn't airport relocation done gradually?
Have you ever entered Singapore using a different passport or name?
How to manage monthly salary
AWS CodePipeline - how to deploy dozens of CloudFormation / Stackset / Lambda resources without manually creating a pipeline action per file
The 2019 Stack Overflow Developer Survey Results Are InDeploy an AWS Auto Scaling groups using Chef ServerHow to specify needed VPC and subnet into AWS CloudFormation templateAWS CodePipeline output file emptyHow can I deploy a large application to Lambda using Serverless, bypassing or not reacking CloudFormation resource limitHow to send notification of CodePipeline status?Tracking AWS resources across multiple AWS accountsConfiguring X-Ray in Lambda with AWS CloudFormation vs TracingConfigsingle or multiple docker containers per hostDeploying to multiple accounts with Terraform?Why does a custom CodeBuild image require aws configure, but not a managed one?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
What's the best way to deploy dozens of resources such as CloudFormation templates, Stack Sets, and Lambda functions using Code Pipeline?
In AWS I have a multi-account architecture running an AWS Organization. I want a pipeline running in a single account. That pipeline will deploy CloudFormation templates to one or more accounts within the Organization.
The options I've found so far are:
Have a pipeline stage or action for each source file. This works quite well, but means every time you add a source file you need to modify your pipeline, which seems like overhead that could be automated or eliminated. You can't deploy StackSets with this approach. You also need a stage per template per account to deploy to, so it's impractical.
Use nested stacks. The problems with this are 1) Within the master stack I don't know what naming convention to use to call the other stacks direct from CodeCommit. I could work around that by having CodeBuild copy all the files to S3, but it seems inelegant. 2) Nested stacks are more difficult to debug, as they're torn down and deleted if they fail, so it's difficult to find the cause of the problem
Have CodeBuild to run a bash script that deploys all the templates using the AWS CLI.
Have CodeBuild run an Ansible playbook to deploy all the templates.
Have Lambda deploy each template, after being invoked by CodePipeline. This is likely not a great option as each invocation of Lambda would be for a single template, and there wouldn't be information about which account to deploy to. A single Lambda function that does all the deployments might be an option.
Ideally I'd like to have CodePipeline deploy every file with specific extensions in a CodeCommit repo, or even better deploy what's listed in a manifest file. However I don't think this is possible.
I'd prefer to avoid any technologies or services that aren't necessary. I would also prefer not to use Jenkins, Ansible, Teraform, etc, as this script could be deployed at multiple customer sites and I don't want to force any third party technology on them. If I have to use third party I'd rather have something that can run in a CodeBuild container than have to run on an instance like Jenkins.
--
Experience since I asked this question
Having to write Borne Shell (sh) scripts in CodeBuild is complex, painful and slow.
There needs to be some logic around creation or update of StackSets. If you simply call "create stackset" it will fail on update.
There's a reason the AWS Landing Zone pipeline is complex, using things like step functions.
If there was an easy way to write logic such as "if this stackset exists then update it" things would be a lot simpler. The ASW CDK is one possible solution to this, as it lets you create AWS infrastructure using Java, .Net, JavaScript, or TypeScript. Third party tools such as Teraform and such may also make help, but I don't know enough about them to comment.
I'm going to leave this question open in case someone comes up with a great answer.
--
Information from AWS Support
AWS have given the following advice (I've paraphrased it, filtered through my understanding, any errors are my own rather than incorrect advice from AWS):
CodePipeline can only deploy one artifact (eg CloudFormation template) per action
CodePipeline cannot directly deploy a StackSet, which would allow for deployment of templates across accounts. StackSets can be deployed by calling CodeBuild / Lambda.
