Add support for the CodeBuild provider to run inside a VPC #517
Conversation
sbkok
force-pushed
the
feature/codebuild-vpc-support
branch
from
e19ddda to
4700159
Compare
| def main(): | ||
| LOGGER.info("ADF Version %s", ADF_VERSION) | ||
| LOGGER.info("ADF Log Level is %s", ADF_LOG_LEVEL) | ||
| _threads = [] |
There was a problem hiding this comment.
This was not used anywhere, hence I removed it.
**Why?** To add support for build/deploy steps that use CodeBuild and need to connect to internal resources that are only available through a VPC. This feature allows you to configure which VPC to connect to, using a specific list of subnets and security groups. The latter helps ensure that the connection is only allowed to connect when a specific security group is used. **What?** Added three properties to the CodeBuild provider: - vpc_id (string) - subnet_ids (list of ids (strings)) - security_group_ids (list of ids (strings)) When you configure a pipeline to use a specific VPC, you need to specify the subnets to use as well. In case you don't specify any security groups, they will be automatically created for you. These security groups allow all egress traffic by default. It is recommended to use a specific security group so you can strictly define what egress traffic is allowed. Please note: When you configure a specific CodeBuild environment in a pipeline to use a VPC it cannot be removed easily. To remove the VPC from the CodeBuild environment, you need to remove the pipeline stack and instruct ADF to generate the pipelines again (release trigger on aws-deployment-framework-pipelines in CodePipeline). Documentation has been added and a sample that shows how to setup a pipeline to use a specific VPC.
sbkok
force-pushed
the
feature/codebuild-vpc-support
branch
from
4700159 to
da52997
Compare
javydekoning
left a comment
javydekoning
left a comment
There was a problem hiding this comment.
Shouldn't spec_filename default to buildspec.yml if both spec_inline and the spec_filename is not provided?
|
By default, when they are not supplied, they are not forwarded to CDK and thereby CloudFormation either. |
javydekoning
left a comment
javydekoning
left a comment
There was a problem hiding this comment.
LGTM, I personally don't like the Blockquotes style (>) in the unordered lists in the docs. It requires a prefix on every line and is harder to format (like line wrapping if we stick to linelength=80) and mix with codefences.
I have changed this in my latest PR #521 so we might have to change that if we choose to merge #521
3 participants
Why?
To add support for build/deploy steps that use CodeBuild and need to connect to internal resources that are only available through a VPC.
This feature allows you to configure which VPC to connect to, using a specific list of subnets and security groups. The latter helps ensure that the connection is only allowed to connect when a specific security group is used.
What?
Added three properties to the CodeBuild provider:
When you configure a pipeline to use a specific VPC, you need to specify the subnets to use as well.
In case you don't specify any security groups, they will be automatically created for you. These security groups allow all egress traffic by default. It is recommended to use a specific security group so you can strictly define what egress traffic is allowed.
Please note: When you configure a specific CodeBuild environment in a pipeline to use a VPC it cannot be removed easily. To remove the VPC from the CodeBuild environment, you need to remove the pipeline stack and instruct ADF to generate the pipelines again (release trigger on
aws-deployment-framework-pipelinesin CodePipeline).Documentation has been added and a sample that shows how to setup a pipeline to use a specific VPC.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.