aws_ddk_core.cicd.CICDPipelineStack

class aws_ddk_core.cicd.CICDPipelineStack(*args: Any, **kwargs)

Create a stack that contains DDK Continuous Integration and Delivery (CI/CD) pipeline.

The pipeline is based on CDK self-mutating pipeline but includes several DDK-specific features, including:

  • Ability to configure some properties via JSON config e.g. manual approvals for application stages

  • Defaults for source/synth - CodeCommit & cdk synth, with ability to override them

  • Ability to connect to private artifactory to pull artifacts from at synth

  • Security best practices - ensures pipeline buckets block non-SSL, and are KMS-encrypted with rotated keys

  • Builder interface to avoid chunky constructor methods

The user should be able to reuse the pipeline in multiple DDK applications hoping to save LOC.

Example:

pipeline = (
    CICDPipelineStack(
        app,
        id="my-pipeline",
        environment_id="cicd",
        pipeline_name="MyPipeline",
    )
    .add_source_action(repository_name="my-repo")
    .add_synth_action()
    .build()
    .add_checks()
    .add_stage("dev", DevStage(app, "dev"))
    .synth()
    .add_notifications()
)
__init__(scope: constructs.Construct, id: str, environment_id: str, pipeline_name: Optional[str] = None, env: Optional[aws_cdk.Environment] = None, **kwargs: Any) None

Start building Code Pipeline.

Parameters
  • scope (Construct) – Scope within which this construct is defined

  • id (str) – Identifier of the pipeline

  • environment_id (str) – Identifier of the environment that will contain the pipeline

  • pipeline_name (Optional[str]) – Name of the pipeline

  • env (Optional[Environment]) – Environment

  • kwargs (Any) – Additional args

  • Configuration (Supported DDK Environment) –

  • https (//awslabs.github.io/aws-ddk/release/latest/how-to/ddk-configuration.html) –

  • ----------

  • cdk_version (str) – Version of the AWS CDK to use in the deployment pipeline.

  • repository (str) – Name of the CodeArtifact repository to pull artifacts from.

  • domain (str) – Name of the CodeArtifact domain.

  • domain_owner (str) – CodeArtifact domain owner account.

  • manual_approvals (str) – Configure manual approvals if this parameter is set.

  • notifications_topic_arn (str) – Existing SNS topic arn to use for pipeline notifications.

  • execute_security_lint (str) – Configure security lint stage of pipeline if this parameter is set.

  • execute_tests (str) – Configure tests stage of pipeline if this parameter is set.

Methods

__init__(scope, id, environment_id[, ...])

Start building Code Pipeline.

add_checks()

Add checks to the pipeline (e.g.

add_custom_stage(stage_name, steps)

Add custom stage to the pipeline.

add_dependency(target[, reason])

Add a dependency between this stack and another stack.

add_notifications([notification_rule])

Add pipeline notifications.

add_security_lint_stage([stage_name, ...])

Add linting - cfn-nag, and bandit.

add_source_action([repository_name, branch, ...])

Add source action.

add_stage(stage_id, stage[, manual_approvals])

Add application stage to the CICD pipeline.

add_synth_action([codeartifact_repository, ...])

Add synth action.

add_test_stage([stage_name, ...])

Add test - e.g.

add_transform(transform)

Add a Transform to this stack.

add_wave(stage_id, stages[, manual_approvals])

Add multiple application stages in parallel to the CICD pipeline.

build()

Build the pipeline structure.

export_value(exported_value, *[, name])

Create a CloudFormation Export for a value.

format_arn(*, resource, service[, account, ...])

Creates an ARN from components.

get_logical_id(element)

Allocates a stack-unique CloudFormation-compatible logical identity for a specific resource.

is_construct(x)

Checks if x is a construct.

is_stack(x)

Return whether the given object is a Stack.

of(construct)

Looks up the first stack scope in which construct is defined.

regional_fact(fact_name[, default_value])

Look up a fact value for the given fact for the region of this stack.

rename_logical_id(old_id, new_id)

Rename a generated logical identities.

report_missing_context_key(*, key, props, ...)

Indicate that a context key was expected.

resolve(obj)

Resolve a tokenized value in the context of the current stack.

split_arn(arn, arn_format)

Splits the provided ARN into its components.

synth()

Synthesize the pipeline.

to_json_string(obj[, space])

Convert an object, potentially containing tokens, to a JSON string.

to_string()

Returns a string representation of this construct.

Attributes

account

The AWS account into which this stack will be deployed.

artifact_id

The ID of the cloud assembly artifact for this stack.

availability_zones

Returns the list of AZs that are available in the AWS environment (account/region) associated with this stack.

bundling_required

Indicates whether the stack requires bundling or not.

dependencies

Return the stacks this stack depends on.

environment

The environment coordinates in which this stack is deployed.

nested

Indicates if this is a nested stack, in which case parentStack will include a reference to it's parent.

nested_stack_parent

If this is a nested stack, returns it's parent stack.

nested_stack_resource

If this is a nested stack, this represents its AWS::CloudFormation::Stack resource.

node

The tree node.

notification_arns

Returns the list of notification Amazon Resource Names (ARNs) for the current stack.

partition

The partition in which this stack is defined.

region

The AWS region into which this stack will be deployed (e.g.

stack_id

The ID of the stack.

stack_name

The concrete CloudFormation physical stack name.

synthesizer

Synthesis method for this stack.

tags

Tags to be applied to the stack.

template_file

The name of the CloudFormation template file emitted to the output directory during synthesis.

template_options

Options for CloudFormation template (like version, transform, description).

termination_protection

Whether termination protection is enabled for this stack.

url_suffix

The Amazon domain suffix for the region in which this stack is defined.

add_checks() aws_ddk_core.cicd.pipeline.CICDPipelineStack

Add checks to the pipeline (e.g. linting, security, tests…).

Returns

pipeline – CICD pipeline

Return type

CICDPipelineStack

add_custom_stage(stage_name: str, steps: List[aws_cdk.pipelines.Step]) aws_ddk_core.cicd.pipeline.CICDPipelineStack

Add custom stage to the pipeline.

Parameters
Returns

pipeline – CICD pipeline

Return type

CICDPipeline

add_notifications(notification_rule: Optional[aws_cdk.aws_codestarnotifications.NotificationRule] = None) aws_ddk_core.cicd.pipeline.CICDPipelineStack

Add pipeline notifications. Create notification rule that sends events to the specified SNS topic.

Parameters

notification_rule (Optional[NotificationRule]) – Override notification rule

Returns

pipeline – CICD pipeline

Return type

CICDPipeline

add_security_lint_stage(stage_name: Optional[str] = None, cloud_assembly_file_set: Optional[aws_cdk.pipelines.IFileSetProducer] = None) aws_ddk_core.cicd.pipeline.CICDPipelineStack

Add linting - cfn-nag, and bandit.

Parameters
  • stage_name (Optional[str]) – Name of the stage

  • cloud_assembly_file_set (Optional[IFileSetProducer]) – Cloud assembly file set producer

Returns

pipeline – CICD pipeline

Return type

CICDPipeline

add_source_action(repository_name: Optional[str] = None, branch: str = 'main', source_action: Optional[aws_cdk.pipelines.CodePipelineSource] = None) aws_ddk_core.cicd.pipeline.CICDPipelineStack

Add source action.

Parameters
  • repository_name (Optional[str]) – Name of the SCM repository

  • branch (str) – Branch of the SCM repository

  • source_action (Optional[CodePipelineSource]) – Override source action

Returns

pipeline – CICDPipelineStack

Return type

CICDPipelineStack

add_stage(stage_id: str, stage: aws_cdk.Stage, manual_approvals: Optional[bool] = False) aws_ddk_core.cicd.pipeline.CICDPipelineStack

Add application stage to the CICD pipeline. This stage deploys your application infrastructure.

Parameters
  • stage_id (str) – Identifier of the stage

  • stage (Stage) – Application stage instance

  • manual_approvals (Optional[bool]) – Configure manual approvals. False by default

Returns

pipeline – CICDPipelineStack

Return type

CICDPipelineStack

add_synth_action(codeartifact_repository: Optional[str] = None, codeartifact_domain: Optional[str] = None, codeartifact_domain_owner: Optional[str] = None, role_policy_statements: Optional[List[aws_cdk.aws_iam.PolicyStatement]] = None, synth_action: Optional[aws_cdk.pipelines.CodeBuildStep] = None) aws_ddk_core.cicd.pipeline.CICDPipelineStack

Add synth action. During synth can connect and pull artifacts from a private artifactory.

Parameters
  • codeartifact_repository (Optional[str]) – Name of the CodeArtifact repository to pull artifacts from

  • codeartifact_domain (Optional[str]) – Name of the CodeArtifact domain

  • codeartifact_domain_owner (Optional[str]) – CodeArtifact domain owner account

  • role_policy_statements (Optional[List[PolicyStatement]]) – Additional policies to add to the synth action role

  • synth_action (Optional[CodeBuildStep]) – Override synth action

Returns

pipeline – CICDPipelineStack

Return type

CICDPipelineStack

add_test_stage(stage_name: Optional[str] = None, cloud_assembly_file_set: Optional[aws_cdk.pipelines.IFileSetProducer] = None, commands: Optional[List[str]] = None) aws_ddk_core.cicd.pipeline.CICDPipelineStack

Add test - e.g. pytest.

Parameters
  • stage_name (Optional[str]) – Name of the stage

  • cloud_assembly_file_set (Optional[IFileSetProducer]) – Cloud assembly file set

  • commands (Optional[List[str]]) – Additional commands to run in the test. Defaults to “./test.sh” otherwise

Returns

pipeline – CICD pipeline

Return type

CICDPipelineStack

add_wave(stage_id: str, stages: List[aws_cdk.Stage], manual_approvals: Optional[bool] = False) aws_ddk_core.cicd.pipeline.CICDPipelineStack

Add multiple application stages in parallel to the CICD pipeline.

Parameters
  • stage_id (str) – Identifier of the wave

  • stages (List[Stage]) – Application stage instance

  • manual_approvals (Optional[bool]) – Configure manual approvals. False by default

Returns

pipeline – CICDPipelineStack

Return type

CICDPipelineStack

build() aws_ddk_core.cicd.pipeline.CICDPipelineStack

Build the pipeline structure.

Returns

pipeline – CICDPipelineStack

Return type

CICDPipelineStack

synth() aws_ddk_core.cicd.pipeline.CICDPipelineStack

Synthesize the pipeline.

It is not possible to modify the pipeline after calling this method.

Returns

pipeline – CICDPipelineStack

Return type

CICDPipelineStack