Create AWS CloudFormation Stack on Pull Request in GitHub


To create an AWS CodePipeline using AWS CloudFormation template when there is a Pull Request created in the GitHub repository. Next, delete the AWS CodePipeline when the Pull Request is Merged or Closed.

Steps Overview:

  1. Create an AWS CloudFormation template that will create a CodePipeline and that CodePipeline has a CodeBuild Step in it.
  2. Create a buildspec.yml file for AWS CodeBuild.
  3. Create necessary keys and secrets to make the connection between GitHub and AWS.
  4. Next, we will configure GitHub Actions to create and delete the CloudFormation stack when the above Pull Request condition is met.

You can get the source code repo here:

What is GitHub Actions?

It is a platform to automate developer workflows or software development workflows. It can be used as a CI/CD tool although it is much more than that. But for better understanding, it can automate CI-CD. CI/CD is one of many workflows it offers.


  • Create an IAM user (programmatic access) with Access key id and secrete key.
  • Provide these permissions as shown in the below image.

IAM Access

Step1. Creating a CloudFormation template.

  • We will create a CloudFormation template to create CodePipeline and CodeBuild for the pipeline.
  • We will make the template parametrised for efficiency.
  • For this case, use the template present in the repository with the name: pipline-stack.yaml

Step2. Create a buildspec file for CodeBuild

  • Create a buildspec.yml file and configure it to run a simple command.
  • Sample:
 version: 0.2
       - echo Build phase started on `date` 

Step3. Create Personal Access Token and Secrets in GitHub.

  • To Create Personal Access Token:
    • Go to the settings of GitHub.
    • Click on “Developer settings” on the left side of the page.
    • Click on “Personal access tokens” on the left.
    • Click on Generate new token button.
    • Give an appropriate note for the token and then select the repo Check box.

token repo access

  • Click on Generate Token button at the bottom.
  • Copy the generated token somewhere.

github token

Step 4. Create Secrets in GitHub.

  • Go to the repository settings.
  • Click on “Secrets” on the left.
  • Click on New repository secret.
  • Give a name to the secrets and their value.
  • We will create three secrets here:
    • AWS_ACCESS_KEY_ID: Created in prerequisites
    • AWS_SECRET_ACCESS_KEY: Created in prerequisites
    • REPO_ACCESS_TOKEN: Created in the previous step.

github secrets

Step5. Creating and Configuring GitHub Actions

  • We can create a new GitHub Actions by clicking at the top of the repository.
  • GitHub Actions create its files in .github folder.
  • We have two Actions files:
    • stackCreate.yml – It will get triggered by Pull Request and create CodePipeline and CodeBuild from the CloudFormation template
    • stackDelete.yml – It will get triggered when Pull Request is Merged or Closed. It will delete the CloudFormation stack that will result in deleting CodeBuild and CodePipeline.
Understanding stackCreate.yml file:

This will create the AWS CodeBuild and CodePipeline using CloudFormation present in the repo. To make a connection with the AWS account we have used GitHub secrets of AWS access key id and secret key. The CloudFormation Template has several parameters that require values to work correctly. At the bottom of this file, all the values are given such as S3 Bucket names, GitHub Owner name, Repository name, Branch name, CodePipeline name, and GitHub Token (for this we have used secrets).

Understanding stackDelete.yml file:

To make a connection with the AWS account we have used GitHub secrets of AWS access key id and secret key. This will delete the CloudFormation stack created earlier. For this, we have used the AWS CLI module to delete the stack.

Step6. Create a new branch for Pull Request.

After all the configurations and setup,

  • create a new branch in the repository so that you can create a pull request.
  • Make a small change demo change in the Readme file in the new branch.
  • Now you can create a pull request.

Step7. Triggering the GitHub Actions stackCreate.yml file

  • Create Pull request:
    • Click on the “Pull request” button at the top.
    • Click on the “New pull request” button at the top.
    • Choose the new branch that has a change in the Readme file.
    • Next, click on Create pull request button and then again click on the new button that appeared.
  • This will trigger the GitHub Pipeline.
  • Check the pipeline by clicking on the Actions button at the top.
  • Check the logs.

log-console create stack

Step8. Checking the CloudFormation and Code Pipeline.

  • We can check in the CloudFormation service that we have a new stack.

pipeline stack

  • Now check the CodePipeline and CodeBuild and they had been also created successfully.

Step9. Triggering the GitHub Actions stackDelete.yml file

  • Now, we can merge or close the request and both will trigger the stackDelete.yml file.
  • We can find the merge and close option on the same page on which we have created the pull request.
  • Next, the deleteStack pipeline will get triggered.

delete stack logs

Step 10. Checking the Deletion Process.

If we will check the CloudFormation, CodeBuild, and CodePipeline. They are all deleted as our requirement.


We have prepared a complete pipeline of creating and deleting AWS services using GitHub Actions. Hopefully, this will helpful for you.

Leave a Reply

Your email address will not be published. Required fields are marked *