Implement AWS CodeBuild (#1)

goruha · web-flow · commit 2a23e933bf27 · 2017-08-09T23:10:45.000+06:00
* Initial

* Remove provider vars

* Added outputs

* Fix hardcoded values

* Added default image

* Grant perms

* Grant perms

* Fix bump version

* Added readme

* Update README.md

* fmt

* fmt

* Added module param

* Update README.md

* Update readme

* Readme fix
diff --git a/README.md b/README.md
@@ -1 +1,46 @@
-# tf_codebuild
+# tf_codebuild
+
+Terraform config to create codebuild project for codepipeline
+
+## Usage
+
+Include this repository as a module in your existing terraform code:
+
+```
+module "build" {
+  source    = "git::https://github.com/cloudposse/tf_codebuild.git"
+  namespace = "general"
+  name      = "ci"
+  stage     = "staging"
+
+  image         = "apline"
+  instance_size = "BUILD_GENERAL1_SMALL"
+}
+```
+
+Grant appropriate permsissions to s3
+
+```
+resource "aws_iam_role_policy_attachment" "codebuild_s3" {
+  role   = "${module.build.role_arn}"
+  policy_arn = "${aws_iam_policy.s3.arn}"
+}
+```
+
+## Input
+
+| Name          | Default              | Decription                                                                                                                     |
+|:-------------:|:--------------------:|:------------------------------------------------------------------------------------------------------------------------------:|
+| namespace     | global               | Namespace                                                                                                                      |
+| stage         | default              | Stage                                                                                                                          |
+| name          | codebuild            | Name                                                                                                                           |
+| image         | alpine               | Docker image used as environment                                                                                               |
+| instance_size | BUILD_GENERAL1_SMALL | Instance size for job.  Possible values are: ```BUILD_GENERAL1_SMALL``` ```BUILD_GENERAL1_MEDIUM``` ```BUILD_GENERAL1_LARGE``` |
+
+## Output
+
+| Name         | Decription             |
+|:------------:|:----------------------:|
+| project_name | CodeBuild project name |
+| project_id   | CodeBuild project arn  |
+| role_arn     | IAM Role arn           |
diff --git a/main.tf b/main.tf
@@ -0,0 +1,80 @@
+# Define composite variables for resources
+module "label" {
+  source    = "git::https://github.com/cloudposse/tf_label.git?ref=tags/0.1.0"
+  namespace = "${var.namespace}"
+  name      = "${var.name}"
+  stage     = "${var.stage}"
+}
+
+resource "aws_iam_role" "default" {
+  name               = "${module.label.id}"
+  assume_role_policy = "${data.aws_iam_policy_document.role.json}"
+}
+
+data "aws_iam_policy_document" "role" {
+  statement {
+    sid = ""
+
+    actions = [
+      "sts:AssumeRole",
+    ]
+
+    principals {
+      type        = "Service"
+      identifiers = ["codebuild.amazonaws.com"]
+    }
+
+    effect = "Allow"
+  }
+}
+
+resource "aws_iam_policy" "default" {
+  name   = "${module.label.id}"
+  path   = "/service-role/"
+  policy = "${data.aws_iam_policy_document.logs.json}"
+}
+
+data "aws_iam_policy_document" "logs" {
+  statement {
+    sid = ""
+
+    actions = [
+      "logs:CreateLogGroup",
+      "logs:CreateLogStream",
+      "logs:PutLogEvents",
+    ]
+
+    effect = "Allow"
+
+    resources = [
+      "*",
+    ]
+  }
+}
+
+resource "aws_iam_policy_attachment" "default" {
+  name       = "${module.label.id}"
+  policy_arn = "${aws_iam_policy.default.arn}"
+  roles      = ["${aws_iam_role.default.id}"]
+}
+
+resource "aws_codebuild_project" "default" {
+  name         = "${module.label.id}"
+  service_role = "${aws_iam_role.default.arn}"
+
+  artifacts {
+    type = "CODEPIPELINE"
+  }
+
+  environment {
+    compute_type = "${var.instance_size}"
+    image        = "${var.image}"
+    type         = "LINUX_CONTAINER"
+  }
+
+  source {
+    type = "CODEPIPELINE"
+  }
+
+  tags = "${module.label.tags}"
+}
diff --git a/outputs.tf b/outputs.tf
@@ -0,0 +1,11 @@
+output "project_name" {
+  value = "${aws_codebuild_project.default.name}"
+}
+
+output "project_id" {
+  value = "${aws_codebuild_project.default.id}"
+}
+
+output "role_arn" {
+  value = "${aws_iam_role.default.id}"
+}
diff --git a/variables.tf b/variables.tf
@@ -0,0 +1,19 @@
+variable "namespace" {
+  default = "global"
+}
+
+variable "stage" {
+  default = "default"
+}
+
+variable "name" {
+  default = "codebuild"
+}
+
+variable "image" {
+  default = "alpine"
+}
+
+variable "instance_size" {
+  default = "BUILD_GENERAL1_SMALL"
+}
