AWS Mainframe Modernization provides you with the ability to set up builds and continuous integration/continuous delivery (CI/CD) pipelines for your migrated applications. These builds and pipelines use AWS CodeBuild, AWS CodeCommit, and AWS CodePipeline to provide these capabilities. CodeBuild is a fully managed build service that compiles your source code, runs unit tests, and produces artifacts that are ready to deploy. CodeCommit is a version control service that enables you to privately store and manage Git reponsitories in the AWS Cloud. CodePipeline is a continuous delivery service that enables you to model, visualize, and automate the steps required to release your software.
This tutorial demonstrates how to use AWS CodeBuild to compile the BankDemo sample application source code from Amazon S3 and then export the compiled code back to Amazon S3.
AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy. With CodeBuild, you can use prepackaged build environments, or you can create custom build environments that use your own build tools. This demo scenario uses the second option. It consists of a CodeBuild build environment that uses a pre-packaged Docker image.
Important
Before you start your mainframe modernization project, we recommend that you learn about
the AWS
Migration Acceleration Program (MAP) for Mainframe
Topics
Prerequisites
Before you start this tutorial, complete the following prerequisites.
-
Download the BankDemo sample application
and unzip it to a folder. The source folder contains COBOL programs and Copybooks, and definitions. It also contains a JCL folder for reference, although you do not need to build JCL. The folder also contains the meta files required for the build. -
In the AWS Mainframe Modernization console, choose Tools . In Analysis, development, and build assets, choose Share assets with my AWS account.
Step 1: Share the build assets with AWS
account
In this step, you ensure that you share the build assets with your AWS account, especially in the Region where assets are being used.
-
Open the AWS Mainframe Modernization console at https://console.aws.amazon.com/m2/
. -
In the left navigation, choose Tools.
-
In Analysis, development, and build assets, choose Share assets with my AWS account.
Important
You need to do this step once in every AWS Region where you intend to do builds.
Step 2: Create Amazon S3 buckets
In this step, you create two Amazon S3 buckets. The first is an input bucket to hold the source code, and the other is an output bucket to hold the build output. For more information, see Creating, configuring, and working with Amazon S3 buckets in the Amazon S3 User Guide.
-
To create the input bucket, log in to the Amazon S3 console and choose Create bucket.
-
In General configuration, provide a name for the bucket and specify the AWS Region where you want to create the bucket. An example name is
codebuild-regionId-accountId-input-bucket, whereregionIdis the AWS Region of the bucket ,andaccountIdis your AWS account ID.Note
If you are creating the bucket in a different AWS Region from US East (N. Virginia), specify the
LocationConstraintparameter. For more information, see Create Bucket in the Amazon Simple Storage Service API Reference. -
Retain all other settings and choose Create bucket.
-
Repeat steps 1-3 to create the output bucket. An example name is
codebuild-regionId-accountId-output-bucket, whereregionIdis the AWS Region of the bucket andaccountIdis your AWS account ID.Whatever names you choose for these buckets, be sure to use them throughout this tutorial.
Step 3: Create the build spec file
In this step, you create a build spec file,. This file provides build commands and related settings, in YAML format, for CodeBuild to run the build. For more information, see Build specification reference for CodeBuild in the AWS CodeBuild User Guide.
-
Create a file named
buildspec.ymlin the directory that you unzipped as a prerequisite. -
Add the following content to the file and save. No changes are required for this file.
version: 0.2 env: exported-variables: - CODEBUILD_BUILD_ID - CODEBUILD_BUILD_ARN phases: install: runtime-versions: python: 3.7 pre_build: commands: - echo Installing source dependencies... - ls -lR $CODEBUILD_SRC_DIR/source build: commands: - echo Build started on `date` - /start-build.sh -Dbasedir=$CODEBUILD_SRC_DIR/source -Dloaddir=$CODEBUILD_SRC_DIR/target post_build: commands: - ls -lR $CODEBUILD_SRC_DIR/target - echo Build completed on `date` artifacts: files: - $CODEBUILD_SRC_DIR/target/**Here
CODEBUILD_BUILD_ID,CODEBUILD_BUILD_ARN,$CODEBUILD_SRC_DIR/source, and$CODEBUILD_SRC_DIR/targetare environment variables available within CodeBuild. For more information, see Environment variables in build environments.At this point, your directory should look like this.
(root directory name) |-- build.xml |-- buildspec.yml |-- LICENSE.txt |-- source |... etc. -
Zip the contents of the folder to a file named
BankDemo.zip.. For this tutorial, you can't zip the folder. Instead, zip the contents of the folder to the fileBankDemo.zip.
Step 4: Upload the source files
In this step, you upload the source code for the BankDemo sample application to your Amazon S3 input bucket.
-
Log in to the Amazon S3 console and choose Buckets in the left navigation pane. Then choose the input bucket you created previously.
-
Under Objects, choose Upload.
-
In the Files and folders section, choose Add Files.
-
Navigate to and choose your
BankDemo.zipfile. -
Choose Upload.
Step 5: Create IAM policies
In this step, you create two IAM policies. One policy grants permissions for AWS Mainframe Modernization to access and use the Docker image that contains the Rocket Software build tools. This policy is not customized for customers. The other policy grants permissions for AWS Mainframe Modernization to interact with the input and output buckets, and with the Amazon CloudWatch logs that CodeBuild generates.
To learn about creating an IAM policy, see Editing IAM policies in the IAM User Guide.
To create a policy for accessing Docker images
-
In the IAM console, copy the following policy document and paste it into the policy editor.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ecr:GetAuthorizationToken" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage" ], "Resource": "arn:aws:ecr:*:673918848628:repository/m2-enterprise-build-tools" }, { "Effect": "Allow", "Action": [ "s3:PutObject" ], "Resource": "arn:aws:s3:::aws-m2-repo-*-<region>-prod" } ] } -
Provide a name for the policy, for example,
m2CodeBuildPolicy.
To create a policy that allows AWS Mainframe Modernization to interact with buckets and logs
-
In the IAM console, copy the following policy document and paste it into the policy editor. Make sure to update
regionIdto the AWS Region, andaccountIdto your AWS account.{ "Version": "2012-10-17", "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": [ "arn:aws:logs:regionId:accountId:log-group:/aws/codebuild/codebuild-bankdemo-project", "arn:aws:logs:regionId:accountId:log-group:/aws/codebuild/codebuild-bankdemo-project:*" ], "Effect": "Allow" }, { "Action": [ "s3:PutObject", "s3:GetObject", "s3:GetObjectVersion", "s3:GetBucketAcl", "s3:GetBucketLocation", "s3:List*" ], "Resource": [ "arn:aws:s3:::codebuild-regionId-accountId-input-bucket", "arn:aws:s3:::codebuild-regionId-accountId-input-bucket/*", "arn:aws:s3:::codebuild-regionId-accountId-output-bucket", "arn:aws:s3:::codebuild-regionId-accountId-output-bucket/*" ], "Effect": "Allow" } ] } -
Provide a name for the policy, for example,
BankdemoCodeBuildRolePolicy.
Step 6: Create an IAM role
In this step, you create a new IAM role that allows CodeBuild to interact with AWS resources for you, after you associate the IAM policies that you previously created with this new IAM role.
For information about creating a service role, see Creating a Role to Delegate Permissions to an AWS Service in the IAM User Guide,.
-
Log in to the IAM console and choose Roles in the left navigation pane.
-
Choose Create role.
-
Under Trusted entity type, choose AWS service.
-
Under Use cases for other AWS services, choose CodeBuild, and then choose CodeBuild again.
-
Choose Next.
-
On the Add permissions page, choose Next. You assign a policy to the role later.
-
Under Role details, provide a name for the role, for example,
BankdemoCodeBuildServiceRole. -
Under Select trusted entities, verify that the policy document looks like the following:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "codebuild.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } -
Choose Create role.
Step 7: Attach the IAM policies to the IAM
role
In this step, you attach the two IAM policies you previously created to the
BankdemoCodeBuildServiceRole IAM role.
-
Log in to the IAM console and choose Roles in the left navigation pane.
-
In Roles, choose the role you created previously, for example,
BankdemoCodeBuildServiceRole. -
In Permissions policies, choose Add permissions, and then Attach policies.
-
In Other permissions policies, choose the policies that you created previously, for example,
m2CodeBuildPolicyandBankdemoCodeBuildRolePolicy. -
Choose Attach policies.
Step 8: Create the CodeBuild project
In this step, you create the CodeBuild project.
-
Log in to the CodeBuild console and choose Create build project.
-
In the Project configuration section, provide a name for the project, for example,
codebuild-bankdemo-project. -
In the Source section, for Source provider, choose Amazon S3, and then choose the input bucket you created previously, for example,
codebuild-regionId-accountId-input-bucket. -
In the S3 object key or S3 folder field, enter the name of the zip file that you uploaded to the S3 bucket. In this case, the file name is
bankdemo.zip. -
In the Environment section, choose Custom image.
-
In the Environment type field, choose Linux.
-
Under Image registry, choose Other registry.
-
In the External registry URL field,
-
For Rocket Software v9: Enter
673918848628.dkr.ecr.us-west-1.amazonaws.com/m2-enterprise-build-tools:9.0.7.R1. If you're using a different AWS Region with Rocket Software v9, you can also specify673918848628.dkr.ecr.<m2-region>.amazonaws.com/m2-enterprise-build-tools:9.0.7.R1, where <m2-region> is an AWS Region in which AWS Mainframe Modernization service is available (for example,eu-west-3). -
For Rocket Software v8: Enter
673918848628.dkr.ecr.us-west-2.amazonaws.com/m2-enterprise-build-tools:8.0.9.R1 -
For Rocket Software v7: Enter
673918848628.dkr.ecr.us-west-2.amazonaws.com/m2-enterprise-build-tools:7.0.R10
-
-
Under Service role, choose Existing service role, and in the Role ARN field, choose the service role you created previously; for example,
BankdemoCodeBuildServiceRole. -
In the Buildspec section, choose Use a buildspec file.
-
In the Artifacts section, under Type, choose Amazon S3, and then choose your output bucket, for example,
codebuild-regionId-accountId-output-bucket. -
In the Name field, enter the name of a folder in the bucket that you want to contain the build output artifacts, for example,
bankdemo-output.zip. -
Under Artifacts packaging, choose Zip.
-
Choose Create build project.
Step 9: Start the build
In this step, you start the build.
-
Log in to the CodeBuild console.
-
In the left navigation pane, choose Build projects.
-
Choose the build project that you created previously, for example,
codebuild-bankdemo-project. -
Choose Start build.
This command starts the build. The build runs asynchronously. The output of the command is a JSON that includes the attribute id. This attribute idis a reference to the CodeBuild build id of the build that you just started. You can view the status of the build in the CodeBuild console. You can also see detailed logs about the build execution in the console. For more information, see View detailed build information in the AWS CodeBuild User Guide.
When the current phase is COMPLETED, it means that your build finished successfully, and your compiled artifacts are ready on Amazon S3.
Step 10: Download output artifacts
In this step, you download the output artifacts from Amazon S3. The Rocket Software build tool can create several different executable types. In this tutorial, it generates shared objects.
-
Log in to the Amazon S3 console.
-
In the Buckets role="bold"> section, choose the name of your output bucket, for example,
codebuild-regionId-accountId-output-bucket. -
Choose Download role="bold">.
-
Unzip the downloaded file. Navigate to the target folder to see the build artifacts. These include the
.soLinux shared objects.
Clean up resources
If you no longer need the resources that you created for this tutorial, delete them to avoid additional charges. To do so, complete the following steps:
-
Delete the S3 buckets that you created for this tutorial. For more information, see Deleting a bucket in the Amazon Simple Storage Service User Guide.
-
Delete the IAM policies that you created for this tutorial. For more information, see Deleting IAM policies in the IAM User Guide.
-
Delete the IAM role that you created for this tutorial. For more information, see Deleting roles or instance profiles in the IAM User Guide.
-
Delete the CodeBuild project that you created for this tutorial. For more information, see Delete a build project in CodeBuild in the AWS CodeBuild User Guide.
