The AWS codepipeline for CD (i.e. deployment). Codepipeline is triggered by a lambda zip archive or an ECS imagedefinitions.json file upload to the S3 artifact bucket in the shared service account. The deploy stage then takes the input artifact and updates the lambda function code or ECS task definition in the current account.
- All code pipeline output artifacts are encrypted with the default S3 KMS key (alias aws/s3) in the same region.
- For ECS and ECR deployment, set
container_imagein the ECS task definition module to the ECR repository URL imported from the shared service account.
If s3_block_public_access is set to true, the block public access setting for the artifact bucket is enabled.
module "lambda_cd_pipeline" {
source = "github.com/globeandmail/aws-cd-codepipeline?ref=1.0"
name = "app-name"
deploy_type = "lambda"
svcs_account_artifact_bucket_arn = "svcs-account-artifact-bucket-arn"
svcs_account_artifact_bucket_id = "svcs-account-artifact-bucket-id"
svcs_account_artifact_object_name = "svcs-account-artifact-object-name"
svcs_account_kms_cmk_arn_for_s3 = "svcs-account-kms-cmk-arn-for-s3"
lambda_function_name = "lambda-function-name"
require_manual_approval = true
approve_sns_arn = "approve-sns-arn"
s3_block_public_access = true
tags = {
Environment = var.environment
}
}module "ecs_cd_pipeline" {
source = "github.com/globeandmail/aws-cd-codepipeline?ref=1.0"
name = "app-name"
deploy_type = "ecs"
svcs_account_artifact_bucket_arn = "svcs-account-artifact-bucket-arn"
svcs_account_artifact_bucket_id = "svcs-account-artifact-bucket-id"
svcs_account_artifact_object_name = "svcs-account-artifact-object-name"
svcs_account_kms_cmk_arn_for_s3 = "svcs-account-kms-cmk-arn-for-s3"
ecs_cluster_name = "ecs-cluster-name"
ecs_service_name = "ecs-service-name"
task_execution_role = "task-execution-role-name"
svcs_account_ecr_repository_name = "svcs-account-ecr-repository-name"
svcs_account_ecr_repository_url = "svcs-account-ecr-repository-url"
svcs_account_ecr_repository_arn = "svcs-account-ecr-repository-arn"
require_manual_approval = true
approve_sns_arn = "approve-sns-arn"
s3_block_public_access = true
tags = {
Environment = var.environment
}
}| Name | Version |
|---|---|
| terraform | >= 0.12 |
| Name | Version |
|---|---|
| aws | n/a |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| approve_sns_arn | (Optional) The ARN of the SNS topic in the approve stage. Required if var.require_manual_approval is true. |
string |
null |
no |
| approve_url | (Optional) The URL for review in the approve stage. It should begin with 'http://' or 'https://'. | string |
null |
no |
| deploy_function_name | (Optional) The name of the Lambda function in the account that will update the function code. | string |
"CodepipelineDeploy" |
no |
| deploy_type | (Required) Must be one of the following ( ecs, lambda ). | string |
n/a | yes |
| ecs_artifact_filename | (Optional) The name of the ECS deploy artifact. | string |
null |
no |
| ecs_cluster_name | (Optional) The name of the ECS cluster. Required if var.deploy_type is ecs. | string |
null |
no |
| ecs_service_name | (Optional) The name of the ECS service. Required if var.deploy_type is ecs. | string |
null |
no |
| lambda_function_alias | (Optional) The name of the Lambda function alias that gets passed to the UserParameters data in the deploy stage. | string |
"live" |
no |
| lambda_function_name | (Optional) The name of the lambda function to update. Required if var.deploy_type is lambda. | string |
null |
no |
| name | (Required) The name associated with the pipeline and assoicated resources. i.e.: app-name. | string |
n/a | yes |
| require_manual_approval | (Optional) Create the approval stage in the codepipeline. Defaults to false. | bool |
false |
no |
| s3_block_public_access | (Optional) Enable the S3 block public access setting for the artifact bucket. | bool |
false |
no |
| s3_bucket_force_destroy | (Optional) Delete all objects in S3 bucket upon bucket deletion. S3 objects are not recoverable. Defaults to true. |
bool |
true |
no |
| svcs_account_artifact_bucket_arn | (Optional) The ARN of the S3 bucket that stores the codebuild artifacts. The bucket is created in the shared service account. Required if var.deploy_type is lambda or ecs. |
string |
null |
no |
| svcs_account_artifact_bucket_id | (Optional) The name of the S3 bucket that stores the codebuild artifacts. The bucket is created in the shared service account. Required if var.deploy_type is lambda or ecs. |
string |
null |
no |
| svcs_account_artifact_object_name | (Optional) The key of the S3 object that triggers codepipeline. The object is created in the shared service account. Required if var.deploy_type is lambda or ecs. |
string |
null |
no |
| svcs_account_ecr_repository_arn | (Optional) The ARN of the ECR repository. The repository is created in the shared service account. Required if var.deploy_type is ecs. |
string |
null |
no |
| svcs_account_ecr_repository_name | (Optional) The name of the ECR repository. The repository is created in the shared service account. Required if var.deploy_type is ecs. |
string |
null |
no |
| svcs_account_ecr_repository_url | (Optional) The URL of the ECR repository. The repository is created in the shared service account. Required if var.deploy_type is ecs. |
string |
null |
no |
| svcs_account_kms_cmk_arn_for_s3 | (Optional) The single-region AWS KMS customer managed key ARN for encrypting s3 artifacts. The key is created in the shared service account. Required if var.deploy_type is lambda or ecs. |
string |
null |
no |
| tags | (Optional) A mapping of tags to assign to the resource. | map |
{} |
no |
| task_execution_role | (Optional) The name of the ECS task execution role. Required if var.deploy_type is ecs. | string |
"ecsTaskExecutionRole" |
no |
| Name | Description |
|---|---|
| artifact_bucket_arn | n/a |
| artifact_bucket_id | n/a |
| codepipeline_arn | n/a |
| codepipeline_id | n/a |