correcting build.yml

damienjburks · damienjburks · commit f6509b14f942 · 2024-11-21T09:16:33.000-06:00
diff --git a/terraform/eks-cluster/modules/eks/main.tf b/terraform/eks-cluster/modules/eks/main.tf
@@ -42,6 +42,11 @@ resource "aws_iam_role_policy_attachment" "eks_vpc_policy" {
   policy_arn = "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController"
 }
 
+resource "aws_iam_role_policy_attachment" "eks_ec2_policy" {
+  role       = aws_iam_role.eks_cluster_role.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
+}
+
 # Create Node Group IAM Role
 resource "aws_iam_role" "eks_node_role" {
   name = "${var.cluster_name}-eks-node-role"
diff --git a/terraform/pipelines/buildspecs/awsome-fastapi/build.yml b/terraform/pipelines/buildspecs/awsome-fastapi/build.yml
@@ -46,45 +46,19 @@ phases:
               - name: $IMAGE_REPO_NAME
                 image: $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/$IMAGE_REPO_NAME:latest
                 ports:
-                - containerPort: 80
-        ---
-        apiVersion: v1
-        kind: Service
-        metadata:
-          name: $IMAGE_REPO_NAME-service
-          namespace: default
-          labels:
-            app: $IMAGE_REPO_NAME
-        spec:
-          selector:
-            app: $IMAGE_REPO_NAME
-          ports:
-            - protocol: TCP
-              port: 80
-              targetPort: 80
-          type: ClusterIP  # Changed from LoadBalancer since we'll use an Ingress
-        ---
-        apiVersion: networking.k8s.io/v1
-        kind: Ingress
-        metadata:
-          name: $IMAGE_REPO_NAME-ingress
-          annotations:
-            kubernetes.io/ingress.class: alb
-            alb.ingress.kubernetes.io/scheme: internet-facing
-            alb.ingress.kubernetes.io/target-type: ip
-            alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
-            alb.ingress.kubernetes.io/ssl-redirect: '443'
-        spec:
-          rules:
-            - http:
-                paths:
-                  - path: /
-                    pathType: Prefix
-                    backend:
-                      service:
-                        name: $IMAGE_REPO_NAME-service
-                        port:
-                          number: 80
+                - containerPort: 8080
+                livenessProbe:
+                  httpGet:
+                    path: /
+                    port: 80
+                  initialDelaySeconds: 10
+                  periodSeconds: 5
+                readinessProbe:
+                  httpGet:
+                    path: /
+                    port: 80
+                  initialDelaySeconds: 10
+                  periodSeconds: 5
         EOF
 artifacts:
   files:
diff --git a/terraform/pipelines/modules/codepipeline/main.tf b/terraform/pipelines/modules/codepipeline/main.tf
@@ -178,8 +178,9 @@ resource "aws_iam_role_policy_attachment" "eks_buildprj_attach_role" {
 
 # Pipeline
 resource "aws_codepipeline" "pipeline" {
-  name     = var.repo_name
-  role_arn = aws_iam_role.pipeline_role.arn
+  name          = var.repo_name
+  role_arn      = aws_iam_role.pipeline_role.arn
+  pipeline_type = "V2"
 
   artifact_store {
     type     = "S3"
@@ -226,8 +227,8 @@ resource "aws_codepipeline" "pipeline" {
   }
 
   # Static Analysis Stage
-  /*stage {
-    name = "StaticAnalysis"
+  stage {
+    name = "Test"
 
     action {
       name            = "StaticCodeAnalysis"
@@ -241,11 +242,6 @@ resource "aws_codepipeline" "pipeline" {
         ProjectName = aws_codebuild_project.static_analysis_project.name
       }
     }
-  }
-
-  # Open Source Scanning Stage
-  stage {
-    name = "OSSSecurityScan"
 
     action {
       name            = "OSSDependencyScan"
@@ -259,7 +255,9 @@ resource "aws_codepipeline" "pipeline" {
         ProjectName = aws_codebuild_project.oss_scanning_project.name
       }
     }
-  }*/
+  }
+
+  # Open Source Scanning Stage
 
   stage {
     name = "Deploy"
