Skip to content

strongjz/cosign-aws-codepipeline

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits

terraform

terraform

 
 

.gitignore

.gitignore

 
 

BUILD-buildspec.yml

BUILD-buildspec.yml

 
 

Dockerfile

Dockerfile

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

cosign.pub

cosign.pub

 
 

main.go

main.go

 
 

Repository files navigation

cosign-aws-codepipeline

This repo is an example of using AWS Codepipeline and CodeBuild to sign and verify a docker image with Sigstore's cosign.

Terraform creates all the AWS Resources necessary to run the Codepipeline.

  • Codepipeline
    • S3 Bucket
    • IAM Role
    • IAM Role Policy
  • AWS Codecommit Repo
  • CodeBuild Project
    • IAM Role
    • S3 Bucket
    • Cloudwatch Log Group and Steam
  • ECR - Container Repository
  • KMS - Asymmetric key used for cosign key signing

Create an S3 bucket for Terraform remote state storage, this will have to be unique.

aws s3 mb s3://cosign-aws-codepipeline

Initialize Terraform

make tf_init

Create the Terraform plan

make tf_plan

Apply the changes

make tf_apply

Push this code repo to the AWS Codecommit repo by creating a new remote

git remote add aws $AWS_CODE_COMMIT_REPO

git push aws main

This should kick off the codepipeline and codebuild Terraform creates

About

Example code repo for blog post https://chainguard.dev/posts/2022-01-07-cosign-aws-codepipeline

Topics

aws containers supplychain cosign sigstore

Resources

Readme

License

Apache-2.0 license
Activity

Stars

7 stars

Watchers

4 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages