Here is the basic blueprint:
Create AWS IAM user credentials and grant this user access to CloudFormation (
update-stack) and CodePipeline (
start-pipeline-execution). You can narrow it down to a single stack/pipeline or to multiple, depending on the goal.
Add the above user credentials as secrets to your CodePipeline source GitHub repo. For multiple environments (i.e. prod, stage, dev), add a separate set of credentials per environment. Something like
STAGE_AWS_SECRET_ACCESS_KEYfor staging, for example.
CurrentBranch(or any name you like) parameter to your CloudFormation stack.
Then, in GitHub action:
Set desired branch pattern in on:push:branches: (i.e. GitFlow pattern
release/**for release candidate).
In jobs:build:steps:, load AWS IAM user credentials with credentials helper aws-actions/configure-aws-credentials@v1 (AWS CLI is installed in GitHub build box by default).
Define current GitHub branch with something like
echo "CURRENT_BRANCH=$(echo $GITHUB_REF | sed 's!refs/heads/!!')" >> $GITHUB_ENV.
CurrentBranchparameter in CloudFormation stack to the
$CURRENT_BRANCHwith something like
aws cloudformation update-stack --stack-name MY_CF_STACK_NAME --parameters ParameterKey=CurrentBranch,ParameterValue=$CURRENT_BRANCH --use-previous-template. You might also want add
continue-on-error: trueto continue execution since the above command will error out if the current branch is the same as already set in the CloudFormation stack parameter.
Execute your CodePipeline pipeline with
aws codepipeline start-pipeline-execution --name MY_PIPELINE_NAME.