Terraform module for AWS CodeBuild

Versions

• Module tested for Terraform 1.0.1.
• AWS provider version 3.74.
• main branch: Provider versions not pinned to keep up with Terraform releases.
• tags releases: Tags are pinned with versions (use ).

Usage

Option 1:

terrafrom init
terraform plan -var='teamid=tryme' -var='prjid=project1'
terraform apply -var='teamid=tryme' -var='prjid=project1'
terraform destroy -var='teamid=tryme' -var='prjid=project1'

Note: With this option please take care of remote state storage

Option 2:

Recommended method (stores remote state in S3 using prjid and teamid to create directory structure):

• Create python 3.6+ virtual environment

python3 -m venv <venv name>

• Install package:

pip install tfremote --upgrade

• Set below environment variables:

export TF_AWS_BUCKET=<remote state bucket name>
export TF_AWS_BUCKET_REGION=us-west-2
export TF_AWS_PROFILE=<profile from ~/.ws/credentials>

or

• Set below environment variables:

export TF_AWS_BUCKET=<remote state bucket name>
export TF_AWS_BUCKET_REGION=us-west-2
export AWS_ACCESS_KEY_ID=<aws_access_key_id>
export AWS_SECRET_ACCESS_KEY=<aws_secret_access_key>

• Updated examples directory with required values.

• Run and verify the output before deploying:

tf -c=aws plan -var='teamid=foo' -var='prjid=bar'

• Run below to deploy:

tf -c=aws apply -var='teamid=foo' -var='prjid=bar'

• Run below to destroy:

tf -c=aws destroy -var='teamid=foo' -var='prjid=bar'

Note: Read more on tfremote

CodeBuild

module "codebuild" {
  source = "git::git@github.com:tomarv2/terraform-aws-codebuild.git"

  build_source_location   = "https://github.com/tomarv2/test-cicd"
  source_credential_token = var.source_credential_token
  codebuild_role          = "arn:aws:iam::123456789012:role/codebuild-role"
  environment_vars = [
    {
      name  = "AWS_REGION",
      value = "us-east-2",
      type  = "PLAINTEXT"
  }]
  filter_group = [{
    filter = [{
      exclude_matched_pattern = false
      type                    = "EVENT"
      pattern                 = "PUSH"
      },
      {
        exclude_matched_pattern = false
        type                    = "HEAD_REF"
        pattern                 = "dev" # branch name
    }]
  }]

  # To configure schedule
  schedule            = "rate(1 minute)"
  deploy_event_rule   = true
  deploy_event_target = true
  #-----------------------------------------------
  # Note: Do not change teamid and prjid once set.
  teamid = var.teamid
  prjid  = var.prjid
}

Please refer to example directory link for references.

Requirements

Name	Version
terraform	>= 1.0.1
aws	~> 3.74

Providers

Name	Version
aws	~> 3.74

Modules

Name	Source	Version
cloudwatch	git::git@github.com:tomarv2/terraform-aws-cloudwatch.git	v0.0.7
cloudwatch_event	git::git@github.com:tomarv2/terraform-aws-cloudwatch-events.git	v0.0.4

Resources

Name	Type
aws_codebuild_project.codebuild	resource
aws_codebuild_source_credential.authorization	resource
aws_codebuild_source_credential.source_credentials	resource
aws_codebuild_webhook.codebuild_webook	resource

