Creates a codebuild project and S3 artifact bucket to be used with codepipeline.
module "codebuild_project" {
source = "github.com/globeandmail/aws-codebuild-project?ref=2.2"
name = var.name
deploy_type = var.deploy_type
ecr_name = var.ecr_name
build_compute_type = var.build_compute_type
use_docker_credentials = var.use_docker_credentials
buildspec = var.buildspec
tags = var.tags
use_repo_access_github_token = var.use_repo_access_github_token
svcs_account_github_token_aws_secret_arn = var.svcs_account_github_token_aws_secret_arn
svcs_account_aws_kms_cmk_arn = var.svcs_account_aws_kms_cmk_arn
s3_block_public_access = var.s3_block_public_access
use_sysdig_api_token = var.use_sysdig_api_token
svcs_account_sysdig_api_token_aws_secret_arn = var.svcs_account_sysdig_api_token_aws_secret_arn
}| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| build_compute_type | (Optional) build environment compute type | string |
"BUILD_GENERAL1_SMALL" |
no |
| buildspec | build spec file other than buildspec.yml | string |
"buildspec.yml" |
no |
| codebuild_image | (Optional) The codebuild image to use | string |
"aws/codebuild/amazonlinux2-x86_64-standard:1.0" |
no |
| deploy_type | (Required) Must be one of the following ( ecr, ecs, lambda ) | string |
n/a | yes |
| ecr_name | (Optional) The name of the ECR repo. Required if var.deploy_type is ecr or ecs | string |
null |
no |
| env_repo_name | n/a | object({ |
null |
no |
| logs_retention_in_days | (Optional) Days to keep the cloudwatch logs for this codebuild project | number |
14 |
no |
| name | (Required) The name of the codebuild project and artifact bucket | string |
n/a | yes |
| privileged_mode | set privileged_mode flag for docker container use | bool |
false |
no |
| s3_block_public_access | (Optional) Enable the S3 block public access setting for the artifact bucket. | bool |
false |
no |
| svcs_account_aws_kms_cmk_arn | (Optional) The us-east-1 region AWS KMS customer managed key ARN for encrypting all AWS secrets. The key is created in the shared service account. Required if var.use_repo_access_github_token or var.use_sysdig_api_token is true. |
string |
null |
no |
| svcs_account_github_token_aws_secret_arn | (Optional) The AWS secret ARN for the repo access Github token. The secret is created in the shared service account. Required if var.use_repo_access_github_token is true. |
string |
null |
no |
| svcs_account_sysdig_api_token_aws_secret_arn | (Optional) The AWS secret ARN for the sysdig API token. The secret is created in the shared service account. Required if var.use_sysdig_api_token is true. |
string |
null |
no |
| tags | (Optional) A mapping of tags to assign to the resource | map(any) |
{} |
no |
| use_docker_credentials | (Optional) Use dockerhub credentals stored in parameter store | bool |
false |
no |
| use_repo_access_github_token | (Optional) Allow the AWS codebuild IAM role read access to the REPO_ACCESS_GITHUB_TOKEN secrets manager secret in the shared service account. Defaults to false. |
bool |
false |
no |
| use_sysdig_api_token | (Optional) Allow the AWS codebuild IAM role read access to the SYSDIG_API_TOKEN secrets manager secret in the shared service account. Defaults to false. |
bool |
false |
no |
| Name | Description |
|---|---|
| artifact_bucket_arn | n/a |
| artifact_bucket_id | n/a |
| code_build_iam_role_name | n/a |
| codebuild_project_arn | n/a |
| codebuild_project_id | n/a |