aws-samples
diff --git a/‎fargate-rest-api/README.md‎
Lines changed: 1 addition & 1 deletion b/‎fargate-rest-api/README.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎fargate-rest-api/javascript-rest-nlb-ecs-sam/README.md‎
Lines changed: 1 addition & 1 deletion b/‎fargate-rest-api/javascript-rest-nlb-ecs-sam/README.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎queue-based-ingestion/python-sam/README.md‎
Lines changed: 17 additions & 12 deletions b/‎queue-based-ingestion/python-sam/README.md‎
Lines changed: 17 additions & 12 deletions
diff --git a/‎queue-based-ingestion/python-sam/pipeline.yaml‎
Lines changed: 18 additions & 53 deletions b/‎queue-based-ingestion/python-sam/pipeline.yaml‎
Lines changed: 18 additions & 53 deletions
diff --git a/‎serverless-graphql-api/javascript-appsync-sam-js/pipeline.yaml‎
Lines changed: 18 additions & 30 deletions b/‎serverless-graphql-api/javascript-appsync-sam-js/pipeline.yaml‎
Lines changed: 18 additions & 30 deletions
diff --git a/‎serverless-graphql-api/javascript-appsync-sam-vtl/README.md‎
Lines changed: 17 additions & 12 deletions b/‎serverless-graphql-api/javascript-appsync-sam-vtl/README.md‎
Lines changed: 17 additions & 12 deletions
diff --git a/‎serverless-graphql-api/javascript-appsync-sam-vtl/pipeline.yaml‎
Lines changed: 17 additions & 6 deletions b/‎serverless-graphql-api/javascript-appsync-sam-vtl/pipeline.yaml‎
Lines changed: 17 additions & 6 deletions
@@ -10,7 +10,7 @@ There are various blog posts and code examples for serverless APIs available, ho
  - API access logging as part of SAM templates
  - business specific metrics
 
-Examples are (loosely) based on a [SpaceFinder project](https://github.com/amazon-archives/aws-serverless-auth-reference-app). The services used by this application include Amazon API Gateway, Amazon Cognito, AWS Lambda, Amazon ECS, AWS Fargate, and Amazon DynamoDB. The CI/CD pipelines use AWS CodePipeline, AWS CodeCommit, and AWS CodeBuild. 
+Examples are (loosely) based on a [SpaceFinder project](https://github.com/amazon-archives/aws-serverless-auth-reference-app). The services used by this application include Amazon API Gateway, Amazon Cognito, AWS Lambda, Amazon ECS, AWS Fargate, and Amazon DynamoDB. The CI/CD pipelines use AWS CodePipeline, and AWS CodeBuild. 
 
 ## Architecture
 
 
@@ -27,7 +27,7 @@ The application uses a Amazon Cognito stack for authentication/authorization and
 - [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html): `aws --version` (Use 2.x)
 - [Node.js](https://nodejs.org/en/download/): `node --version` (Use 22.x)
 - [GitHub account](https://github.com/signup/)
-- [GitHub empty repository](hhttps://github.com/new/)
+- [GitHub empty repository](https://github.com/new/)
 - [GitHub personal access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-personal-access-token-classic/)
 
 ## Deploying with CI/CD pipeline
 
@@ -18,6 +18,12 @@ This project contains source code and supporting files for a serverless applicat
 
 The application uses a shared Amazon Cognito stack for authentication/authorization. You will need to create this stack and update `template.yaml` parameters section with the stack name. See the next section for details.
 
+## Prerequisites
+- [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html): `aws --version` (Use 2.x)
+- [GitHub account](https://github.com/signup/)
+- [GitHub empty repository](https://github.com/new/)
+- [GitHub personal access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-personal-access-token-classic/)
+
 ## Amazon Cognito Setup
 
 This example uses a shared stack that deploys Amazon Cognito resources. The shared stack will be deployed automatically if you use a CI/CD pipeline. See [README.md](../shared/README.md) in the shared resources directory for the stack manual deployment instructions. After manual deployment finishes, update your AWS SAM template file `template.yaml` parameter CognitoStackName with the shared Cognito stack name.
@@ -158,24 +164,23 @@ git init -b main
 git pull ../serverless-samples queue-based-ingestion
 cd python-sam
 ```
-
-To create the pipeline, you will need to run the following command:
+If you changed stack name, make sure that Parameters section of template.yaml is updated with the output values from the shared Cognito stack
+To push the code in GitHub repository, run the following commands (with the desired URL (i.e. HTTPS, SSH) in place of `<GitHub_Repository_URL>`):
 
 ```bash
-aws cloudformation create-stack --stack-name queue-based-ingestion-cicd --template-body file://pipeline.yaml --capabilities CAPABILITY_IAM
-
+git remote add origin <GitHub_Repository_URL>
+git push origin main
 ```
 
-The pipeline will attempt to run and will fail at the SourceCodeRepo stage as there is no code in the AWS CodeCommit yet.
-
-**Note:** You may need to set up AWS CodeCommit repository access for HTTPS users [using Git credentials](https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-gc.html?icmpid=docs_acc_console_connect_np) and [set up the AWS CLI Credential Helper](https://docs.aws.amazon.com/console/codecommit/connect-tc-alert-np).
-
-Once you have access to the code repository, navigate to python-sam folder, and, if you changed stack name, make sure that Parameters section of template.yaml is updated with the output values from the shared Cognito stack, and push code base to CodeCommit to start automated deployments.
-You can find URL to AWS CodeCommit Repository in the output section of the CloudFormation stack deployed above.
+To create the pipeline, you will need to run the following command:
 
 ```bash
-git remote add origin <URL to AWS CodeCommit repository>
-git push origin main
+aws cloudformation create-stack --stack-name queue-based-ingestion-cicd --template-body file://pipeline.yaml --capabilities CAPABILITY_IAM --parameter-overrides \
+gitHubOwner=<GITHUB_OWNER> \
+gitHubRepo=<GITHUB_REPOSITORY_NAME> \
+gitHubBranch=<GITHUB_BRANCH_NAME> \
+gitHubToken=<GITHUB_PERSONAL_ACCESS_TOKEN>
+
 ```
 
 Navigate to the AWS CodePipeline in AWS Management Console and release this change if needed by clicking "Release change" button.
 
@@ -6,12 +6,17 @@ Description: >
   This template generates a 2-environment CI/CD Pipeline for Queue-based ingestion with API Gateway application
   Based on https://github.com/aws-samples/cookiecutter-aws-sam-pipeline
 
+Parameters:
+  gitHubOwner:
+    Type: String
+  gitHubRepo:
+    Type: String
+  gitHubBranch:
+    Type: String
+  gitHubToken:
+    Type: String
+
 Resources:
-  CodeRepository:
-    Type: AWS::CodeCommit::Repository
-    Properties:
-      RepositoryName: !Ref AWS::StackName
-      RepositoryDescription: Code repository for API Gateway  queue based ingestion sample
 
   # S3 Bucket for build artifacts
   BuildArtifactsBucket:
@@ -47,7 +52,7 @@ Resources:
       Environment:
         Type: LINUX_CONTAINER
         ComputeType: BUILD_GENERAL1_SMALL
-        Image: aws/codebuild/amazonlinux2-x86_64-standard:3.0
+        Image: aws/codebuild/amazonlinux2-x86_64-standard:5.0
         EnvironmentVariables:
           - Name: BUILD_OUTPUT_BUCKET
             Value: !Ref BuildArtifactsBucket
@@ -72,7 +77,7 @@ Resources:
       Environment:
         Type: LINUX_CONTAINER
         ComputeType: BUILD_GENERAL1_SMALL
-        Image: aws/codebuild/amazonlinux2-x86_64-standard:3.0
+        Image: aws/codebuild/amazonlinux2-x86_64-standard:5.0
         EnvironmentVariables:
           - Name: TEST_APPLICATION_STACK_NAME
             Value: !Sub ${AWS::StackName}-testing
@@ -100,12 +105,14 @@ Resources:
             - Name: SourceCodeRepo
               ActionTypeId:
                 Category: Source
-                Owner: AWS
-                Provider: CodeCommit
+                Owner: ThirdParty
+                Provider: GitHub
                 Version: "1"
               Configuration:
-                RepositoryName: !GetAtt CodeRepository.Name
-                BranchName: main
+                Owner: !Ref gitHubOwner
+                Repo: !Ref gitHubRepo
+                Branch: !Ref gitHubBranch
+                OAuthToken: !Ref gitHubToken
               OutputArtifacts:
                 - Name: SourceCodeAsZip
               RunOrder: 1
@@ -444,7 +451,6 @@ Resources:
       Path: /
       ManagedPolicyArns:
         - arn:aws:iam::aws:policy/AWSCodePipeline_FullAccess
