Push Outputs
AWS Blu Insights allows you to push the outputs of your runs to your CodeCommit repository thanks to a dedicated Booster in order to streamline the workflow from code transformation, to code test and debug. The creation of the repository, branches, security configuration, etc. remains on CodeCommit, Blu Insights will simply connect to the repository and push the outputs upon your request.
Configuration
Create an IAM role
Firstly, you need to create an IAM Role in your AWS account that has permissions to push to your CodeCommit repository. Here is an example of how to create it, or you can also use other ways like AWS CLI or AWS API (see Create IAM Roles):
- Open the IAM console at https://console.aws.amazon.com/iam/
- In the navigation panel of the console, choose Roles and then choose Create role.
- Choose Custom trust policy role type.
- Copy and paste the trust policy below, change the “{ExternalID}” to the ID that you will copy from CodeCommit Booster (see below). In this policy, you allow AWS BluInsights (account 675616916283) to assume this role.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::675616916283:root"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:ExternalId": "{ExternalID}"
}
}
}
]
}- Choose Create policy. It will open a new tab and redirect you to IAM Policy creation console and then choose JSON policy editor.
- Copy and paste the permission policy below. Replace “{Region}” by your CodeCommit repository’s region, “{AccountID}” by your AWS Account ID, and “{RepositoryName}” by your repository's name. In this policy, you give this role 2 action permissions (GetBranch and CreateCommit), through which AWS BluInsights will be able to push your Transformation Center outputs to the repository (see Creating IAM policies).
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowGetBranchAndCreateCommit",
"Effect": "Allow",
"Action": [
"codecommit:GetBranch",
"codecommit:CreateCommit"
],
"Resource": "arn:aws:codecommit:{Region}:{AccountID}:{RepositoryName}"
}
]
}- Choose Next
- Give a name and a description for the policy.
- Choose Create policy
- Go back to the role creation console. In Permissions policies list, choose the one that you created earlier.
- Choose Next.
- Give a name for the role, and then choose Create role.
Now you have created an IAM role with limited permissions. AWS BluInsights will use this role to push your Transformation Center outputs.
Create a Booster
- Go to your Transformation Center project, and in the left navigation panel, choose Settings.
- In Boosters, choose “Add” a CodeCommit Booster.
- In the pop-up window, fill the information required for creating the booster:
- Region: AWS region where your target repository is located.
- External ID: A random identifier that you have to put in the trust policy of the provided role, as a verification condition for security reason (AWS External ID). Each time you create a booster, you need to add its External ID to the role's trust policy.
- Role ARN: ARN of the role that you created earlier, with necessary permissions to allow AWS BluInsights to push files to your target repository.
- Name: Booster name.
- Repository: Target CodeCommit repository’s name.
- Branch: Target branch name, AWS BluInsights will push outputs by creating a commit in this branch.
- Description: whatever you want to say about your booster.
Before saving the booster, click on Try to connect, to make sure that AWS BluInsights can assume the IAM Role that you provided.
- Choose Add, if the role connection is success.
- Click on the toggle button to activate CodeCommit boosters.
Push Transformation Center outputs.
Everything is ready! You can now push your outputs. To do so,
- Go to Velocity, select your outputs and choose Push Outputs in the options bar.
- Fill in the pop-up window with required details.
- Click on Save. Your outputs are waiting for you on CodeCommit!