From 40294a55b0238177215de55dd4a4980875b36e27 Mon Sep 17 00:00:00 2001 From: Joe Niland Date: Wed, 14 Apr 2021 08:18:11 +1000 Subject: [PATCH 1/9] Disable repo path condition in codestar policy --- main.tf | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/main.tf b/main.tf index c80244e..6d3903a 100644 --- a/main.tf +++ b/main.tf @@ -186,13 +186,13 @@ data "aws_iam_policy_document" "codestar" { "codestar-connections:UseConnection" ] - condition { - test = "StringLike" - variable = "codestar-connections:FullRepositoryId" - values = [ - format("%s/%s", var.repo_owner, var.repo_name) - ] - } + # condition { + # test = "StringLike" + # variable = "codestar-connections:FullRepositoryId" + # values = [ + # format("%s/%s", var.repo_owner, var.repo_name) + # ] + # } resources = [var.codestar_connection_arn] effect = "Allow" From d67806883ab948b470f414a6f8f3e25f1901908c Mon Sep 17 00:00:00 2001 From: Joe Niland Date: Thu, 15 Apr 2021 06:41:33 +1000 Subject: [PATCH 2/9] Add support for running Codebuild project in VPC --- main.tf | 1 + variables.tf | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/main.tf b/main.tf index 6d3903a..013c0ed 100644 --- a/main.tf +++ b/main.tf @@ -228,6 +228,7 @@ module "codebuild" { secondary_artifact_location = var.secondary_artifact_bucket_id secondary_artifact_identifier = var.secondary_artifact_identifier secondary_artifact_encryption_enabled = var.secondary_artifact_encryption_enabled + vpc_config = var.codebuild_vpc_config context = module.this.context } diff --git a/variables.tf b/variables.tf index 0afe3eb..f2b6939 100644 --- a/variables.tf +++ b/variables.tf @@ -196,3 +196,11 @@ variable "local_cache_modes" { default = [] description = "Specifies settings that AWS CodeBuild uses to store and reuse build dependencies. Valid values: LOCAL_SOURCE_CACHE, LOCAL_DOCKER_LAYER_CACHE, and LOCAL_CUSTOM_CACHE" } + +# https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codebuild_project#vpc_config +variable "codebuild_vpc_config" { + type = any + default = {} + description = "Configuration for the builds to run inside a VPC." +} + From 075908953a210be102fa6b66576b012ef60229f8 Mon Sep 17 00:00:00 2001 From: Joe Niland Date: Tue, 20 Apr 2021 13:43:21 +1000 Subject: [PATCH 3/9] output codepipeline resource --- outputs.tf | 5 +++++ variables.tf | 1 - 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/outputs.tf b/outputs.tf index 223be52..6ec0345 100644 --- a/outputs.tf +++ b/outputs.tf @@ -58,3 +58,8 @@ output "codepipeline_arn" { description = "CodePipeline ARN" value = join("", aws_codepipeline.default.*.arn) } + +output "codepipeline_resource" { + description = "CodePipeline resource" + value = element(concat(aws_codepipeline.default.*, aws_codepipeline.bitbucket.*), 0) +} diff --git a/variables.tf b/variables.tf index f2b6939..e8e25a6 100644 --- a/variables.tf +++ b/variables.tf @@ -203,4 +203,3 @@ variable "codebuild_vpc_config" { default = {} description = "Configuration for the builds to run inside a VPC." } - From d8d8f9b6c13b08e4f5ca7785e7427323ce4ac319 Mon Sep 17 00:00:00 2001 From: Joe Niland Date: Tue, 20 Apr 2021 14:06:29 +1000 Subject: [PATCH 4/9] output codepipeline resource id, arn for either github or bitbucket codepipeline resource --- outputs.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/outputs.tf b/outputs.tf index 6ec0345..f6835d3 100644 --- a/outputs.tf +++ b/outputs.tf @@ -51,12 +51,12 @@ output "codebuild_badge_url" { output "codepipeline_id" { description = "CodePipeline ID" - value = join("", aws_codepipeline.default.*.id) + value = lookup(output.codepipeline_resource, "id", "") } output "codepipeline_arn" { description = "CodePipeline ARN" - value = join("", aws_codepipeline.default.*.arn) + value = lookup(output.codepipeline_resource, "arn", "") } output "codepipeline_resource" { From cf446e87319ecc9ff904d4e84a86857d0eafca92 Mon Sep 17 00:00:00 2001 From: Joe Niland Date: Tue, 20 Apr 2021 14:12:07 +1000 Subject: [PATCH 5/9] fix outputs --- outputs.tf | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/outputs.tf b/outputs.tf index f6835d3..05756d7 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,3 +1,7 @@ +locals { + codepipeline_resource = try(element(concat(aws_codepipeline.default.*, aws_codepipeline.bitbucket.*), 0), null) +} + output "badge_url" { description = "The URL of the build badge when badge_enabled is enabled" value = module.codebuild.badge_url @@ -51,15 +55,15 @@ output "codebuild_badge_url" { output "codepipeline_id" { description = "CodePipeline ID" - value = lookup(output.codepipeline_resource, "id", "") + value = lookup(locals.codepipeline_resource, "id", "") } output "codepipeline_arn" { description = "CodePipeline ARN" - value = lookup(output.codepipeline_resource, "arn", "") + value = lookup(locals.codepipeline_resource, "arn", "") } output "codepipeline_resource" { description = "CodePipeline resource" - value = element(concat(aws_codepipeline.default.*, aws_codepipeline.bitbucket.*), 0) + value = locals.codepipeline_resource } From 5927924409fc66927efe4282cbf7ae678c142fe9 Mon Sep 17 00:00:00 2001 From: Joe Niland Date: Tue, 20 Apr 2021 14:15:25 +1000 Subject: [PATCH 6/9] typo --- outputs.