├── datasources.tf ├── examples ├── codebuild_using_objects │ ├── provider.tf │ ├── iam.tf │ ├── main.tf │ └── README.md ├── codebuild_using_variables │ ├── provider.tf │ ├── iam.tf │ ├── main.tf │ └── README.md └── codebuild_using_objects_vpc │ ├── provider.tf │ ├── iam.tf │ ├── main.tf │ └── README.md ├── .pre-commit-config.yaml ├── .gitignore ├── outputs.tf ├── CHANGELOG.md ├── iam.tf ├── LICENSE ├── main.tf ├── variables.tf └── README.md /datasources.tf: -------------------------------------------------------------------------------- 1 | # Region 2 | data "aws_region" "current" {} 3 | 4 | # Account ID 5 | data "aws_caller_identity" "current" {} 6 | -------------------------------------------------------------------------------- /examples/codebuild_using_objects/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | profile = "default" 3 | region = "us-west-1" 4 | } 5 | -------------------------------------------------------------------------------- /examples/codebuild_using_variables/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | profile = "default" 3 | region = "us-west-1" 4 | } 5 | -------------------------------------------------------------------------------- /examples/codebuild_using_objects_vpc/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | profile = "default" 3 | region = "us-west-1" 4 | } 5 | -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | # See https://pre-commit.com for more information 2 | # See https://pre-commit.com/hooks.html for more hooks 3 | repos: 4 | - repo: https://github.com/pre-commit/pre-commit-hooks 5 | rev: v3.2.0 6 | hooks: 7 | - id: trailing-whitespace 8 | - id: end-of-file-fixer 9 | - id: check-added-large-files 10 | - id: detect-aws-credentials 11 | - repo: git://github.com/antonbabenko/pre-commit-terraform 12 | rev: v1.49.0 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases 13 | hooks: 14 | - id: terraform_fmt 15 | - id: terraform_validate 16 | - id: terraform_docs 17 | -------------------------------------------------------------------------------- /examples/codebuild_using_objects/iam.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role_policy" "codebuild_policy" { 2 | role = module.myapp-project.service_role_name 3 | policy = data.aws_iam_policy_document.codebuild_policy_document.json 4 | } 5 | 6 | data "aws_iam_policy_document" "codebuild_policy_document" { 7 | 8 | statement { 9 | effect = "Allow" 10 | resources = ["*"] 11 | actions = [ 12 | "ecr:*", 13 | ] 14 | } 15 | 16 | statement { 17 | effect = "Allow" 18 | resources = ["*"] 19 | actions = [ 20 | "ecr:*", 21 | "s3:PutObject", 22 | "s3:GetObject", 23 | "s3:DeleteObject" 24 | ] 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /examples/codebuild_using_objects_vpc/iam.tf: -------------------------------------------------------------------------------- 1 | resource "aws_iam_role_policy" "codebuild_policy" { 2 | role = module.myapp-project-vpc.service_role_name 3 | policy = data.aws_iam_policy_document.codebuild_policy_document.json 4 | } 5 | 6 | data "aws_iam_policy_document" "codebuild_policy_document" { 7 | 8 | statement { 9 | effect = "Allow" 10 | resources = ["*"] 11 | actions = [ 12 | "ecr:*", 13 | ] 14 | } 15 | 16 | statement { 17 | effect = "Allow" 18 | resources = ["*"] 19 | actions = [ 20 | "ecr:*", 21 | "s3:PutObject", 22 | "s3:GetObject", 23 | "s3:DeleteObject" 24 | ] 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /examples/codebuild_using_variables/iam.tf: -------------------------------------------------------------------------------- 1 | data "aws_iam_policy_document" "codebuild_policy_document" { 2 | statement { 3 | effect = "Allow" 4 | resources = ["*"] 5 | actions = [ 6 | "ecr:*", 7 | ] 8 | } 9 | 10 | statement { 11 | effect = "Allow" 12 | #resources = ["arn:aws:s3:::${aws_s3_bucket.myapp-project.bucket}/"] 13 | resources = ["*"] 14 | actions = [ 15 | "ecr:*", 16 | "s3:PutObject", 17 | "s3:GetObject", 18 | "s3:DeleteObject" 19 | ] 20 | } 21 | } 22 | 23 | resource "aws_iam_role_policy" "codebuild_policy" { 24 | role = module.myapp-project-var.service_role_name 25 | policy = data.aws_iam_policy_document.codebuild_policy_document.json 26 | } 27 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Local .terraform directories 2 | **/.terraform/* 3 | 4 | # .tfstate files 5 | *.tfstate 6 | *.tfstate.* 7 | 8 | # Crash log files 9 | crash.log 10 | 11 | # Ignore any .tfvars files that are generated automatically for each Terraform run. Most 12 | # .tfvars files are managed as part of configuration and so should be included in 13 | # version control. 14 | # 15 | # example.tfvars 16 | 17 | # Ignore override files as they are usually used to override resources locally and so 18 | # are not checked in 19 | override.tf 20 | override.tf.json 21 | *_override.tf 22 | *_override.tf.json 23 | 24 | # Include override files you do wish to add to version control using negated pattern 25 | # 26 | # !example_override.tf 27 | 28 | # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan 29 | # example: *tfplan* 30 | -------------------------------------------------------------------------------- /outputs.tf: -------------------------------------------------------------------------------- 1 | output "arn" { 2 | description = "The ARN of the CodeBuild project" 3 | value = aws_codebuild_project.cb_project.id 4 | } 5 | 6 | output "id" { 7 | description = " The name (if imported via name) or ARN (if created via Terraform or imported via ARN) of the CodeBuild project." 8 | value = aws_codebuild_project.cb_project.name 9 | } 10 | 11 | output "name" { 12 | description = "The name of the CodeBuild project" 13 | value = aws_codebuild_project.cb_project.name 14 | } 15 | 16 | output "service_role_name" { 17 | description = "Name of the Service Role created for CodeBuild." 18 | value = var.create_default_service_role ? element(aws_iam_role.service_role.*.name, 0) : null 19 | } 20 | 21 | output "service_role_arn" { 22 | description = "Amazon Resource Name (ARN) of the Service Role for CodeBuild." 23 | value = var.create_default_service_role ? element(aws_iam_role.service_role.*.arn, 0) : null 24 | } 25 | 26 | output "service_role_id" { 27 | description = "ID of the Service Role created for CodeBuild." 28 | value = var.create_default_service_role ? element(aws_iam_role.service_role.*.id, 0) : null 29 | } 30 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | ## 0.6.0 (July 1, 2021) 2 | 3 | ENHANCEMENTS: 4 | 5 | * Add support to use existing service role ARN (thanks @sebbrandt87) 6 | 7 | ## 0.5.3 (April 22, 2021) 8 | 9 | ENHANCEMENTS: 10 | 11 | * Add pre-commit config file 12 | * Add .gitignore file 13 | * Update README 14 | 15 | FIXES: 16 | 17 | * Update examples 18 | 19 | ## 0.5.2 (March 18, 2021) 20 | 21 | FIXES: 22 | 23 | * Update examples 24 | 25 | ## 0.5.1 (March 18, 2021) 26 | 27 | ENHANCEMENTS: 28 | 29 | * Update examples & README 30 | 31 | ## 0.5.0 (March 18, 2021) 32 | 33 | FEATURES: 34 | 35 | * Add secondary sources (based on @brettminnie's) 36 | * Update example with secondary sources 37 | 38 | ## 0.4.0 (March 17, 2021) 39 | 40 | FEATURES: 41 | 42 | * Add secondary sources (thanks @brettminnie) 43 | 44 | 45 | ## 0.3.0 (Feb 24, 2021) 46 | 47 | FEATURES: 48 | 49 | * Added type lookup to environment variables 50 | 51 | Thanks @brettminnie 52 | 53 | ## 0.2.1 (May 28, 2020) 54 | 55 | FIXES: 56 | 57 | * Change default values for sourcea block 58 | 59 | ## 0.2.0 (May 28, 2020) 60 | 61 | FIXES: 62 | 63 | * Change default artifacts type to `CODEPIPELINE` 64 | 65 | ## 0.1.1 (April 17, 2020) 66 | 67 | UPDATES: 68 | 69 | * Fix typos in README 70 | 71 | ## 0.1.0 (April 17, 2020) 72 | 73 | FEATURES: 74 | 75 | * Module implementation 76 | -------------------------------------------------------------------------------- /examples/codebuild_using_variables/main.tf: -------------------------------------------------------------------------------- 1 | # CodeBuild 2 | module "myapp-project-var" { 3 | 4 | source = "lgallard/codebuild/aws" 5 | 6 | name = "my-app-var" 7 | description = "Codebuild for deploying myapp (variables)" 8 | 9 | # CodeBuild Source 10 | codebuild_source_version = "master" 11 | 12 | codebuild_source_type = "GITHUB" 13 | codebuild_source_location = "https://github.com/lgallard/codebuild-example.git" 14 | codebuild_source_git_clone_depth = 1 15 | codebuild_source_git_submodules_config_fetch_submodules = true 16 | 17 | # Environment 18 | environment_compute_type = "BUILD_GENERAL1_SMALL" 19 | environment_image = "aws/codebuild/standard:2.0" 20 | environment_type = "LINUX_CONTAINER" 21 | environment_privileged_mode = true 22 | 23 | # Environment variables 24 | environment_variables = [ 25 | { 26 | name = "REGISTRY_URL" 27 | value = "012345678910.dkr.ecr.us-west-1.amazonaws.com/my-ecr" 28 | }, 29 | { 30 | name = "AWS_DEFAULT_REGION" 31 | value = "us-west-1" 32 | }, 33 | ] 34 | 35 | # Artifacts 36 | artifacts_location = aws_s3_bucket.myapp-project.bucket 37 | artifacts_type = "S3" 38 | artifacts_path = "/" 39 | artifacts_packaging = "ZIP" 40 | 41 | # Cache 42 | cache_type = "S3" 43 | cache_location = aws_s3_bucket.myapp-project.bucket 44 | 45 | # Logs 46 | s3_logs_status = "ENABLED" 47 | s3_logs_location = "${aws_s3_bucket.myapp-project.id}/build-var-log" 48 | 49 | 50 | # Tags 51 | tags = { 52 | Environment = "dev" 53 | owner = "development-team" 54 | } 55 | 56 | } 57 | 58 | # S3 59 | resource "aws_s3_bucket" "myapp-project" { 60 | bucket = "myapp-project-bucket" 61 | acl = "private" 62 | } 63 | -------------------------------------------------------------------------------- /examples/codebuild_using_variables/README.md: -------------------------------------------------------------------------------- 1 | # terraform-aws-codebuild (variables example) 2 | This example shows how to use this module with variables build a "Hello World" node.js docker image and push it to an ECR registry. 