Compose a deployment from stack skills and generate executable artifacts (Makefiles, security disposition). Use when the user says 'compose', 'generate deployment', or invokes /ipa-compose.
Deploy a CodePipeline CI/CD pipeline with CodeBuild for automated build/test/deploy.
Deploy one-time prerequisite infrastructure from scripts/prepare.mk. Use when the user says 'prepare', 'deploy prerequisites', 'create ECR', or invokes /ipa-prepare.
Provision or update centralized security infrastructure (IAM roles) for an IPA project. Use when the user says 'security', 'set up security', 'IAM roles', or invokes /ipa-security.
Deploy a frontend tier stack: S3 static hosting + CloudFront distribution + OAC.
Deploy a centralized S3 log bucket for CloudFront, S3 access, and VPC flow logs.
| name | ipa-stack-codecommit |
| description | Deploy a CodeCommit repository for source code management. |
Deploy a CodeCommit source code repository. Provides repository name, ARN, and clone URL outputs for the codepipeline stack and builder instructions.
| Property | Value |
|---|---|
| Stack name | {APP_NAMESPACE}-{APP_ENV}-codecommit |
| Template | infra/cfn/codecommit/codecommit.yml |
| Capabilities | none |
| Lifecycle | prepare (prerequisite stack) |
| Tier | codecommit |
| Parameter | Type | Default | Validation | Error Message |
|---|---|---|---|---|
| Namespace | String | — | /^[a-z][a-z0-9-]{0,11}$/ | "Invalid namespace — 1-12 chars, lowercase alphanumeric + hyphens, starts with letter" |
| Environment | String | — | /^[a-z][a-z0-9-]{0,11}$/ | "Must be 1-12 chars, lowercase letters/digits/hyphens, starts with letter" |
| RepositoryName | String | — | /^[a-zA-Z0-9._-]+$/ | "Only alphanumeric characters, dots, underscores, and hyphens allowed" |
| RepositoryDescription | String | IPA-managed source repository | — | — |
| KmsKeyArn | String | (empty) | /^(arn:aws:kms:[a-z0-9-]+:\d{12}:key\/[a-f0-9-]+)?$/ | "Invalid KMS key ARN format" |
All parameters are Configuration type — sourced from .env, builder input, or defaults.
No wirable parameters — all parameters are configuration type (sourced from .env or builder input).
Parameters prompted during /ipa-compose:
| Parameter | Prompt | Default | Validation |
|---|---|---|---|
| RepositoryName | "CodeCommit repository name?" | {APP_NAMESPACE}-{APP_ENV}-repo | /^[a-zA-Z0-9._-]+$/ |
| RepositoryDescription | — | IPA-managed source repository | — (use default) |
| Output | Description | Export Convention | Used By |
|---|---|---|---|
| RepositoryName | CodeCommit repository name | {StackName}-RepositoryName | ipa-stack-codepipeline (SourceRepoName parameter) |
| RepositoryArn | CodeCommit repository ARN | {StackName}-RepositoryArn | Security policy scoping |
| CloneUrlHttp | HTTPS clone URL for the repository | {StackName}-CloneUrlHttp | Builder (git remote add) |
Required IAM actions: codecommit:CreateRepository, DeleteRepository, GetRepository, UpdateRepositoryDescription, TagResource, UntagResource — scoped to arn:aws:codecommit:{Region}:{AccountId}:{RepositoryName}. Optional KMS actions when KmsKeyArn is provided.
Security controls: Optional KMS encryption at rest, no public access (CodeCommit is private by default)
Full advisory: See SECURITY.md