-        - arn:aws:iam::aws:policy/AWSCodeCommitReadOnly
       Policies:
         - PolicyName: CodePipelineAccess
           PolicyDocument:
@@ -465,40 +471,6 @@ Resources:
                   - "s3:ListBucket"
                   - "s3:*Object*"
                 Resource: !Sub "arn:aws:s3:::${BuildArtifactsBucket}/*"
-              - Effect: Allow
-                Action:
-                  - "codecommit:GitPull"
-                  - "codecommit:EvaluatePullRequestApprovalRules"
-                  - "codecommit:UploadArchive"
-                  - "codecommit:GetBlob"
-                  - "codecommit:GetBranch"
-                  - "codecommit:GetComment"
-                  - "codecommit:GetCommentReactions"
-                  - "codecommit:GetCommentsForComparedCommit"
-                  - "codecommit:GetCommentsForPullRequest"
-                  - "codecommit:GetCommit"
-                  - "codecommit:GetDifferences"
-                  - "codecommit:GetFile"
-                  - "codecommit:GetFolder"
-                  - "codecommit:GetMergeCommit"
-                  - "codecommit:GetMergeOptions"
-                  - "codecommit:GetObjectIdentifier"
-                  - "codecommit:GetPullRequest"
-                  - "codecommit:GetPullRequestApprovalStates"
-                  - "codecommit:GetReferences"
-                  - "codecommit:GetRepository"
-                  - "codecommit:GetRepositoryTriggers"
-                  - "codecommit:GetTree"
-                  - "codecommit:GetUploadArchiveStatus"
-                  - "codecommit:ListBranches"
-                  - "codecommit:ListPullRequests"
-                  - "codecommit:ListRepositories"
-                  - "codecommit:ListTagsForResource"
-                  - "codecommit:BatchGetCommits"
-                  - "codecommit:BatchGetRepositories"
-                  - "codecommit:BatchDescribeMergeConflicts"
-
-                Resource: !Sub "arn:aws:codecommit:${AWS::Region}:${AWS::AccountId}:${CodeRepository.Name}"
         - PolicyName: CodePipelineCodeBuildAndCloudformationAccess
           PolicyDocument:
             Version: "2012-10-17"
@@ -528,13 +500,6 @@ Resources:
                   - !Sub "arn:aws:cloudformation:${AWS::Region}:aws:transform/Serverless-2016-10-31"
 
 Outputs:
-  CodeCommitRepositoryHttpUrl:
-    Description: AWS CodeCommit Git repository
-    Value: !GetAtt CodeRepository.CloneUrlHttp
-
-  CodeCommitRepositorySshUrl:
-    Description: AWS CodeCommit Git repository
-    Value: !GetAtt CodeRepository.CloneUrlSsh
 
   BuildArtifactS3Bucket:
     Description: Amazon S3 Bucket for Pipeline and Build artifacts
 
@@ -6,12 +6,17 @@ Description: >
   This template generates a 2-environment CI/CD Pipeline for sample serverless API application
   Based on https://github.com/aws-samples/cookiecutter-aws-sam-pipeline
 
+Parameters:
+  gitHubOwner:
+    Type: String
+  gitHubRepo:
+    Type: String
+  gitHubBranch:
+    Type: String
+  gitHubToken:
+    Type: String
+
 Resources:
-  CodeRepository:
-    Type: AWS::CodeCommit::Repository
-    Properties:
-      RepositoryName: !Ref AWS::StackName
-      RepositoryDescription: Code repository for serverless GraphQL API sample application
 
   # S3 Bucket for build artifacts
   BuildArtifactsBucket:
@@ -43,7 +48,7 @@ Resources:
       Environment:
         Type: LINUX_CONTAINER
         ComputeType: BUILD_GENERAL1_SMALL
-        Image: aws/codebuild/amazonlinux2-x86_64-standard:4.0
+        Image: aws/codebuild/amazonlinux2-x86_64-standard:5.0
         EnvironmentVariables:
           - Name: BUILD_OUTPUT_BUCKET
             Value: !Ref BuildArtifactsBucket
@@ -69,7 +74,7 @@ Resources:
       Environment:
         Type: LINUX_CONTAINER
         ComputeType: BUILD_GENERAL1_SMALL
-        Image: aws/codebuild/amazonlinux2-x86_64-standard:4.0
+        Image: aws/codebuild/amazonlinux2-x86_64-standard:5.0
         EnvironmentVariables:
           - Name: TEST_APPLICATION_STACK_NAME
