Deploy stage

The Deploy Stage is where your SAM application and all its resources are created an in an AWS account. The most common way to do this is by using CloudFormation changesets to deploy. This means that this stage will have two actions: the CreateChangeSet and the ExecuteChangeSet.

Add the Deploy stage to your PipelineStack.cs:

            // Add deploy stage to pipeline
            pipeline.AddStage(new StageOptions
                StageName = "Dev",
                Actions = new Action[] {
                    new CloudFormationCreateReplaceChangeSetAction(new CloudFormationCreateReplaceChangeSetActionProps
                        ActionName = "CreateChangeSet",
                        TemplatePath = new ArtifactPath_(buildOutput, "packaged.yaml"),
                        StackName = "sam-app",
                        AdminPermissions = true,
                        ChangeSetName = "sam-app-dev-changeset",
                        RunOrder = 1
                    new CloudFormationExecuteChangeSetAction(new CloudFormationExecuteChangeSetActionProps
                        ActionName = "Deploy",
                        StackName = "sam-app",
                        ChangeSetName = "sam-app-dev-changeset",
                        RunOrder = 2
Click here to see how the entire file should look like

Deploy the pipeline

On your terminal, run the following commands from within the pipeline directory:

cd ~/environment/sam-app/pipeline
cdk deploy

The CLI might ask you to confirm the changes before deploying, this is because we are giving Admin permissions to the IAM role that deploys our application. This is generally not a bad practice since this role can only be assumed by CloudFormation and not by a human, however, if your organization has a stricter security posture you may want to consider creating a custom IAM deployment role with a fine grain policy.

Trigger a release

Navigate to your pipeline and you will see the Deploy stage has been added, however, it is currently grayed out because it hasn’t been triggered. Let’s just trigger a new run of the pipeline manually by clicking the Release change buttton.