{

"Statement": [

{

"Action": [

"s3:GetObject",

"s3:GetObjectVersion",

"s3:GetBucketVersioning"

],

"Resource": "*",

"Effect": "Allow"

},

{

"Action": [

"s3:PutObject"

],

"Resource": [

"arn:aws:s3:::codepipeline*"

],

"Effect": "Allow"

},

{

"Action": [

"lambda:*"

],

"Resource": [

"arn:aws:lambda:us-east-1:061121813127:function:*"

],

"Effect": "Allow"

},

{

"Action": [

"apigateway:*"

],

"Resource": [

"arn:aws:apigateway:us-east-1::*"

],

"Effect": "Allow"

},

{

"Action": [

"iam:GetRole",

"iam:CreateRole",

"iam:DeleteRole"

],

"Resource": [

"arn:aws:iam::061121813127:role/*"

],

"Effect": "Allow"

},

{

"Action": [

"iam:AttachRolePolicy",

"iam:DetachRolePolicy"

],

"Resource": [

"arn:aws:iam::061121813127:role/*"

],

"Effect": "Allow"

},

{

"Action": [

"iam:PassRole"

],

"Resource": [

"*"

],

"Effect": "Allow"

},

{

"Action": [

"cloudformation:CreateChangeSet"

],

"Resource": [

"arn:aws:cloudformation:us-east-1:aws:transform/Serverless-2016-10-31"

],

"Effect": "Allow"

}

],

"Version": "2012-10-17"

}

version: 0.1

phases:

build:

commands:

- chmod +x gradlew

- ./gradlew build

install:

commands:

- aws cloudformation package --template-file cloudformation-input-template.yml --s3-bucket java4lambda-bucket --output-template-file output-template.yml

artifacts:

files:

- build/distributions/java4lambda.zip

- output-template.yml

discard-paths: yes

AWSTemplateFormatVersion: '2010-09-09'

Transform: AWS::Serverless-2016-10-31

Description: AWS example in Java to say hello

Resources:

HelloFunction:

Type: AWS::Serverless::Function

Properties:

Handler: index.handler

Runtime: java8

CodeUri: .

Events:

MyTimeApi:

Type: Api

Properties:

Path: /OhHai

Method: GET

* reopen into intellij to make gradle project

6. Setup AWS files that live in git

* Create bucket in s3

* Add CloudFormation input template

* Add buildspec.yml

* add aws cloudformation install command that produces output template

* include output template in artifact

7. Create new role in AWS IAM

* Role Type: AWS CloudFormation

* Attach Policy: AWS Lambda Execute

* Inline Custom Role Policy

* copy from aws/cloudformation-role-policy.json

* from http://docs.aws.amazon.com/lambda/latest/dg/automating-deployment.html

* replace account-id and region, from upper right in aws console header

* account-id=061121813127

* region=us-east-1

8. Create pipeline in AWS CodePipeline

* Link to AWS CodeCommit repo

* Create AWS CodeBuild project

* Use AWS CodeBuild image: aws/codebuild/java:openjdk-8

* Deployment provider AWS CloudFormation

* Create or replace change set

* template file = output template in #6

* CAPABILITY_IAM

* Use role in #7 for pipeline role

* Create new IAM role for AWS Service Role