Bespoke AWS Cross-Region CI/CD Pipeline (CloudFormation)

PROBLEM

Cross-region deployment is natively supported by AWS CodePipeline. At the build stage, builds can be processed by already created CodeBuild projects in supported regions. Native Cross-region deployment with deploy stage providers like CloudFormation, CodeDeploy, and ECS is possible when operating within supported regions.

Currently, Asia Pacific (Hong Kong) and Europe (Milan) Regions do not have native support for cross-region deployment. This article provides 2 ways to implement a bespoke AWS CI/CD pipeline in these regions. In regions where AWS natively supports cross-region or multi-region deployments, the default integrated solution should be used to achieve a cleaner solution.

SOLUTION

Since there is no full support for CodeStar connection in the Milan region(eu-south-1) yet, a pipeline is set up in an AWS region which already supports this feature.

This pipeline will get triggered with set actions (merge/push) on a specified branch, then pushes the source code to CodeBuild. CodeBuild zips the source code, copies it to an S3 bucket. With Cross-region replication set, the zipped source code is replicated to our desired region (in this case the Milan region).

The CodePipeline in the Milan region has its source provider set to S3. The next problem arises, how can we trigger CodePipeline when there is a new object in the S3 bucket set as its source provider?

This article approaches this problem using CloudWatch events to trigger CodePipeline. Of course, we’ll have to disable the PollForSourceChanges property, since we want to trigger the pipeline and not wait for it to poll for changes.

For CodePipeline resoucrce created with AWS CloudFormation, theConfiguration property in the source stage called PollForSourceChanges should be set to false. If your template doesn't include that property, then PollForSourceChanges is set to true by default.

The Amazon S3 source event-based change detection using Cloudwatch Events.

The following CloudFormation resources are required to implement CloudWatch Events, CodePipeline trigger:

  1. CloudWatch IAM role (with CodePipeline StartPipelineExecution policy attached)

2. CloudWatch Event Rule

3. CloudTrail trail, S3Bucket (to store CloudTrail event log files) and Bucket policy (Amazon S3 uses to log the events that occur)

When these CloudFormation resources are pieced together, the Milan pipeline is triggered when files matching the set object key, are created or updated to the S3 source bucket (this also includes objects created through cross-region replication).