Periodic update for the CodePipeline User Guide July 6 2021

Author: darlaker

doc_source/action-reference-CloudFormation.md

@@ -60,17 +60,13 @@ Required: Conditional
 **RoleArn**  
 Required: Conditional  
 The `RoleArn` is the ARN of the IAM service role that AWS CloudFormation assumes when it operates on resources in the specified stack\. `RoleArn` is not applied when executing a change set\. If you do not use CodePipeline to create the change set, make sure that the change set or stack has an associated role\.  
+This role must be in the same account as the role for the action that is running, as configured in the action declaration `RoleArn`\.
 This property is required for the following action modes:  
 + CREATE\_UPDATE
 + REPLACE\_ON\_FAILURE
 + DELETE\_ONLY
 + CHANGE\_SET\_REPLACE
-
-**Note**
-This role must be in the same account as the role that the action is running as, configured in the action declaration `RoleArn`\.
-
-**Note**  
-CloudFormation is given an S3 signed URL to the template, and therefore this `RoleArn` does not need permission to access the artifact bucket\. However, the action `RoleArn` _does_ need permission to access the artifact bucket, in order to generate the signed URL\.
+AWS CloudFormation is given an S3\-signed URL to the template; therefore, this `RoleArn` does not need permission to access the artifact bucket\. However, the action `RoleArn` *does* need permission to access the artifact bucket, in order to generate the signed URL\.
 
 **TemplatePath**  
 Required: Conditional  
@@ -200,4 +196,4 @@ InputArtifacts:
 
 The following related resources can help you as you work with this action\.
 + [Configuration Properties Reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/continuous-delivery-codepipeline-action-reference.html) – This reference chapter in the *AWS CloudFormation User Guide* provides more descriptions and examples for these CodePipeline parameters\.
-+ [AWS CloudFormation API Reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/) – The [CreateStack](https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_CreateStack.html) parameter in the *AWS CloudFormation API Reference* describes stack parameters for AWS CloudFormation templates\.
++ [AWS CloudFormation API Reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/) – The [CreateStack](https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_CreateStack.html) parameter in the *AWS CloudFormation API Reference* describes stack parameters for AWS CloudFormation templates\.

doc_source/action-reference-CodeCommit.md

@@ -89,7 +89,7 @@ For more information about the difference between an author and a committer in G
 
 ## Example action configuration<a name="action-reference-CodeCommit-example"></a>
 
-### Example for default output artifact format<a name="w23aac45c29c25b3"></a>
+### Example for default output artifact format<a name="w23aac43c29c25b3"></a>
 
 ------
 #### [ YAML ]
@@ -147,7 +147,7 @@ Actions:
 
 ------
 
-### Example for full clone output artifact format<a name="w23aac45c29c25b5"></a>
+### Example for full clone output artifact format<a name="w23aac43c29c25b5"></a>
 
 ------
 #### [ YAML ]

doc_source/action-reference-CodestarConnectionSource.md

@@ -1,18 +1,22 @@
 # CodeStarSourceConnection for Bitbucket, GitHub, and GitHub Enterprise Server actions<a name="action-reference-CodestarConnectionSource"></a>
 
-Triggers a pipeline when a new commit is made on a third\-party source code repository\. The source action retrieves code changes when a pipeline is manually run or when a webhook event is sent from the source provider\.
+Triggers a pipeline when a new commit is made on a third\-party source code repository\. The source action retrieves code changes when a pipeline is manually run or when a webhook event is sent from the source provider\. 
 
 **Note**  
 This feature is not available in the Asia Pacific \(Hong Kong\) or Europe \(Milan\) Region\. To use other source actions available in that Region, see [Source action integrations](integrations-action-type.md#integrations-source)\.
 
