@@ -10,6 +10,9 @@ import {
1010 ImageKind ,
1111 ProjectKind ,
1212} from "aws4embeddedlinux-cdk-lib" ;
13+ import * as s3 from 'aws-cdk-lib/aws-s3' ;
14+ import { RemovalPolicy } from 'aws-cdk-lib' ;
15+ import * as kms from 'aws-cdk-lib/aws-kms' ;
1316
1417const app = new cdk . App ( ) ;
1518
@@ -29,6 +32,47 @@ const defaultProps: cdk.StackProps = {
2932 env,
3033} ;
3134
35+ /**
36+ * Set up networking to allow us to securely attach EFS to our CodeBuild instances.
37+ */
38+ const vpc = new PipelineNetworkStack ( app , {
39+ ...defaultProps ,
40+ } ) ;
41+
42+ /**
43+ * Set up shared Artifacts and ArtifactAccessLogging Bucket for all example pipelines.
44+ * Using Pipeline Network Stack as a container for the buckets.
45+ */
46+
47+ const accessLoggingBucket = new s3 . Bucket ( vpc , 'ArtifactAccessLogging' , {
48+ versioned : true ,
49+ enforceSSL : true ,
50+ } ) ;
51+
52+ const encryptionKey = new kms . Key ( vpc , 'PipelineArtifactKey' , {
53+ removalPolicy : RemovalPolicy . DESTROY ,
54+ enableKeyRotation : true ,
55+ } ) ;
56+
57+ const artifactBucket = new s3 . Bucket ( vpc , 'PipelineArtifacts' , {
58+ versioned : true ,
59+ enforceSSL : true ,
60+ serverAccessLogsBucket : accessLoggingBucket ,
61+ serverAccessLogsPrefix : "PipelineArtifacts" ,
62+ encryptionKey,
63+ encryption : s3 . BucketEncryption . KMS ,
64+ blockPublicAccess : new s3 . BlockPublicAccess (
65+ s3 . BlockPublicAccess . BLOCK_ALL
66+ ) ,
67+ } ) ;
68+
69+ const outputBucket = new s3 . Bucket ( vpc , 'PipelineOutput' , {
70+ versioned : true ,
71+ enforceSSL : true ,
72+ serverAccessLogsBucket : accessLoggingBucket ,
73+ serverAccessLogsPrefix : "PipelineOutput" ,
74+ } ) ;
75+
3276/**
3377 * Set up the Stacks that create our Build Host.
3478 */
@@ -46,13 +90,9 @@ const buildImagePipeline = new BuildImagePipelineStack(app, "BuildImagePipeline"
4690 dataBucket : buildImageData . bucket ,
4791 repository : buildImageRepo . repository ,
4892 imageKind : ImageKind . Ubuntu22_04 ,
49- } ) ;
50-
51- /**
52- * Set up networking to allow us to securely attach EFS to our CodeBuild instances.
53- */
54- const vpc = new PipelineNetworkStack ( app , {
55- ...defaultProps ,
93+ accessLoggingBucket : accessLoggingBucket ,
94+ serverAccessLogsPrefix : "BuildImagePipeline" ,
95+ artifactBucket : artifactBucket ,
5696} ) ;
5797
5898/**
@@ -63,6 +103,11 @@ const pokyPipeline = new EmbeddedLinuxPipelineStack(app, "PokyPipeline", {
63103 imageRepo : buildImageRepo . repository ,
64104 imageTag : ImageKind . Ubuntu22_04 ,
65105 vpc : vpc . vpc ,
106+ accessLoggingBucket : accessLoggingBucket ,
107+ serverAccessLogsPrefix : "PokyPipeline" ,
108+ artifactBucket : artifactBucket ,
109+ outputBucket : outputBucket ,
110+ subDirectoryName : "PokyPipeline" ,
66111} ) ;
67112pokyPipeline . addDependency ( buildImagePipeline )
68113
@@ -76,6 +121,11 @@ const qemuEmbeddedLinuxPipeline = new EmbeddedLinuxPipelineStack(app, "QemuEmbed
76121 vpc : vpc . vpc ,
77122 layerRepoName : "qemu-demo-layer-repo" ,
78123 projectKind : ProjectKind . MetaAwsDemo ,
124+ accessLoggingBucket : accessLoggingBucket ,
125+ serverAccessLogsPrefix : "QemuEmbeddedLinuxPipeline" ,
126+ artifactBucket : artifactBucket ,
127+ outputBucket : outputBucket ,
128+ subDirectoryName : "QemuEmbeddedLinuxPipeline" ,
79129} ) ;
80130qemuEmbeddedLinuxPipeline . addDependency ( buildImagePipeline )
81131
@@ -89,6 +139,10 @@ const pokyAmiPipeline = new EmbeddedLinuxPipelineStack(app, "PokyAmiPipeline", {
89139 vpc : vpc . vpc ,
90140 layerRepoName : "ec2-ami-poky-layer-repo" ,
91141 projectKind : ProjectKind . PokyAmi ,
142+ accessLoggingBucket : accessLoggingBucket ,
143+ serverAccessLogsPrefix : "PokyAmiPipeline" ,
144+ artifactBucket : artifactBucket ,
145+ subDirectoryName : "PokyAmiPipeline" ,
92146} ) ;
93147pokyAmiPipeline . addDependency ( buildImagePipeline )
94148
@@ -102,6 +156,11 @@ const kasPipeline = new EmbeddedLinuxPipelineStack(app, "KasPipeline", {
102156 vpc : vpc . vpc ,
103157 layerRepoName : "biga-kas-layer-repo" ,
104158 projectKind : ProjectKind . Kas ,
159+ accessLoggingBucket : accessLoggingBucket ,
160+ serverAccessLogsPrefix : "KasPipeline" ,
161+ artifactBucket : artifactBucket ,
162+ outputBucket : outputBucket ,
163+ subDirectoryName : "KasPipeline" ,
105164} ) ;
106165kasPipeline . addDependency ( buildImagePipeline )
107166
@@ -115,6 +174,11 @@ const renesasPipeline = new EmbeddedLinuxPipelineStack(app, "RenesasPipeline", {
115174 vpc : vpc . vpc ,
116175 layerRepoName : "renesas-layer-repo" ,
117176 projectKind : ProjectKind . Renesas ,
177+ accessLoggingBucket : accessLoggingBucket ,
178+ serverAccessLogsPrefix : "RenesasPipeline" ,
179+ artifactBucket : artifactBucket ,
180+ outputBucket : outputBucket ,
181+ subDirectoryName : "RenesasPipeline" ,
118182} ) ;
119183renesasPipeline . addDependency ( buildImagePipeline )
120184
@@ -128,5 +192,10 @@ const nxpImxPipeline = new EmbeddedLinuxPipelineStack(app, "NxpImxPipeline", {
128192 vpc : vpc . vpc ,
129193 layerRepoName : "nxp-imx-layer-repo" ,
130194 projectKind : ProjectKind . NxpImx ,
195+ accessLoggingBucket : accessLoggingBucket ,
196+ serverAccessLogsPrefix : "NxpImxPipeline" ,
197+ artifactBucket : artifactBucket ,
198+ outputBucket : outputBucket ,
199+ subDirectoryName : "NxpImxPipeline" ,
131200} ) ;
132201nxpImxPipeline . addDependency ( buildImagePipeline )
0 commit comments