2

I'm having some issues with AWS CloudWatch Events.

I'm creating a CodePipeline CI pipeline which have a CodeCommit repository as the Source, a CodeBuild project as the Build/Test phase (then, it deploys to Lambda, but the problem isn't there).

We have multiple projects and we are going to push multiple other projects. So, I created a script that manages the AWS CI stuff (i.e. creating a pipeline, a CodeBuild project, ... AND a CloudWatch Events rule, linked to the pipeline).

The first time I push my code, it works. But then, the process stop getting triggered by the push on CodeCommit.

I found a solution (but NOT the one I want) : I just have to modify the pipeline, modify the stage (Source), not touching anything, and saving the null modification : and it works (before saving, it ask the authorization to create a CloudWatch Events rule associated with this pipeline).

Does somebody encountered this issue ? What did you do to bypass it ? I really want to make a 100% automated CI, I don't want to go to the AWS Console each time my team create a new repository or push a new branch on an existing repository.

EDIT :

Here is the JSON of my CloudWatch Events rule :

{
    "Name": "company-ci_codepipeline_project-stage", 
    "EventPattern": "cf. second JSON", 
    "State": "ENABLED", 
    "Arn": "arn:aws:events:region:xxx:rule/company-ci_codepipeline_project-stage", 
    "Description": "CloudWatch Events rule to automatically trigger the needed pipeline from every push to project repository, on the stage branch on CodeCommit."
}

And here is the EventPattern JSON :

{
  "source": [
    "aws.codecommit"
  ],
  "detail-type": [
    "CodeCommit repository state change"
  ],
  "resources": [
    "arn:aws:codecommit:region:xxx:project"
  ],
  "detail": {
    "event": [
      "referenceCreated",
      "referenceUpdated"
    ],
    "referenceType": [
      "branch"
    ],
    "referenceName": [
      "stage"
    ]
  }
}
Improve this question
4
  • What is your CloudWatch event rule? Do you see the CloudWatch metrics for the rule show the rule being triggered when you push? I'm trying to figure out if the problem is with the rule or the pipeline. Commented Nov 20, 2018 at 17:44
  • @TimB, my CloudWatch Events rule has a template with a CodeCommit source, and details matching a branch named dev each time it is created or updated (with the good JSON format). I can't see any metrics for my rule ! Commented Nov 20, 2018 at 17:54
  • Can you post the actual JSON of the rule? Commented Nov 20, 2018 at 18:45
  • @TimB, I updated my post with the needed JSON Commented Nov 20, 2018 at 18:55

2 Answers 2

Reset to default
4

I've found this issue is typically related to the event rule/target/role configuration. If you don't have a target associated with your rule, you will NOT see the event invoked when reviewing metrics. Since your EventPattern looks correct, I'm thinking the target might be your issue.

You should have a configured target that looks something like:

{
    "Rule": "company-ci_codepipeline_project-stage",
    "Targets": [
        {
            "RoleArn": "arn:aws:iam::xxx:role/cwe-codepipeline",
            "Id": "ProjectPipelineTarget",
            "Arn": "arn:aws:codepipeline:region:xxx:your-pipeline"
        }
    ]
}

If that seems all good, I'd next check that the role associated with the target is granting the correct permissions. My role looks something like:

{
    "Role": {
        "Description": "Allows CloudWatch Events to invoke targets and perform actions in built-in targets on your behalf.",
        "AssumeRolePolicyDocument": {
            "Version": "2012-10-17",
            "Statement": [
                {
                    "Action": "sts:AssumeRole",
                    "Principal": {
                        "Service": "events.amazonaws.com"
                    },
                    "Effect": "Allow",
                    "Sid": ""
                }
            ]
        },
        "MaxSessionDuration": 3600,
        "RoleId": "xxxx",
        "CreateDate": "2018-08-06T20:56:19Z",
        "RoleName": "cwe-codepipeline",
        "Path": "/",
        "Arn": "arn:aws:iam::xxx:role/cwe-codepipeline"
    }
}

And it has an inline policy of:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "codepipeline:StartPipelineExecution"
            ],
            "Resource": [
                "arn:aws:codepipeline:*:xxx:*"
            ]
        }
    ]
}

For reference, check out this documentation

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

I had the same problem, and finally realized that, in my case, the error was that the line

"detail-type": ["CodeCommit Repository State Change"]

was not written correctly. Eventbridge expects the wording to be exactly that, so if it is even slightly different, the event is not intercepted.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.