 Connections can associate your AWS resources with the following third\-party repositories:
-+ Bitbucket \(through the **Bitbucket** provider option in the CodePipeline console\)
++ Bitbucket Cloud \(through the **Bitbucket** provider option in the CodePipeline console\)
+**Note**  
+You can create connections to a Bitbucket Cloud repository\. Installed Bitbucket provider types, such as Bitbucket Server, are not supported\. 
 + GitHub and GitHub Enterprise Cloud \(through the **GitHub \(Version 2\)** provider option in the CodePipeline console\)
 + GitHub Enterprise Server \(through the **GitHub Enterprise Server** provider option in the CodePipeline console\)
 
 **Note**  
 Each connection supports all of the repositories you have with that provider\. You only need to create a new connection for each provider type\.
 
+Connections allow your pipeline to detect source changes through the third\-party provider's installation app\. For example, webhooks are used to subscribe to GitHub event types and can be installed on an organization, a repository, or a GitHub App\. Your connection installs a repository webhook on your GitHub App that subscribes to GitHub push type events\.
+
 After a code change is detected, you have the following options for passing the code to subsequent actions:
 + Default: Like other existing CodePipeline source actions, `CodeStarSourceConnection` can output a ZIP file with a shallow copy of your commit\.
 + Full clone: `CodeStarSourceConnection` can also be configured to output a URL reference to the repo for subsequent actions\.

doc_source/action-reference-Snyk.md

@@ -0,0 +1,39 @@
+# Snyk action structure reference<a name="action-reference-Snyk"></a>
+
+The **Snyk** action in CodePipeline automates detecting and fixing security vulnerabilities in your open source code\. You can use Snyk with application source code in your third\-party repository, such as GitHub or Bitbucket, or with images for container applications\. Your action will scan and report on vulnerability levels and alerts that you configure\. 
+
+**Topics**
++ [Action type ID](#action-reference-Snyk-type)
++ [Input artifacts](#action-reference-Snyk-input)
++ [Output artifacts](#action-reference-Snyk-output)
++ [See also](#action-reference-Snyk-links)
+
+## Action type ID<a name="action-reference-Snyk-type"></a>
++ Category: `Invoke`
++ Owner: `ThirdParty`
++ Provider: `Snyk`
++ Version: `1`
+
+Example:
+
+```
+            {
+                "Category": "Invoke",
+                "Owner": "ThirdParty",
+                "Provider": "Snyk",
+                "Version": "1"
+            },
+```
+
+## Input artifacts<a name="action-reference-Snyk-input"></a>
++ **Number of Artifacts:** `1`
++ **Description:** The files that make up the input artifact for the invoke action\.
+
+## Output artifacts<a name="action-reference-Snyk-output"></a>
++ **Number of Artifacts:** `1`
++ **Description:** The files that make up the output artifact for the invoke action\.
+
+## See also<a name="action-reference-Snyk-links"></a>
+
+The following related resources can help you as you work with this action\.
++ For more information about using Snyk actions in CodePipeline, refer to [Automate vulnerability scanning in CodePipeline with Snyk](https://snyk.io/blog/automate-vulnerability-scanning-in-aws-codepipeline-with-snyk/)\.

doc_source/action-reference.md

@@ -23,4 +23,5 @@ This section is updated periodically with more action providers\. Reference info
 + [CodeStarSourceConnection for Bitbucket, GitHub, and GitHub Enterprise Server actions](action-reference-CodestarConnectionSource.md)
 + [AWS Device Farm](action-reference-DeviceFarm.md)
 + [AWS Lambda](action-reference-Lambda.md)
++ [Snyk](action-reference-Snyk.md)
 + [AWS Step Functions](action-reference-StepFunctions.md)

doc_source/action-types.md

@@ -47,9 +47,18 @@ Before you create your action definition file, executor resources, and action ty
 
