Airwalk Consulting
terraform-aws-codebuild-deploy-tf
Description
This AWS Teraform module sets up a CodeBuild/CodePipeline project that deploys a Terraform project from GitHub.
Just configure the variables with the github settings and an OAuth token giving it permissions to access the code. You can also configure the required permissions that the CodeBuild/Pipeline roles require as you wish.
The buildspec.yml
file in the source project can be used to match environment variables you set in this project (see Usage).
Current issues:
- You need to change an environment variable to
terraform destroy...
a project - You must remember to
terraform destroy...
a project before destroying this project. - The examples shown are setup with projects running terraform using
var_file
s. Things could be adjusted to run terraform in any way you wish. - [BUG] Currently, obtaining the GitHub token from SSM flags up as a change on every TF run.
Requirements
- Terraform 0.12.x (Although this project is written in Terraform 0.12, the pipeline it deploys can be used to deploy using ANY version of Terraform)
- A github Oauth token stored in AWS SSM Parameter Store
- A terraform project with an AWS CodeBuild
buildspec.yml
file in the root directory checked into GitHub
Usage
module "codebuild_tf_lambda_deploy" {
source = "git::https://github.com/AirWalk-Digital/terraform-aws-codebuild-deploy-tf.git"
region = "eu-west-1"
name = "somename"
namespace = "somenamespace"
stage = "dev"
tags = {
Owner = "My Company"
}
github_owner = "github-User-Name"
github_repo = "github_repo_name"
git_branch = "branch_name"
ssm_param_name_github_token = "ssm/path_to/github_oath_token"
codebuild_project_description = "An project that deploys a lambda"
codebuild_iam_policy_arns = [
"arn:aws:iam::aws:policy/AWSLambdaFullAccess",
"arn:aws:iam::aws:policy/AmazonS3FullAccess",
"arn:aws:iam::aws:policy/CloudWatchLogsFullAccess",
"arn:aws:iam::aws:policy/AWSCodeBuildDeveloperAccess",
"arn:aws:iam::aws:policy/IAMFullAccess",
]
codepipeline_iam_policy_arns = [
"arn:aws:iam::aws:policy/AmazonS3FullAccess",
"arn:aws:iam::aws:policy/AWSCodeBuildDeveloperAccess"
]
codebuild_env_vars = {
{
name = "TF_VERSION"
value = "0.11.14"
},
{
name = "TF_ENV"
value = "account1_env_vars_file"
},
{
name = "TF_ACTION"
value = "apply"
},
{
name = "TF_IN_AUTOMATION"
value = "1"
},
{
name = "TF_LOG"
value = "DEBUG"
}
]
}
Also see this example project.
It is setup to deploy this example hello world Lambda Terraform project.
Take particular note of buildspec.yml file
and how it ties in with the environment variables set here in var.codebuild_env_vars
.
To trigger a build, check in some code into the branch var.git_branch
or manually click the Release Change
button on the AWS CodePipeline pipeline page.
Inputs
Name | Description | Type | Default | Required |
---|---|---|---|---|
attributes | Additional attributes (e.g. policy or role ) |
list(string) | <list> |
no |
codebuild_compute_type | CodeBuild compute type | string | BUILD_GENERAL1_SMALL |
no |
codebuild_env_vars | A map of env vars to set in CodeBuild | list(any) | <list> |
no |
codebuild_iam_policy_arns | IAM Policy to be attached to role | list(string) | <list> |
no |
codebuild_image | CodeBuild image | string | aws/codebuild/standard:2.0 |
no |
codebuild_project_description | Description of CodeBuild project | string | `` | no |
codebuild_type | CodeBuild image type | string | LINUX_CONTAINER |
no |
codepipeline_iam_policy_arns | IAM Policy to be attached to role | list(string) | <list> |
no |
delimiter | Delimiter to be used between name , namespace , environment , etc. |
string | - |
no |
git_branch | Git branch to build | string | master |
no |
github_owner | Github Repo owner/user | string | `` | no |
github_repo | Github repo name | string | `` | no |
name | Name (e.g. project name) | string | `` | no |
namespace | Namespace | string | `` | no |
region | region | string | eu-west-1 |
no |
ssm_param_name_github_token | The SSM parameter store, parameter name which stores the github ouath token | string | `` | no |
stage | Stage (e.g. environment) | string | `` | no |
tags | Tags | map(string) | <map> |
no |
Outputs
Name | Description |
---|---|
codebuild_project_name | CodeBuild project name |
codepipeline_pipeline_name | CodePipeline pipeline name |
Makefile Targets
Available targets:
help Help screen
help/all Display help for all targets
help/short This help short screen
License
See LICENSE for full details.
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.