3 | 4 | ``` 5 | # CodeBuild 6 | module "myapp-project-var" { 7 | 8 | source = "lgallard/codebuild/aws" 9 | 10 | name = "my-app-var" 11 | description = "Codebuild for deploying myapp (variables)" 12 | 13 | # CodeBuild Source 14 | codebuild_source_version = "master" 15 | 16 | codebuild_source_type = "GITHUB" 17 | codebuild_source_location = "https://github.com/lgallard/codebuild-example.git" 18 | codebuild_source_git_clone_depth = 1 19 | codebuild_source_git_submodules_config_fetch_submodules = true 20 | 21 | # Environment 22 | environment_compute_type = "BUILD_GENERAL1_SMALL" 23 | environment_image = "aws/codebuild/standard:2.0" 24 | environment_type = "LINUX_CONTAINER" 25 | environment_privileged_mode = true 26 | 27 | # Environment variables 28 | environment_variables = [ 29 | { 30 | name = "REGISTRY_URL" 31 | value = "012345678910.dkr.ecr.us-west-1.amazonaws.com/my-ecr" 32 | }, 33 | { 34 | name = "AWS_DEFAULT_REGION" 35 | value = "us-west-1" 36 | }, 37 | ] 38 | 39 | # Artifacts 40 | artifacts_location = aws_s3_bucket.myapp-project.bucket 41 | artifacts_type = "S3" 42 | artifacts_path = "/" 43 | artifacts_packaging = "ZIP" 44 | 45 | # Cache 46 | cache_type = "S3" 47 | cache_location = aws_s3_bucket.myapp-project.bucket 48 | 49 | # Logs 50 | s3_logs_status = "ENABLED" 51 | s3_logs_location = "${aws_s3_bucket.myapp-project.id}/build-var-log" 52 | 53 | 54 | # Tags 55 | tags = { 56 | Environment = "dev" 57 | owner = "development-team" 58 | } 59 | 60 | } 61 | 62 | # S3 63 | resource "aws_s3_bucket" "myapp-project" { 64 | bucket = "myapp-project-bucket" 65 | acl = "private" 66 | } 67 | ``` 68 | -------------------------------------------------------------------------------- /examples/codebuild_using_objects/main.tf: -------------------------------------------------------------------------------- 1 | # CodeBuild 2 | module "myapp-project" { 3 | 4 | source = "lgallard/codebuild/aws" 5 | 6 | name = "my-app" 7 | description = "Codebuild for deploying myapp" 8 | 9 | # CodeBuild Source 10 | codebuild_source_version = "master" 11 | codebuild_source = { 12 | type = "GITHUB" 13 | location = "https://github.com/lgallard/codebuild-example.git" 14 | git_clone_depth = 1 15 | 16 | git_submodules_config = { 17 | fetch_submodules = true 18 | } 19 | } 20 | 21 | # Secondary Sources (optional) 22 | codebuild_secondary_sources = [ 23 | { 24 | type = "GITHUB" 25 | location = "https://github.com/myprofile/myproject-1.git" 26 | source_identifier = "my_awesome_project1" 27 | }, 28 | { 29 | type = "GITHUB" 30 | location = "https://github.com/myprofile/myproject-2.git" 31 | git_clone_depth = 1 32 | source_identifier = "my_awesome_project2" 33 | report_build_status = true 34 | insecure_ssl = true 35 | } 36 | ] 37 | 38 | # Environment 39 | environment = { 40 | compute_type = "BUILD_GENERAL1_SMALL" 41 | image = "aws/codebuild/standard:2.0" 42 | type = "LINUX_CONTAINER" 43 | privileged_mode = true 44 | 45 | # Environment variables 46 | variables = [ 47 | { 48 | name = "REGISTRY_URL" 49 | value = "012345678910.dkr.ecr.us-west-1.amazonaws.com/my-ecr" 50 | }, 51 | { 52 | name = "AWS_DEFAULT_REGION" 53 | value = "us-west-1" 54 | }, 55 | ] 56 | } 57 | 58 | # Artifacts 59 | artifacts = { 60 | location = aws_s3_bucket.myapp-project.bucket 61 | type = "S3" 62 | path = "/" 63 | packaging = "ZIP" 64 | } 65 | 66 | # Cache 67 | cache = { 68 | type = "S3" 69 | location = aws_s3_bucket.myapp-project.bucket 70 | } 71 | 72 | # Logs 73 | s3_logs = { 74 | status = "ENABLED" 75 | location = "${aws_s3_bucket.myapp-project.id}/build-log" 76 | } 77 | 78 | # Tags 79 | tags = { 80 | Environment = "dev" 81 | owner = "development-team" 82 | } 83 | 84 | } 85 | 86 | # S3 87 | resource "aws_s3_bucket" "myapp-project" { 88 | bucket_prefix = "myapp-project-bucket-" 89 | acl = "private" 90 | } 91 | -------------------------------------------------------------------------------- /iam.tf: -------------------------------------------------------------------------------- 1 | # Service role 2 | resource "aws_iam_role" "service_role" { 3 | count = var.create_default_service_role ? 1 : 0 4 | name = "${var.name}-service-role" 5 | assume_role_policy = element(data.aws_iam_policy_document.codebuild_assume_role_policy.*.json, 0) 6 | } 7 | 8 | # Add extra polcies 9 | resource "aws_iam_role_policy" "codebuild_role_extra_policies" { 10 | count = var.create_default_service_role ? 1 : 0 11 | role = element(aws_iam_role.service_role.*.name, 0) 12 | policy = element(data.aws_iam_policy_document.codebuild_role_extra_policies.*.json, 0) 13 | } 14 | 15 | #################### 16 | # Policy documents # 17 | #################### 18 | 19 | # Assume Role 20 | data "aws_iam_policy_document" "codebuild_assume_role_policy" { 21 | count = var.create_default_service_role ? 1 : 0 22 | statement { 23 | effect = "Allow" 24 | 25 | principals { 26 | type = "Service" 27 | identifiers = ["codebuild.amazonaws.com"] 28 | } 29 | 30 | actions = [ 31 | "sts:AssumeRole", 32 | ] 33 | } 34 | } 35 | 36 | # Extra policies 37 | data "aws_iam_policy_document" "codebuild_role_extra_policies" { 38 | count = var.create_default_service_role ? 1 : 0 39 | statement { 40 | effect = "Allow" 41 | 42 | actions = [ 43 | "logs:CreateLogGroup", 44 | "logs:CreateLogStream", 45 | "logs:PutLogEvents", 46 | ] 47 | 48 | resources = [ 49 | "arn:aws:logs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:log-group:/aws/codebuild/${var.name}", 50 | "arn:aws:logs:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:log-group:/aws/codebuild/${var.name}:*", 51 | ] 52 | } 53 | 54 | statement { 55 | effect = "Allow" 56 | 57 | actions = [ 58 | "s3:GetObject", 59 | "s3:GetObjectVersion", 60 | "s3:PutObject", 61 | ] 62 | 63 | resources = [ 64 | "arn:aws:s3:::codepipeline-${data.aws_region.current.name}-*", 65 | ] 66 | } 67 | 68 | statement { 69 | effect = "Allow" 70 | actions = [ 71 | "ec2:CreateNetworkInterface", 72 | "ec2:DeleteNetworkInterface", 73 | "ec2:Describe*", 74 | ] 75 | resources = ["*"] 76 | } 77 | 78 | statement { 79 | effect = "Allow" 80 | actions = [ 81 | "ec2:CreateNetworkInterfacePermission" 82 | ] 83 | resources = ["*"] 84 | } 85 | } 86 | -------------------------------------------------------------------------------- /examples/codebuild_using_objects_vpc/main.tf: -------------------------------------------------------------------------------- 1 | # CodeBuild 2 | module "myapp-project-vpc" { 3 | 4 | source = "lgallard/codebuild/aws" 5 | 6 | name = "my-app-vpc" 7 | description = "Codebuild for deploying myapp in a VPC" 8 | 9 | codebuild_source_version = "master" 10 | codebuild_source = { 11 | type = "GITHUB" 12 | location = "https://github.com/lgallard/codebuild-example.git" 13 | git_clone_depth = 1 14 | 15 | git_submodules_config = { 16 | fetch_submodules = true 17 | } 18 | } 19 | 20 | # Secondary Sources (optional) 21 | codebuild_secondary_sources = [ 22 | { 23 | type = "GITHUB" 24 | location = "https://github.com/myprofile/myproject-1.git" 25 | source_identifier = "my_awesome_project1" 26 | }, 27 | { 28 | type = "GITHUB" 29 | location = "https://github.com/myprofile/myproject-2.git" 30 | git_clone_depth = 1 31 | source_identifier = "my_awesome_project2" 32 | report_build_status = true 33 | insecure_ssl = true 34 | } 35 | ] 36 | 37 | environment = { 38 | compute_type = "BUILD_GENERAL1_SMALL" 39 | image = "aws/codebuild/standard:2.0" 40 | type = "LINUX_CONTAINER" 41 | privileged_mode = true 42 | 43 | # Environment variables 44 | variables = [ 45 | { 46 | name = "REGISTRY_URL" 47 | value = "012345678910.dkr.ecr.us-west-1.amazonaws.com/my-ecr" 48 | }, 49 | { 50 | name = "AWS_DEFAULT_REGION" 51 | value = "us-west-1" 52 | }, 53 | ] 54 | } 55 | 56 | artifacts = { 57 | location = aws_s3_bucket.myapp-project.bucket 58 | type = "S3" 59 | path = "/" 60 | packaging = "ZIP" 61 | } 62 | 63 | cache = { 64 | type = "S3" 65 | location = aws_s3_bucket.myapp-project.bucket 66 | } 67 | 68 | # Logs 69 | s3_logs = { 70 | status = "ENABLED" 71 | location = "${aws_s3_bucket.myapp-project.id}/build-log" 72 | } 73 | 74 | 75 | # VPC 76 | vpc_config = { 77 | vpc_id = "vpc-123446789101" 78 | subnets = ["subnet-7a1dc5a54444", "subnet-6b4a45b64444"] 79 | security_group_ids = ["sg-b475b46c4444", "sg-58b61a4c4444"] 80 | 81 | } 82 | 83 | # Tags 84 | tags = { 85 | Environment = "dev" 86 | owner = "development-team" 87 | } 88 | 89 | } 90 | 91 | # S3 92 | resource "aws_s3_bucket" "myapp-project" { 93 | bucket = "myapp-project-bucket" 94 | acl = "private" 95 | } 96 | -------------------------------------------------------------------------------- /examples/codebuild_using_objects/README.md: -------------------------------------------------------------------------------- 1 | # terraform-aws-codebuild (objects example) 2 | This example shows how to use this module with objects to build a "Hello World" node.js docker image and push it to an ECR registry 3 | 4 | ``` 5 | # CodeBuild 6 | module "myapp-project" { 7 | 8 | source = "lgallard/codebuild/aws" 9 | 10 | name = "my-app" 11 | description = "Codebuild for deploying myapp" 12 | 13 | # CodeBuild Source 14 | codebuild_source_version = "master" 15 | codebuild_source = { 16 | type = "GITHUB" 17 | location = "https://github.com/lgallard/codebuild-example.git" 18 | git_clone_depth = 1 19 | 20 | git_submodules_config = { 21 | fetch_submodules = true 22 | } 23 | } 24 | 25 | # Secondary Sources (optional) 26 | codebuild_secondary_sources = [ 27 | { 28 | type = "GITHUB" 29 | location = "https://github.com/myprofile/myproject-1.git" 30 | source_identifier = "my_awesome_project1" 31 | }, 32 | { 33 | type = "GITHUB" 34 | location = "https://github.com/myprofile/myproject-2.git" 35 | git_clone_depth = 1 36 | source_identifier = "my_awesome_project2" 37 | report_build_status = true 38 | insecure_ssl = true 39 | } 40 | ] 41 | 42 | # Environment 43 | environment = { 44 | compute_type = "BUILD_GENERAL1_SMALL" 45 | image = "aws/codebuild/standard:2.0" 46 | type = "LINUX_CONTAINER" 47 | privileged_mode = true 48 | 49 | # Environment variables 50 | variables = [ 51 | { 52 | name = "REGISTRY_URL" 53 | value = "012345678910.dkr.ecr.us-west-1.amazonaws.com/my-ecr" 54 | }, 55 | { 56 | name = "AWS_DEFAULT_REGION" 57 | value = "us-west-1" 58 | }, 59 | ] 60 | } 61 | 62 | # Artifacts 63 | artifacts = { 64 | location = aws_s3_bucket.myapp-project.bucket 65 | type = "S3" 66 | path = "/" 67 | packaging = "ZIP" 68 | } 69 | 70 | # Cache 71 | cache = { 72 | type = "S3" 73 | location = aws_s3_bucket.myapp-project.bucket 74 | } 75 | 76 | # Logs 77 | s3_logs = { 78 | status = "ENABLED" 79 | location = "${aws_s3_bucket.myapp-project.id}/build-log" 80 | } 81 | 82 | # Tags 83 | tags = { 84 | Environment = "dev" 85 | owner = "development-team" 86 | } 87 | 88 | } 89 | 90 | # S3 91 | resource "aws_s3_bucket" "myapp-project" { 92 | bucket_prefix = "myapp-project-bucket-" 93 | acl = "private" 94 | } 95 | ``` 96 | -------------------------------------------------------------------------------- /examples/codebuild_using_objects_vpc/README.md: -------------------------------------------------------------------------------- 1 | # terraform-aws-codebuild (VPC example) 2 | This example shows how to use this module to build a "Hello World" node.js docker image on a VPC, to push it to an ECR registry 3 | 4 | ``` 5 | # CodeBuild 6 | module "myapp-project-vpc" { 7 | 8 | source = "lgallard/codebuild/aws" 9 | 10 | name = "my-app-vpc" 11 | description = "Codebuild for deploying myapp in a VPC" 12 | 13 | codebuild_source_version = "master" 14 | codebuild_source = { 15 | type = "GITHUB" 16 | location = "https://github.com/lgallard/codebuild-example.git" 17 | git_clone_depth = 1 18 | 19 | git_submodules_config = { 20 | fetch_submodules = true 21 | } 22 | } 23 | 24 | # Secondary Sources (optional) 25 | codebuild_secondary_sources = [ 26 | { 27 | type = "GITHUB" 28 | location = "https://github.com/myprofile/myproject-1.git" 29 | source_identifier = "my_awesome_project1" 30 | }, 31 | { 32 | type = "GITHUB" 33 | location = "https://github.com/myprofile/myproject-2.git" 34 | git_clone_depth = 1 35 | source_identifier = "my_awesome_project2" 36 | report_build_status = true 37 | insecure_ssl = true 38 | } 39 | ] 40 | 41 | environment = { 42 | compute_type = "BUILD_GENERAL1_SMALL" 43 | image = "aws/codebuild/standard:2.0" 44 | type = "LINUX_CONTAINER" 45 | privileged_mode = true 46 | 47 | # Environment variables 48 | variables = [ 49 | { 50 | name = "REGISTRY_URL" 51 | value = "012345678910.dkr.ecr.us-west-1.amazonaws.com/my-ecr" 52 | }, 53 | { 54 | name = "AWS_DEFAULT_REGION" 55 | value = "us-west-1" 56 | }, 57 | ] 58 | } 59 | 60 | artifacts = { 61 | location = aws_s3_bucket.myapp-project.bucket 62 | type = "S3" 63 | path = "/" 64 | packaging = "ZIP" 65 | } 66 | 67 | cache = { 68 | type = "S3" 69 | location = aws_s3_bucket.myapp-project.bucket 70 | } 71 | 72 | # Logs 73 | s3_logs = { 74 | status = "ENABLED" 75 | location = "${aws_s3_bucket.myapp-project.id}/build-log" 76 | } 77 | 78 | 79 | # VPC 80 | vpc_config = { 81 | vpc_id = "vpc-123446789101" 82 | subnets = ["subnet-7a1dc5a54444", "subnet-6b4a45b64444"] 83 | security_group_ids = ["sg-b475b46c4444", "sg-58b61a4c4444"] 84 | 85 | } 86 | 87 | # Tags 88 | tags = { 89 | Environment = "dev" 90 | owner = "development-team" 91 | } 92 | 93 | } 94 | 95 | # S3 96 | resource "aws_s3_bucket" "myapp-project" { 97 | bucket = "myapp-project-bucket" 98 | acl = "private" 99 | } 100 | ``` 101 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_codebuild_project" "cb_project" { 2 | name = var.name 3 | badge_enabled = var.badge_enabled 4 | build_timeout = var.build_timeout 5 | description = var.description 6 | encryption_key = var.encryption_key 7 | service_role = local.service_role_arn 8 | source_version = var.codebuild_source_version 9 | queued_timeout = var.queued_timeout 10 | concurrent_build_limit = var.concurrent_build_limit 11 | 12 | # Artifacts 13 | dynamic "artifacts" { 14 | for_each = local.artifacts 15 | content { 16 | type = lookup(artifacts.value, "type") 17 | artifact_identifier = lookup(artifacts.value, "artifact_identifier") 18 | encryption_disabled = lookup(artifacts.value, "encryption_disabled") 19 | override_artifact_name = lookup(artifacts.value, "override_artifact_name") 20 | location = lookup(artifacts.value, "location") 21 | name = lookup(artifacts.value, "name") 22 | namespace_type = lookup(artifacts.value, "namespace_type") 23 | packaging = lookup(artifacts.value, "packaging") 24 | path = lookup(artifacts.value, "path") 25 | } 26 | } 27 | 28 | # Cache 29 | dynamic "cache" { 30 | for_each = local.cache 31 | content { 32 | type = lookup(cache.value, "type") 33 | location = lookup(cache.value, "location") 34 | modes = lookup(cache.value, "modes") 35 | } 36 | } 37 | 38 | # Environment 39 | dynamic "environment" { 40 | for_each = local.environment 41 | content { 42 | compute_type = lookup(environment.value, "compute_type") 43 | image = lookup(environment.value, "image") 44 | type = lookup(environment.value, "type") 45 | image_pull_credentials_type = lookup(environment.value, "image_pull_credentials_type") 46 | privileged_mode = lookup(environment.value, "privileged_mode") 47 | certificate = lookup(environment.value, "certificate") 48 | 49 | # Registry Credential 50 | dynamic "registry_credential" { 51 | for_each = length(lookup(environment.value, "registry_credential")) == 0 ? [] : [lookup(environment.value, "registry_credential")] 52 | content { 53 | credential = registry_credential.value.credential 54 | credential_provider = registry_credential.value.credential_provider 55 | } 56 | } 57 | 58 | # Environment variables 59 | dynamic "environment_variable" { 60 | for_each = length(lookup(environment.value, "variables")) == 0 ? [] : lookup(environment.value, "variables") 61 | content { 62 | name = environment_variable.value.name 63 | value = environment_variable.value.value 64 | type = lookup(environment_variable.value, "type", null) == null ? "PLAINTEXT" : environment_variable.value.type 65 | } 66 | } 67 | } 68 | } 69 | 70 | # Logs_config 71 | dynamic "logs_config" { 72 | for_each = local.logs_config 73 | content { 74 | 75 | # Cloudwatch_logs 76 | dynamic "cloudwatch_logs" { 77 | for_each = [lookup(logs_config.value, "cloudwatch_logs")] 78 | content { 79 | status = cloudwatch_logs.value.status 80 | group_name = cloudwatch_logs.value.group_name 81 | stream_name = cloudwatch_logs.value.stream_name 82 | } 83 | } 84 | 85 | # S3_logs 86 | dynamic "s3_logs" { 87 | for_each = [lookup(logs_config.value, "s3_logs")] 88 | content { 89 | status = s3_logs.value.status 90 | location = s3_logs.value.location 91 | encryption_disabled = s3_logs.value.encryption_disabled 92 | } 93 | } 94 | 95 | } 96 | } 97 | 98 | # Source 99 | dynamic "source" { 100 | for_each = local.source 101 | content { 102 | type = lookup(source.value, "type") 103 | buildspec = lookup(source.value, "buildspec") 104 | git_clone_depth = lookup(source.value, "git_clone_depth") 105 | insecure_ssl = lookup(source.value, "insecure_ssl") 106 | location = lookup(source.value, "location") 107 | report_build_status = lookup(source.value, "report_build_status") 108 | 109 | # Auth 110 | dynamic "auth" { 111 | for_each = length(lookup(source.value, "auth")) == 0 ? [] : [lookup(source.value, "auth")] 112 | content { 113 | type = auth.value.type 114 | resource = auth.value.resource 115 | } 116 | } 117 | 118 | # Git Submodules Config 119 | dynamic "git_submodules_config" { 120 | for_each = length(lookup(source.value, "git_submodules_config")) == 0 ? [] : [lookup(source.value, "git_submodules_config")] 121 | content { 122 | fetch_submodules = git_submodules_config.value.fetch_submodules 123 | } 124 | } 125 | 126 | } 127 | } 128 | 129 | # Secondary Sources 130 | dynamic "secondary_sources" { 131 | for_each = local.secondary_sources 132 | content { 133 | type = lookup(secondary_sources.value, "type", "CODEBUILD") 134 | buildspec = lookup(secondary_sources.value, "buildspec", null) 135 | git_clone_depth = lookup(secondary_sources.value, "git_clone_depth", 0) 136 | insecure_ssl = lookup(secondary_sources.value, "insecure_ssl", var.codebuild_source_insecure_ssl) 137 | location = lookup(secondary_sources.value, "location", null) 138 | report_build_status = lookup(secondary_sources.value, "report_build_status", var.codebuild_source_report_build_status) 139 | source_identifier = lookup(secondary_sources.value, "source_identifier", null) 140 | 141 | # Auth 142 | dynamic "auth" { 143 | for_each = length(lookup(secondary_sources.value, "auth")) == 0 ? [] : [lookup(secondary_sources.value, "auth")] 144 | content { 145 | type = auth.value.type 146 | resource = auth.value.resource 147 | } 148 | } 149 | 150 | # Git Submodules Config 151 | dynamic "git_submodules_config" { 152 | for_each = length(lookup(secondary_sources.value, "git_submodules_config")) == 0 ? [] : [lookup(secondary_sources.value, "git_submodules_config")] 153 | content { 154 | fetch_submodules = git_submodules_config.value.fetch_submodules 155 | } 156 | } 157 | } 158 | } 159 | 160 | # VPC Config 161 | dynamic "vpc_config" { 162 | for_each = lookup(local.vpc_config, "vpc_id") == null ? [] : [local.vpc_config] 163 | content { 164 | vpc_id = lookup(vpc_config.value, "vpc_id") 165 | subnets = lookup(vpc_config.value, "subnets") 166 | security_group_ids = lookup(vpc_config.value, "security_group_ids") 167 | } 168 | } 169 | 170 | # Tags 171 | tags = var.tags 172 | 173 | } 174 | 175 | locals { 176 | 177 | # Artifacts 178 | # If no artifacts block is provided, build one using the default values 179 | artifacts = [ 180 | { 181 | type = lookup(var.artifacts, "type", null) == null ? var.artifacts_type : lookup(var.artifacts, "type") 182 | artifact_identifier = lookup(var.artifacts, "artifact_identifier", null) == null ? var.artifacts_artifact_identifier : lookup(var.artifacts, "artifact_identifier") 183 | encryption_disabled = lookup(var.artifacts, "encryption_disabled", null) == null ? var.artifacts_encryption_disabled : lookup(var.artifacts, "encryption_disabled") 184 | override_artifact_name = lookup(var.artifacts, "override_artifact_name", null) == null ? var.artifacts_override_artifact_name : lookup(var.artifacts, "override_artifact_name") 185 | location = lookup(var.artifacts, "location", null) == null ? var.artifacts_location : lookup(var.artifacts, "location") 186 | name = lookup(var.artifacts, "name", null) == null ? var.artifacts_name : lookup(var.artifacts, "name") 187 | namespace_type = lookup(var.artifacts, "namespace_type", null) == null ? var.artifacts_namespace_type : lookup(var.artifacts, "namespace_type") 188 | packaging = lookup(var.artifacts, "packaging", null) == null ? var.artifacts_packaging : lookup(var.artifacts, "packaging") 189 | path = lookup(var.artifacts, "path", null) == null ? var.artifacts_path : lookup(var.artifacts, "path") 190 | } 191 | ] 192 | 193 | # Cache 194 | # If no cache block is provided, build one using the default values 195 | cache = [ 196 | { 197 | type = lookup(var.cache, "type", null) == null ? var.cache_type : lookup(var.cache, "type") 198 | location = lookup(var.cache, "location", null) == null ? var.cache_location : lookup(var.cache, "location") 199 | modes = lookup(var.cache, "modes", null) == null ? var.cache_modes : lookup(var.cache, "modes") 200 | } 201 | ] 202 | 203 | # Environment 204 | # If no environment block is provided, build one using the default values 205 | environment = [ 206 | { 207 | compute_type = lookup(var.environment, "compute_type", null) == null ? var.environment_compute_type : lookup(var.environment, "compute_type") 208 | image = lookup(var.environment, "image", null) == null ? var.environment_image : lookup(var.environment, "image") 209 | type = lookup(var.environment, "type", null) == null ? var.environment_type : lookup(var.environment, "type") 210 | image_pull_credentials_type = lookup(var.environment, "image_pull_credentials_type", null) == null ? var.environment_image_pull_credentials_type : lookup(var.environment, "image_pull_credentials_type") 211 | variables = lookup(var.environment, "variables", null) == null ? var.environment_variables : lookup(var.environment, "variables") 212 | privileged_mode = lookup(var.environment, "privileged_mode", null) == null ? var.environment_privileged_mode : lookup(var.environment, "privileged_mode") 213 | certificate = lookup(var.environment, "certificate ", null) == null ? var.environment_certificate : lookup(var.environment, "certificate") 214 | registry_credential = lookup(var.environment, "registry_credential", null) == null ? var.environment_registry_credential : lookup(var.environment, "registry_credential") 215 | } 216 | ] 217 | 218 | # CloudWatch logs 219 | cloudwatch_logs = { 220 | status = lookup(var.cloudwatch_logs, "status", null) == null ? var.cloudwatch_logs_status : lookup(var.cloudwatch_logs, "status") 221 | group_name = lookup(var.cloudwatch_logs, "group_name", null) == null ? var.cloudwatch_logs_group_name : lookup(var.cloudwatch_logs, "group_name") 222 | stream_name = lookup(var.cloudwatch_logs, "stream_name", null) == null ? var.cloudwatch_logs_stream_name : lookup(var.cloudwatch_logs, "stream_name") 223 | } 224 | 225 | 226 | # S3 logs 227 | s3_logs = { 228 | status = lookup(var.s3_logs, "status", null) == null ? var.s3_logs_status : lookup(var.s3_logs, "status") 229 | location = lookup(var.s3_logs, "location", null) == null ? var.s3_logs_location : lookup(var.s3_logs, "location") 230 | encryption_disabled = lookup(var.s3_logs, "encryption_disabled", null) == null ? var.s3_logs_encryption_disabled : lookup(var.s3_logs, "encryption_disabled") 231 | } 232 | 233 | # Logs_config 234 | # If no logs_config block is provided, build one using the default values 235 | logs_config = ((local.cloudwatch_logs == null && local.s3_logs == null) || (length(local.cloudwatch_logs) == 0 && length(local.s3_logs) == 0)) == true ? [] : [ 236 | { 237 | cloudwatch_logs = local.cloudwatch_logs 238 | s3_logs = local.s3_logs 239 | } 240 | ] 241 | 242 | # Source 243 | # If no source block is provided, build one using the default values 244 | source = [ 245 | { 246 | type = lookup(var.codebuild_source, "type", null) == null ? var.codebuild_source_type : lookup(var.codebuild_source, "type") 247 | buildspec = lookup(var.codebuild_source, "buildspec", null) == null ? var.codebuild_source_buildspec : lookup(var.codebuild_source, "buildspec") 248 | git_clone_depth = lookup(var.codebuild_source, "git_clone_depth", null) == null ? var.codebuild_source_git_clone_depth : lookup(var.codebuild_source, "git_clone_depth") 249 | insecure_ssl = lookup(var.codebuild_source, "insecure_ssl", null) == null ? var.codebuild_source_insecure_ssl : lookup(var.codebuild_source, "insecure_ssl") 250 | location = lookup(var.codebuild_source, "location", null) == null ? var.codebuild_source_location : lookup(var.codebuild_source, "location") 251 | report_build_status = lookup(var.codebuild_source, "report_build_status", null) == null ? var.codebuild_source_report_build_status : lookup(var.codebuild_source, "report_build_status") 252 | auth = lookup(var.codebuild_source, "auth", null) == null ? var.codebuild_source_auth : lookup(var.codebuild_source, "auth") 253 | git_submodules_config = lookup(var.codebuild_source, "git_submodules_config", null) == null ? var.codebuild_source_git_submodules_config : lookup(var.codebuild_source, "git_submodules_config") 254 | } 255 | ] 256 | 257 | secondary_sources = [ 258 | for source in var.codebuild_secondary_sources : 259 | { 260 | type = lookup(source, "type", null) == null ? var.codebuild_secondary_source_type : lookup(source, "type") 261 | buildspec = lookup(source, "buildspec", null) == null ? var.codebuild_secondary_source_buildspec : lookup(source, "buildspec") 262 | git_clone_depth = lookup(source, "git_clone_depth", null) == null ? var.codebuild_secondary_source_git_clone_depth : lookup(source, "git_clone_depth") 263 | insecure_ssl = lookup(source, "insecure_ssl", null) == null ? var.codebuild_secondary_source_insecure_ssl : lookup(source, "insecure_ssl") 264 | location = lookup(source, "location", null) == null ? var.codebuild_secondary_source_location : lookup(source, "location") 265 | report_build_status = lookup(source, "report_build_status", null) == null ? var.codebuild_secondary_source_report_build_status : lookup(source, "report_build_status") 266 | source_identifier = lookup(source, "source_identifier", null) == null ? var.codebuild_secondary_source_identifier : lookup(source, "source_identifier") 267 | auth = lookup(source, "auth", null) == null ? var.codebuild_secondary_source_auth : lookup(source, "auth") 268 | git_submodules_config = lookup(source, "git_submodules_config", null) == null ? var.codebuild_secondary_source_git_submodules_config : lookup(source, "git_submodules_config") 269 | } 270 | ] 271 | 272 | 273 | # VPC Config 274 | # If no VPC Config block is provided, build one using the default values 275 | vpc_config = { 276 | vpc_id = lookup(var.vpc_config, "vpc_id", null) == null ? var.vpc_config_vpc_id : lookup(var.vpc_config, "vpc_id") 277 | subnets = lookup(var.vpc_config, "subnets", null) == null ? var.vpc_config_subnets : lookup(var.vpc_config, "subnets") 278 | security_group_ids = lookup(var.vpc_config, "security_group_ids", null) == null ? var.vpc_config_security_group_ids : lookup(var.vpc_config, "security_group_ids") 279 | } 280 | 281 | service_role_arn = var.create_default_service_role ? element(aws_iam_role.service_role.*.arn, 0) : var.service_role_arn 282 | } 283 | -------------------------------------------------------------------------------- /variables.tf: -------------------------------------------------------------------------------- 1 | # General vars 2 | variable "name" { 3 | description = "The projects name." 4 | type = string 5 | } 6 | 7 | variable "badge_enabled" { 8 | description = "Generates a publicly-accessible URL for the projects build badge. Available as badge_url attribute when enabled." 9 | type = bool 10 | default = false 11 | } 12 | 13 | variable "build_timeout" { 14 | description = "How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed.The default is 60 minutes." 15 | type = number 16 | default = 60 17 | } 18 | 19 | variable "queued_timeout" { 20 | description = "How long in minutes, from 5 to 480 (8 hours), a build is allowed to be queued before it times out.The default is 8 hours." 