 ### Step 1: Choose your integration model<a name="action-types-choose-model"></a>
 
-Choose your integration model and then create the configuration for that model\. After you choose the  integration model, you must configure your integration resources\.
-+ For the Lambda integration model, you create a Lambda function and add permissions\. Add permissions to your integrator Lambda function to provide the CodePipeline service with permissions to invoke it using the CodePipeline service principal: `codepipeline.amazonaws.com`\. The permissions can be added using CloudFormation or the command line\.
-  + [Sample code for adding permission via CloudFormation](https://code.amazon.com/packages/DuckHawkJobInvokerServiceInfrastructure/blobs/b9f9fa508c0c901e87e0909d05ad61ea49757b9b/--/configuration/cloudFormation/lambdaBasedTestRoles.template.yml#L72-L77)
+Choose your integration model and then create the configuration for that model\. After you choose the integration model, you must configure your integration resources\.
++ For the Lambda integration model, you create a Lambda function and add permissions\. Add permissions to your integrator Lambda function to provide the CodePipeline service with permissions to invoke it using the CodePipeline service principal: `codepipeline.amazonaws.com`\. The permissions can be added using AWS CloudFormation or the command line\.
+  + Example for adding permissions using AWS CloudFormation:
+
+    ```
+      CodePipelineLambdaBasedActionPermission:
+        Type: 'AWS::Lambda::Permission'
+        Properties:
+          Action: 'lambda:invokeFunction'
+          FunctionName: {"Fn::Sub": "arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:function-name"}
+          Principal: codepipeline.amazonaws.com
+    ```
   + [Documentation for command line](https://docs.aws.amazon.com/cli/latest/reference/lambda/add-permission.html)
 + For the job worker integration model, you create an integration with a list of allowed accounts where the job worker polls for jobs with the CodePipeline APIs\.
 
@@ -265,7 +274,7 @@ Your customers can optionally use the CLI to add the action type to their pipeli
 
 1. To test your action, commit a change to the source specified in the source stage of the pipeline or follow the steps in [Manually Start a Pipeline](https://docs.aws.amazon.com/codepipeline/latest/userguide/how-to-manually-start.html)\.
 
-To create a pipeline with your action type, follow the steps in [Create a Pipeline](https://docs.aws.amazon.com/codepipeline/latest/userguide/how-to-create-pipelines) and choose your action type from as many stages as you will test\.
+To create a pipeline with your action type, follow the steps in [Create a pipeline in CodePipeline](pipelines-create.md) and choose your action type from as many stages as you will test\.
 
 ## View an action type<a name="action-types-view-cli"></a>
 

doc_source/actions-invoke-lambda-function.md

@@ -140,11 +140,11 @@ The event object, under the CodePipeline\.job key, contains the [job details](ht
        // Retrieve the Job ID from the Lambda action
        var jobId = event["CodePipeline.job"].id;
        
-       // Retrieve the value of UserParameters from the Lambda action configuration in AWS CodePipeline, in this case a URL which will be
+       // Retrieve the value of UserParameters from the Lambda action configuration in CodePipeline, in this case a URL which will be
        // health checked by this function.
        var url = event["CodePipeline.job"].data.actionConfiguration.configuration.UserParameters; 
        
-       // Notify AWS CodePipeline of a successful job
+       // Notify CodePipeline of a successful job
        var putJobSuccess = function(message) {
            var params = {
                jobId: jobId
@@ -158,7 +158,7 @@ The event object, under the CodePipeline\.job key, contains the [job details](ht
            });
        };
        
-       // Notify AWS CodePipeline of a failed job
+       // Notify CodePipeline of a failed job
        var putJobFailure = function(message) {
            var params = {
                jobId: jobId,

doc_source/actions-retry.md

@@ -4,17 +4,19 @@ In AWS CodePipeline, an action is a task performed on an artifact in a stage\. A
 
 You can retry the latest failed actions in a stage without having to run a pipeline again from the beginning\. You do this by retrying the stage that contains the actions\. You can retry a stage immediately after any of actions fail\. All actions that are still in progress continue their work, and failed actions are triggered once again\.
 
