Skip to content

Running Fixinator on AWS CodeBuild

Jump to bottom
Pete Freitag edited this page Jun 17, 2019 · 5 revisions

Use an existing or create a new CodeBuild project and link it to your source code repository.

Add Environment Variable

The FIXINATOR_API_KEY environment variable needs to be defined. You can store this key in the AWS Parameter Store and link it to an environment variable name in CodeBuild.

  1. In your CodeBuild project, under Build Details click the Edit button in the Environment section
  2. Expand Additional Configuration and Click the Create Parameter button, specify the name FIXINATOR_API_KEY and for the value paste in your API key.
  3. In the table listing of Environment variables specify the name FIXINATOR_API_KEY and where the value is pre-populated to something like /CodeBuild/FIXINATOR_API_KEY with the type Parameter selected.
  4. Click Update Environment

Add / Edit buildspec.yml File

Here is a sample minimal buildspec.yml file:

version: 0.2

phases:
  install:
    commands:
      - yum install -y which
      - curl --location -o /tmp/box.zip https://www.ortussolutions.com/parent/download/commandbox/type/bin
      - unzip /tmp/box.zip -d /tmp/
      - chmod a+x /tmp/box
      - /tmp/box install fixinator
  build:
    commands:
      - echo Build started on `date`
      - /tmp/box fixinator path=. confidence=high

Example IAM Policy

At this point you might be getting a permissions error because the IAM Role that AWS CodeBuild is assuming does not have permission to access the parameter store, or the KMS key used to encrypt the parameter. Here is an example policy that you can attach to the IAM Role that AWS CodeBuild is using:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "SSMFixinatorAPIKeyPolicy",
            "Effect": "Allow",
            "Action": "ssm:GetParameters",
            "Resource": "arn:aws:ssm:us-east-1:1234567890:parameter/CodeBuild/FIXINATOR_API_KEY"
        },
        {
            "Effect": "Allow",
            "Action": [
                "kms:Decrypt"
            ],
            "Resource": [
                "arn:aws:kms:us-east-1:1234567890:key/CMK"
            ]
        }
    ]
}

Note that you will need to change us-east-1:1234567890 to whatever region that you are using, and your account id.

This example assumes parameter store is using the CMK (Customer Master Key) for the AWS account to decrypt the parameter, if you are using a custom KMS key, then you simply need to use the appropriate ARN for the KSM key.

Fixinator

Visit fixinator.app to obtain an API Key.

Clone this wiki locally