21 | type = number 22 | default = 480 23 | } 24 | 25 | variable "description" { 26 | description = "A short description of the project." 27 | type = string 28 | default = null 29 | } 30 | 31 | variable "encryption_key" { 32 | description = "The AWS Key Management Service (AWS KMS) customer master key (CMK) to be used for encrypting the build project's build output artifacts." 33 | type = string 34 | default = null 35 | } 36 | 37 | variable "codebuild_source_version" { 38 | description = "A version of the build input to be built for this project. If not specified, the latest version is used." 39 | type = string 40 | default = null 41 | } 42 | 43 | # Artifacts 44 | variable "artifacts" { 45 | description = "Information about the project's build output artifacts." 46 | type = any 47 | default = {} 48 | } 49 | 50 | variable "artifacts_type" { 51 | description = "The build output artifact's type. Valid values for this parameter are: `CODEPIPELINE`, `NO_ARTIFACTS` or `S3`." 52 | type = string 53 | default = "CODEPIPELINE" 54 | } 55 | 56 | variable "artifacts_artifact_identifier" { 57 | description = "The artifact identifier. Must be the same specified inside AWS CodeBuild buildspec." 58 | type = string 59 | default = null 60 | } 61 | 62 | variable "artifacts_encryption_disabled" { 63 | description = "If set to true, output artifacts will not be encrypted. If `type` is set to `NO_ARTIFACTS` then this value will be ignored." 64 | type = bool 65 | default = false 66 | } 67 | 68 | variable "artifacts_override_artifact_name" { 69 | description = "If set to true, a name specified in the build spec file overrides the artifact name." 70 | type = bool 71 | default = false 72 | } 73 | 74 | variable "artifacts_location" { 75 | description = "Information about the build output artifact location. If `type` is set to `CODEPIPELINE` or `NO_ARTIFACTS` then this value will be ignored. If `type` is set to `S3`, this is the name of the output bucket." 76 | type = string 77 | default = null 78 | } 79 | 80 | variable "artifacts_name" { 81 | description = "The name of the project. If `type` is set to `S3`, this is the name of the output artifact object." 82 | type = string 83 | default = null 84 | } 85 | 86 | variable "artifacts_namespace_type" { 87 | description = "The namespace to use in storing build artifacts. If `type` is set to `S3`, then valid values for this parameter are: `BUILD_ID` or `NONE`." 88 | type = string 89 | default = null 90 | } 91 | 92 | variable "artifacts_packaging" { 93 | description = "The type of build output artifact to create. If `type` is set to `S3`, valid values for this parameter are: `NONE` or `ZIP`" 94 | type = string 95 | default = null 96 | } 97 | 98 | variable "artifacts_path" { 99 | description = "If `type` is set to `S3`, this is the path to the output artifact" 100 | type = string 101 | default = "" 102 | } 103 | 104 | # Cache 105 | variable "cache" { 106 | description = "Information about the cache storage for the project." 107 | type = any 108 | default = {} 109 | } 110 | 111 | variable "cache_type" { 112 | description = "The type of storage that will be used for the AWS CodeBuild project cache. Valid values: `NO_CACHE`, `LOCAL`, and `S3`." 113 | type = string 114 | default = "NO_CACHE" 115 | } 116 | 117 | variable "cache_location" { 118 | description = "The location where the AWS CodeBuild project stores cached resources. For type S3 the value must be a valid S3 bucket name/prefix. (Required when cache `type` is `S3`)" 119 | type = string 120 | default = null 121 | } 122 | 123 | variable "cache_modes" { 124 | description = "Specifies settings that AWS CodeBuild uses to store and reuse build dependencies. Valid values: `LOCAL_SOURCE_CACHE`, `LOCAL_DOCKER_LAYER_CACHE`, and `LOCAL_CUSTOM_CACHE`. (Required when cache type is `LOCAL`)" 125 | type = list(any) 126 | default = [] 127 | } 128 | 129 | # Environment 130 | variable "environment" { 131 | description = "Information about the project's build environment." 132 | type = any 133 | default = {} 134 | } 135 | 136 | variable "environment_compute_type" { 137 | description = "Information about the compute resources the build project will use. Available values for this parameter are: `BUILD_GENERAL1_SMALL`, `BUILD_GENERAL1_MEDIUM`, `BUILD_GENERAL1_LARGE` or `BUILD_GENERAL1_2XLARGE`. `BUILD_GENERAL1_SMALL` is only valid if type is set to `LINUX_CONTAINER`. When type is set to `LINUX_GPU_CONTAINER`, compute_type need to be `BUILD_GENERAL1_LARGE`." 138 | type = string 139 | default = "BUILD_GENERAL1_MEDIUM" 140 | } 141 | 142 | variable "environment_image" { 143 | description = "The Docker image to use for this build project. Valid values include Docker images provided by CodeBuild (e.g `aws/codebuild/standard:2.0`), Docker Hub images (e.g. `hashicorp/terraform:latest`), and full Docker repository URIs such as those for ECR (e.g. `137112412989.dkr.ecr.us-west-2.amazonaws.com/amazonlinux:latest`)" 144 | type = string 145 | default = "aws/codebuild/standard:2.0" 146 | } 147 | 148 | variable "environment_type" { 149 | description = "The type of build environment to use for related builds. Available values are: `LINUX_CONTAINER`, `LINUX_GPU_CONTAINER`, `WINDOWS_CONTAINER` or `ARM_CONTAINER`." 150 | type = string 151 | default = "LINUX_CONTAINER" 152 | } 153 | 154 | variable "environment_image_pull_credentials_type" { 155 | description = "The type of credentials AWS CodeBuild uses to pull images in your build. Available values for this parameter are `CODEBUILD` or `SERVICE_ROLE`. When you use a cross-account or private registry image, you must use SERVICE_ROLE credentials. When you use an AWS CodeBuild curated image, you must use CODEBUILD credentials." 156 | type = string 157 | default = "CODEBUILD" 158 | } 159 | 160 | variable "environment_variables" { 161 | description = "A list of sets of environment variables to make available to builds for this build project." 162 | type = list(any) 163 | default = [] 164 | } 165 | 166 | variable "environment_privileged_mode" { 167 | description = "If set to true, enables running the Docker daemon inside a Docker container." 168 | type = bool 169 | default = false 170 | } 171 | 172 | variable "environment_certificate" { 173 | description = "The ARN of the S3 bucket, path prefix and object key that contains the PEM-encoded certificate." 174 | type = string 175 | default = null 176 | } 177 | 178 | variable "environment_registry_credential" { 179 | description = "Information about credentials for access to a private Docker registry. Registry Credential config blocks are documented below." 180 | type = map(any) 181 | default = {} 182 | } 183 | 184 | # Logs 185 | variable "cloudwatch_logs" { 186 | description = "Configuration for the builds to store log data to CloudWatch." 187 | type = any 188 | default = {} 189 | } 190 | 191 | variable "cloudwatch_logs_status" { 192 | description = "Current status of logs in CloudWatch Logs for a build project. Valid values: `ENABLED`, `DISABLED." 193 | type = string 194 | default = "ENABLED" 195 | } 196 | 197 | variable "cloudwatch_logs_group_name" { 198 | description = "The group name of the logs in CloudWatch Logs." 199 | type = string 200 | default = null 201 | } 202 | 203 | variable "cloudwatch_logs_stream_name" { 204 | description = "The stream name of the logs in CloudWatch Logs." 205 | type = string 206 | default = null 207 | } 208 | 209 | variable "s3_logs" { 210 | description = "Configuration for the builds to store log data to S3." 211 | type = any 212 | default = {} 213 | } 214 | 215 | variable "s3_logs_status" { 216 | description = "Current status of logs in S3 for a build project. Valid values: `ENABLED`, `DISABLED." 217 | type = string 218 | default = "DISABLED" 219 | } 220 | 221 | variable "s3_logs_location" { 222 | description = "The name of the S3 bucket and the path prefix for S3 logs. Must be set if status is ENABLED, otherwise it must be empty." 223 | type = string 224 | default = null 225 | } 226 | 227 | variable "s3_logs_encryption_disabled" { 228 | description = "Set to true if you do not want S3 logs encrypted." 229 | type = string 230 | default = true 231 | } 232 | 233 | # Source 234 | variable "codebuild_source" { 235 | description = "Information about the project's input source code." 236 | type = any 237 | default = {} 238 | } 239 | 240 | variable "codebuild_source_type" { 241 | description = "The type of repository that contains the source code to be built. Valid values for this parameter are: `CODECOMMIT`, `CODEPIPELINE`, `GITHUB`, `GITHUB_ENTERPRISE`, `BITBUCKET`, `S3` or `NO_SOURCE`." 242 | type = string 243 | default = "CODEPIPELINE" 244 | } 245 | 246 | variable "codebuild_source_buildspec" { 247 | description = "The build spec declaration to use for this build project's related builds. This must be set when type is iNO_SOURCE`" 248 | type = string 249 | default = null 250 | } 251 | 252 | variable "codebuild_source_git_clone_depth" { 253 | description = "Information about the Git submodules configuration for an AWS CodeBuild build project. Git submodules config blocks are documented below. This option is only valid when the type is `CODECOMMIT`." 254 | type = number 255 | default = 0 256 | } 257 | 258 | variable "codebuild_source_insecure_ssl" { 259 | description = "Ignore SSL warnings when connecting to source control." 260 | type = bool 261 | default = false 262 | } 263 | 264 | variable "codebuild_source_location" { 265 | description = "The location of the source code from git or s3." 