cross account CodePipeline

When using CodeCommit in a different account, the default CloudWatch event that triggers pipeline to start will not work due to cross account. This glue is provided by Event bus feature of CloudWatch that can put a message from Account A to B.

Steps

Create a Cloudwatch event rule in Account A which forwards the event to default Bus of Account B (where pipeline exists)

Cloudwatch > rules > create new > Service name – Codecommit and Event type is Codecommit Repository State Change

Event pattern would looks something like below:

{
  "source": [
    "aws.codecommit"
  ],
  "detail-type": [
    "CodeCommit Repository State Change"
  ],
  "resources": [
    "arn:aws:codecommit:us-east-1:AccountAid:RepoName"         #Account A's codecommit repo ARN
  ]
}

Select the target to point to “default event bus of another account”.

Targets > select target > event bus in another Account > enter Account ID > (id of the pipeline account , account B)

Select /create a new role that has permissions to send events to another account. I have attached CloudwatchEventsFull Access role to it.

In the account B ( where Codepipeline exists )

Allow Default Event bus to receive events from Account A

Cloudwatch > Event Buses > Permission > Add permission > AWS Account > enter Account A ID

Create a new rule that will trigger the pipeline, once event is received

Cloudwatch > rules > create new > Service name – Codecommit and Event type is Codecommit Repository State Change, enter the ARN of the Account A’s codepipeline.

Event pattern would be same as before,

{
  "source": [
    "aws.codecommit"
  ],
  "detail-type": [
    "CodeCommit Repository State Change"
  ],
  "resources": [
    "arn:aws:codecommit:us-east-1:AccountAid:RepoName"      #Account A's codecommit repo ARN
  ]

Create a target with pipeline ARN. You can use existing role or new role, this role just needs access to trigger the pipeline.

At this point we have completed the creation of Cloudwatch Events. Test a commit and verify pipeline is triggered.

CLICK HERE to find out more related problems solutions.

Leave a Comment

Your email address will not be published.

Scroll to Top