Terraform Module For CodeCommit + SQS
|
Warning
|
The latest version of this module is available on the Terraform Registry and development moved to terraform-aws-codecommit-sqs |
CodeCommit repos created using this terraform module is compatible with the Jenkins AWS CodeCommit Trigger Plugin, i.e., changes to the git repo automatically triggers the plugin.
Sample Usage
variable "aws-account-id" {
default = "my-aws-account-id"
}
variable "aws-region" {
default = "my-aws-region"
}
variable "sns-topic-prefix" {
default = "codecommit-"
}
variable "sns-topic-suffix" {
default = "-topic"
}
provider "aws" {
region = "${var.aws-region}"
alias = "default"
}
resource "aws_sqs_queue" "main" {
name = "codecommit-notifications-queue"
delay_seconds = 90
max_message_size = 2048
message_retention_seconds = 86400
receive_wait_time_seconds = 10
}
resource "aws_sqs_queue_policy" "sns" {
queue_url = "${aws_sqs_queue.main.id}"
policy = "${data.aws_iam_policy_document.sns-sqs-policy.json}"
}
data "aws_iam_policy_document" "sns-sqs-policy" {
policy_id = "arn:aws:sqs:us-east-1:${var.aws-account-id}:testing/SQSDefaultPolicy"
statement {
sid = "SubscribeToSNS"
effect = "Allow"
principals {
type = "AWS"
identifiers = [ "*" ]
}
actions = [ "SQS:SendMessage" ]
resources = [ "${aws_sqs_queue.main.arn}" ]
condition {
test = "ArnLike"
variable = "aws:SourceArn"
values = [ "arn:aws:sns:${var.aws-region}:${var.aws-account-id}:${var.sns-topic-prefix}*${var.sns-topic-suffix}" ]
}
}
}
module "cc-example_repo" {
source = "github.com/riboseinc/tf-codecommit-sqs"
reponame = "example-repo"
aws-account-id = "${var.aws-account-id}"
sqs-arn = "${aws_sqs_queue.main.arn}"
sqs-id = "${aws_sqs_queue.main.id}"
topic-prefix = "${var.sns-topic-prefix}"
topic-suffix = "${var.sns-topic-suffix}"
# email-sns-arn = "${aws_sns_topic.codecommit-email.arn}"
providers = {
aws = "aws.default"
}
}
output "cc-example_repo-cc-arn" {
value = "${module.cc-example_repo.cc-arn}"
}
output "cc-example_repo-sns-name" {
value = "${module.cc-example_repo.sns-name}"
}
output "cc-example_repo-sns-arn" {
value = "${module.cc-example_repo.sns-arn}"
}Enabling With An Email Notification
Some people prefer receiving an email on every commit.
This is how you set it up.
resource "aws_sns_topic" "codecommit-email" {
name = "codecommit-email-notifications"
display_name = "CodeCommit notifications"
}
resource "aws_sns_topic_policy" "codecommit-email-sns-policy" {
arn = "${aws_sns_topic.codecommit-email.arn}"
policy = "${data.aws_iam_policy_document.codecommit-email-sns-policy.json}"
}
data "aws_iam_policy_document" "codecommit-email-sns-policy" {
statement {
sid = "AllowSubscription"
effect = "Allow"
principals {
type = "AWS"
identifiers = [ "*" ]
}
actions = [
"SNS:Publish",
"SNS:RemovePermission",
"SNS:SetTopicAttributes",
"SNS:DeleteTopic",
"SNS:ListSubscriptionsByTopic",
"SNS:GetTopicAttributes",
"SNS:Receive",
"SNS:AddPermission",
"SNS:Subscribe"
]
resources = [ "${aws_sns_topic.codecommit-email.arn}" ]
condition {
test = "StringEquals"
variable = "AWS:SourceOwner"
values = [ "${var.aws-account-id}" ]
}
}
}
output "email-sns-arn" {
value = "${aws_sns_topic.codecommit-email.arn}"
}
output "email-sns-name" {
value = "${aws_sns_topic.codecommit-email.name}"
}
# Link it with this module
module "cc-example_repo" {
source = "github.com/riboseinc/tf-codecommit-sqs"
reponame = "example-repo"
aws-account-id = "${var.aws-account-id}"
email-sns-arn = "${aws_sns_topic.codecommit-email.arn}"
topic-prefix = "${var.sns-topic-prefix}"
topic-suffix = "${var.sns-topic-suffix}"
sqs-arn = "${aws_sqs_queue.main.arn}"
sqs-id = "${aws_sqs_queue.main.id}"
}