266 | type = string 267 | default = null 268 | } 269 | 270 | variable "codebuild_source_report_build_status" { 271 | description = "Set to true to report the status of a build's start and finish to your source provider. This option is only valid when the type is `BITBUCKET` or `GITHUB`." 272 | type = bool 273 | default = false 274 | } 275 | 276 | variable "codebuild_source_auth" { 277 | description = "Information about the authorization settings for AWS CodeBuild to access the source code to be built." 278 | type = map(any) 279 | default = {} 280 | } 281 | 282 | variable "codebuild_source_auth_type" { 283 | description = "The authorization type to use. The only valid value is OAUTH" 284 | type = string 285 | default = "OAUTH" 286 | } 287 | 288 | variable "codebuild_source_auth_resource" { 289 | description = "The resource value that applies to the specified authorization type." 290 | type = string 291 | default = null 292 | } 293 | 294 | variable "codebuild_source_git_submodules_config" { 295 | description = "Information about the Git submodules configuration for an AWS CodeBuild build project. Git submodules config blocks are documented below. This option is only valid when the type is `CODECOMMIT`." 296 | type = map(any) 297 | default = {} 298 | } 299 | 300 | variable "codebuild_source_git_submodules_config_fetch_submodules" { 301 | description = "If set to true, fetches Git submodules for the AWS CodeBuild build project." 302 | type = bool 303 | default = true 304 | } 305 | 306 | # Secondary Source 307 | variable "codebuild_secondary_sources" { 308 | description = <<-EOF 309 | Information about the project's secondary sources code. See the related codebuild source objects for descriptions of each parameter. 310 | The parameter `source_identifier` is the name of the directory to clone the secondary source into as a sibling to the primary source code directory. 311 | If this variable is omitted, no secondary sources are created. 312 | 313 | eg: 314 | ``` 315 | codebuild_secondary_sources = [ 316 | { 317 | type = "GITHUB" 318 | location = "https://github.com/myprofile/myproject-1.git" 319 | source_identifier = "my_awesome_project1" 320 | }, 321 | { 322 | type = "GITHUB" 323 | location = "https://github.com/myprofile/myproject-2.git" 324 | git_clone_depth = 1 325 | source_identifier = "my_awesome_project2" 326 | report_build_status = true 327 | insecure_ssl = true 328 | } 329 | ] 330 | ``` 331 | EOF 332 | type = any 333 | default = [] 334 | } 335 | 336 | variable "codebuild_secondary_source_type" { 337 | description = "The type of repository that contains the secondary source code to be built. Valid values for this parameter are: `CODECOMMIT`, `CODEPIPELINE`, `GITHUB`, `GITHUB_ENTERPRISE`, `BITBUCKET`, `S3` or `NO_SOURCE`." 338 | type = string 339 | default = "CODEPIPELINE" 340 | } 341 | 342 | variable "codebuild_secondary_source_buildspec" { 343 | description = "The build spec declaration to use for this build project's related builds. Optional" 344 | type = string 345 | default = null 346 | } 347 | 348 | variable "codebuild_secondary_source_git_clone_depth" { 349 | description = "Information about the Git submodules configuration for an AWS CodeBuild build project. Git submodules config blocks are documented below. This option is only valid when the type is `CODECOMMIT`." 350 | type = number 351 | default = 0 352 | } 353 | 354 | variable "codebuild_secondary_source_insecure_ssl" { 355 | description = "Ignore SSL warnings when connecting to source control." 356 | type = bool 357 | default = false 358 | } 359 | 360 | variable "codebuild_secondary_source_location" { 361 | description = "The location of the source code from git or s3." 362 | type = string 363 | default = null 364 | } 365 | 366 | variable "codebuild_secondary_source_report_build_status" { 367 | description = "Set to true to report the status of a build's start and finish to your source provider. This option is only valid when the type is `BITBUCKET` or `GITHUB`." 368 | type = bool 369 | default = false 370 | } 371 | 372 | variable "codebuild_secondary_source_auth" { 373 | description = "Information about the authorization settings for AWS CodeBuild to access the source code to be built." 374 | type = map(any) 375 | default = {} 376 | } 377 | 378 | variable "codebuild_secondary_source_auth_type" { 379 | description = "The authorization type to use. The only valid value is OAUTH" 380 | type = string 381 | default = "OAUTH" 382 | } 383 | 384 | variable "codebuild_secondary_source_auth_resource" { 385 | description = "The resource value that applies to the specified authorization type." 386 | type = string 387 | default = null 388 | } 389 | 390 | variable "codebuild_secondary_source_git_submodules_config" { 391 | description = "Information about the Git submodules configuration for an AWS CodeBuild build project. Git submodules config blocks are documented below. This option is only valid when the type is `CODECOMMIT`." 392 | type = map(any) 393 | default = {} 394 | } 395 | 396 | variable "codebuild_secondary_source_identifier" { 397 | description = "The name of a folder named that the source will be checked out into inside the AWS CodeBuild source directory" 398 | type = string 399 | default = null 400 | } 401 | 402 | variable "codebuild_secondary_source_git_submodules_config_fetch_submodules" { 403 | description = "If set to true, fetches Git submodules for the AWS CodeBuild build project." 404 | type = bool 405 | default = true 406 | } 407 | 408 | # VPC Config 409 | variable "vpc_config" { 410 | description = "Configuration for the builds to run inside a VPC." 411 | type = any 412 | default = {} 413 | } 414 | 415 | variable "vpc_config_vpc_id" { 416 | description = "The ID of the VPC within which to run builds." 417 | type = string 418 | default = null 419 | } 420 | 421 | variable "vpc_config_subnets" { 422 | description = "The subnet IDs within which to run builds." 423 | type = list(string) 424 | default = [] 425 | } 426 | 427 | variable "vpc_config_security_group_ids" { 428 | description = "The security group IDs to assign to running builds." 429 | type = list(string) 430 | default = [] 431 | } 432 | 433 | # Tags 434 | variable "tags" { 435 | description = "A mapping of tags to assign to the resource." 436 | type = map(string) 437 | default = {} 438 | } 439 | 440 | variable "create_default_service_role" { 441 | description = "Should the default service role be created?" 442 | type = bool 443 | default = true 444 | } 445 | 446 | variable "service_role_arn" { 447 | description = "A predefined service role to be used" 448 | type = string 449 | default = null 450 | } 451 | 452 | variable "concurrent_build_limit" { 453 | description = "Specify a maximum number of concurrent builds for the project." 454 | type = number 455 | default = 1 456 | } 457 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ![Terraform](https://lgallardo.com/images/terraform.jpg) 2 | # terraform-aws-codebuild 3 | Terraform module for creating [AWS CodeBuild](https://aws.amazon.com/codebuild/) Projects. AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy. 4 | 5 | ## Usage 6 | You can define CodeBuild projects using object variables (made of maps, lists, booleans, etc.), or you can define projects using the classic module's variables approach (eg. `artifacts_*`, `cache_*`, etc.). 7 | 8 | In the [examples](examples/) folder you can check both approaches in detail and another example with VPC support. 9 | 10 | 11 | ## Example using objects 12 | ``` 13 | module "myapp-project" { 14 | 15 | source = "lgallard/codebuild/aws" 16 | 17 | name = "my-app" 18 | description = "Codebuild for deploying myapp" 19 | 20 | # CodeBuild Source 21 | codebuild_source_version = "master" 22 | codebuild_source = { 23 | type = "GITHUB" 24 | location = "https://github.com/lgallard/codebuild-example.git" 25 | git_clone_depth = 1 26 | 27 | git_submodules_config = { 28 | fetch_submodules = true 29 | } 30 | } 31 | 32 | # Secondary Sources (optional) 33 | codebuild_secondary_sources = [ 34 | { 35 | type = "GITHUB" 36 | location = "https://github.com/myprofile/myproject-1.git" 37 | source_identifier = "my_awesome_project1" 38 | }, 39 | { 40 | type = "GITHUB" 41 | location = "https://github.com/myprofile/myproject-2.git" 42 | git_clone_depth = 1 43 | source_identifier = "my_awesome_project2" 44 | report_build_status = true 45 | insecure_ssl = true 46 | } 47 | ] 48 | 49 | # Environment 50 | environment = { 51 | compute_type = "BUILD_GENERAL1_SMALL" 52 | image = "aws/codebuild/standard:2.0" 53 | type = "LINUX_CONTAINER" 54 | privileged_mode = true 55 | 56 | # Environment variables 57 | variables = [ 58 | { 59 | name = "REGISTRY_URL" 60 | value = "012345678910.dkr.ecr.us-east-1.amazonaws.com/my-ecr" 61 | }, 62 | { 63 | name = "AWS_DEFAULT_REGION" 64 | value = "us-east-1" 65 | }, 66 | ] 67 | } 68 | 69 | # Artifacts 70 | artifacts = { 71 | location = aws_s3_bucket.myapp-project.bucket 72 | type = "S3" 73 | path = "/" 74 | packaging = "ZIP" 75 | } 76 | 77 | # Cache 78 | cache = { 79 | type = "S3" 80 | location = aws_s3_bucket.myapp-project.bucket 81 | } 82 | 83 | # Logs 84 | s3_logs = { 85 | status = "ENABLED" 86 | location = "${aws_s3_bucket.myapp-project.id}/build-log" 87 | } 88 | 89 | # Tags 90 | tags = { 91 | Environment = "dev" 92 | owner = "development-team" 93 | } 94 | 95 | } 96 | ``` 97 | 98 | ## Example using variables 99 | ``` 100 | module "myapp-project" { 101 | 102 | source = "lgallard/codebuild/aws" 103 | 104 | name = "my-app-var" 105 | description = "Codebuild for deploying myapp (variables)" 106 | 107 | # CodeBuild Source 108 | codebuild_source_version = "master" 109 | 110 | codebuild_source_type = "GITHUB" 111 | codebuild_source_location = "https://github.com/lgallard/codebuild-example.git" 112 | codebuild_source_git_clone_depth = 1 113 | codebuild_source_git_submodules_config_fetch_submodules = true 114 | 115 | # Environment 116 | environment_compute_type = "BUILD_GENERAL1_SMALL" 117 | environment_image = "aws/codebuild/standard:2.0" 118 | environment_type = "LINUX_CONTAINER" 119 | environment_privileged_mode = true 120 | 121 | # Environment variables 122 | environment_variables = [ 123 | { 124 | name = "REGISTRY_URL" 125 | value = "012345678910.dkr.ecr.us-east-1.amazonaws.com/my-ecr" 126 | }, 127 | { 128 | name = "AWS_DEFAULT_REGION" 129 | value = "us-east-1" 130 | }, 131 | ] 132 | 133 | # Artifacts 134 | artifacts_location = aws_s3_bucket.myapp-project.bucket 135 | artifacts_type = "S3" 136 | artifacts_path = "/" 137 | artifacts_packaging = "ZIP" 138 | 139 | # Cache 140 | cache_type = "S3" 141 | cache_location = aws_s3_bucket.myapp-project.bucket 142 | 143 | # Logs 144 | s3_logs_status = "ENABLED" 145 | s3_logs_location = "${aws_s3_bucket.myapp-project.id}/build-var-log" 146 | 147 | 148 | # Tags 149 | tags = { 150 | Environment = "dev" 151 | owner = "development-team" 152 | } 153 | 154 | } 155 | ``` 156 | 157 | ## Requirements 158 | 159 | No requirements. 