如何将一组环境变量作为参数传递给 AWS CodeBuild/CloudFormation 模板？

Question

我有一个 AWS CloudFormation CodeBuild 模板，我想将一组环境变量作为参数传递，以便我可以将模板重复用于多个 CloudFormation 项目。

我想将此部分作为参数传递。我该怎么做？

"environmentVariables": [{
    "name": "$S3_BUCKET",
    "value": "Parameter_Store_Variable_name",
    "type": "PARAMETER_STORE"}
],

这是更大范围的更多模板...

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Description": "Automate provisioning of CodeBuild with CodePipeline CodeCommit and CodeDeploy.",
  "Parameters": {
    "SourceLocation": {
        "Type": "String",
        "Description": "https://github.com/<account>/<repo>"
    },
    "AppName": {
        "Type": "String",
        "Description": "Name of the application."
    }
  },
  "Resources": {
    "CodeBuild": {
      "Type": "AWS::CodeBuild::Project",
      "DependsOn": "CodeBuildRole",
      "Properties": {
        "name": "test-project-name",
        "description": "description",
        "source": {
          "type": "GITHUB",
          "location": {
            "Ref": "SourceLocation"
          },
          "gitCloneDepth": 1,
          "buildspec": "",
          "badgeEnabled": true,
          "auth": {
            "type": "OAUTH"
          }
        },
        "artifacts": {
          "type": "artifacts-type",
          "location": "artifacts-location",
          "path": "path",
          "namespaceType": "namespaceType",
          "name": "artifacts-name",
          "packaging": "packaging"
        },
        "cache": {
          "type": "NONE"
        },
        "ServiceRole": {
          "Ref": "CodeBuildRole"
        },
        "timeoutInMinutes": 10,
        "environment": {
          "type": "LINUX_CONTAINER",
          "image": "aws/codebuild/nodejs:8.11.0",
          "computeType": "BUILD_GENERAL1_SMALL",
          "environmentVariables": [{
            "name": "$S3_BUCKET",
            "value": "PARAMETERSTOREVARIABLENAMEHERE",
            "type": "PARAMETER_STORE"
          }],
          "privilegedMode": false
        }
      }
    },
    "CodeBuildRole": {
      "Description": "Creating service role in IAM for AWS CodeBuild",
      "Type": "AWS::IAM::Role",
      "Properties": {
        "RoleName": {
          "Fn::Sub": "codebuild-role-${AppName}"
        },
        "AssumeRolePolicyDocument": {
          "Statement": [{
            "Effect": "Allow",
            "Principal": {
              "Service": [
                "codebuild.amazonaws.com"
              ]
            },
            "Action": "sts:AssumeRole"
          }]
        },
        "Path": "/"
      }
    },
    "CodeBuildPolicy": {
      "Type": "AWS::IAM::Policy",
      "DependsOn": "CodeBuildRole",
      "Description": "Setting IAM policy for the service role for AWS CodeBuild",
      "Properties": {
        "PolicyName": {
          "Fn::Sub": "codebuild-policy-${AppName}"
        },
        "PolicyDocument": {
          "Statement": [{
              "Effect": "Allow",
              "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
              ],
              "Resource": [
                "*"
              ]
            },
            {
              "Effect": "Allow",
              "Resource": [
                "*"
              ],
              "Action": [
                "s3:*"
              ]
            },
            {
              "Effect": "Allow",
              "Resource": [
                "*"
              ],
              "Action": [
                "kms:GenerateDataKey*",
                "kms:Encrypt",
                "kms:Decrypt"
              ]
            },
            {
              "Effect": "Allow",
              "Resource": [
                "*"
              ],
              "Action": [
                "sns:SendMessage"
              ]
            }
          ]
        },
        "Roles": [{
          "Ref": "CodeBuildRole"
        }]
      }
    }
  },
  "Outputs": {
    "CodeBuildURL": {
      "Description": "CodeBuild URL",
      "Value": {
        "Fn::Join": [
          "", [
            "https://console.aws.amazon.com/codebuild/home?region=",
            {
              "Ref": "AWS::Region"
            },
            "#/projects/",
            {
              "Ref": "CodeBuild"
            },
            "/view"
          ]
        ]
      }
    }
  }
}

感谢您的帮助！

Answer 1

如果您的问题真的是关于重用 SSM 参数而不是重用代码片段，那么我建议您利用代码构建中的直接支持 ssm。它可以读取您的 ssm 参数并将它们作为环境变量提供。这是我使用我的用户名和密码连接到 gitlab 的示例。

env:
 variables:
   GITLAB_USER: 'jeshan'
 parameter-store:
   GITLAB_PASSWORD: 'gitlab-password'

在这种情况下，jeshan 是一个普通值，而 gitlab-password 是我的 SSM 参数的名称。这样做将避免在代码构建项目中对变量进行硬编码，并且稍后可以在不重新部署代码构建项目的情况下更新参数。

确保您的代码构建角色有权读取您的参数。

如何将一组环境变量作为参数传递给 AWS CodeBuild/CloudFormation 模板？

How to pass an array of EnvironmentVariables as Parameters to an AWS CodeBuild/CloudFormation Template?

javascript

amazon-cloudformation

aws-codebuild