Inputs

Name	Description	Type	Default	Required
badge_enabled	Generates a publicly-accessible URL for the projects build badge. Available as badge_url attribute when enabled	bool	false	no
branch	cloudwatch event branch	string	"main"	no
build_artifact_type	Build output artifact's type. Valid values: CODEPIPELINE, NO_ARTIFACTS, S3.	string	"NO_ARTIFACTS"	no
build_container_image	Docker image to use for this build project. Valid values include Docker images provided by CodeBuild (e.g aws/codebuild/standard:2.0).	string	"aws/codebuild/amazonlinux2-x86_64-standard:3.0"	no
build_source_location	Information about the build output artifact location. If type is set to CODEPIPELINE or NO_ARTIFACTS, this value is ignored. If type is set to S3, this is the name of the output bucket.	string	null	no
build_source_type	Type of repository that contains the source code to be built. Valid values: CODECOMMIT, CODEPIPELINE, GITHUB, GITHUB_ENTERPRISE, BITBUCKET or S3	string	"GITHUB"	no
build_timeout	Number of minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed. The default is 60 minutes.	string	"60"	no
build_type	The type of build this webhook will trigger. Valid values for this parameter are: BUILD, BUILD_BATCH.	string	"BUILD"	no
buildspec_filepath	Build specification to use for this build project's related builds.	string	""	no
cloudwatch_logs_status	Current status of logs in CloudWatch Logs for a build project. Valid values: ENABLED, DISABLED. Defaults to ENABLED.	string	"ENABLED"	no
cloudwatch_path	Name of the log group	string	"/codebuild"	no
codebuild_role	Service role to be used by cicd	string	n/a	yes
compute_type	Information about the compute resources the build project will use. Valid values: BUILD_GENERAL1_SMALL, BUILD_GENERAL1_MEDIUM, BUILD_GENERAL1_LARGE, BUILD_GENERAL1_2XLARGE. BUILD_GENERAL1_SMALL is only valid if type is set to LINUX_CONTAINER. When type is set to LINUX_GPU_CONTAINER, compute_type must be BUILD_GENERAL1_LARGE.	string	"BUILD_GENERAL1_MEDIUM"	no
concurrent_build_limit	Specify a maximum number of concurrent builds for the project. The value specified must be greater than 0 and less than the account concurrent running builds limit.	number	1	no
container_type	Type of build environment to use for related builds. Valid values: LINUX_CONTAINER, LINUX_GPU_CONTAINER, WINDOWS_CONTAINER (deprecated), WINDOWS_SERVER_2019_CONTAINER, ARM_CONTAINER. For additional information, see the CodeBuild User Guide.	string	"LINUX_CONTAINER"	no
custom_tags	Custom extra tags	any	null	no
deploy_event_rule	Deploy cloudwatch event rule	bool	false	no
deploy_event_target	Deploy cloudwatch event trigger	bool	false	no
description	Short description of the project.	string	null	no
environment_vars	A list of maps, that contain both the key 'name' and the key 'value' to be used as additional environment variables for the build	list(object({ name = string value = string type = string }))	[ { "name": "NO_ADDITIONAL_BUILD_VARS", "type": "PLAINTEXT", "value": "TRUE" } ]	no
filter_group	nested block: NestingSet, min items: 0, max items: 0	set(object( { filter = list(object( { exclude_matched_pattern = bool pattern = string type = string } )) } ))	[]	no
git_clone_depth	Truncate git history to this many commits. Use 0 for a Full checkout which you need to run commands like git branch --show-current. See AWS CodePipeline User Guide: Tutorial: Use full clone with a GitHub pipeline source for details.	number	1	no
override_artifact_name	Whether a name specified in the build specification overrides the artifact name.	bool	false	no
private_repository	Set to true to login into private repository with credentials supplied in source_credential variable.	bool	true	no
privileged_mode	Whether to enable running the Docker daemon inside a Docker container. Defaults to false.	bool	false	no
prjid	Name of the project/stack e.g: mystack, nifieks, demoaci. Should not be changed after running 'tf apply'	string	n/a	yes
queued_timeout	Number of minutes, from 5 to 480 (8 hours), a build is allowed to be queued before it times out. The default is 8 hours.	string	"30"	no
schedule	cloudwatch event schedule	string	null	no
source_credential_auth_type	The type of authentication used to connect to a GitHub, GitHub Enterprise, or Bitbucket repository.	string	"PERSONAL_ACCESS_TOKEN"	no
source_credential_server_type	The source provider used for this project.	string	"GITHUB"	no
source_credential_token	For GitHub or GitHub Enterprise, this is the personal access token. For Bitbucket, this is the app password.	string	n/a	yes
source_credential_user_name	Bitbucket username when the authType is BASIC_AUTH. This parameter is not valid for other types of source providers or connections.	string	""	no
source_version	A string that identifies the action type.	string	null	no
teamid	Name of the team/group e.g. devops, dataengineering. Should not be changed after running 'tf apply'	string	n/a	yes
vpc_config	Configuration for the builds to run inside a VPC.	any	{}	no

Outputs

Name	Description
codebuild_project_arn	The ARN of the CodeBuild project.
codebuild_project_name	The name of the AWS codebuild.