160 | 161 | ## Providers 162 | 163 | | Name | Version | 164 | |------|---------| 165 | | [aws](#provider\_aws) | n/a | 166 | 167 | ## Modules 168 | 169 | No modules. 170 | 171 | ## Resources 172 | 173 | | Name | Type | 174 | |------|------| 175 | | [aws_codebuild_project.cb_project](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codebuild_project) | resource | 176 | | [aws_iam_role.service_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | 177 | | [aws_iam_role_policy.codebuild_role_extra_policies](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | 178 | | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | 179 | | [aws_iam_policy_document.codebuild_assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | 180 | | [aws_iam_policy_document.codebuild_role_extra_policies](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | 181 | | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | 182 | 183 | ## Inputs 184 | 185 | | Name | Description | Type | Default | Required | 186 | |------|-------------|------|---------|:--------:| 187 | | [artifacts](#input\_artifacts) | Information about the project's build output artifacts. | `any` | `{}` | no | 188 | | [artifacts\_artifact\_identifier](#input\_artifacts\_artifact\_identifier) | The artifact identifier. Must be the same specified inside AWS CodeBuild buildspec. | `string` | `null` | no | 189 | | [artifacts\_encryption\_disabled](#input\_artifacts\_encryption\_disabled) | If set to true, output artifacts will not be encrypted. If `type` is set to `NO_ARTIFACTS` then this value will be ignored. | `bool` | `false` | no | 190 | | [artifacts\_location](#input\_artifacts\_location) | Information about the build output artifact location. If `type` is set to `CODEPIPELINE` or `NO_ARTIFACTS` then this value will be ignored. If `type` is set to `S3`, this is the name of the output bucket. | `string` | `null` | no | 191 | | [artifacts\_name](#input\_artifacts\_name) | The name of the project. If `type` is set to `S3`, this is the name of the output artifact object. | `string` | `null` | no | 192 | | [artifacts\_namespace\_type](#input\_artifacts\_namespace\_type) | The namespace to use in storing build artifacts. If `type` is set to `S3`, then valid values for this parameter are: `BUILD_ID` or `NONE`. | `string` | `null` | no | 193 | | [artifacts\_override\_artifact\_name](#input\_artifacts\_override\_artifact\_name) | If set to true, a name specified in the build spec file overrides the artifact name. | `bool` | `false` | no | 194 | | [artifacts\_packaging](#input\_artifacts\_packaging) | The type of build output artifact to create. If `type` is set to `S3`, valid values for this parameter are: `NONE` or `ZIP` | `string` | `null` | no | 195 | | [artifacts\_path](#input\_artifacts\_path) | If `type` is set to `S3`, this is the path to the output artifact | `string` | `""` | no | 196 | | [artifacts\_type](#input\_artifacts\_type) | The build output artifact's type. Valid values for this parameter are: `CODEPIPELINE`, `NO_ARTIFACTS` or `S3`. | `string` | `"CODEPIPELINE"` | no | 197 | | [badge\_enabled](#input\_badge\_enabled) | Generates a publicly-accessible URL for the projects build badge. Available as badge\_url attribute when enabled. | `bool` | `false` | no | 198 | | [build\_timeout](#input\_build\_timeout) | How long in minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed.The default is 60 minutes. | `number` | `60` | no | 199 | | [cache](#input\_cache) | Information about the cache storage for the project. | `any` | `{}` | no | 200 | | [cache\_location](#input\_cache\_location) | The location where the AWS CodeBuild project stores cached resources. For type S3 the value must be a valid S3 bucket name/prefix. (Required when cache `type` is `S3`) | `string` | `null` | no | 201 | | [cache\_modes](#input\_cache\_modes) | Specifies settings that AWS CodeBuild uses to store and reuse build dependencies. Valid values: `LOCAL_SOURCE_CACHE`, `LOCAL_DOCKER_LAYER_CACHE`, and `LOCAL_CUSTOM_CACHE`. (Required when cache type is `LOCAL`) | `list(any)` | `[]` | no | 202 | | [cache\_type](#input\_cache\_type) | The type of storage that will be used for the AWS CodeBuild project cache. Valid values: `NO_CACHE`, `LOCAL`, and `S3`. | `string` | `"NO_CACHE"` | no | 203 | | [cloudwatch\_logs](#input\_cloudwatch\_logs) | Configuration for the builds to store log data to CloudWatch. | `any` | `{}` | no | 204 | | [cloudwatch\_logs\_group\_name](#input\_cloudwatch\_logs\_group\_name) | The group name of the logs in CloudWatch Logs. | `string` | `null` | no | 205 | | [cloudwatch\_logs\_status](#input\_cloudwatch\_logs\_status) | Current status of logs in CloudWatch Logs for a build project. Valid values: `ENABLED`, `DISABLED.` | `string` | `"ENABLED"` | no | 206 | | [cloudwatch\_logs\_stream\_name](#input\_cloudwatch\_logs\_stream\_name) | The stream name of the logs in CloudWatch Logs. | `string` | `null` | no | 207 | | [codebuild\_secondary\_source\_auth](#input\_codebuild\_secondary\_source\_auth) | Information about the authorization settings for AWS CodeBuild to access the source code to be built. | `map` | `{}` | no | 208 | | [codebuild\_secondary\_source\_auth\_resource](#input\_codebuild\_secondary\_source\_auth\_resource) | The resource value that applies to the specified authorization type. | `string` | `null` | no | 209 | | [codebuild\_secondary\_source\_auth\_type](#input\_codebuild\_secondary\_source\_auth\_type) | The authorization type to use. The only valid value is OAUTH | `string` | `"OAUTH"` | no | 210 | | [codebuild\_secondary\_source\_buildspec](#input\_codebuild\_secondary\_source\_buildspec) | The build spec declaration to use for this build project's related builds. Optional | `string` | `null` | no | 211 | | [codebuild\_secondary\_source\_git\_clone\_depth](#input\_codebuild\_secondary\_source\_git\_clone\_depth) | Information about the Git submodules configuration for an AWS CodeBuild build project. Git submodules config blocks are documented below. This option is only valid when the type is `CODECOMMIT`. | `number` | `0` | no | 212 | | [codebuild\_secondary\_source\_git\_submodules\_config](#input\_codebuild\_secondary\_source\_git\_submodules\_config) | Information about the Git submodules configuration for an AWS CodeBuild build project. Git submodules config blocks are documented below. This option is only valid when the type is `CODECOMMIT`. | `map` | `{}` | no | 213 | | [codebuild\_secondary\_source\_git\_submodules\_config\_fetch\_submodules](#input\_codebuild\_secondary\_source\_git\_submodules\_config\_fetch\_submodules) | If set to true, fetches Git submodules for the AWS CodeBuild build project. | `bool` | `true` | no | 214 | | [codebuild\_secondary\_source\_identifier](#input\_codebuild\_secondary\_source\_identifier) | The name of a folder named that the source will be checked out into inside the AWS CodeBuild source directory | `string` | `null` | no | 215 | | [codebuild\_secondary\_source\_insecure\_ssl](#input\_codebuild\_secondary\_source\_insecure\_ssl) | Ignore SSL warnings when connecting to source control. | `bool` | `false` | no | 216 | | [codebuild\_secondary\_source\_location](#input\_codebuild\_secondary\_source\_location) | The location of the source code from git or s3. | `string` | `null` | no | 217 | | [codebuild\_secondary\_source\_report\_build\_status](#input\_codebuild\_secondary\_source\_report\_build\_status) | Set to true to report the status of a build's start and finish to your source provider. This option is only valid when the type is `BITBUCKET` or `GITHUB`. | `bool` | `false` | no | 218 | | [codebuild\_secondary\_source\_type](#input\_codebuild\_secondary\_source\_type) | The type of repository that contains the secondary source code to be built. Valid values for this parameter are: `CODECOMMIT`, `CODEPIPELINE`, `GITHUB`, `GITHUB_ENTERPRISE`, `BITBUCKET`, `S3` or `NO_SOURCE`. | `string` | `"CODEPIPELINE"` | no | 219 | | [codebuild\_secondary\_sources](#input\_codebuild\_secondary\_sources) | Information about the project's secondary sources code. See the related codebuild source objects for descriptions of each parameter.