CodePipeline can deploy to other accounts by specifying a role in that other account. This only deploys to one account at a time, so you would need one action per template per account
CodeBuild started as part of a CodePipeline running in a container gives more flexibility, you can do whatever you like here really
CodePipeline can start Lambda, which is very flexible. If you start Lambda from a CodePipeline action you get the URL of a single resource, which may be limiting. (My guess) You can probably invoke Lambda in a way that lets it do the whole deployment.
amazon-web-services amazon-codepipeline
add a comment |
What's the best way to deploy dozens of resources such as CloudFormation templates, Stack Sets, and Lambda functions using Code Pipeline?
In AWS I have a multi-account architecture running an AWS Organization. I want a pipeline running in a single account. That pipeline will deploy CloudFormation templates to one or more accounts within the Organization.
The options I've found so far are:
Have a pipeline stage or action for each source file. This works quite well, but means every time you add a source file you need to modify your pipeline, which seems like overhead that could be automated or eliminated. You can't deploy StackSets with this approach. You also need a stage per template per account to deploy to, so it's impractical.
Use nested stacks. The problems with this are 1) Within the master stack I don't know what naming convention to use to call the other stacks direct from CodeCommit. I could work around that by having CodeBuild copy all the files to S3, but it seems inelegant. 2) Nested stacks are more difficult to debug, as they're torn down and deleted if they fail, so it's difficult to find the cause of the problem
Have CodeBuild to run a bash script that deploys all the templates using the AWS CLI.
Have CodeBuild run an Ansible playbook to deploy all the templates.
Have Lambda deploy each template, after being invoked by CodePipeline. This is likely not a great option as each invocation of Lambda would be for a single template, and there wouldn't be information about which account to deploy to. A single Lambda function that does all the deployments might be an option.
Ideally I'd like to have CodePipeline deploy every file with specific extensions in a CodeCommit repo, or even better deploy what's listed in a manifest file. However I don't think this is possible.
I'd prefer to avoid any technologies or services that aren't necessary. I would also prefer not to use Jenkins, Ansible, Teraform, etc, as this script could be deployed at multiple customer sites and I don't want to force any third party technology on them. If I have to use third party I'd rather have something that can run in a CodeBuild container than have to run on an instance like Jenkins.
--
Experience since I asked this question
Having to write Borne Shell (sh) scripts in CodeBuild is complex, painful and slow.
There needs to be some logic around creation or update of StackSets. If you simply call "create stackset" it will fail on update.
There's a reason the AWS Landing Zone pipeline is complex, using things like step functions.
If there was an easy way to write logic such as "if this stackset exists then update it" things would be a lot simpler. The ASW CDK is one possible solution to this, as it lets you create AWS infrastructure using Java, .Net, JavaScript, or TypeScript. Third party tools such as Teraform and such may also make help, but I don't know enough about them to comment.
I'm going to leave this question open in case someone comes up with a great answer.
--
Information from AWS Support
AWS have given the following advice (I've paraphrased it, filtered through my understanding, any errors are my own rather than incorrect advice from AWS):
CodePipeline can only deploy one artifact (eg CloudFormation template) per action
CodePipeline cannot directly deploy a StackSet, which would allow for deployment of templates across accounts. StackSets can be deployed by calling CodeBuild / Lambda.
CodePipeline can deploy to other accounts by specifying a role in that other account. This only deploys to one account at a time, so you would need one action per template per account
CodeBuild started as part of a CodePipeline running in a container gives more flexibility, you can do whatever you like here really
CodePipeline can start Lambda, which is very flexible. If you start Lambda from a CodePipeline action you get the URL of a single resource, which may be limiting. (My guess) You can probably invoke Lambda in a way that lets it do the whole deployment.
amazon-web-services amazon-codepipeline
add a comment |
What's the best way to deploy dozens of resources such as CloudFormation templates, Stack Sets, and Lambda functions using Code Pipeline?
In AWS I have a multi-account architecture running an AWS Organization. I want a pipeline running in a single account. That pipeline will deploy CloudFormation templates to one or more accounts within the Organization.
