Use AMS Self-Service Provisioning (SSP) mode to access AWS CodePipeline capabilities directly in your AMS managed account. AWS CodePipeline is a fully managed
continuous delivery
Note
To onboard CodeCommit, CodeBuild, CodeDeploy, and CodePipeline with a single RFC, submit the
Management | AWS service | Self-provisioned service | Add (review required) (ct-3qe6io8t6jtny) change
type and request the three services: CodeBuild, CodeDeploy and CodePipeline. Then, all three roles,
customer_codebuild_service_role, customer_codedeploy_service_role,
and aws_code_pipeline_service_role are provisioned in your account. After provisioning in your
account, you must onboard the role in your federation solution.
CodePipeline in AMS does not support "Amazon CloudWatch Events" for Source Stage because it needs elevated permissions to create the service role and policy, which bypasses the least-privileges model and AMS change management process.
CodePipeline in AWS Managed Services FAQs
Q: How do I request access to CodePipeline in my AMS account?
Request access to CodePipeline by submitting a service request for the customer_code_pipeline_console_role in the relevant account.
After it's provisioned
in your account, you must onboard the role in your federation solution.
At this time, AMS Operations will also deploy this service role in your account:
aws_code_pipeline_service_role_policy.
Q: What are the restrictions to using CodePipeline in my AMS account?
Yes. CodePipeline features, stages, and providers are limited to the following:
Deploy Stage: Limited to Amazon S3, and AWS CodeDeploy
Source Stage: Limited to Amazon S3, AWS CodeCommit, BitBucket, and GitHub
Build Stage: Limited to AWS CodeBuild, and Jenkins
Approval Stage: Limited to Amazon SNS
Test Stage: Limited to AWS CodeBuild, Jenkins, BlazeMeter, Ghost Inspector UI Testing, Micro Focus StormRunner Load, and Runscope API Monitoring
Invoke Stage: Limited to Step Functions, and Lambda
Note
AMS Operations will deploy
customer_code_pipeline_lambda_policyin your account; it must be attached with the Lambda execution role for Lambda invoke stage. Please provide the Lambda service/execution role name that you want this policy added with. If there is no custom Lambda service/execution role, AMS will create a new role namedcustomer_code_pipeline_lambda_execution_role, which will be a copy ofcustomer_lambda_basic_execution_rolealong withcustomer_code_pipeline_lambda_policy.
Q: What are the prerequisites or dependencies to using CodePipeline in my AMS account?
AWS supported services AWS CodeCommit, AWS CodeBuild, AWS CodeDeploy must be launched prior to, or along with, the launch of CodePipeline.