             Value: !Sub ${AWS::StackName}-Testing
@@ -98,12 +103,14 @@ Resources:
             - Name: SourceCodeRepo
               ActionTypeId:
                 Category: Source
-                Owner: AWS
-                Provider: CodeCommit
+                Owner: ThirdParty
+                Provider: GitHub
                 Version: "1"
               Configuration:
-                RepositoryName: !GetAtt CodeRepository.Name
-                BranchName: main
+                Owner: !Ref gitHubOwner
+                Repo: !Ref gitHubRepo
+                Branch: !Ref gitHubBranch
+                OAuthToken: !Ref gitHubToken
               OutputArtifacts:
                 - Name: SourceCodeAsZip
               RunOrder: 1
@@ -450,7 +457,6 @@ Resources:
       Path: /
       ManagedPolicyArns:
         - arn:aws:iam::aws:policy/AWSCodePipeline_FullAccess
-        - arn:aws:iam::aws:policy/AWSCodeCommitReadOnly
       Policies:
         - PolicyName: CodePipelineAccess
           PolicyDocument:
@@ -471,17 +477,6 @@ Resources:
                   - "s3:ListBucket"
                   - "s3:*Object*"
                 Resource: !Sub "arn:aws:s3:::${BuildArtifactsBucket}/*"
-              - Effect: Allow
-                Action:
-                  - "codecommit:GitPull"
-                  - "codecommit:Get*"
-                  - "codecommit:List*"
-                  - "codecommit:BatchGet*"
-                  - "codecommit:BatchDescribe*"
-                  - "codecommit:Describe*"
-                  - "codecommit:EvaluatePullRequestApprovalRules"
-                  - "codecommit:UploadArchive"
-                Resource: !Sub "arn:aws:codecommit:${AWS::Region}:${AWS::AccountId}:${CodeRepository.Name}"
         - PolicyName: CodePipelineCodeBuildAndCloudformationAccess
           PolicyDocument:
             Version: "2012-10-17"
@@ -511,13 +506,6 @@ Resources:
                   - !Sub "arn:aws:cloudformation:${AWS::Region}:aws:transform/Serverless-2016-10-31"
 
 Outputs:
-  CodeCommitRepositoryHttpUrl:
-    Description: AWS CodeCommit Git repository
-    Value: !GetAtt CodeRepository.CloneUrlHttp
-
-  CodeCommitRepositorySshUrl:
-    Description: AWS CodeCommit Git repository
-    Value: !GetAtt CodeRepository.CloneUrlSsh
 
   BuildArtifactS3Bucket:
     Description: Amazon S3 Bucket for Pipeline and Build artifacts
 
@@ -14,6 +14,12 @@ This project contains source code and supporting files for a serverless applicat
 
 The application uses a shared Amazon Cognito stack for authentication/authorization. The shared stack will be deployed automatically if you use the CI/CD pipeline included in this project. If you deploy the application manually, you will need to create this stack and update the `template.yaml` parameters section with the stack name. See the manual deployment section for more details.
 
+## Prerequisites
+- [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html): `aws --version` (Use 2.x)
+- [GitHub account](https://github.com/signup/)
+- [GitHub empty repository](https://github.com/new/)
+- [GitHub personal access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-personal-access-token-classic/)
+
 ## Deploy the CI/CD pipeline
 To create the CI/CD pipeline, we will copy the code from the serverless-samples directory into a new and separate directory and use this new directory as the codebase for your pipeline. 
 
@@ -26,23 +32,22 @@ serverless-graphql-api-cicd:~$ git init -b main
 serverless-graphql-api-cicd:~$ git pull ../serverless-samples serverless-graphql-api
 serverless-graphql-api-cicd:~$ cd javascript-appsync-sam-vtl
 ```
+If you changed stack name, make sure that Parameters section of template.yaml is updated with the output values from the shared Amazon Cognito stack
+To push the code in GitHub repository, run the following commands (with the desired URL (i.e. HTTPS, SSH) in place of `<GitHub_Repository_URL>`):
 