The options I've found so far are:
Have a pipeline stage or action for each source file. This works quite well, but means every time you add a source file you need to modify your pipeline, which seems like overhead that could be automated or eliminated. You can't deploy StackSets with this approach. You also need a stage per template per account to deploy to, so it's impractical.
Use nested stacks. The problems with this are 1) Within the master stack I don't know what naming convention to use to call the other stacks direct from CodeCommit. I could work around that by having CodeBuild copy all the files to S3, but it seems inelegant. 2) Nested stacks are more difficult to debug, as they're torn down and deleted if they fail, so it's difficult to find the cause of the problem
Have CodeBuild to run a bash script that deploys all the templates using the AWS CLI.
Have CodeBuild run an Ansible playbook to deploy all the templates.
Have Lambda deploy each template, after being invoked by CodePipeline. This is likely not a great option as each invocation of Lambda would be for a single template, and there wouldn't be information about which account to deploy to. A single Lambda function that does all the deployments might be an option.
Ideally I'd like to have CodePipeline deploy every file with specific extensions in a CodeCommit repo, or even better deploy what's listed in a manifest file. However I don't think this is possible.
I'd prefer to avoid any technologies or services that aren't necessary. I would also prefer not to use Jenkins, Ansible, Teraform, etc, as this script could be deployed at multiple customer sites and I don't want to force any third party technology on them. If I have to use third party I'd rather have something that can run in a CodeBuild container than have to run on an instance like Jenkins.
--
Experience since I asked this question
Having to write Borne Shell (sh) scripts in CodeBuild is complex, painful and slow.
There needs to be some logic around creation or update of StackSets. If you simply call "create stackset" it will fail on update.
There's a reason the AWS Landing Zone pipeline is complex, using things like step functions.
If there was an easy way to write logic such as "if this stackset exists then update it" things would be a lot simpler. The ASW CDK is one possible solution to this, as it lets you create AWS infrastructure using Java, .Net, JavaScript, or TypeScript. Third party tools such as Teraform and such may also make help, but I don't know enough about them to comment.
I'm going to leave this question open in case someone comes up with a great answer.
--
Information from AWS Support
AWS have given the following advice (I've paraphrased it, filtered through my understanding, any errors are my own rather than incorrect advice from AWS):
CodePipeline can only deploy one artifact (eg CloudFormation template) per action
CodePipeline cannot directly deploy a StackSet, which would allow for deployment of templates across accounts. StackSets can be deployed by calling CodeBuild / Lambda.
CodePipeline can deploy to other accounts by specifying a role in that other account. This only deploys to one account at a time, so you would need one action per template per account
CodeBuild started as part of a CodePipeline running in a container gives more flexibility, you can do whatever you like here really
CodePipeline can start Lambda, which is very flexible. If you start Lambda from a CodePipeline action you get the URL of a single resource, which may be limiting. (My guess) You can probably invoke Lambda in a way that lets it do the whole deployment.
amazon-web-services amazon-codepipeline
What's the best way to deploy dozens of resources such as CloudFormation templates, Stack Sets, and Lambda functions using Code Pipeline?
In AWS I have a multi-account architecture running an AWS Organization. I want a pipeline running in a single account. That pipeline will deploy CloudFormation templates to one or more accounts within the Organization.
The options I've found so far are:
Have a pipeline stage or action for each source file. This works quite well, but means every time you add a source file you need to modify your pipeline, which seems like overhead that could be automated or eliminated. You can't deploy StackSets with this approach. You also need a stage per template per account to deploy to, so it's impractical.
Use nested stacks. The problems with this are 1) Within the master stack I don't know what naming convention to use to call the other stacks direct from CodeCommit. I could work around that by having CodeBuild copy all the files to S3, but it seems inelegant. 2) Nested stacks are more difficult to debug, as they're torn down and deleted if they fail, so it's difficult to find the cause of the problem
Have CodeBuild to run a bash script that deploys all the templates using the AWS CLI.
Have CodeBuild run an Ansible playbook to deploy all the templates.
Have Lambda deploy each template, after being invoked by CodePipeline. This is likely not a great option as each invocation of Lambda would be for a single template, and there wouldn't be information about which account to deploy to. A single Lambda function that does all the deployments might be an option.
Ideally I'd like to have CodePipeline deploy every file with specific extensions in a CodeCommit repo, or even better deploy what's listed in a manifest file. However I don't think this is possible.
I'd prefer to avoid any technologies or services that aren't necessary. I would also prefer not to use Jenkins, Ansible, Teraform, etc, as this script could be deployed at multiple customer sites and I don't want to force any third party technology on them. If I have to use third party I'd rather have something that can run in a CodeBuild container than have to run on an instance like Jenkins.
--
Experience since I asked this question
Having to write Borne Shell (sh) scripts in CodeBuild is complex, painful and slow.
There needs to be some logic around creation or update of StackSets. If you simply call "create stackset" it will fail on update.
There's a reason the AWS Landing Zone pipeline is complex, using things like step functions.
If there was an easy way to write logic such as "if this stackset exists then update it" things would be a lot simpler. The ASW CDK is one possible solution to this, as it lets you create AWS infrastructure using Java, .Net, JavaScript, or TypeScript. Third party tools such as Teraform and such may also make help, but I don't know enough about them to comment.
I'm going to leave this question open in case someone comes up with a great answer.
--
Information from AWS Support
AWS have given the following advice (I've paraphrased it, filtered through my understanding, any errors are my own rather than incorrect advice from AWS):
CodePipeline can only deploy one artifact (eg CloudFormation template) per action
CodePipeline cannot directly deploy a StackSet, which would allow for deployment of templates across accounts. StackSets can be deployed by calling CodeBuild / Lambda.
CodePipeline can deploy to other accounts by specifying a role in that other account. This only deploys to one account at a time, so you would need one action per template per account
CodeBuild started as part of a CodePipeline running in a container gives more flexibility, you can do whatever you like here really
CodePipeline can start Lambda, which is very flexible. If you start Lambda from a CodePipeline action you get the URL of a single resource, which may be limiting. (My guess) You can probably invoke Lambda in a way that lets it do the whole deployment.
amazon-web-services amazon-codepipeline
amazon-web-services amazon-codepipeline
edited 10 mins ago
Tim
asked Apr 2 at 18:27
TimTim
18k41949
18k41949
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
I would look at deploying all the templates through a single Ansible playbook. In the playbook.yml
you can have many tasks, one per CFN template, give each template the required parameters, feed outputs from one stack to the next, etc. Also Ansible is idempotent so when re-running the playbook it (re-)deploys only what's modified.
This can all be a single step in CodePipeline.
Now how to actually run it? CodePipeline can execute CodeBuild, CodeDeploy, ECS Task or Elastic Beanstalk. I would probably choose CodeBuild with an Ansible docker image. Why don't you want to use CodeBuild?
If you really really want to do CodePipeline deployment through the CloudFormation method you can probably create some custom resource that executes the ansible playbook, but that seems quite convoluted.
My choice would be CodePipeline ➜ CodeBuild ➜ Ansible playbook ➜ deploy lots of CloudFormation stacks.
BTW To debug nested templates failures you can always change the Filter in the console to Failed or Deleted and examine the failed stacks events there. When they are deleted they only disappear from the default view but the details are still there.
However I don't like complex nested templates, I find them harder to manage and update than using Ansible.
Hope that helps :)
Thanks MLu. I want to do this using only AWS services to make it more generic, I don't want to force ansible on our customers. I would prefer to avoid CodeBuild as it runs an instance, which is relatively slow. I wouldn't mind running Lambda functions as the startup time is much better. Thanks for the tips on the filter :)
– Tim
Apr 2 at 21:26
1
@Tim CodeBuild runs a docker container (not an instance, IIRC) and that container can be spun up straight from the official Ansible docker image from docker hub. This way it won't have any external dependencies, all you'll need in your repo is the standardbuildspec.yml
, the Ansible'splaybook.yml
and your CFN templates. I wouldn't count it as forcing Ansible on your customers. Besides they may actually like Ansible once they start using it ;)
– MLu
Apr 2 at 21:33
Thanks MLu, docker will probably start up a bunch faster. Still, I'd prefer to avoid ansible because it's another technology to add to the stack and one I'd have to learn myself. I'll do it if there's no other way, but I'd prefer not to. I'm hoping CodePipeline can do what we need, using other AWS services if necessary.
– Tim
Apr 2 at 23:43
1
@Tim Simple Ansible playbook creating CloudFormation stacks to get you started. Ok, I'll stop now ;)
– MLu
Apr 2 at 23:52
What value is Ansible adding in your recommended option? CloudFormation isn't fully idempotent, but it can update a stack so it's largely idempotent. CodeBuild without Ansible can run a script that simply runs all the CloudFormation templates with the cli, which is inelegant but likely effective. I've added some notes from AWS support to my question, and refined my question a little.
– Tim
Apr 4 at 2:05
|
show 1 more comment
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f961162%2faws-codepipeline-how-to-deploy-dozens-of-cloudformation-stackset-lambda-re%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I would look at deploying all the templates through a single Ansible playbook. In the playbook.yml
you can have many tasks, one per CFN template, give each template the required parameters, feed outputs from one stack to the next, etc. Also Ansible is idempotent so when re-running the playbook it (re-)deploys only what's modified.
This can all be a single step in CodePipeline.
Now how to actually run it? CodePipeline can execute CodeBuild, CodeDeploy, ECS Task or Elastic Beanstalk. I would probably choose CodeBuild with an Ansible docker image. Why don't you want to use CodeBuild?
If you really really want to do CodePipeline deployment through the CloudFormation method you can probably create some custom resource that executes the ansible playbook, but that seems quite convoluted.
My choice would be CodePipeline ➜ CodeBuild ➜ Ansible playbook ➜ deploy lots of CloudFormation stacks.
BTW To debug nested templates failures you can always change the Filter in the console to Failed or Deleted and examine the failed stacks events there. When they are deleted they only disappear from the default view but the details are still there.
However I don't like complex nested templates, I find them harder to manage and update than using Ansible.
Hope that helps :)
Thanks MLu. I want to do this using only AWS services to make it more generic, I don't want to force ansible on our customers. I would prefer to avoid CodeBuild as it runs an instance, which is relatively slow. I wouldn't mind running Lambda functions as the startup time is much better. Thanks for the tips on the filter :)
– Tim
Apr 2 at 21:26
1
@Tim CodeBuild runs a docker container (not an instance, IIRC) and that container can be spun up straight from the official Ansible docker image from docker hub. This way it won't have any external dependencies, all you'll need in your repo is the standardbuildspec.yml
, the Ansible'splaybook.yml
and your CFN templates. I wouldn't count it as forcing Ansible on your customers. Besides they may actually like Ansible once they start using it ;)
– MLu
Apr 2 at 21:33
Thanks MLu, docker will probably start up a bunch faster. Still, I'd prefer to avoid ansible because it's another technology to add to the stack and one I'd have to learn myself. I'll do it if there's no other way, but I'd prefer not to. I'm hoping CodePipeline can do what we need, using other AWS services if necessary.
– Tim
Apr 2 at 23:43
1
@Tim Simple Ansible playbook creating CloudFormation stacks to get you started. Ok, I'll stop now ;)
– MLu
Apr 2 at 23:52
What value is Ansible adding in your recommended option? CloudFormation isn't fully idempotent, but it can update a stack so it's largely idempotent. CodeBuild without Ansible can run a script that simply runs all the CloudFormation templates with the cli, which is inelegant but likely effective. I've added some notes from AWS support to my question, and refined my question a little.
– Tim
Apr 4 at 2:05
|
show 1 more comment
I would look at deploying all the templates through a single Ansible playbook. In the playbook.yml
you can have many tasks, one per CFN template, give each template the required parameters, feed outputs from one stack to the next, etc. Also Ansible is idempotent so when re-running the playbook it (re-)deploys only what's modified.
This can all be a single step in CodePipeline.
Now how to actually run it? CodePipeline can execute CodeBuild, CodeDeploy, ECS Task or Elastic Beanstalk. I would probably choose CodeBuild with an Ansible docker image. Why don't you want to use CodeBuild?
If you really really want to do CodePipeline deployment through the CloudFormation method you can probably create some custom resource that executes the ansible playbook, but that seems quite convoluted.
My choice would be CodePipeline ➜ CodeBuild ➜ Ansible playbook ➜ deploy lots of CloudFormation stacks.
BTW To debug nested templates failures you can always change the Filter in the console to Failed or Deleted and examine the failed stacks events there. When they are deleted they only disappear from the default view but the details are still there.
However I don't like complex nested templates, I find them harder to manage and update than using Ansible.
Hope that helps :)
Thanks MLu. I want to do this using only AWS services to make it more generic, I don't want to force ansible on our customers. I would prefer to avoid CodeBuild as it runs an instance, which is relatively slow. I wouldn't mind running Lambda functions as the startup time is much better. Thanks for the tips on the filter :)
– Tim
Apr 2 at 21:26
1
@Tim CodeBuild runs a docker container (not an instance, IIRC) and that container can be spun up straight from the official Ansible docker image from docker hub. This way it won't have any external dependencies, all you'll need in your repo is the standardbuildspec.yml
, the Ansible'splaybook.yml
and your CFN templates. I wouldn't count it as forcing Ansible on your customers. Besides they may actually like Ansible once they start using it ;)
– MLu
Apr 2 at 21:33
Thanks MLu, docker will probably start up a bunch faster. Still, I'd prefer to avoid ansible because it's another technology to add to the stack and one I'd have to learn myself. I'll do it if there's no other way, but I'd prefer not to. I'm hoping CodePipeline can do what we need, using other AWS services if necessary.
– Tim
Apr 2 at 23:43
1
@Tim Simple Ansible playbook creating CloudFormation stacks to get you started. Ok, I'll stop now ;)
– MLu
Apr 2 at 23:52
What value is Ansible adding in your recommended option? CloudFormation isn't fully idempotent, but it can update a stack so it's largely idempotent. CodeBuild without Ansible can run a script that simply runs all the CloudFormation templates with the cli, which is inelegant but likely effective. I've added some notes from AWS support to my question, and refined my question a little.
– Tim
Apr 4 at 2:05
|
show 1 more comment
I would look at deploying all the templates through a single Ansible playbook. In the playbook.yml
you can have many tasks, one per CFN template, give each template the required parameters, feed outputs from one stack to the next, etc. Also Ansible is idempotent so when re-running the playbook it (re-)deploys only what's modified.
This can all be a single step in CodePipeline.
Now how to actually run it? CodePipeline can execute CodeBuild, CodeDeploy, ECS Task or Elastic Beanstalk. I would probably choose CodeBuild with an Ansible docker image. Why don't you want to use CodeBuild?
If you really really want to do CodePipeline deployment through the CloudFormation method you can probably create some custom resource that executes the ansible playbook, but that seems quite convoluted.
My choice would be CodePipeline ➜ CodeBuild ➜ Ansible playbook ➜ deploy lots of CloudFormation stacks.
BTW To debug nested templates failures you can always change the Filter in the console to Failed or Deleted and examine the failed stacks events there. When they are deleted they only disappear from the default view but the details are still there.
However I don't like complex nested templates, I find them harder to manage and update than using Ansible.
Hope that helps :)
I would look at deploying all the templates through a single Ansible playbook. In the playbook.yml
you can have many tasks, one per CFN template, give each template the required parameters, feed outputs from one stack to the next, etc. Also Ansible is idempotent so when re-running the playbook it (re-)deploys only what's modified.
This can all be a single step in CodePipeline.
Now how to actually run it? CodePipeline can execute CodeBuild, CodeDeploy, ECS Task or Elastic Beanstalk. I would probably choose CodeBuild with an Ansible docker image. Why don't you want to use CodeBuild?
If you really really want to do CodePipeline deployment through the CloudFormation method you can probably create some custom resource that executes the ansible playbook, but that seems quite convoluted.
My choice would be CodePipeline ➜ CodeBuild ➜ Ansible playbook ➜ deploy lots of CloudFormation stacks.
BTW To debug nested templates failures you can always change the Filter in the console to Failed or Deleted and examine the failed stacks events there. When they are deleted they only disappear from the default view but the details are still there.
However I don't like complex nested templates, I find them harder to manage and update than using Ansible.
Hope that helps :)
answered Apr 2 at 21:09
MLuMLu
9,67722445
9,67722445
Thanks MLu. I want to do this using only AWS services to make it more generic, I don't want to force ansible on our customers. I would prefer to avoid CodeBuild as it runs an instance, which is relatively slow. I wouldn't mind running Lambda functions as the startup time is much better. Thanks for the tips on the filter :)
– Tim
Apr 2 at 21:26
1
@Tim CodeBuild runs a docker container (not an instance, IIRC) and that container can be spun up straight from the official Ansible docker image from docker hub. This way it won't have any external dependencies, all you'll need in your repo is the standardbuildspec.yml
, the Ansible'splaybook.yml
and your CFN templates. I wouldn't count it as forcing Ansible on your customers. Besides they may actually like Ansible once they start using it ;)
– MLu
Apr 2 at 21:33
Thanks MLu, docker will probably start up a bunch faster. Still, I'd prefer to avoid ansible because it's another technology to add to the stack and one I'd have to learn myself. I'll do it if there's no other way, but I'd prefer not to. I'm hoping CodePipeline can do what we need, using other AWS services if necessary.
– Tim
Apr 2 at 23:43
1
@Tim Simple Ansible playbook creating CloudFormation stacks to get you started. Ok, I'll stop now ;)
– MLu
Apr 2 at 23:52
What value is Ansible adding in your recommended option? CloudFormation isn't fully idempotent, but it can update a stack so it's largely idempotent. CodeBuild without Ansible can run a script that simply runs all the CloudFormation templates with the cli, which is inelegant but likely effective. I've added some notes from AWS support to my question, and refined my question a little.
– Tim
Apr 4 at 2:05
|
show 1 more comment
Thanks MLu. I want to do this using only AWS services to make it more generic, I don't want to force ansible on our customers. I would prefer to avoid CodeBuild as it runs an instance, which is relatively slow. I wouldn't mind running Lambda functions as the startup time is much better. Thanks for the tips on the filter :)
– Tim
Apr 2 at 21:26
1
@Tim CodeBuild runs a docker container (not an instance, IIRC) and that container can be spun up straight from the official Ansible docker image from docker hub. This way it won't have any external dependencies, all you'll need in your repo is the standardbuildspec.yml
, the Ansible'splaybook.yml
and your CFN templates. I wouldn't count it as forcing Ansible on your customers. Besides they may actually like Ansible once they start using it ;)
– MLu
Apr 2 at 21:33
Thanks MLu, docker will probably start up a bunch faster. Still, I'd prefer to avoid ansible because it's another technology to add to the stack and one I'd have to learn myself. I'll do it if there's no other way, but I'd prefer not to. I'm hoping CodePipeline can do what we need, using other AWS services if necessary.
– Tim
Apr 2 at 23:43
1
@Tim Simple Ansible playbook creating CloudFormation stacks to get you started. Ok, I'll stop now ;)
– MLu
Apr 2 at 23:52
What value is Ansible adding in your recommended option? CloudFormation isn't fully idempotent, but it can update a stack so it's largely idempotent. CodeBuild without Ansible can run a script that simply runs all the CloudFormation templates with the cli, which is inelegant but likely effective. I've added some notes from AWS support to my question, and refined my question a little.
– Tim
Apr 4 at 2:05
Thanks MLu. I want to do this using only AWS services to make it more generic, I don't want to force ansible on our customers. I would prefer to avoid CodeBuild as it runs an instance, which is relatively slow. I wouldn't mind running Lambda functions as the startup time is much better. Thanks for the tips on the filter :)
– Tim
Apr 2 at 21:26
Thanks MLu. I want to do this using only AWS services to make it more generic, I don't want to force ansible on our customers. I would prefer to avoid CodeBuild as it runs an instance, which is relatively slow. I wouldn't mind running Lambda functions as the startup time is much better. Thanks for the tips on the filter :)
– Tim
Apr 2 at 21:26
1
1
@Tim CodeBuild runs a docker container (not an instance, IIRC) and that container can be spun up straight from the official Ansible docker image from docker hub. This way it won't have any external dependencies, all you'll need in your repo is the standard
buildspec.yml
, the Ansible's playbook.yml
and your CFN templates. I wouldn't count it as forcing Ansible on your customers. Besides they may actually like Ansible once they start using it ;)– MLu
Apr 2 at 21:33
@Tim CodeBuild runs a docker container (not an instance, IIRC) and that container can be spun up straight from the official Ansible docker image from docker hub. This way it won't have any external dependencies, all you'll need in your repo is the standard
buildspec.yml
, the Ansible's playbook.yml
and your CFN templates. I wouldn't count it as forcing Ansible on your customers. Besides they may actually like Ansible once they start using it ;)– MLu
Apr 2 at 21:33
Thanks MLu, docker will probably start up a bunch faster. Still, I'd prefer to avoid ansible because it's another technology to add to the stack and one I'd have to learn myself. I'll do it if there's no other way, but I'd prefer not to. I'm hoping CodePipeline can do what we need, using other AWS services if necessary.
– Tim
Apr 2 at 23:43
Thanks MLu, docker will probably start up a bunch faster. Still, I'd prefer to avoid ansible because it's another technology to add to the stack and one I'd have to learn myself. I'll do it if there's no other way, but I'd prefer not to. I'm hoping CodePipeline can do what we need, using other AWS services if necessary.
– Tim
Apr 2 at 23:43
1
1
@Tim Simple Ansible playbook creating CloudFormation stacks to get you started. Ok, I'll stop now ;)
– MLu
Apr 2 at 23:52
@Tim Simple Ansible playbook creating CloudFormation stacks to get you started. Ok, I'll stop now ;)
– MLu
Apr 2 at 23:52
What value is Ansible adding in your recommended option? CloudFormation isn't fully idempotent, but it can update a stack so it's largely idempotent. CodeBuild without Ansible can run a script that simply runs all the CloudFormation templates with the cli, which is inelegant but likely effective. I've added some notes from AWS support to my question, and refined my question a little.
– Tim
Apr 4 at 2:05
What value is Ansible adding in your recommended option? CloudFormation isn't fully idempotent, but it can update a stack so it's largely idempotent. CodeBuild without Ansible can run a script that simply runs all the CloudFormation templates with the cli, which is inelegant but likely effective. I've added some notes from AWS support to my question, and refined my question a little.
– Tim
Apr 4 at 2:05
|
show 1 more comment
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f961162%2faws-codepipeline-how-to-deploy-dozens-of-cloudformation-stackset-lambda-re%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown