-
-
Notifications
You must be signed in to change notification settings - Fork 130
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Initial * Remove provider vars * Added outputs * Fix hardcoded values * Added default image * Grant perms * Grant perms * Fix bump version * Added readme * Update README.md * fmt * fmt * Added module param * Update README.md * Update readme * Readme fix
- Loading branch information
Showing
4 changed files
with
156 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1,46 @@ | ||
| # tf_codebuild | ||
| # tf_codebuild | ||
|
|
||
| Terraform config to create codebuild project for codepipeline | ||
|
|
||
| ## Usage | ||
|
|
||
| Include this repository as a module in your existing terraform code: | ||
|
|
||
| ``` | ||
| module "build" { | ||
| source = "git::https://github.com/cloudposse/tf_codebuild.git" | ||
| namespace = "general" | ||
| name = "ci" | ||
| stage = "staging" | ||
| image = "apline" | ||
| instance_size = "BUILD_GENERAL1_SMALL" | ||
| } | ||
| ``` | ||
|
|
||
| Grant appropriate permsissions to s3 | ||
|
|
||
| ``` | ||
| resource "aws_iam_role_policy_attachment" "codebuild_s3" { | ||
| role = "${module.build.role_arn}" | ||
| policy_arn = "${aws_iam_policy.s3.arn}" | ||
| } | ||
| ``` | ||
|
|
||
| ## Input | ||
|
|
||
| | Name | Default | Decription | | ||
| |:-------------:|:--------------------:|:------------------------------------------------------------------------------------------------------------------------------:| | ||
| | namespace | global | Namespace | | ||
| | stage | default | Stage | | ||
| | name | codebuild | Name | | ||
| | image | alpine | Docker image used as environment | | ||
| | instance_size | BUILD_GENERAL1_SMALL | Instance size for job. Possible values are: ```BUILD_GENERAL1_SMALL``` ```BUILD_GENERAL1_MEDIUM``` ```BUILD_GENERAL1_LARGE``` | | ||
|
|
||
| ## Output | ||
|
|
||
| | Name | Decription | | ||
| |:------------:|:----------------------:| | ||
| | project_name | CodeBuild project name | | ||
| | project_id | CodeBuild project arn | | ||
| | role_arn | IAM Role arn | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,80 @@ | ||
| # Define composite variables for resources | ||
| module "label" { | ||
| source = "git::https://github.com/cloudposse/tf_label.git?ref=tags/0.1.0" | ||
| namespace = "${var.namespace}" | ||
| name = "${var.name}" | ||
| stage = "${var.stage}" | ||
| } | ||
|
|
||
| resource "aws_iam_role" "default" { | ||
| name = "${module.label.id}" | ||
| assume_role_policy = "${data.aws_iam_policy_document.role.json}" | ||
| } | ||
|
|
||
| data "aws_iam_policy_document" "role" { | ||
| statement { | ||
| sid = "" | ||
|
|
||
| actions = [ | ||
| "sts:AssumeRole", | ||
| ] | ||
|
|
||
| principals { | ||
| type = "Service" | ||
| identifiers = ["codebuild.amazonaws.com"] | ||
| } | ||
|
|
||
| effect = "Allow" | ||
| } | ||
| } | ||
|
|
||
| resource "aws_iam_policy" "default" { | ||
| name = "${module.label.id}" | ||
| path = "/service-role/" | ||
| policy = "${data.aws_iam_policy_document.logs.json}" | ||
| } | ||
|
|
||
| data "aws_iam_policy_document" "logs" { | ||
| statement { | ||
| sid = "" | ||
|
|
||
| actions = [ | ||
| "logs:CreateLogGroup", | ||
| "logs:CreateLogStream", | ||
| "logs:PutLogEvents", | ||
| ] | ||
|
|
||
| effect = "Allow" | ||
|
|
||
| resources = [ | ||
| "*", | ||
| ] | ||
| } | ||
| } | ||
|
|
||
| resource "aws_iam_policy_attachment" "default" { | ||
| name = "${module.label.id}" | ||
| policy_arn = "${aws_iam_policy.default.arn}" | ||
| roles = ["${aws_iam_role.default.id}"] | ||
| } | ||
|
|
||
| resource "aws_codebuild_project" "default" { | ||
| name = "${module.label.id}" | ||
| service_role = "${aws_iam_role.default.arn}" | ||
|
|
||
| artifacts { | ||
| type = "CODEPIPELINE" | ||
| } | ||
|
|
||
| environment { | ||
| compute_type = "${var.instance_size}" | ||
| image = "${var.image}" | ||
| type = "LINUX_CONTAINER" | ||
| } | ||
|
|
||
| source { | ||
| type = "CODEPIPELINE" | ||
| } | ||
|
|
||
| tags = "${module.label.tags}" | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| output "project_name" { | ||
| value = "${aws_codebuild_project.default.name}" | ||
| } | ||
|
|
||
| output "project_id" { | ||
| value = "${aws_codebuild_project.default.id}" | ||
| } | ||
|
|
||
| output "role_arn" { | ||
| value = "${aws_iam_role.default.id}" | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| variable "namespace" { | ||
| default = "global" | ||
| } | ||
|
|
||
| variable "stage" { | ||
| default = "default" | ||
| } | ||
|
|
||
| variable "name" { | ||
| default = "codebuild" | ||
| } | ||
|
|
||
| variable "image" { | ||
| default = "alpine" | ||
| } | ||
|
|
||
| variable "instance_size" { | ||
| default = "BUILD_GENERAL1_SMALL" | ||
| } |