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/outputs.tf b/outputs.tf index 05756d7..3bf8918 100644 --- a/outputs.tf +++ b/outputs.tf @@ -55,15 +55,15 @@ output "codebuild_badge_url" { output "codepipeline_id" { description = "CodePipeline ID" - value = lookup(locals.codepipeline_resource, "id", "") + value = lookup(local.codepipeline_resource, "id", "") } output "codepipeline_arn" { description = "CodePipeline ARN" - value = lookup(locals.codepipeline_resource, "arn", "") + value = lookup(local.codepipeline_resource, "arn", "") } output "codepipeline_resource" { description = "CodePipeline resource" - value = locals.codepipeline_resource + value = local.codepipeline_resource } From 623ca8814e6a2998d9736da32d720831a7dda115 Mon Sep 17 00:00:00 2001 From: cloudpossebot <11232728+cloudpossebot@users.noreply.github.com> Date: Tue, 20 Apr 2021 04:27:22 +0000 Subject: [PATCH 7/9] Auto Format --- README.md | 193 +++++++++++++++++++++++++--------------------- docs/terraform.md | 190 ++++++++++++++++++++++++--------------------- 2 files changed, 205 insertions(+), 178 deletions(-) diff --git a/README.md b/README.md index 9588512..c39089e 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,4 @@ + # terraform-aws-ecs-codepipeline [![GitHub Action Tests](https://github.com/cloudposse/terraform-aws-ecs-codepipeline/workflows/test/badge.svg?branch=master)](https://github.com/cloudposse/terraform-aws-ecs-codepipeline/actions) [![Latest Release](https://img.shields.io/github/release/cloudposse/terraform-aws-ecs-codepipeline.svg)](https://github.com/cloudposse/terraform-aws-ecs-codepipeline/releases/latest) [![Slack Community](https://slack.cloudposse.com/badge.svg)](https://slack.cloudposse.com) @@ -29,7 +30,6 @@ Terraform Module for CI/CD with AWS Code Pipeline using GitHub webhook triggers and Code Build for ECS. - --- This project is part of our comprehensive ["SweetOps"](https://cpco.io/sweetops) approach towards DevOps. @@ -60,7 +60,6 @@ We literally have [*hundreds of terraform modules*][terraform_modules] that are - ## Security & Compliance [](https://bridgecrew.io/) Security scanning is graciously provided by Bridgecrew. Bridgecrew is the leading fully hosted, cloud-native solution providing continuous Terraform security and compliance. @@ -208,117 +207,131 @@ Available targets: | Name | Version | |------|---------| -| terraform | >= 0.13.0 | -| aws | >= 2.0 | -| local | >= 1.2 | -| null | >= 2.0 | -| random | >= 2.1 | -| template | >= 2.0 | +| [terraform](#requirement\_terraform) | >= 0.13.0 | +| [aws](#requirement\_aws) | >= 2.0 | +| [local](#requirement\_local) | >= 1.2 | +| [null](#requirement\_null) | >= 2.0 | +| [random](#requirement\_random) | >= 2.1 | +| [template](#requirement\_template) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| aws | >= 2.0 | -| random | >= 2.1 | +| [aws](#provider\_aws) | >= 2.0 | +| [random](#provider\_random) | >= 2.1 | ## Modules | Name | Source | Version | |------|--------|---------| -| codebuild | cloudposse/codebuild/aws | 0.35.0 | -| codebuild_label | cloudposse/label/null | 0.24.1 | -| codepipeline_assume_role_label | cloudposse/label/null | 0.24.1 | -| codepipeline_label | cloudposse/label/null | 0.24.1 | -| codepipeline_s3_policy_label | cloudposse/label/null | 0.24.1 | -| codestar_label | cloudposse/label/null | 0.24.1 | -| github_webhooks | cloudposse/repository-webhooks/github | 0.12.0 | -| this | cloudposse/label/null | 0.24.1 | +| [codebuild](#module\_codebuild) | cloudposse/codebuild/aws | 0.35.0 | +| [codebuild\_label](#module\_codebuild\_label) | cloudposse/label/null | 0.24.1 | +| [codepipeline\_assume\_role\_label](#module\_codepipeline\_assume\_role\_label) | cloudposse/label/null | 0.24.1 | +| [codepipeline\_label](#module\_codepipeline\_label) | cloudposse/label/null | 0.24.1 | +| [codepipeline\_s3\_policy\_label](#module\_codepipeline\_s3\_policy\_label) | cloudposse/label/null | 0.24.1 | +| [codestar\_label](#module\_codestar\_label) | cloudposse/label/null | 0.24.1 | +| [github\_webhooks](#module\_github\_webhooks) | cloudposse/repository-webhooks/github | 0.12.0 | +| [this](#module\_this) | cloudposse/label/null | 0.24.1 | ## Resources -| Name | -|------| -| [aws_caller_identity](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | -| [aws_codepipeline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codepipeline) | -| [aws_codepipeline_webhook](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codepipeline_webhook) | -| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | -| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | -| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | -| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | -| [aws_region](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | -| [aws_s3_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | -| [random_string](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | +| Name | Type | +|------|------| +| [aws_codepipeline.bitbucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codepipeline) | resource | +| [aws_codepipeline.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codepipeline) | resource | +| [aws_codepipeline_webhook.webhook](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codepipeline_webhook) | resource | +| [aws_iam_policy.codebuild](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy.codestar](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_role.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.codebuild](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.codebuild_s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.codestar](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_s3_bucket.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | +| [random_string.webhook_secret](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | +| [aws_caller_identity.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.codebuild](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.codestar](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_region.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| additional\_tag\_map | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no | -| attributes | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | -| aws\_account\_id | AWS Account ID. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | `string` | `""` | no | -| badge\_enabled | Generates a publicly-accessible URL for the projects build badge. Available as badge\_url attribute when enabled | `bool` | `false` | no | -| branch | Branch of the GitHub repository, _e.g._ `master` | `string` | n/a | yes | -| build\_compute\_type | `CodeBuild` instance size. Possible values are: `BUILD_GENERAL1_SMALL` `BUILD_GENERAL1_MEDIUM` `BUILD_GENERAL1_LARGE` | `string` | `"BUILD_GENERAL1_SMALL"` | no | -| build\_image | Docker image for build environment, _e.g._ `aws/codebuild/docker:docker:17.09.0` | `string` | `"aws/codebuild/docker:17.09.0"` | no | -| build\_timeout | How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed | `number` | `60` | no | -| buildspec | Declaration to use for building the project. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `""` | no | -| cache\_bucket\_suffix\_enabled | The cache bucket generates a random 13 character string to generate a unique bucket name. If set to false it uses terraform-null-label's id value. It only works when cache\_type is 'S3' | `bool` | `true` | no | -| cache\_type | The type of storage that will be used for the AWS CodeBuild project cache. Valid values: NO\_CACHE, LOCAL, and S3. Defaults to S3. If cache\_type is S3, it will create an S3 bucket for storing codebuild cache inside | `string` | `"S3"` | no | -| codestar\_connection\_arn | CodeStar connection ARN required for Bitbucket integration with CodePipeline | `string` | `""` | no | -| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | -| delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | -| ecs\_cluster\_name | ECS Cluster Name | `string` | n/a | yes | -| enabled | Set to false to prevent the module from creating any resources | `bool` | `null` | no | -| environment | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | -| environment\_variables | A list of maps, that contain both the key 'name' and the key 'value' to be used as additional environment variables for the build | 
list(object(
    {
      name  = string
      value = string
  }))
| `[]` | no | -| github\_oauth\_token | GitHub OAuth Token with permissions to access private repositories | `string` | `""` | no | -| github\_webhook\_events | A list of events which should trigger the webhook. See a list of [available events](https://developer.github.com/v3/activity/events/types/) | `list(string)` | 
[
  "push"
]
| no | -| github\_webhooks\_token | GitHub OAuth Token with permissions to create webhooks. If not provided, can be sourced from the `GITHUB_TOKEN` environment variable | `string` | `""` | no | -| id\_length\_limit | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | -| image\_repo\_name | ECR repository name to store the Docker image built by this module. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | `string` | n/a | yes | -| image\_tag | Docker image tag in the ECR repository, e.g. 'latest'. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | `string` | `"latest"` | no | -| label\_key\_case | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | -| label\_order | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | -| label\_value\_case | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | -| local\_cache\_modes | Specifies settings that AWS CodeBuild uses to store and reuse build dependencies. Valid values: LOCAL\_SOURCE\_CACHE, LOCAL\_DOCKER\_LAYER\_CACHE, and LOCAL\_CUSTOM\_CACHE | `list(string)` | `[]` | no | -| name | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no | -| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no | -| poll\_source\_changes | Periodically check the location of your source content and run the pipeline if changes are detected | `bool` | `false` | no | -| privileged\_mode | If set to true, enables running the Docker daemon inside a Docker container on the CodeBuild instance. Used when building Docker images | `bool` | `false` | no | -| regex\_replace\_chars | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | -| region | AWS Region, e.g. us-east-1. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | `string` | n/a | yes | -| repo\_name | GitHub repository name of the application to be built and deployed to ECS | `string` | n/a | yes | -| repo\_owner | GitHub Organization or Username | `string` | n/a | yes | -| s3\_bucket\_force\_destroy | A boolean that indicates all objects should be deleted from the CodePipeline artifact store S3 bucket so that the bucket can be destroyed without error | `bool` | `false` | no | -| secondary\_artifact\_bucket\_id | Optional bucket for secondary artifact deployment. If specified, the buildspec must include a secondary artifacts section which controls the artifacts deployed to the bucket [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `null` | no | -| secondary\_artifact\_encryption\_enabled | If set to true, enable encryption on the secondary artifact bucket | `bool` | `false` | no | -| secondary\_artifact\_identifier | Identifier for optional secondary artifact deployment. If specified, the identifier must appear in the buildspec as the name of the section which controls the artifacts deployed to the secondary artifact bucket [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `null` | no | -| service\_name | ECS Service Name | `string` | n/a | yes | -| stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | -| tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | -| webhook\_authentication | The type of authentication to use. One of IP, GITHUB\_HMAC, or UNAUTHENTICATED | `string` | `"GITHUB_HMAC"` | no | -| webhook\_enabled | Set to false to prevent the module from creating any webhook resources | `bool` | `true` | no | -| webhook\_filter\_json\_path | The JSON path to filter on | `string` | `"$.ref"` | no | -| webhook\_filter\_match\_equals | The value to match on (e.g. refs/heads/{Branch}) | `string` | `"refs/heads/{Branch}"` | no | -| webhook\_target\_action | The name of the action in a pipeline you want to connect to the webhook. The action must be from the source (first) stage of the pipeline | `string` | `"Source"` | no | +| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no | +| [attributes](#input\_attributes) | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | +| [aws\_account\_id](#input\_aws\_account\_id) | AWS Account ID. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | `string` | `""` | no | +| [badge\_enabled](#input\_badge\_enabled) | Generates a publicly-accessible URL for the projects build badge. Available as badge\_url attribute when enabled | `bool` | `false` | no | +| [branch](#input\_branch) | Branch of the GitHub repository, _e.g._ `master` | `string` | n/a | yes | +| [build\_compute\_type](#input\_build\_compute\_type) | `CodeBuild` instance size. Possible values are: `BUILD_GENERAL1_SMALL` `BUILD_GENERAL1_MEDIUM` `BUILD_GENERAL1_LARGE` | `string` | `"BUILD_GENERAL1_SMALL"` | no | +| [build\_image](#input\_build\_image) | Docker image for build environment, _e.g._ `aws/codebuild/docker:docker:17.09.0` | `string` | `"aws/codebuild/docker:17.09.0"` | no | +| [build\_timeout](#input\_build\_timeout) | How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed | `number` | `60` | no | +| [buildspec](#input\_buildspec) | Declaration to use for building the project. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `""` | no | +| [cache\_bucket\_suffix\_enabled](#input\_cache\_bucket\_suffix\_enabled) | The cache bucket generates a random 13 character string to generate a unique bucket name. If set to false it uses terraform-null-label's id value. It only works when cache\_type is 'S3' | `bool` | `true` | no | +| [cache\_type](#input\_cache\_type) | The type of storage that will be used for the AWS CodeBuild project cache. Valid values: NO\_CACHE, LOCAL, and S3. Defaults to S3. If cache\_type is S3, it will create an S3 bucket for storing codebuild cache inside | `string` | `"S3"` | no | +| [codebuild\_vpc\_config](#input\_codebuild\_vpc\_config) | Configuration for the builds to run inside a VPC. | `any` | `{}` | no | +| [codestar\_connection\_arn](#input\_codestar\_connection\_arn) | CodeStar connection ARN required for Bitbucket integration with CodePipeline | `string` | `""` | no | +| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | +| [delimiter](#input\_delimiter) | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | +| [ecs\_cluster\_name](#input\_ecs\_cluster\_name) | ECS Cluster Name | `string` | n/a | yes | +| [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | +| [environment](#input\_environment) | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | +| [environment\_variables](#input\_environment\_variables) | A list of maps, that contain both the key 'name' and the key 'value' to be used as additional environment variables for the build | 
list(object(
    {
      name  = string
      value = string
  }))
| `[]` | no | +| [github\_oauth\_token](#input\_github\_oauth\_token) | GitHub OAuth Token with permissions to access private repositories | `string` | `""` | no | +| [github\_webhook\_events](#input\_github\_webhook\_events) | A list of events which should trigger the webhook. See a list of [available events](https://developer.github.com/v3/activity/events/types/) | `list(string)` | 
[
  "push"
]
| no | +| [github\_webhooks\_token](#input\_github\_webhooks\_token) | GitHub OAuth Token with permissions to create webhooks. If not provided, can be sourced from the `GITHUB_TOKEN` environment variable | `string` | `""` | no | +| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | +| [image\_repo\_name](#input\_image\_repo\_name) | ECR repository name to store the Docker image built by this module. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | `string` | n/a | yes | +| [image\_tag](#input\_image\_tag) | Docker image tag in the ECR repository, e.g. 'latest'. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | `string` | `"latest"` | no | +| [label\_key\_case](#input\_label\_key\_case) | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | +| [label\_order](#input\_label\_order) | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | +| [label\_value\_case](#input\_label\_value\_case) | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | +| [local\_cache\_modes](#input\_local\_cache\_modes) | Specifies settings that AWS CodeBuild uses to store and reuse build dependencies. Valid values: LOCAL\_SOURCE\_CACHE, LOCAL\_DOCKER\_LAYER\_CACHE, and LOCAL\_CUSTOM\_CACHE | `list(string)` | `[]` | no | +| [name](#input\_name) | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no | +| [namespace](#input\_namespace) | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no | +| [poll\_source\_changes](#input\_poll\_source\_changes) | Periodically check the location of your source content and run the pipeline if changes are detected | `bool` | `false` | no | +| [privileged\_mode](#input\_privileged\_mode) | If set to true, enables running the Docker daemon inside a Docker container on the CodeBuild instance. Used when building Docker images | `bool` | `false` | no | +| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | +| [region](#input\_region) | AWS Region, e.g. us-east-1. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | `string` | n/a | yes | +| [repo\_name](#input\_repo\_name) | GitHub repository name of the application to be built and deployed to ECS | `string` | n/a | yes | +| [repo\_owner](#input\_repo\_owner) | GitHub Organization or Username | `string` | n/a | yes | +| [s3\_bucket\_force\_destroy](#input\_s3\_bucket\_force\_destroy) | A boolean that indicates all objects should be deleted from the CodePipeline artifact store S3 bucket so that the bucket can be destroyed without error | `bool` | `false` | no | +| [secondary\_artifact\_bucket\_id](#input\_secondary\_artifact\_bucket\_id) | Optional bucket for secondary artifact deployment. If specified, the buildspec must include a secondary artifacts section which controls the artifacts deployed to the bucket [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `null` | no | +| [secondary\_artifact\_encryption\_enabled](#input\_secondary\_artifact\_encryption\_enabled) | If set to true, enable encryption on the secondary artifact bucket | `bool` | `false` | no | +| [secondary\_artifact\_identifier](#input\_secondary\_artifact\_identifier) | Identifier for optional secondary artifact deployment. If specified, the identifier must appear in the buildspec as the name of the section which controls the artifacts deployed to the secondary artifact bucket [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `null` | no | +| [service\_name](#input\_service\_name) | ECS Service Name | `string` | n/a | yes | +| [stage](#input\_stage) | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | +| [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | +| [webhook\_authentication](#input\_webhook\_authentication) | The type of authentication to use. One of IP, GITHUB\_HMAC, or UNAUTHENTICATED | `string` | `"GITHUB_HMAC"` | no | +| [webhook\_enabled](#input\_webhook\_enabled) | Set to false to prevent the module from creating any webhook resources | `bool` | `true` | no | +| [webhook\_filter\_json\_path](#input\_webhook\_filter\_json\_path) | The JSON path to filter on | `string` | `"$.ref"` | no | +| [webhook\_filter\_match\_equals](#input\_webhook\_filter\_match\_equals) | The value to match on (e.g. refs/heads/{Branch}) | `string` | `"refs/heads/{Branch}"` | no | +| [webhook\_target\_action](#input\_webhook\_target\_action) | The name of the action in a pipeline you want to connect to the webhook. The action must be from the source (first) stage of the pipeline | `string` | `"Source"` | no | ## Outputs | Name | Description | |------|-------------| -| badge\_url | The URL of the build badge when badge\_enabled is enabled | -| codebuild\_badge\_url | The URL of the build badge when badge\_enabled is enabled | -| codebuild\_cache\_bucket\_arn | CodeBuild cache S3 bucket ARN | -| codebuild\_cache\_bucket\_name | CodeBuild cache S3 bucket name | -| codebuild\_project\_id | CodeBuild project ID | -| codebuild\_project\_name | CodeBuild project name | -| codebuild\_role\_arn | CodeBuild IAM Role ARN | -| codebuild\_role\_id | CodeBuild IAM Role ID | -| codepipeline\_arn | CodePipeline ARN | -| codepipeline\_id | CodePipeline ID | -| webhook\_id | The CodePipeline webhook's ID | -| webhook\_url | The CodePipeline webhook's URL. POST events to this endpoint to trigger the target | +| [badge\_url](#output\_badge\_url) | The URL of the build badge when badge\_enabled is enabled | +| [codebuild\_badge\_url](#output\_codebuild\_badge\_url) | The URL of the build badge when badge\_enabled is enabled | +| [codebuild\_cache\_bucket\_arn](#output\_codebuild\_cache\_bucket\_arn) | CodeBuild cache S3 bucket ARN | +| [codebuild\_cache\_bucket\_name](#output\_codebuild\_cache\_bucket\_name) | CodeBuild cache S3 bucket name | +| [codebuild\_project\_id](#output\_codebuild\_project\_id) | CodeBuild project ID | +| [codebuild\_project\_name](#output\_codebuild\_project\_name) | CodeBuild project name | +| [codebuild\_role\_arn](#output\_codebuild\_role\_arn) | CodeBuild IAM Role ARN | +| [codebuild\_role\_id](#output\_codebuild\_role\_id) | CodeBuild IAM Role ID | +| [codepipeline\_arn](#output\_codepipeline\_arn) | CodePipeline ARN | +| [codepipeline\_id](#output\_codepipeline\_id) | CodePipeline ID | +| [codepipeline\_resource](#output\_codepipeline\_resource) | CodePipeline resource | +| [webhook\_id](#output\_webhook\_id) | The CodePipeline webhook's ID | +| [webhook\_url](#output\_webhook\_url) | The CodePipeline webhook's URL. POST events to this endpoint to trigger the target | diff --git a/docs/terraform.md b/docs/terraform.md index d8b4599..def7acd 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -3,115 +3,129 @@ | Name | Version | |------|---------| -| terraform | >= 0.13.0 | -| aws | >= 2.0 | -| local | >= 1.2 | -| null | >= 2.0 | -| random | >= 2.1 | -| template | >= 2.0 | +| [terraform](#requirement\_terraform) | >= 0.13.0 | +| [aws](#requirement\_aws) | >= 2.0 | +| [local](#requirement\_local) | >= 1.2 | +| [null](#requirement\_null) | >= 2.0 | +| [random](#requirement\_random) | >= 2.1 | +| [template](#requirement\_template) | >= 2.0 | ## Providers | Name | Version | |------|---------| -| aws | >= 2.0 | -| random | >= 2.1 | +| [aws](#provider\_aws) | >= 2.0 | +| [random](#provider\_random) | >= 2.1 | ## Modules | Name | Source | Version | |------|--------|---------| -| codebuild | cloudposse/codebuild/aws | 0.35.0 | -| codebuild_label | cloudposse/label/null | 0.24.1 | -| codepipeline_assume_role_label | cloudposse/label/null | 0.24.1 | -| codepipeline_label | cloudposse/label/null | 0.24.1 | -| codepipeline_s3_policy_label | cloudposse/label/null | 0.24.1 | -| codestar_label | cloudposse/label/null | 0.24.1 | -| github_webhooks | cloudposse/repository-webhooks/github | 0.12.0 | -| this | cloudposse/label/null | 0.24.1 | +| [codebuild](#module\_codebuild) | cloudposse/codebuild/aws | 0.35.0 | +| [codebuild\_label](#module\_codebuild\_label) | cloudposse/label/null | 0.24.1 | +| [codepipeline\_assume\_role\_label](#module\_codepipeline\_assume\_role\_label) | cloudposse/label/null | 0.24.1 | +| [codepipeline\_label](#module\_codepipeline\_label) | cloudposse/label/null | 0.24.1 | +| [codepipeline\_s3\_policy\_label](#module\_codepipeline\_s3\_policy\_label) | cloudposse/label/null | 0.24.1 | +| [codestar\_label](#module\_codestar\_label) | cloudposse/label/null | 0.24.1 | +| [github\_webhooks](#module\_github\_webhooks) | cloudposse/repository-webhooks/github | 0.12.0 | +| [this](#module\_this) | cloudposse/label/null | 0.24.1 | ## Resources -| Name | -|------| -| [aws_caller_identity](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | -| [aws_codepipeline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codepipeline) | -| [aws_codepipeline_webhook](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codepipeline_webhook) | -| [aws_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | -| [aws_iam_policy_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | -| [aws_iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | -| [aws_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | -| [aws_region](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | -| [aws_s3_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | -| [random_string](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | +| Name | Type | +|------|------| +| [aws_codepipeline.bitbucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codepipeline) | resource | +| [aws_codepipeline.