Skip to content

Terraform module for creating an AWS CodeCommit repo with Trigger for SQS and Queue that works with Jenkins CodeCommit Trigger Plugin

License

Notifications You must be signed in to change notification settings

riboseinc/tf-codecommit-sqs

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Terraform Module For CodeCommit + SQS

Warning
The latest version of this module is available on the Terraform Registry and development moved to terraform-aws-codecommit-sqs

CodeCommit repos created using this terraform module is compatible with the Jenkins AWS CodeCommit Trigger Plugin, i.e., changes to the git repo automatically triggers the plugin.

Sample Usage

variable "aws-account-id" {
  default = "my-aws-account-id"
}

variable "aws-region" {
  default = "my-aws-region"
}

variable "sns-topic-prefix" {
  default = "codecommit-"
}

variable "sns-topic-suffix" {
  default = "-topic"
}

provider "aws" {
  region = "${var.aws-region}"
  alias = "default"
}

resource "aws_sqs_queue" "main" {
  name = "codecommit-notifications-queue"
  delay_seconds = 90
  max_message_size = 2048
  message_retention_seconds = 86400
  receive_wait_time_seconds = 10
}

resource "aws_sqs_queue_policy" "sns" {
  queue_url = "${aws_sqs_queue.main.id}"
  policy = "${data.aws_iam_policy_document.sns-sqs-policy.json}"
}

data "aws_iam_policy_document" "sns-sqs-policy" {
  policy_id = "arn:aws:sqs:us-east-1:${var.aws-account-id}:testing/SQSDefaultPolicy"

  statement {
    sid = "SubscribeToSNS"
    effect = "Allow"
    principals {
      type = "AWS"
      identifiers = [ "*" ]
    }
    actions = [ "SQS:SendMessage" ]
    resources = [ "${aws_sqs_queue.main.arn}" ]
    condition {
      test = "ArnLike"
      variable = "aws:SourceArn"
      values = [ "arn:aws:sns:${var.aws-region}:${var.aws-account-id}:${var.sns-topic-prefix}*${var.sns-topic-suffix}" ]
    }
  }
}

module "cc-example_repo" {
  source = "github.com/riboseinc/tf-codecommit-sqs"
  reponame = "example-repo"
  aws-account-id = "${var.aws-account-id}"
  sqs-arn = "${aws_sqs_queue.main.arn}"
  sqs-id = "${aws_sqs_queue.main.id}"
  topic-prefix = "${var.sns-topic-prefix}"
  topic-suffix = "${var.sns-topic-suffix}"
  # email-sns-arn = "${aws_sns_topic.codecommit-email.arn}"

  providers = {
    aws = "aws.default"
  }
}

output "cc-example_repo-cc-arn" {
  value = "${module.cc-example_repo.cc-arn}"
}
output "cc-example_repo-sns-name" {
  value = "${module.cc-example_repo.sns-name}"
}
output "cc-example_repo-sns-arn" {
  value = "${module.cc-example_repo.sns-arn}"
}

Enabling With An Email Notification

Some people prefer receiving an email on every commit.

This is how you set it up.

resource "aws_sns_topic" "codecommit-email" {
  name = "codecommit-email-notifications"
  display_name = "CodeCommit notifications"
}

resource "aws_sns_topic_policy" "codecommit-email-sns-policy" {
  arn = "${aws_sns_topic.codecommit-email.arn}"
  policy = "${data.aws_iam_policy_document.codecommit-email-sns-policy.json}"
}

data "aws_iam_policy_document" "codecommit-email-sns-policy" {
  statement {
    sid = "AllowSubscription"
    effect = "Allow"
    principals {
      type = "AWS"
      identifiers = [ "*" ]
    }
    actions = [
      "SNS:Publish",
      "SNS:RemovePermission",
      "SNS:SetTopicAttributes",
      "SNS:DeleteTopic",
      "SNS:ListSubscriptionsByTopic",
      "SNS:GetTopicAttributes",
      "SNS:Receive",
      "SNS:AddPermission",
      "SNS:Subscribe"
    ]
    resources = [ "${aws_sns_topic.codecommit-email.arn}" ]
    condition {
      test = "StringEquals"
      variable = "AWS:SourceOwner"
      values = [ "${var.aws-account-id}" ]
    }
  }

}

output "email-sns-arn" {
  value = "${aws_sns_topic.codecommit-email.arn}"
}

output "email-sns-name" {
  value = "${aws_sns_topic.codecommit-email.name}"
}

# Link it with this module
module "cc-example_repo" {
  source = "github.com/riboseinc/tf-codecommit-sqs"
  reponame = "example-repo"
  aws-account-id = "${var.aws-account-id}"
  email-sns-arn = "${aws_sns_topic.codecommit-email.arn}"
  topic-prefix = "${var.sns-topic-prefix}"
  topic-suffix = "${var.sns-topic-suffix}"
  sqs-arn = "${aws_sqs_queue.main.arn}"
  sqs-id = "${aws_sqs_queue.main.id}"
}

About

Terraform module for creating an AWS CodeCommit repo with Trigger for SQS and Queue that works with Jenkins CodeCommit Trigger Plugin

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages