Push Outputs
AWS Blu Insights allows you to push the outputs of your runs to your CodeCommit repository thanks to a dedicated Booster in order to streamline the workflow from code transformation, to code test and debug. The creation of the repository, branches, security configuration, etc. remains on CodeCommit, Blu Insights will simply connect to the repository and push the outputs upon your request.
Configuration
Create a Booster
- Go to your Transformation Center project, and in the left navigation panel, choose Settings.
- In Boosters, choose “Add” a CodeCommit Booster.
In the pop-up window, fill the information required for creating the booster and note the provided Blu Insights service account and the external ID.
- Region: AWS region where your target repository is located.
- External ID: A random identifier that you have to put in the trust policy of the provided role, as a verification condition for security reason (AWS External ID). Each time you create a booster, you need to add its External ID to the role's trust policy.
- Role ARN: ARN of the role that you need to create later in 1.2 Create an IAM role, with necessary permissions to allow AWS BluInsights to push files to your target repository.
- Name: Booster name.
- Repository: Target CodeCommit repository’s name.
- Branch: Target branch name, AWS BluInsights will push outputs by creating a commit in this branch.
- Description: whatever you want to say about your booster.
Before saving the booster, click on Try to connect, to make sure that AWS BluInsights can assume the IAM Role that you provided.
- Choose Add, if the role connection is success.
- Click on the toggle button to activate CodeCommit boosters.
Create an IAM role
Firstly, you need to create an IAM Role in your AWS account that has permissions to push to your CodeCommit repository. Here is an example of how to create it, or you can also use other ways like AWS CLI or AWS API (see Create IAM Roles):
- Open the IAM console at https://console.aws.amazon.com/iam/
- In the navigation panel of the console, choose Roles and then choose Create role.
- Choose Custom trust policy role type.
- Copy and paste the trust policy below, change "{ExternalID}" and "{ServiceAccount}" to the external ID and the Blu Insights service account that you copy from CodeCommit Booster (see above).
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::{ServiceAccount}:root"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:ExternalId": "{ExternalID}"
}
}
}
]
}- Choose Next
- Give a name for the role, and then choose Create role.
- In the role list, choose the name of role you just created.
- Choose the Permissions tab.
- Choose Add permissions and then choose Create inline policy.
- Choose JSON Policy editor.
- Copy and paste the permission policy below. Replace “{Region}” by your CodeCommit repository’s region, “{AccountID}” by your AWS Account ID, and “{RepositoryName}” by your repository's name. In this policy, you give this role 2 action permissions (GitPush and GitPull), through which AWS BluInsights will be able to push your Transformation Center outputs to the repository (see Creating IAM policies).
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowGetBranchAndCreateCommit",
"Effect": "Allow",
"Action": [
"codecommit:GitPush",
"codecommit:GitPull"
],
"Resource": "arn:aws:codecommit:{Region}:{AccountID}:{RepositoryName}"
}
]
}- Choose Next.
- Give a name and a description for the policy.
- Choose Create policy.
Now you have created an IAM role with limited permissions. AWS BluInsights will use this role to push your Transformation Center outputs.
Push Transformation Center outputs.
Everything is ready! You can now push your outputs. To do so,
- Go to Velocity, select your outputs and choose Push Outputs in the options bar.
- Fill in the pop-up window with required details.
- Click on Save. Your outputs are waiting for you on CodeCommit!