https://github.com/strongjz/cosign-aws-codepipeline
Example code repo for blog post https://chainguard.dev/posts/2022-01-07-cosign-aws-codepipeline
https://github.com/strongjz/cosign-aws-codepipeline
aws containers cosign sigstore supplychain
Last synced: 6 months ago
JSON representation
Example code repo for blog post https://chainguard.dev/posts/2022-01-07-cosign-aws-codepipeline
- Host: GitHub
- URL: https://github.com/strongjz/cosign-aws-codepipeline
- Owner: strongjz
- License: apache-2.0
- Created: 2022-01-03T22:42:33.000Z (almost 4 years ago)
- Default Branch: main
- Last Pushed: 2022-01-25T19:38:13.000Z (over 3 years ago)
- Last Synced: 2025-04-09T17:06:38.311Z (6 months ago)
- Topics: aws, containers, cosign, sigstore, supplychain
- Language: HCL
- Homepage:
- Size: 50.8 KB
- Stars: 7
- Watchers: 3
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# cosign-aws-codepipeline
This repo is an example of using AWS Codepipeline and CodeBuild to sign and verify a docker image with Sigstore's
cosign.
Terraform creates all the AWS Resources necessary to run the Codepipeline.
* Codepipeline
* S3 Bucket
* IAM Role
* IAM Role Policy
* AWS Codecommit Repo
* CodeBuild Project
* IAM Role
* S3 Bucket
* Cloudwatch Log Group and Steam
* ECR - Container Repository
* KMS - Asymmetric key used for cosign key signing
Create an S3 bucket for Terraform remote state storage, this will have to be unique.
`aws s3 mb s3://cosign-aws-codepipeline`
Initialize Terraform
`make tf_init`
Create the Terraform plan
`make tf_plan`
Apply the changes
`make tf_apply`
Push this code repo to the AWS Codecommit repo by creating a new remote
`git remote add aws $AWS_CODE_COMMIT_REPO`
`git push aws main`
This should kick off the codepipeline and codebuild Terraform creates