I am doing a cross account deployment in AWS from my deploy account to staging account, I have 2 seperate pipelines for API and Front end application.
In the code pipeline of API, i am creating some resources which i want to re-use in the build stage of the front end's codepipeline. Now i need to achieve the below steps by running a single pipeline
Thanks in advance
A CodePipeline is comprised of Stages (logical) and Actions (Source/Build/Deploy etc).
Every action can be run in local account or a cross account. How does this magic happens?
Every action has a roleArn property. This is the role that CodePipeline "assumes" when performing that action. If that role specified in 'roleArn' property is in local account (or property is null) the action runs in local account. If the role specified in 'roleArn' property is cross account the action will run in the other account.
Run the following command to inspect:
$ aws codepipeline get-pipeline --name <name> --region us-east-1
Result will be something like (See second last line):
"name": "Deploy",
"actions": [
{
"name": "Deploy",
"actionTypeId": {
"category": "Deploy",
"owner": "AWS",
"provider": "CloudFormation",
"version": "1"
},
"runOrder": 1,
"configuration": {
"ActionMode": "CREATE_UPDATE",
"Capabilities": "CAPABILITY_IAM,CAPABILITY_NAMED_IAM,CAPABILITY_AUTO_EXPAND",
"RoleArn": "arn:aws:iam::0123456789012:role/CrossAccount_Role",
"StackName": "Cx-Account",
"TemplatePath": "SourceArtifact::template.json"
},
"outputArtifacts": [],
"inputArtifacts": [
{
"name": "SourceArtifact"
}
],
"roleArn": "arn:aws:iam::0123456789012:role/CrossAccount_Role",
"region": "us-east-1"
}
Deploy One cloud formation stack in deploy account itself - Not succesful, Is it possible? If it is possible how to do it?
Now you have the key to running the action in whichever account you want. Create the action as normal and do not specify a roleArn on the action itself and CodePipeline will execute the cloudformation operation in the deploy account itself (where the pipeline is).