aws_codebuild_project problem with buildspec from S3

[dvir-frey]

When creating a build project (in AWS CodeBuild) and setting up the buildspec file to use a path from s3 (ARN) in the source section, it creates the project and puts the ARN as an inline command and not as the path for the file. Does anyone know why this is and how to fix this?

resource "aws_codebuild_project" "test" {
name = "test"
description = "test"
build_timeout = "60"
service_role = aws_iam_role.test

artifacts {
type = "NO_ARTIFACTS"
}

environment {
compute_type = "BUILD_GENERAL1_SMALL"
image = "aws/codebuild/standard:1.0"
type = "LINUX_CONTAINER"
image_pull_credentials_type = "CODEBUILD"
}

source {
type = "GITHUB"
location = "https://github.com/path-to-ptoject.git"
git_clone_depth = 5
buildspec = "arn:aws:path/to/buildspec.yml"
}
source_version = "master"
}

[kjagiello]

The buildspec attribute takes the content of the buildspec file you want the pipeline to use, so no way of putting a reference to an S3 object there. If you want the buildspec file to be the content of an S3 object, you could do it this way instead:

data "aws_s3_bucket_object" "buildspec" {
  bucket = "your-bucket"
  key    = "buildspec.yml"
}

resource "aws_codebuild_project" "test" {
  name          = "test"
  description   = "test"
  build_timeout = "60"
  service_role  = aws_iam_role.test

  artifacts {
    type = "NO_ARTIFACTS"
  }

  environment {
    compute_type                = "BUILD_GENERAL1_SMALL"
    image                       = "aws/codebuild/standard:1.0"
    type                        = "LINUX_CONTAINER"
    image_pull_credentials_type = "CODEBUILD"
  }

  source {
    type            = "GITHUB"
    location        = "https://github.com/path-to-ptoject.git"
    git_clone_depth = 5
    buildspec       = data.aws_s3_bucket_object.buildspec.body
  }

  source_version = "master"
}

Just make sure that the object has a Content-Type set to a value starting with text/, as per the documentation[1].

[1] https://www.terraform.io/docs/providers/aws/d/s3_bucket_object.html

[dvir-frey]

hi this is a workaround which is really bad
because every-time i will want to create it again i will have to first create the bucket and the object first

[kjagiello]

Not sure I understand you correctly. I assumed that you had your buildspec.yml already laying in a bucket, so that workaround above would work for you. What are you trying to achieve?

I have stumbled upon this issue when I was doing something similar, but in my case my buildspec.yml lives in the same repo as my Terraform code, so what I'm doing instead is to input the local file to the buildspec attribute like this:

  source {
    // ...
    buildspec = file("${path.module}/buildspec.yml")
  }

[dvir-frey]

i want the buildspec to be with the terraform code so if i am deploying to different region the the terraform is putting it in a new bucket in that region and so on
i will try your fix thanks
any way for now i just added the buildspec to the source code with different rebt names per region i just wanted it to be separated form the source code which is owned by the developers .

[justinretzolk]

Hey @dvir-frey 👋 Thank you for taking the time to file this issue, and for the ongoing discussion. Given that there's been a bit of time, and a number of AWS Provider releases since you initially filed this, I wanted to follow up here and see if you're still experiencing issues. Can you confirm whether you were able to get past this?