This page documents the language specification for the aws package. If you're looking for help working with the inputs, outputs, or functions of aws resources in a Pulumi program, please see the resource documentation for examples and API reference.

codepipeline¶

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-aws repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-aws repo.

class pulumi_aws.codepipeline.Pipeline(resource_name, opts=None, artifact_store=None, name=None, role_arn=None, stages=None, tags=None, __props__=None, __name__=None, __opts__=None)¶

Provides a CodePipeline.

NOTE on ``codepipeline.Pipeline``: - the GITHUB_TOKEN environment variable must be set if the GitHub provider is specified.

import pulumi
import pulumi_aws as aws

codepipeline_bucket = aws.s3.Bucket("codepipelineBucket", acl="private")
codepipeline_role = aws.iam.Role("codepipelineRole", assume_role_policy="""{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "codepipeline.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

""")
codepipeline_policy = aws.iam.RolePolicy("codepipelinePolicy",
    policy=pulumi.Output.all(codepipeline_bucket.arn, codepipeline_bucket.arn).apply(lambda codepipelineBucketArn, codepipelineBucketArn1: f"""{{
  "Version": "2012-10-17",
  "Statement": [
    {{
      "Effect":"Allow",
      "Action": [
        "s3:GetObject",
        "s3:GetObjectVersion",
        "s3:GetBucketVersioning",
        "s3:PutObject"
      ],
      "Resource": [
        "{codepipeline_bucket_arn}",
        "{codepipeline_bucket_arn1}/*"
      ]
    }},
    {{
      "Effect": "Allow",
      "Action": [
        "codebuild:BatchGetBuilds",
        "codebuild:StartBuild"
      ],
      "Resource": "*"
    }}
  ]
}}

"""),
    role=codepipeline_role.id)
s3kmskey = aws.kms.get_alias(name="alias/myKmsKey")
codepipeline = aws.codepipeline.Pipeline("codepipeline",
    artifact_store={
        "encryption_key": {
            "id": s3kmskey.arn,
            "type": "KMS",
        },
        "location": codepipeline_bucket.bucket,
        "type": "S3",
    },
    role_arn=codepipeline_role.arn,
    stages=[
        {
            "action": [{
                "category": "Source",
                "configuration": {
                    "Branch": "master",
                    "Owner": "my-organization",
                    "Repo": "test",
                },
                "name": "Source",
                "outputArtifacts": ["source_output"],
                "owner": "ThirdParty",
                "provider": "GitHub",
                "version": "1",
            }],
            "name": "Source",
        },
        {
            "action": [{
                "category": "Build",
                "configuration": {
                    "ProjectName": "test",
                },
                "inputArtifacts": ["source_output"],
                "name": "Build",
                "outputArtifacts": ["build_output"],
                "owner": "AWS",
                "provider": "CodeBuild",
                "version": "1",
            }],
            "name": "Build",
        },
        {
            "action": [{
                "category": "Deploy",
                "configuration": {
                    "ActionMode": "REPLACE_ON_FAILURE",
                    "Capabilities": "CAPABILITY_AUTO_EXPAND,CAPABILITY_IAM",
                    "OutputFileName": "CreateStackOutput.json",
                    "StackName": "MyStack",
                    "TemplatePath": "build_output::sam-templated.yaml",
                },
                "inputArtifacts": ["build_output"],
                "name": "Deploy",
                "owner": "AWS",
                "provider": "CloudFormation",
                "version": "1",
            }],
            "name": "Deploy",
        },
    ])

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
artifact_store (pulumi.Input[dict]) – One or more artifact_store blocks. Artifact stores are documented below.
name (pulumi.Input[str]) – The name of the pipeline.
role_arn (pulumi.Input[str]) – A service role Amazon Resource Name (ARN) that grants AWS CodePipeline permission to make calls to AWS services on your behalf.
stages (pulumi.Input[list]) – A stage block. Stages are documented below.
tags (pulumi.Input[dict]) – A map of tags to assign to the resource.

The artifact_store object supports the following:

encryption_key (pulumi.Input[dict]) - The encryption key block AWS CodePipeline uses to encrypt the data in the artifact store, such as an AWS Key Management Service (AWS KMS) key. If you don’t specify a key, AWS CodePipeline uses the default key for Amazon Simple Storage Service (Amazon S3). An encryption_key block is documented below.
- id (pulumi.Input[str]) - The KMS key ARN or ID
- type (pulumi.Input[str]) - The type of key; currently only KMS is supported
location (pulumi.Input[str]) - The location where AWS CodePipeline stores artifacts for a pipeline; currently only S3 is supported.
region (pulumi.Input[str]) - The region where the artifact store is located. Required for a cross-region CodePipeline, do not provide for a single-region CodePipeline.
type (pulumi.Input[str]) - The type of the artifact store, such as Amazon S3

The stages object supports the following:

actions (pulumi.Input[list]) - The action(s) to include in the stage. Defined as an action block below
- category (pulumi.Input[str]) - A category defines what kind of action can be taken in the stage, and constrains the provider type for the action. Possible values are Approval, Build, Deploy, Invoke, Source and Test.
- configuration (pulumi.Input[dict]) - A Map of the action declaration’s configuration. Find out more about configuring action configurations in the Reference Pipeline Structure documentation.
- inputArtifacts (pulumi.Input[list]) - A list of artifact names to be worked on.
- name (pulumi.Input[str]) - The action declaration’s name.
- namespace (pulumi.Input[str]) - The namespace all output variables will be accessed from.
- outputArtifacts (pulumi.Input[list]) - A list of artifact names to output. Output artifact names must be unique within a pipeline.
- owner (pulumi.Input[str]) - The creator of the action being called. Possible values are AWS, Custom and ThirdParty.
- provider (pulumi.Input[str]) - The provider of the service being called by the action. Valid providers are determined by the action category. For example, an action in the Deploy category type might have a provider of AWS CodeDeploy, which would be specified as CodeDeploy.
- region (pulumi.Input[str]) - The region in which to run the action.
- role_arn (pulumi.Input[str]) - The ARN of the IAM service role that will perform the declared action. This is assumed through the roleArn for the pipeline.
- runOrder (pulumi.Input[float]) - The order in which actions are run.
- version (pulumi.Input[str]) - A string that identifies the action type.
name (pulumi.Input[str]) - The name of the stage.

arn: pulumi.Output[str] = None¶: The codepipeline ARN.

artifact_store: pulumi.Output[dict] = None¶

One or more artifact_store blocks. Artifact stores are documented below.

encryption_key (dict) - The encryption key block AWS CodePipeline uses to encrypt the data in the artifact store, such as an AWS Key Management Service (AWS KMS) key. If you don’t specify a key, AWS CodePipeline uses the default key for Amazon Simple Storage Service (Amazon S3). An encryption_key block is documented below.
- id (str) - The KMS key ARN or ID
- type (str) - The type of key; currently only KMS is supported
location (str) - The location where AWS CodePipeline stores artifacts for a pipeline; currently only S3 is supported.
region (str) - The region where the artifact store is located. Required for a cross-region CodePipeline, do not provide for a single-region CodePipeline.
type (str) - The type of the artifact store, such as Amazon S3

name: pulumi.Output[str] = None¶: The name of the pipeline.

role_arn: pulumi.Output[str] = None¶: A service role Amazon Resource Name (ARN) that grants AWS CodePipeline permission to make calls to AWS services on your behalf.

stages: pulumi.Output[list] = None¶

A stage block. Stages are documented below.

actions (list) - The action(s) to include in the stage. Defined as an action block below
- category (str) - A category defines what kind of action can be taken in the stage, and constrains the provider type for the action. Possible values are Approval, Build, Deploy, Invoke, Source and Test.
- configuration (dict) - A Map of the action declaration’s configuration. Find out more about configuring action configurations in the Reference Pipeline Structure documentation.
- inputArtifacts (list) - A list of artifact names to be worked on.
- name (str) - The action declaration’s name.
- namespace (str) - The namespace all output variables will be accessed from.
- outputArtifacts (list) - A list of artifact names to output. Output artifact names must be unique within a pipeline.
- owner (str) - The creator of the action being called. Possible values are AWS, Custom and ThirdParty.
- provider (str) - The provider of the service being called by the action. Valid providers are determined by the action category. For example, an action in the Deploy category type might have a provider of AWS CodeDeploy, which would be specified as CodeDeploy.
- region (str) - The region in which to run the action.
- role_arn (str) - The ARN of the IAM service role that will perform the declared action. This is assumed through the roleArn for the pipeline.
- runOrder (float) - The order in which actions are run.
- version (str) - A string that identifies the action type.
name (str) - The name of the stage.

tags: pulumi.Output[dict] = None¶: A map of tags to assign to the resource.

static get(resource_name, id, opts=None, arn=None, artifact_store=None, name=None, role_arn=None, stages=None, tags=None)¶

Get an existing Pipeline resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
arn (pulumi.Input[str]) – The codepipeline ARN.
artifact_store (pulumi.Input[dict]) – One or more artifact_store blocks. Artifact stores are documented below.
name (pulumi.Input[str]) – The name of the pipeline.
role_arn (pulumi.Input[str]) – A service role Amazon Resource Name (ARN) that grants AWS CodePipeline permission to make calls to AWS services on your behalf.
stages (pulumi.Input[list]) – A stage block. Stages are documented below.
tags (pulumi.Input[dict]) – A map of tags to assign to the resource.

The artifact_store object supports the following:

encryption_key (pulumi.Input[dict]) - The encryption key block AWS CodePipeline uses to encrypt the data in the artifact store, such as an AWS Key Management Service (AWS KMS) key. If you don’t specify a key, AWS CodePipeline uses the default key for Amazon Simple Storage Service (Amazon S3). An encryption_key block is documented below.
- id (pulumi.Input[str]) - The KMS key ARN or ID
- type (pulumi.Input[str]) - The type of key; currently only KMS is supported
location (pulumi.Input[str]) - The location where AWS CodePipeline stores artifacts for a pipeline; currently only S3 is supported.
region (pulumi.Input[str]) - The region where the artifact store is located. Required for a cross-region CodePipeline, do not provide for a single-region CodePipeline.
type (pulumi.Input[str]) - The type of the artifact store, such as Amazon S3

The stages object supports the following:

actions (pulumi.Input[list]) - The action(s) to include in the stage. Defined as an action block below
- category (pulumi.Input[str]) - A category defines what kind of action can be taken in the stage, and constrains the provider type for the action. Possible values are Approval, Build, Deploy, Invoke, Source and Test.
- configuration (pulumi.Input[dict]) - A Map of the action declaration’s configuration. Find out more about configuring action configurations in the Reference Pipeline Structure documentation.
- inputArtifacts (pulumi.Input[list]) - A list of artifact names to be worked on.
- name (pulumi.Input[str]) - The action declaration’s name.
- namespace (pulumi.Input[str]) - The namespace all output variables will be accessed from.
- outputArtifacts (pulumi.Input[list]) - A list of artifact names to output. Output artifact names must be unique within a pipeline.
- owner (pulumi.Input[str]) - The creator of the action being called. Possible values are AWS, Custom and ThirdParty.
- provider (pulumi.Input[str]) - The provider of the service being called by the action. Valid providers are determined by the action category. For example, an action in the Deploy category type might have a provider of AWS CodeDeploy, which would be specified as CodeDeploy.
- region (pulumi.Input[str]) - The region in which to run the action.
- role_arn (pulumi.Input[str]) - The ARN of the IAM service role that will perform the declared action. This is assumed through the roleArn for the pipeline.
- runOrder (pulumi.Input[float]) - The order in which actions are run.
- version (pulumi.Input[str]) - A string that identifies the action type.
name (pulumi.Input[str]) - The name of the stage.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_aws.codepipeline.Webhook(resource_name, opts=None, authentication=None, authentication_configuration=None, filters=None, name=None, tags=None, target_action=None, target_pipeline=None, __props__=None, __name__=None, __opts__=None)¶

Provides a CodePipeline Webhook.

import pulumi
import pulumi_aws as aws
import pulumi_github as github

bar_pipeline = aws.codepipeline.Pipeline("barPipeline",
    artifact_store={
        "encryption_key": {
            "id": data["aws_kms_alias"]["s3kmskey"]["arn"],
            "type": "KMS",
        },
        "location": aws_s3_bucket["bar"]["bucket"],
        "type": "S3",
    },
    role_arn=aws_iam_role["bar"]["arn"],
    stages=[
        {
            "action": [{
                "category": "Source",
                "configuration": {
                    "Branch": "master",
                    "Owner": "my-organization",
                    "Repo": "test",
                },
                "name": "Source",
                "outputArtifacts": ["test"],
                "owner": "ThirdParty",
                "provider": "GitHub",
                "version": "1",
            }],
            "name": "Source",
        },
        {
            "action": [{
                "category": "Build",
                "configuration": {
                    "ProjectName": "test",
                },
                "inputArtifacts": ["test"],
                "name": "Build",
                "owner": "AWS",
                "provider": "CodeBuild",
                "version": "1",
            }],
            "name": "Build",
        },
    ])
webhook_secret = "super-secret"
bar_webhook = aws.codepipeline.Webhook("barWebhook",
    authentication="GITHUB_HMAC",
    authentication_configuration={
        "secretToken": webhook_secret,
    },
    filters=[{
        "jsonPath": "$.ref",
        "matchEquals": "refs/heads/{Branch}",
    }],
    target_action="Source",
    target_pipeline=bar_pipeline.name)
# Wire the CodePipeline webhook into a GitHub repository.
bar_repository_webhook = github.RepositoryWebhook("barRepositoryWebhook",
    configuration={
        "contentType": "json",
        "insecureSsl": True,
        "secret": webhook_secret,
        "url": bar_webhook.url,
    },
    events=["push"],
    repository=github_repository["repo"]["name"])

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
authentication (pulumi.Input[str]) – The type of authentication to use. One of IP, GITHUB_HMAC, or UNAUTHENTICATED.
authentication_configuration (pulumi.Input[dict]) – An auth block. Required for IP and GITHUB_HMAC. Auth blocks are documented below.
filters (pulumi.Input[list]) – One or more filter blocks. Filter blocks are documented below.
name (pulumi.Input[str]) – The name of the webhook.
tags (pulumi.Input[dict]) – A map of tags to assign to the resource.
target_action (pulumi.Input[str]) – The name of the action in a pipeline you want to connect to the webhook. The action must be from the source (first) stage of the pipeline.
target_pipeline (pulumi.Input[str]) – The name of the pipeline.

The authentication_configuration object supports the following:

allowedIpRange (pulumi.Input[str]) - A valid CIDR block for IP filtering. Required for IP.
secretToken (pulumi.Input[str]) - The shared secret for the GitHub repository webhook. Set this as secret in your github_repository_webhook’s configuration block. Required for GITHUB_HMAC.

The filters object supports the following:

jsonPath (pulumi.Input[str]) - The JSON path to filter on.
matchEquals (pulumi.Input[str]) - The value to match on (e.g. refs/heads/{Branch}). See AWS docs for details.

authentication: pulumi.Output[str] = None¶: The type of authentication to use. One of IP, GITHUB_HMAC, or UNAUTHENTICATED.

authentication_configuration: pulumi.Output[dict] = None¶

An auth block. Required for IP and GITHUB_HMAC. Auth blocks are documented below.

allowedIpRange (str) - A valid CIDR block for IP filtering. Required for IP.
secretToken (str) - The shared secret for the GitHub repository webhook. Set this as secret in your github_repository_webhook’s configuration block. Required for GITHUB_HMAC.

filters: pulumi.Output[list] = None¶

One or more filter blocks. Filter blocks are documented below.

jsonPath (str) - The JSON path to filter on.
matchEquals (str) - The value to match on (e.g. refs/heads/{Branch}). See AWS docs for details.

name: pulumi.Output[str] = None¶: The name of the webhook.

tags: pulumi.Output[dict] = None¶: A map of tags to assign to the resource.

target_action: pulumi.Output[str] = None¶: The name of the action in a pipeline you want to connect to the webhook. The action must be from the source (first) stage of the pipeline.

target_pipeline: pulumi.Output[str] = None¶: The name of the pipeline.

url: pulumi.Output[str] = None¶: The CodePipeline webhook’s URL. POST events to this endpoint to trigger the target.

static get(resource_name, id, opts=None, authentication=None, authentication_configuration=None, filters=None, name=None, tags=None, target_action=None, target_pipeline=None, url=None)¶

Get an existing Webhook resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
authentication (pulumi.Input[str]) – The type of authentication to use. One of IP, GITHUB_HMAC, or UNAUTHENTICATED.
authentication_configuration (pulumi.Input[dict]) – An auth block. Required for IP and GITHUB_HMAC. Auth blocks are documented below.
filters (pulumi.Input[list]) – One or more filter blocks. Filter blocks are documented below.
name (pulumi.Input[str]) – The name of the webhook.
tags (pulumi.Input[dict]) – A map of tags to assign to the resource.
target_action (pulumi.Input[str]) – The name of the action in a pipeline you want to connect to the webhook. The action must be from the source (first) stage of the pipeline.
target_pipeline (pulumi.Input[str]) – The name of the pipeline.
url (pulumi.Input[str]) – The CodePipeline webhook’s URL. POST events to this endpoint to trigger the target.

The authentication_configuration object supports the following:

allowedIpRange (pulumi.Input[str]) - A valid CIDR block for IP filtering. Required for IP.
secretToken (pulumi.Input[str]) - The shared secret for the GitHub repository webhook. Set this as secret in your github_repository_webhook’s configuration block. Required for GITHUB_HMAC.

The filters object supports the following:

jsonPath (pulumi.Input[str]) - The JSON path to filter on.
matchEquals (pulumi.Input[str]) - The value to match on (e.g. refs/heads/{Branch}). See AWS docs for details.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud

codepipeline¶

On This Page