-To create the pipeline, run the following command:
-
-```console
-javascript-appsync-sam-vtl:~$ aws cloudformation create-stack --stack-name serverless-api-pipeline --template-body file://pipeline.yaml --capabilities CAPABILITY_IAM
+```bash
+git remote add origin <GitHub_Repository_URL>
+git push origin main
 ```
-The pipeline will attempt to run and will fail at the SourceCodeRepo stage as there is no code in the AWS CodeCommit yet.
 
-***NOTE:** If you change stack name, avoid stack names longer than 25 characters. In case you need longer stack names, check comments in the pipeline.yaml and update accordingly.*
-
-***Note:** You may need to set up AWS CodeCommit repository access for HTTPS users [using Git credentials](https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-gc.html?icmpid=docs_acc_console_connect_np) and [set up the AWS CLI Credential Helper](https://docs.aws.amazon.com/console/codecommit/connect-tc-alert-np).*
-
-Once you have access to the code repository, navigate to the javascript-appsync-sam-vtl folder, and if you changed stack name, make sure that Parameters section of template.yaml is updated with the output values from the shared Amazon Cognito stack, and push the code base to CodeCommit to start an automated deployment:
+To create the pipeline, run the following command:
 
 ```console
-javascript-appsync-sam-vtl:~$ git remote add origin <URL to AWS CodeCommit repository>
-javascript-appsync-sam-vtl:~$ git push origin main
+javascript-appsync-sam-vtl:~$ aws cloudformation create-stack --stack-name serverless-api-pipeline --template-body file://pipeline.yaml --capabilities CAPABILITY_IAM --parameter-overrides \
+gitHubOwner=<GITHUB_OWNER> \
+gitHubRepo=<GITHUB_REPOSITORY_NAME> \
+gitHubBranch=<GITHUB_BRANCH_NAME> \
+gitHubToken=<GITHUB_PERSONAL_ACCESS_TOKEN>
 ```
 
 Navigate to the AWS CodePipeline in the AWS Management Console and release this change if needed by clicking "Release change" button.
 
@@ -5,6 +5,15 @@ AWSTemplateFormatVersion: 2010-09-09
 Description: >
   This template generates a 2-environment CI/CD Pipeline for sample serverless API application
   Based on https://github.com/aws-samples/cookiecutter-aws-sam-pipeline
+Parameters:
+  gitHubOwner:
+    Type: String
+  gitHubRepo:
+    Type: String
+  gitHubBranch:
+    Type: String
+  gitHubToken:
+    Type: String
 
 Resources:
   CodeRepository:
@@ -43,7 +52,7 @@ Resources:
       Environment:
         Type: LINUX_CONTAINER
         ComputeType: BUILD_GENERAL1_SMALL
-        Image: aws/codebuild/amazonlinux2-x86_64-standard:4.0
+        Image: aws/codebuild/amazonlinux2-x86_64-standard:5.0
         EnvironmentVariables:
           - Name: BUILD_OUTPUT_BUCKET
             Value: !Ref BuildArtifactsBucket
@@ -69,7 +78,7 @@ Resources:
       Environment:
         Type: LINUX_CONTAINER
         ComputeType: BUILD_GENERAL1_SMALL
-        Image: aws/codebuild/amazonlinux2-x86_64-standard:4.0
+        Image: aws/codebuild/amazonlinux2-x86_64-standard:5.0
         EnvironmentVariables:
           - Name: TEST_APPLICATION_STACK_NAME
             Value: !Sub ${AWS::StackName}-Testing
@@ -98,12 +107,14 @@ Resources:
             - Name: SourceCodeRepo
               ActionTypeId:
                 Category: Source
-                Owner: AWS
-                Provider: CodeCommit
+                Owner: ThirdParty
+                Provider: GitHub
                 Version: "1"
               Configuration:
-                RepositoryName: !GetAtt CodeRepository.Name
-                BranchName: main
+                Owner: !Ref gitHubOwner
+                Repo: !Ref gitHubRepo
+                Branch: !Ref gitHubBranch
+                OAuthToken: !Ref gitHubToken
               OutputArtifacts:
                 - Name: SourceCodeAsZip
               RunOrder: 1