+**Note**  
+In the following cases, you may not be able to retry actions:  
+The overall pipeline structure changed after an action failed\.
+Another retry attempt in the stage is already in progress\.
+
+In cases where you have edited your pipeline structure and so the failed action cannot be retried, choose **Release change** to manually start the pipeline\.
+
 If you are using the console to view a pipeline, a **Retry** button appears on the stage where the failed actions can be retried\. 
 
 ![\[A stage that contains one or more failed actions displays a Retry button\]](http://docs.aws.amazon.com/codepipeline/latest/userguide/images/actions-retry-button.png)![\[A stage that contains one or more failed actions displays a Retry button\]](http://docs.aws.amazon.com/codepipeline/latest/userguide/)![\[A stage that contains one or more failed actions displays a Retry button\]](http://docs.aws.amazon.com/codepipeline/latest/userguide/)
 
 If you are using the AWS CLI, you can use the get\-pipeline\-state command to determine whether any actions have failed\.
 
-**Note**  
-In the following cases, you may not be able to retry actions:  
-The overall pipeline structure changed after an action failed\.
-Another retry attempt in the stage is already in progress\.
-
 **Topics**
 + [Retry failed actions \(console\)](#actions-retry-console)
 + [Retry failed actions \(CLI\)](#actions-retry-cli)

doc_source/best-practices.md

@@ -81,7 +81,7 @@ At any time, you can integrate your preferred IDE into your AWS CodeStar dashboa
 
 ### Use CodePipeline to compile, build, and test code with CodeBuild<a name="use-cases-codebuild"></a>
 
-CodeBuild is a managed build service in the cloud that lets you build and test your code without a server or system\. Use CodePipeline with CodeBuild to automate running revisions through the pipeline for continuous delivery of software builds whenever there is a change to the source code\. For more information, see [Use AWS CodePipeline with CodeBuild to test code and run builds](https://docs.aws.amazon.com/codebuild/latest/userguide/how-to-create-pipeline.html)\.
+CodeBuild is a managed build service in the cloud that lets you build and test your code without a server or system\. Use CodePipeline with CodeBuild to automate running revisions through the pipeline for continuous delivery of software builds whenever there is a change to the source code\. For more information, see [Use CodePipeline with CodeBuild to test code and run builds](https://docs.aws.amazon.com/codebuild/latest/userguide/how-to-create-pipeline.html)\.
 
 ### Use CodePipeline with Amazon ECS for continuous delivery of container\-based applications to the cloud<a name="use-cases-ecs"></a>
 

doc_source/connections-bitbucket.md

@@ -5,8 +5,10 @@ Connections allow you to authorize and establish configurations that associate y
 **Note**  
 This feature is not available in the Asia Pacific \(Hong Kong\) or Europe \(Milan\) Region\. To use other source actions available in that Region, see [Source action integrations](integrations-action-type.md#integrations-source)\.
 
-To add a Bitbucket source action in CodePipeline, you can choose either to: 
+To add a Bitbucket Cloud source action in CodePipeline, you can choose either to: 
 + Use the CodePipeline console **Create pipeline** wizard or **Edit action** page to choose the **Bitbucket** provider option\. See [Create a connection to Bitbucket \(console\)](#connections-bitbucket-console) to add the action\. The console helps you create a connections resource\.
+**Note**  
+You can create connections to a Bitbucket Cloud repository\. Installed Bitbucket provider types, such as Bitbucket Server, are not supported\. 
 + Use the CLI to add the action configuration for the `CreateSourceConnection` action with the `Bitbucket` provider as follows:
   + To create your connections resources, see [Create a connection to Bitbucket \(CLI\)](#connections-bitbucket-cli) to create a connections resource with the CLI\.
   + Use the `CreateSourceConnection` example action configuration in [CodeStarSourceConnection for Bitbucket, GitHub, and GitHub Enterprise Server actions](action-reference-CodestarConnectionSource.md) to add your action as shown in [Create a pipeline \(CLI\)](pipelines-create.md#pipelines-create-cli)\.
@@ -18,6 +20,9 @@ Before you begin:
 + You must have created an account with the provider of the third\-party repository, such as Bitbucket\.
 + You must have already created a third\-party code repository, such as a Bitbucket repository\.
 
+**Note**  
+Bitbucket connections only provide access to repositories owned by the Bitbucket account that was used to create the connection\.
+
 **Topics**
 + [Create a connection to Bitbucket \(console\)](#connections-bitbucket-console)
 + [Create a connection to Bitbucket \(CLI\)](#connections-bitbucket-cli)
@@ -27,7 +32,7 @@ Before you begin:
 Use these steps to use the CodePipeline console to add a connections action for your Bitbucket repository\.
 
 **Note**  
-Bitbucket connections only provide access to repositories owned by the Bitbucket account that was used to create the connection\.
+You can create connections to a Bitbucket Cloud repository\. Installed Bitbucket provider types, such as Bitbucket Server, are not supported\. 
 
 ### Step 1: Create or edit your pipeline<a name="connections-bitbucket-console-action"></a>
 
@@ -62,10 +67,10 @@ You install one app for all of your connections to a particular provider\. If yo
 1. If the login page for Bitbucket displays, log in with your credentials and then choose to continue\.
 
 1. On the app installation page, a message shows that the AWS CodeStar app is trying to connect to your Bitbucket account\. Choose **Grant access**\.  
-![\[Console screenshot showing AWS CodeStar requests access.\]](http://docs.aws.amazon.com/codepipeline/latest/userguide/images/bitbucket-access-popup.png)![\[Console screenshot showing AWS CodeStar requests access.\]](http://docs.aws.amazon.com/codepipeline/latest/userguide/)![\[Console screenshot showing AWS CodeStar requests access.\]](http://docs.aws.amazon.com/codepipeline/latest/userguide/)
+![\[Console screenshot showing request for access.\]](http://docs.aws.amazon.com/codepipeline/latest/userguide/images/bitbucket-access-popup.png)![\[Console screenshot showing request for access.\]](http://docs.aws.amazon.com/codepipeline/latest/userguide/)![\[Console screenshot showing request for access.\]](http://docs.aws.amazon.com/codepipeline/latest/userguide/)
 
 1. In **Bitbucket apps**, the connection ID for your new installation is displayed\. Choose **Connect**\. The created connection displays in the connections list\.  
-![\[Console screenshot showing AWS CodeStar requests access.\]](http://docs.aws.amazon.com/codepipeline/latest/userguide/images/create-connection-bitbucket-app-ID.png)![\[Console screenshot showing AWS CodeStar requests access.\]](http://docs.aws.amazon.com/codepipeline/latest/userguide/)![\[Console screenshot showing AWS CodeStar requests access.\]](http://docs.aws.amazon.com/codepipeline/latest/userguide/)
+![\[Console screenshot showing request for access.\]](http://docs.aws.amazon.com/codepipeline/latest/userguide/images/create-connection-bitbucket-app-ID.png)![\[Console screenshot showing request for access.\]](http://docs.aws.amazon.com/codepipeline/latest/userguide/)![\[Console screenshot showing request for access.\]](http://docs.aws.amazon.com/codepipeline/latest/userguide/)
 
 ### Step 3: Save your Bitbucket source action<a name="connections-bitbucket-console-save"></a>
 
@@ -87,6 +92,9 @@ Use these steps on the wizard or **Edit action** page to save your source action
 
 You can use the AWS Command Line Interface \(AWS CLI\) to create a connection\. 
 
+**Note**  
+You can create connections to a Bitbucket Cloud repository\. Installed Bitbucket provider types, such as Bitbucket Server, are not supported\. 
+
 To do this, use the create\-connection command\. 
 
 **Important**