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codepipeline) | resource | +| [aws_codepipeline_webhook.webhook](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codepipeline_webhook) | resource | +| [aws_iam_policy.codebuild](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy.codestar](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_role.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.codebuild](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.codebuild_s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.codestar](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_iam_role_policy_attachment.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_s3_bucket.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | +| [random_string.webhook_secret](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | +| [aws_caller_identity.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | +| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.codebuild](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.codestar](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_region.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| additional\_tag\_map | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no | -| attributes | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | -| aws\_account\_id | AWS Account ID. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | `string` | `""` | no | -| badge\_enabled | Generates a publicly-accessible URL for the projects build badge. Available as badge\_url attribute when enabled | `bool` | `false` | no | -| branch | Branch of the GitHub repository, _e.g._ `master` | `string` | n/a | yes | -| build\_compute\_type | `CodeBuild` instance size. Possible values are: `BUILD_GENERAL1_SMALL` `BUILD_GENERAL1_MEDIUM` `BUILD_GENERAL1_LARGE` | `string` | `"BUILD_GENERAL1_SMALL"` | no | -| build\_image | Docker image for build environment, _e.g._ `aws/codebuild/docker:docker:17.09.0` | `string` | `"aws/codebuild/docker:17.09.0"` | no | -| build\_timeout | How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed | `number` | `60` | no | -| buildspec | Declaration to use for building the project. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `""` | no | -| cache\_bucket\_suffix\_enabled | The cache bucket generates a random 13 character string to generate a unique bucket name. If set to false it uses terraform-null-label's id value. It only works when cache\_type is 'S3' | `bool` | `true` | no | -| cache\_type | The type of storage that will be used for the AWS CodeBuild project cache. Valid values: NO\_CACHE, LOCAL, and S3. Defaults to S3. If cache\_type is S3, it will create an S3 bucket for storing codebuild cache inside | `string` | `"S3"` | no | -| codestar\_connection\_arn | CodeStar connection ARN required for Bitbucket integration with CodePipeline | `string` | `""` | no | -| context | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | -| delimiter | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | -| ecs\_cluster\_name | ECS Cluster Name | `string` | n/a | yes | -| enabled | Set to false to prevent the module from creating any resources | `bool` | `null` | no | -| environment | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | -| environment\_variables | A list of maps, that contain both the key 'name' and the key 'value' to be used as additional environment variables for the build | 
list(object(
    {
      name  = string
      value = string
  }))
| `[]` | no | -| github\_oauth\_token | GitHub OAuth Token with permissions to access private repositories | `string` | `""` | no | -| github\_webhook\_events | A list of events which should trigger the webhook. See a list of [available events](https://developer.github.com/v3/activity/events/types/) | `list(string)` | 
[
  "push"
]
| no | -| github\_webhooks\_token | GitHub OAuth Token with permissions to create webhooks. If not provided, can be sourced from the `GITHUB_TOKEN` environment variable | `string` | `""` | no | -| id\_length\_limit | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | -| image\_repo\_name | ECR repository name to store the Docker image built by this module. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | `string` | n/a | yes | -| image\_tag | Docker image tag in the ECR repository, e.g. 'latest'. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | `string` | `"latest"` | no | -| label\_key\_case | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | -| label\_order | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | -| label\_value\_case | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | -| local\_cache\_modes | Specifies settings that AWS CodeBuild uses to store and reuse build dependencies. Valid values: LOCAL\_SOURCE\_CACHE, LOCAL\_DOCKER\_LAYER\_CACHE, and LOCAL\_CUSTOM\_CACHE | `list(string)` | `[]` | no | -| name | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no | -| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no | -| poll\_source\_changes | Periodically check the location of your source content and run the pipeline if changes are detected | `bool` | `false` | no | -| privileged\_mode | If set to true, enables running the Docker daemon inside a Docker container on the CodeBuild instance. Used when building Docker images | `bool` | `false` | no | -| regex\_replace\_chars | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | -| region | AWS Region, e.g. us-east-1. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | `string` | n/a | yes | -| repo\_name | GitHub repository name of the application to be built and deployed to ECS | `string` | n/a | yes | -| repo\_owner | GitHub Organization or Username | `string` | n/a | yes | -| s3\_bucket\_force\_destroy | A boolean that indicates all objects should be deleted from the CodePipeline artifact store S3 bucket so that the bucket can be destroyed without error | `bool` | `false` | no | -| secondary\_artifact\_bucket\_id | Optional bucket for secondary artifact deployment. If specified, the buildspec must include a secondary artifacts section which controls the artifacts deployed to the bucket [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `null` | no | -| secondary\_artifact\_encryption\_enabled | If set to true, enable encryption on the secondary artifact bucket | `bool` | `false` | no | -| secondary\_artifact\_identifier | Identifier for optional secondary artifact deployment. If specified, the identifier must appear in the buildspec as the name of the section which controls the artifacts deployed to the secondary artifact bucket [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `null` | no | -| service\_name | ECS Service Name | `string` | n/a | yes | -| stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | -| tags | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | -| webhook\_authentication | The type of authentication to use. One of IP, GITHUB\_HMAC, or UNAUTHENTICATED | `string` | `"GITHUB_HMAC"` | no | -| webhook\_enabled | Set to false to prevent the module from creating any webhook resources | `bool` | `true` | no | -| webhook\_filter\_json\_path | The JSON path to filter on | `string` | `"$.ref"` | no | -| webhook\_filter\_match\_equals | The value to match on (e.g. refs/heads/{Branch}) | `string` | `"refs/heads/{Branch}"` | no | -| webhook\_target\_action | The name of the action in a pipeline you want to connect to the webhook. The action must be from the source (first) stage of the pipeline | `string` | `"Source"` | no | +| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional tags for appending to tags\_as\_list\_of\_maps. Not added to `tags`. | `map(string)` | `{}` | no | +| [attributes](#input\_attributes) | Additional attributes (e.g. `1`) | `list(string)` | `[]` | no | +| [aws\_account\_id](#input\_aws\_account\_id) | AWS Account ID. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | `string` | `""` | no | +| [badge\_enabled](#input\_badge\_enabled) | Generates a publicly-accessible URL for the projects build badge. Available as badge\_url attribute when enabled | `bool` | `false` | no | +| [branch](#input\_branch) | Branch of the GitHub repository, _e.g._ `master` | `string` | n/a | yes | +| [build\_compute\_type](#input\_build\_compute\_type) | `CodeBuild` instance size. Possible values are: `BUILD_GENERAL1_SMALL` `BUILD_GENERAL1_MEDIUM` `BUILD_GENERAL1_LARGE` | `string` | `"BUILD_GENERAL1_SMALL"` | no | +| [build\_image](#input\_build\_image) | Docker image for build environment, _e.g._ `aws/codebuild/docker:docker:17.09.0` | `string` | `"aws/codebuild/docker:17.09.0"` | no | +| [build\_timeout](#input\_build\_timeout) | How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed | `number` | `60` | no | +| [buildspec](#input\_buildspec) | Declaration to use for building the project. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `""` | no | +| [cache\_bucket\_suffix\_enabled](#input\_cache\_bucket\_suffix\_enabled) | The cache bucket generates a random 13 character string to generate a unique bucket name. If set to false it uses terraform-null-label's id value. It only works when cache\_type is 'S3' | `bool` | `true` | no | +| [cache\_type](#input\_cache\_type) | The type of storage that will be used for the AWS CodeBuild project cache. Valid values: NO\_CACHE, LOCAL, and S3. Defaults to S3. If cache\_type is S3, it will create an S3 bucket for storing codebuild cache inside | `string` | `"S3"` | no | +| [codebuild\_vpc\_config](#input\_codebuild\_vpc\_config) | Configuration for the builds to run inside a VPC. | `any` | `{}` | no | +| [codestar\_connection\_arn](#input\_codestar\_connection\_arn) | CodeStar connection ARN required for Bitbucket integration with CodePipeline | `string` | `""` | no | +| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | 
{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {}
}
| no | +| [delimiter](#input\_delimiter) | Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all. | `string` | `null` | no | +| [ecs\_cluster\_name](#input\_ecs\_cluster\_name) | ECS Cluster Name | `string` | n/a | yes | +| [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no | +| [environment](#input\_environment) | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no | +| [environment\_variables](#input\_environment\_variables) | A list of maps, that contain both the key 'name' and the key 'value' to be used as additional environment variables for the build | 
list(object(
    {
      name  = string
      value = string
  }))
| `[]` | no | +| [github\_oauth\_token](#input\_github\_oauth\_token) | GitHub OAuth Token with permissions to access private repositories | `string` | `""` | no | +| [github\_webhook\_events](#input\_github\_webhook\_events) | A list of events which should trigger the webhook. See a list of [available events](https://developer.github.com/v3/activity/events/types/) | `list(string)` | 
[
  "push"
]
| no | +| [github\_webhooks\_token](#input\_github\_webhooks\_token) | GitHub OAuth Token with permissions to create webhooks. If not provided, can be sourced from the `GITHUB_TOKEN` environment variable | `string` | `""` | no | +| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`. | `number` | `null` | no | +| [image\_repo\_name](#input\_image\_repo\_name) | ECR repository name to store the Docker image built by this module. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | `string` | n/a | yes | +| [image\_tag](#input\_image\_tag) | Docker image tag in the ECR repository, e.g. 'latest'. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | `string` | `"latest"` | no | +| [label\_key\_case](#input\_label\_key\_case) | The letter case of label keys (`tag` names) (i.e. `name`, `namespace`, `environment`, `stage`, `attributes`) to use in `tags`.
Possible values: `lower`, `title`, `upper`.
Default value: `title`. | `string` | `null` | no | +| [label\_order](#input\_label\_order) | The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present. | `list(string)` | `null` | no | +| [label\_value\_case](#input\_label\_value\_case) | The letter case of output label values (also used in `tags` and `id`).
Possible values: `lower`, `title`, `upper` and `none` (no transformation).
Default value: `lower`. | `string` | `null` | no | +| [local\_cache\_modes](#input\_local\_cache\_modes) | Specifies settings that AWS CodeBuild uses to store and reuse build dependencies. Valid values: LOCAL\_SOURCE\_CACHE, LOCAL\_DOCKER\_LAYER\_CACHE, and LOCAL\_CUSTOM\_CACHE | `list(string)` | `[]` | no | +| [name](#input\_name) | Solution name, e.g. 'app' or 'jenkins' | `string` | `null` | no | +| [namespace](#input\_namespace) | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | `string` | `null` | no | +| [poll\_source\_changes](#input\_poll\_source\_changes) | Periodically check the location of your source content and run the pipeline if changes are detected | `bool` | `false` | no | +| [privileged\_mode](#input\_privileged\_mode) | If set to true, enables running the Docker daemon inside a Docker container on the CodeBuild instance. Used when building Docker images | `bool` | `false` | no | +| [regex\_replace\_chars](#input\_regex\_replace\_chars) | Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no | +| [region](#input\_region) | AWS Region, e.g. us-east-1. Used as CodeBuild ENV variable when building Docker images. [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html) | `string` | n/a | yes | +| [repo\_name](#input\_repo\_name) | GitHub repository name of the application to be built and deployed to ECS | `string` | n/a | yes | +| [repo\_owner](#input\_repo\_owner) | GitHub Organization or Username | `string` | n/a | yes | +| [s3\_bucket\_force\_destroy](#input\_s3\_bucket\_force\_destroy) | A boolean that indicates all objects should be deleted from the CodePipeline artifact store S3 bucket so that the bucket can be destroyed without error | `bool` | `false` | no | +| [secondary\_artifact\_bucket\_id](#input\_secondary\_artifact\_bucket\_id) | Optional bucket for secondary artifact deployment. If specified, the buildspec must include a secondary artifacts section which controls the artifacts deployed to the bucket [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `null` | no | +| [secondary\_artifact\_encryption\_enabled](#input\_secondary\_artifact\_encryption\_enabled) | If set to true, enable encryption on the secondary artifact bucket | `bool` | `false` | no | +| [secondary\_artifact\_identifier](#input\_secondary\_artifact\_identifier) | Identifier for optional secondary artifact deployment. If specified, the identifier must appear in the buildspec as the name of the section which controls the artifacts deployed to the secondary artifact bucket [For more info](http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html) | `string` | `null` | no | +| [service\_name](#input\_service\_name) | ECS Service Name | `string` | n/a | yes | +| [stage](#input\_stage) | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no | +| [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit','XYZ')` | `map(string)` | `{}` | no | +| [webhook\_authentication](#input\_webhook\_authentication) | The type of authentication to use. One of IP, GITHUB\_HMAC, or UNAUTHENTICATED | `string` | `"GITHUB_HMAC"` | no | +| [webhook\_enabled](#input\_webhook\_enabled) | Set to false to prevent the module from creating any webhook resources | `bool` | `true` | no | +| [webhook\_filter\_json\_path](#input\_webhook\_filter\_json\_path) | The JSON path to filter on | `string` | `"$.ref"` | no | +| [webhook\_filter\_match\_equals](#input\_webhook\_filter\_match\_equals) | The value to match on (e.g. refs/heads/{Branch}) | `string` | `"refs/heads/{Branch}"` | no | +| [webhook\_target\_action](#input\_webhook\_target\_action) | The name of the action in a pipeline you want to connect to the webhook. The action must be from the source (first) stage of the pipeline | `string` | `"Source"` | no | ## Outputs | Name | Description | |------|-------------| -| badge\_url | The URL of the build badge when badge\_enabled is enabled | -| codebuild\_badge\_url | The URL of the build badge when badge\_enabled is enabled | -| codebuild\_cache\_bucket\_arn | CodeBuild cache S3 bucket ARN | -| codebuild\_cache\_bucket\_name | CodeBuild cache S3 bucket name | -| codebuild\_project\_id | CodeBuild project ID | -| codebuild\_project\_name | CodeBuild project name | -| codebuild\_role\_arn | CodeBuild IAM Role ARN | -| codebuild\_role\_id | CodeBuild IAM Role ID | -| codepipeline\_arn | CodePipeline ARN | -| codepipeline\_id | CodePipeline ID | -| webhook\_id | The CodePipeline webhook's ID | -| webhook\_url | The CodePipeline webhook's URL. POST events to this endpoint to trigger the target | +| [badge\_url](#output\_badge\_url) | The URL of the build badge when badge\_enabled is enabled | +| [codebuild\_badge\_url](#output\_codebuild\_badge\_url) | The URL of the build badge when badge\_enabled is enabled | +| [codebuild\_cache\_bucket\_arn](#output\_codebuild\_cache\_bucket\_arn) | CodeBuild cache S3 bucket ARN | +| [codebuild\_cache\_bucket\_name](#output\_codebuild\_cache\_bucket\_name) | CodeBuild cache S3 bucket name | +| [codebuild\_project\_id](#output\_codebuild\_project\_id) | CodeBuild project ID | +| [codebuild\_project\_name](#output\_codebuild\_project\_name) | CodeBuild project name | +| [codebuild\_role\_arn](#output\_codebuild\_role\_arn) | CodeBuild IAM Role ARN | +| [codebuild\_role\_id](#output\_codebuild\_role\_id) | CodeBuild IAM Role ID | +| [codepipeline\_arn](#output\_codepipeline\_arn) | CodePipeline ARN | +| [codepipeline\_id](#output\_codepipeline\_id) | CodePipeline ID | +| [codepipeline\_resource](#output\_codepipeline\_resource) | CodePipeline resource | +| [webhook\_id](#output\_webhook\_id) | The CodePipeline webhook's ID | +| [webhook\_url](#output\_webhook\_url) | The CodePipeline webhook's URL. POST events to this endpoint to trigger the target | From 0986f0a0ca80025d029c5c1b81796442a5c53deb Mon Sep 17 00:00:00 2001 From: Joe Niland Date: Wed, 21 Apr 2021 13:41:51 +1000 Subject: [PATCH 8/9] revert removal of IAM policy condition for UseConnection --- main.tf | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/main.tf b/main.tf index 013c0ed..7567a6c 100644 --- a/main.tf +++ b/main.tf @@ -186,13 +186,13 @@ data "aws_iam_policy_document" "codestar" { "codestar-connections:UseConnection" ] - # condition { - # test = "StringLike" - # variable = "codestar-connections:FullRepositoryId" - # values = [ - # format("%s/%s", var.repo_owner, var.repo_name) - # ] - # } + condition { + test = "StringLike" + variable = "codestar-connections:FullRepositoryId" + values = [ + format("%s/%s", var.repo_owner, var.repo_name) + ] + } resources = [var.codestar_connection_arn] effect = "Allow" From f935176bc0999eb5af09329a4ea556056877acf1 Mon Sep 17 00:00:00 2001 From: Joe Niland Date: Wed, 21 Apr 2021 13:57:34 +1000 Subject: [PATCH 9/9] fix null input to lookup() --- outputs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/outputs.tf b/outputs.tf index 3bf8918..652de5d 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,5 +1,5 @@ locals { - codepipeline_resource = try(element(concat(aws_codepipeline.default.*, aws_codepipeline.bitbucket.*), 0), null) + codepipeline_resource = try(element(concat(aws_codepipeline.default.*, aws_codepipeline.bitbucket.*), 0), {}) } output "badge_url" {