Add email notifications to CloudFormation templates

Author: clareliguori

.gitignore

@@ -1,3 +1,6 @@
+build/
+TODO.txt
+
 .scannerwork
 
 # Logs

README.md

@@ -33,15 +33,14 @@ The ci_tools folder contains the following tools for use with AWS Lambda and Ama
 
 Contains an appspec.yml file and deploy_scripts folder for deploying the service with AWS CodeDeploy.
 
-### CloudFormation
+## CloudFormation Templates
 
 Create a CodeCommit repository called 'aws-codebuild-samples' and push this sample code into the repo.  Then spin up all of the above easily with CloudFormation.
 
-Create the continuous deployment stack, with a CodePipeline pipeline:
+### Continuous Deployment
+Set up continuous deployment with a CodePipeline pipeline:
 ```
-aws cloudformation create-stack --stack-name aws-codebuild-samples --template-body file://cloudformation/continuous-deployment.yml --capabilities CAPABILITY_NAMED_IAM
-
-aws cloudformation wait stack-create-complete --stack-name aws-codebuild-samples
+aws cloudformation deploy --stack-name aws-codebuild-samples --template-file cloudformation/continuous-deployment.yml --capabilities CAPABILITY_NAMED_IAM
 
 aws cloudformation describe-stacks --stack-name aws-codebuild-samples --query 'Stacks[0].Outputs[?OutputKey==`PipelineConsoleUrl`].OutputValue' --output text
 ```
@@ -53,13 +52,30 @@ aws cloudformation describe-stacks --stack-name aws-codebuild-samples-test-stack
 aws cloudformation describe-stacks --stack-name aws-codebuild-samples-prod-stack --query 'Stacks[0].Outputs[?OutputKey==`Url`].OutputValue' --output text
 ```
 
-Set up continuous integration for the application:
+### Continuous Integration: Nightly Checks
+
+Choose an email address for receiving email notifications.  Then, [verify the email address in SES](https://us-west-2.console.aws.amazon.com/ses/home?region=us-west-2#verified-senders-email:) before setting up the CloudFormation stack.
+
+```
+mkdir build
+
+S3_BUCKET=$(aws cloudformation describe-stacks --stack-name aws-codebuild-samples --query 'Stacks[0].Outputs[?OutputKey==`ArtifactsBucket`].OutputValue' --output text)
+
+aws cloudformation package --template-file cloudformation/continuous-integration-nightly-checks.yml --s3-bucket $S3_BUCKET --force-upload --output-template-file build/continuous-integration-nightly-checks.yml
+
+aws cloudformation deploy --stack-name aws-codebuild-samples-nightly-checks --template-file build/continuous-integration-nightly-checks.yml --capabilities CAPABILITY_NAMED_IAM --parameter-overrides NotificationEmailAddress="example@example.com"
+```
+
+### Continuous Integration: Branch Checks
+
+```
+aws cloudformation deploy --stack-name aws-codebuild-samples-branch-checks --template-file cloudformation/continuous-integration-branch-checks.yml --capabilities CAPABILITY_NAMED_IAM
 ```
-aws cloudformation create-stack --stack-name aws-codebuild-samples-nightly-checks --template-body file://cloudformation/continuous-integration-nightly-checks.yml --capabilities CAPABILITY_NAMED_IAM
 
-aws cloudformation create-stack --stack-name aws-codebuild-samples-branch-checks --template-body file://cloudformation/continuous-integration-branch-checks.yml --capabilities CAPABILITY_NAMED_IAM
+### Continuous Integration: Pull Request Checks
 
-aws cloudformation create-stack --stack-name aws-codebuild-samples-pull-request-checks --template-body file://cloudformation/continuous-integration-pull-request-checks.yml --capabilities CAPABILITY_NAMED_IAM
+```
+aws cloudformation deploy --stack-name aws-codebuild-samples-pull-request-checks --template-file cloudformation/continuous-integration-pull-request-checks.yml --capabilities CAPABILITY_NAMED_IAM
 ```
 
 ## License

ci_tools/email_notifications.js

@@ -1,9 +1,8 @@
 'use strict';
 
 const AWS = require('aws-sdk');
-const codebuild = new AWS.CodeBuild();
 const cloudwatchlogs = new AWS.CloudWatchLogs();
-const ses = new AWS.SES();
+const ses = new AWS.SES({region: 'us-west-2'});
 const sourceEmailAddress = process.env.sourceEmailAddress;
 const destinationEmailAddress = process.env.destinationEmailAddress;
 
@@ -48,8 +47,6 @@ function handleBuildEvent(event, callback) {
     const buildArn = event.detail['build-id'];
     const buildId = buildArn.split('/').pop();
     const buildUuid = buildId.split(':').pop();
-    const sourceUrl = event.detail['additional-information'].source.location;
-    const repoName = sourceUrl.split('/').pop();
     const projectName = event.detail['project-name'];
     const region = event.region;
 

cloudformation/continuous-deployment.yml

@@ -25,6 +25,15 @@ Outputs:
         - !Ref 'AWS::Region'
         - '#/view/'
         - !Ref 'AWS::StackName'
+  ArtifactsBucket:
+    Description: S3 bucket used for artifacts
+    Export:
+      Name: !Join
+        - '-'
+        - - !Ref 'AWS::StackName'
+          - !Ref 'AWS::Region'
+          - ArtifactsBucket
+    Value: !Ref ArtifactsBucket
 
 Resources:
   CloudFormationTrustRole:

cloudformation/continuous-integration-nightly-checks.yml

@@ -1,4 +1,5 @@
 AWSTemplateFormatVersion: 2010-09-09
+Transform: 'AWS::Serverless-2016-10-31'
 
 Description: Perform continuous integration nightly checks on a CodeCommit repository with CodeBuild
 
@@ -7,6 +8,9 @@ Parameters:
     Description: A CodeCommit repository that contains the application code. Must be in same region as this stack.
     Type: String
     Default: aws-codebuild-samples
+  NotificationEmailAddress:
+    Description: The email address where email notifications should be sent
+    Type: String
 
 Resources:
   NightlyEvent:
@@ -142,3 +146,45 @@ Resources:
         - - !Ref 'AWS::StackName'
           - CodeBuild
     Type: AWS::IAM::Role
+
+  EmailNotifications:
+    Type: 'AWS::Serverless::Function'
+    Properties:
+      Handler: email_notifications.handler
+      Runtime: nodejs8.10
+      CodeUri: ../ci_tools
+      Description: >-
+        Sends emails when builds fail
+      Policies:
+        - AWSLambdaBasicExecutionRole
+        - Version: '2012-10-17'
+          Statement:
+            - Effect: Allow
+              Action:
+                - ses:SendEmail
+                - ses:SendRawEmail
+              Resource: '*'
+            - Effect: Allow
+              Action:
+                - logs:GetLogEvents
+              Resource: !Sub "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/*"
+      Events:
+        BuildTrigger:
+          Type: CloudWatchEvent
+          Properties:
+            Pattern:
+              source:
+                - aws.codebuild
+              detail-type:
+                - CodeBuild Build State Change
+              detail:
+                build-status:
+                  - FAILED
+                  - TIMED_OUT
+                additional-information:
+                  initiator:
+                    - !Sub "rule/${NightlyEvent}"
+      Environment:
+        Variables:
+          sourceEmailAddress: !Ref NotificationEmailAddress
+          destinationEmailAddress: !Ref NotificationEmailAddress