The parameter `source_identifier` is the name of the directory to clone the secondary source into as a sibling to the primary source code directory.
If this variable is omitted, no secondary sources are created.

eg:
codebuild_secondary_sources = [
    {
      type              = "GITHUB"
      location          = "https://github.com/myprofile/myproject-1.git"
      source_identifier = "my_awesome_project1"
    },
    {
      type                = "GITHUB"
      location            = "https://github.com/myprofile/myproject-2.git"
      git_clone_depth     = 1
      source_identifier   = "my_awesome_project2"
      report_build_status = true
      insecure_ssl        = true
    }
  ]
| `any` | `[]` | no | 220 | | [codebuild\_source](#input\_codebuild\_source) | Information about the project's input source code. | `any` | `{}` | no | 221 | | [codebuild\_source\_auth](#input\_codebuild\_source\_auth) | Information about the authorization settings for AWS CodeBuild to access the source code to be built. | `map(any)` | `{}` | no | 222 | | [codebuild\_source\_auth\_resource](#input\_codebuild\_source\_auth\_resource) | The resource value that applies to the specified authorization type. | `string` | `null` | no | 223 | | [codebuild\_source\_auth\_type](#input\_codebuild\_source\_auth\_type) | The authorization type to use. The only valid value is OAUTH | `string` | `"OAUTH"` | no | 224 | | [codebuild\_source\_buildspec](#input\_codebuild\_source\_buildspec) | The build spec declaration to use for this build project's related builds. This must be set when type is iNO\_SOURCE | `string` | `null` | no | 225 | | [codebuild\_source\_git\_clone\_depth](#input\_codebuild\_source\_git\_clone\_depth) | Information about the Git submodules configuration for an AWS CodeBuild build project. Git submodules config blocks are documented below. This option is only valid when the type is `CODECOMMIT`. | `number` | `0` | no | 226 | | [codebuild\_source\_git\_submodules\_config](#input\_codebuild\_source\_git\_submodules\_config) | Information about the Git submodules configuration for an AWS CodeBuild build project. Git submodules config blocks are documented below. This option is only valid when the type is `CODECOMMIT`. | `map(any)` | `{}` | no | 227 | | [codebuild\_source\_git\_submodules\_config\_fetch\_submodules](#input\_codebuild\_source\_git\_submodules\_config\_fetch\_submodules) | If set to true, fetches Git submodules for the AWS CodeBuild build project. | `bool` | `true` | no | 228 | | [codebuild\_source\_insecure\_ssl](#input\_codebuild\_source\_insecure\_ssl) | Ignore SSL warnings when connecting to source control. | `bool` | `false` | no | 229 | | [codebuild\_source\_location](#input\_codebuild\_source\_location) | The location of the source code from git or s3. | `string` | `null` | no | 230 | | [codebuild\_source\_report\_build\_status](#input\_codebuild\_source\_report\_build\_status) | Set to true to report the status of a build's start and finish to your source provider. This option is only valid when the type is `BITBUCKET` or `GITHUB`. | `bool` | `false` | no | 231 | | [codebuild\_source\_type](#input\_codebuild\_source\_type) | The type of repository that contains the source code to be built. Valid values for this parameter are: `CODECOMMIT`, `CODEPIPELINE`, `GITHUB`, `GITHUB_ENTERPRISE`, `BITBUCKET`, `S3` or `NO_SOURCE`. | `string` | `"CODEPIPELINE"` | no | 232 | | [codebuild\_source\_version](#input\_codebuild\_source\_version) | A version of the build input to be built for this project. If not specified, the latest version is used. | `string` | `null` | no | 233 | | [description](#input\_description) | A short description of the project. | `string` | `null` | no | 234 | | [encryption\_key](#input\_encryption\_key) | The AWS Key Management Service (AWS KMS) customer master key (CMK) to be used for encrypting the build project's build output artifacts. | `string` | `null` | no | 235 | | [environment](#input\_environment) | Information about the project's build environment. | `any` | `{}` | no | 236 | | [environment\_certificate](#input\_environment\_certificate) | The ARN of the S3 bucket, path prefix and object key that contains the PEM-encoded certificate. | `string` | `null` | no | 237 | | [environment\_compute\_type](#input\_environment\_compute\_type) | Information about the compute resources the build project will use. Available values for this parameter are: `BUILD_GENERAL1_SMALL`, `BUILD_GENERAL1_MEDIUM`, `BUILD_GENERAL1_LARGE` or `BUILD_GENERAL1_2XLARGE`. `BUILD_GENERAL1_SMALL` is only valid if type is set to `LINUX_CONTAINER`. When type is set to `LINUX_GPU_CONTAINER`, compute\_type need to be `BUILD_GENERAL1_LARGE`. | `string` | `"BUILD_GENERAL1_MEDIUM"` | no | 238 | | [environment\_image](#input\_environment\_image) | The Docker image to use for this build project. Valid values include Docker images provided by CodeBuild (e.g `aws/codebuild/standard:2.0`), Docker Hub images (e.g. `hashicorp/terraform:latest`), and full Docker repository URIs such as those for ECR (e.g. `137112412989.dkr.ecr.us-west-2.amazonaws.com/amazonlinux:latest`) | `string` | `"aws/codebuild/standard:2.0"` | no | 239 | | [environment\_image\_pull\_credentials\_type](#input\_environment\_image\_pull\_credentials\_type) | The type of credentials AWS CodeBuild uses to pull images in your build. Available values for this parameter are `CODEBUID` or `SERVICE_ROLE`. When you use a cross-account or private registry image, you must use SERVICE\_ROLE credentials. When you use an AWS CodeBuild curated image, you must use CODEBUILD credentials. | `string` | `"CODEBUILD"` | no | 240 | | [environment\_privileged\_mode](#input\_environment\_privileged\_mode) | If set to true, enables running the Docker daemon inside a Docker container. | `bool` | `false` | no | 241 | | [environment\_registry\_credential](#input\_environment\_registry\_credential) | Information about credentials for access to a private Docker registry. Registry Credential config blocks are documented below. | `map(any)` | `{}` | no | 242 | | [environment\_type](#input\_environment\_type) | The type of build environment to use for related builds. Available values are: `LINUX_CONTAINER`, `LINUX_GPU_CONTAINER`, `WINDOWS_CONTAINER` or `ARM_CONTAINER`. | `string` | `"LINUX_CONTAINER"` | no | 243 | | [environment\_variables](#input\_environment\_variables) | A list of sets of environment variables to make available to builds for this build project. | `list(any)` | `[]` | no | 244 | | [name](#input\_name) | The projects name. | `string` | n/a | yes | 245 | | [queued\_timeout](#input\_queued\_timeout) | How long in minutes, from 5 to 480 (8 hours), a build is allowed to be queued before it times out.The default is 8 hours. | `number` | `480` | no | 246 | | [s3\_logs](#input\_s3\_logs) | Configuration for the builds to store log data to S3. | `any` | `{}` | no | 247 | | [s3\_logs\_encryption\_disabled](#input\_s3\_logs\_encryption\_disabled) | Set to true if you do not want S3 logs encrypted. | `string` | `true` | no | 248 | | [s3\_logs\_location](#input\_s3\_logs\_location) | The name of the S3 bucket and the path prefix for S3 logs. Must be set if status is ENABLED, otherwise it must be empty. | `string` | `null` | no | 249 | | [s3\_logs\_status](#input\_s3\_logs\_status) | Current status of logs in S3 for a build project. Valid values: `ENABLED`, `DISABLED.` | `string` | `"DISABLED"` | no | 250 | | [tags](#input\_tags) | A mapping of tags to assign to the resource. | `map(string)` | `{}` | no | 251 | | [vpc\_config](#input\_vpc\_config) | Configuration for the builds to run inside a VPC. | `any` | `{}` | no | 252 | | [vpc\_config\_security\_group\_ids](#input\_vpc\_config\_security\_group\_ids) | The security group IDs to assign to running builds. | `list(string)` | `[]` | no | 253 | | [vpc\_config\_subnets](#input\_vpc\_config\_subnets) | The subnet IDs within which to run builds. | `list(string)` | `[]` | no | 254 | | [vpc\_config\_vpc\_id](#input\_vpc\_config\_vpc\_id) | The ID of the VPC within which to run builds. | `string` | `null` | no | 255 | 256 | ## Outputs 257 | 258 | | Name | Description | 259 | |------|-------------| 260 | | [arn](#output\_arn) | The ARN of the CodeBuild project | 261 | | [id](#output\_id) | The name (if imported via name) or ARN (if created via Terraform or imported via ARN) of the CodeBuild project. | 262 | | [name](#output\_name) | The name of the CodeBuild project | 263 | | [service\_role\_arn](#output\_service\_role\_arn) | Amazon Resource Name (ARN) of the Service Role for CodeBuild. | 264 | | [service\_role\_id](#output\_service\_role\_id) | ID of the Service Role created for CodeBuild. | 265 | | [service\_role\_name](#output\_service\_role\_name) | Name of the Service Role created for CodeBuild. | 266 | 267 | --------------------------------------------------------------------------------