AWS CodePipeline is an amazing tool when you're working with continuous deployment. However, there can be a considerable challenge when you're replicating images from another Account. Wait, when would you do that? A good example happens to one of my clients. My client decided to split their root account into 15 accounts. In the root account, they had 15 different client apps running in Docker. Now, they were facing significant challenges since either they handled all their apps or found another way to deploy everything.
My client had a test account and the best decision was to push the images into specific repos in AWS and then move them to each account and restart the AWS services by themselves. This seemed easy using CodePipeline; however, it wasn't so straightforward. When you replicate an Image from one account to another, this action is not considered a Docker Push; therefore, the Pipe is not triggered. There has been a ticket opened for almost 3 years in GitHub without any deadline or solution coming from AWS.
However, in the comment section, there was one that solved everything:
The only difference is that CloudWatch Events don't exist anymore, now, they are called EventBridge Buses Rules (in this case).
Inside the event, you must search for Event Pattern:
Then, you need to change, the JSON that looks like this:
Into this one:
The key differences:
- You use image-tags instead image-tag.
- You remove the result key.
- You add the option "scan-status": ["COMPLETE"]