Skip to content

strongjz/cosign-aws-codepipeline

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
terraform
terraform
 
 
.gitignore
.gitignore
 
 
BUILD-buildspec.yml
BUILD-buildspec.yml
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
cosign.pub
cosign.pub
 
 
main.go
main.go
 
 

Repository files navigation

cosign-aws-codepipeline

This repo is an example of using AWS Codepipeline and CodeBuild to sign and verify a docker image with Sigstore's cosign.

Terraform creates all the AWS Resources necessary to run the Codepipeline.

  • Codepipeline
    • S3 Bucket
    • IAM Role
    • IAM Role Policy
  • AWS Codecommit Repo
  • CodeBuild Project
    • IAM Role
    • S3 Bucket
    • Cloudwatch Log Group and Steam
  • ECR - Container Repository
  • KMS - Asymmetric key used for cosign key signing

Create an S3 bucket for Terraform remote state storage, this will have to be unique.

aws s3 mb s3://cosign-aws-codepipeline

Initialize Terraform

make tf_init

Create the Terraform plan

make tf_plan

Apply the changes

make tf_apply

Push this code repo to the AWS Codecommit repo by creating a new remote

git remote add aws $AWS_CODE_COMMIT_REPO

git push aws main

This should kick off the codepipeline and codebuild Terraform creates

About

Example code repo for blog post https://chainguard.dev/posts/2022-01-07-cosign-aws-codepipeline

Topics

aws containers supplychain cosign sigstore

Resources

Readme

License

Apache-2.0 license
Activity

Stars

7 stars

Watchers

4 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages