sns notifications

README.md

@@ -97,6 +97,15 @@ module "pipeline" {
     security_group_ids = ["sg-001abcd2233ee4455"],
   }
 
+  notifications = {
+    sns_topic   = aws_sns_topic.this.arn
+    detail_type = "BASIC"
+    events = [
+      "codepipeline-pipeline-pipeline-execution-failed",
+      "codepipeline-pipeline-pipeline-execution-succeeded"
+    ]
+  }
+
   tags = join(",", [
     "Environment[Dev,Prod]",
     "Source"

codepipeline.tf

@@ -1,7 +1,7 @@
 // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 // SPDX-License-Identifier: MIT-0
 
 resource "aws_codepipeline" "this" {
   name           = var.pipeline_name
   pipeline_type  = "V2"
   role_arn       = aws_iam_role.codepipeline.arn
@@ -150,12 +150,10 @@
   statement {
     effect  = "Allow"
     actions = ["sts:AssumeRole"]
-
     principals {
       type        = "Service"
       identifiers = ["codepipeline.amazonaws.com"]
     }
-
     condition {
       test     = "StringEquals"
       variable = "aws:SourceArn"
@@ -217,5 +215,16 @@
       "arn:aws:codebuild:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:project/${var.pipeline_name}-*"
     ]
   }
+}
 
+resource "aws_codestarnotifications_notification_rule" "this" {
+  count          = var.notifications != null ? 1 : 0
+  name           = var.pipeline_name
+  detail_type    = var.notifications["detail_type"]
+  event_type_ids = var.notifications["events"]
+  resource       = aws_codepipeline.this.arn
+
+  target {
+    address = var.notifications["sns_topic"]
+  }
 }

docs/optional_inputs.md

@@ -24,6 +24,8 @@
 
 `vpc` configures the CodeBuild projects to [run in a VPC](https://docs.aws.amazon.com/codebuild/latest/userguide/vpc-support.html).
 
+`notifications` creates a [CodeStar notification](https://docs.aws.amazon.com/dtconsole/latest/userguide/welcome.html) for the pipeline. `sns_topic` is the SNS topic arn. `events` are the [notification events](https://docs.aws.amazon.com/dtconsole/latest/userguide/concepts.html#events-ref-pipeline). `detail_type` is either BASIC or FULL. The SNS topic must allow [codestar-notifications.amazonaws.com to publush to the topic](https://docs.aws.amazon.com/dtconsole/latest/userguide/notification-target-create.html). 
+
 `tags` enables tag validation with [tag-nag](https://github.com/jakebark/tag-nag). Input a list of tag keys and/or tag keys and values to enforce. Input must be passed as a string, see [commands](https://github.com/jakebark/tag-nag?tab=readme-ov-file#commands). 
 
 `tagnag_version` controls the [tag-nag](https://github.com/jakebark/tag-nag) version. It defaults to 0.5.8.

variables.tf

@@ -94,6 +94,16 @@ variable "mode" {
   }
 }
 
+variable "notifications" {
+  description = "SNS notification configuration"
+  type = object({
+    sns_topic   = string
+    events      = list(string)
+    detail_type = string
+  })
+  default = null
+}
+
 variable "tags" {
   description = "tags to check for"
   type        = string