Optional CodeDeploy IAM Roles (#25)

* Allow for a CodeDeploy role to be specified via deploymentSettings configuration,
in which case an IamRole for CodeDeploy will be referenced in the CloudFormation config
instead of created

* Update the readme with the new configuration option and add in an example of the policy used for codedeploy

* Move codeDeployRole creation into the 'globalresources' section - i.e. dont create a role for every function

* Udpate readme to document codedeploy role

* Minor tweaks

Author: MrThomasWagner

README.md

@@ -64,6 +64,23 @@ You can see a working example in the [example folder](./example/).
 * `postTrafficHook`: (optional) validation Lambda function that runs after traffic shifting. It must use te CodeDeploy SDK to notify about this step's success or failure (more info [here](https://docs.aws.amazon.com/codedeploy/latest/userguide/reference-appspec-file-structure-hooks.html))
 * `alarms`: (optional) list of CloudWatch alarms. If any of them is triggered duringt the deployment, the associated Lambda function will automatically roll back to the previous version.
 
+### Default configurations
+
+You can set default values for all functions in a top-level custom deploymentSettings section.  E.g.:
+
+```yaml
+custom:
+  deploymentSettings:
+    codeDeployRole: some_arn_value
+
+functions:
+  ...
+```
+
+Some values are only available as top-level configurations.  They are:
+
+* `codeDeployRole`: (optional) an arn specifying an existing IAM role for CodeDeploy.  If absent, one will be created for you.  See the [codeDeploy policy](./example-code-deploy-policy.json) for an example of what is needed.
+
 ## How it works
 
 The plugin relies on the [AWS Lambda traffic shifting feature](https://docs.aws.amazon.com/lambda/latest/dg/lambda-traffic-shifting-using-aliases.html) to balance traffic between versions and [AWS CodeDeploy](https://docs.aws.amazon.com/lambda/latest/dg/automating-updates-to-serverless-apps.html) to automatically update its weight. It modifies the `CloudFormation` template generated by [Serverless](https://github.com/serverless/serverless), so that:

example-code-deploy-policy.json

@@ -0,0 +1,35 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Action": [
+                "cloudwatch:DescribeAlarms",
+                "lambda:*",
+                "sns:Publish"
+            ],
+            "Resource": "*",
+            "Effect": "Allow"
+        },
+        {
+            "Action": [
+                "s3:GetObject",
+                "s3:GetObjectVersion"
+            ],
+            "Resource": "arn:aws:s3:::*/CodeDeploy/*",
+            "Effect": "Allow"
+        },
+        {
+            "Action": [
+                "s3:GetObject",
+                "s3:GetObjectVersion"
+            ],
+            "Resource": "*",
+            "Condition": {
+                "StringEquals": {
+                    "s3:ExistingObjectTag/UseWithCodeDeploy": "true"
+                }
+            },
+            "Effect": "Allow"
+        }
+    ]
+}

example/package.json

@@ -10,12 +10,12 @@
   "devDependencies": {
     "serverless": "^1.26.1",
     "serverless-plugin-aws-alerts": "^1.2.4",
-    "serverless-plugin-canary-deployments": "^0.3.1"
+    "serverless-plugin-canary-deployments": "^0.4.0"
   },
   "scripts": {
     "test": "echo \"Error: no test specified\" && exit 1",
-    "package": "npm un --no-save serverless-plugin-canary-deployments && npm pack ../ && npm i --no-save serverless-plugin-canary-deployments-0.3.1.tgz && sls package -s dev",
-    "deploy": "npm un --no-save serverless-plugin-canary-deployments && npm pack ../ && npm i --no-save serverless-plugin-canary-deployments-0.3.1.tgz && sls deploy -s dev",
+    "package": "npm un --no-save serverless-plugin-canary-deployments && npm pack ../ && npm i --no-save serverless-plugin-canary-deployments-0.4.0.tgz && sls package -s dev",
+    "deploy": "npm un --no-save serverless-plugin-canary-deployments && npm pack ../ && npm i --no-save serverless-plugin-canary-deployments-0.4.0.tgz && sls deploy -s dev",
     "populate-table": "node ./scripts/populate-test-table"
   },
   "author": "",

example/serverless.yml

@@ -13,6 +13,10 @@ plugins:
   - serverless-plugin-aws-alerts
   - serverless-plugin-canary-deployments
 
+custom:
+  alerts:
+    dashboards: false
+
 functions:
   hello:
     handler: handler.hello
@@ -25,7 +29,7 @@ functions:
               - StreamsTestTable
               - StreamArn
       - sns: snsTopic
-      - s3: s3samplebucket
+      # - s3: s3samplebucket
     alarms:
       - name: foo
         namespace: 'AWS/Lambda'