├── .github
    └── pull_request_template.md
├── .gitignore
├── LICENSE
├── README.md
├── app
    ├── codedeploy.tf
    ├── outputs.tf
    ├── variables.tf
    └── versions.tf
├── deployment-group
    ├── main.tf
    ├── variables.tf
    └── versions.tf
├── notify-slack
    ├── README.md
    ├── functions
    │   └── lambda-slack.py
    ├── main.tf
    ├── outputs.tf
    ├── variables.tf
    └── versions.tf
└── s3bucket
    ├── main.tf
    ├── outputs.tf
    ├── variables.tf
    └── versions.tf


/.github/pull_request_template.md:
--------------------------------------------------------------------------------
 1 | <!--- Provide a general summary of your changes in the Title above -->
 2 | 
 3 | ## Description
 4 | <!--- Describe your changes in detail -->
 5 | 
 6 | ## Related Issue
 7 | <!--- This project only accepts pull requests related to open issues -->
 8 | <!--- If suggesting a new feature or change, please discuss it in an issue first -->
 9 | <!--- If fixing a bug, there should be an issue describing it with steps to reproduce -->
10 | <!--- Please link to the issue here: -->
11 | 
12 | ## Motivation and Context
13 | <!--- Why is this change required? What problem does it solve? -->
14 | 
15 | ## How Has This Been Tested?
16 | <!--- Please describe in detail how you tested your changes. -->
17 | <!--- Include details of your testing environment, and the tests you ran to -->
18 | <!--- see how your change affects other areas of the code, etc. -->
19 | 
20 | ## Types of changes
21 | <!--- What types of changes does your code introduce? Put an `x` in all the boxes that apply: -->
22 | - [ ] Bug fix (non-breaking change which fixes an issue)
23 | - [ ] New feature (non-breaking change which adds functionality)
24 | - [ ] Breaking change (fix or feature that would cause existing functionality to change)
25 | 
26 | ## Checklist:
27 | <!--- Go over all the following points, and put an `x` in all the boxes that apply. -->
28 | <!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! -->
29 | - [ ] My code follows the code style of this project.
30 | - [ ] My change requires a change to the documentation.
31 | - [ ] I have updated the documentation accordingly.
32 | - [ ] I have added tests to cover my changes.
33 | - [ ] All new and existing tests passed.
34 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # Compiled files
2 | *.tfstate
3 | *.tfstate.backup
4 | .terraform
5 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2016 Skyscrapers
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | Terraform modules that are related to codedeploy
  2 | 
  3 | # app
  4 | Create a codedeploy app
  5 | 
  6 | ## Requirements
  7 | 
  8 | | Name | Version |
  9 | |------|---------|
 10 | | terraform | >= 0.12 |
 11 | 
 12 | ## Providers
 13 | 
 14 | | Name | Version |
 15 | |------|---------|
 16 | | aws | n/a |
 17 | 
 18 | ## Inputs
 19 | 
 20 | | Name | Description | Type | Default | Required |
 21 | |------|-------------|------|---------|:--------:|
 22 | | name | Name of your codedeploy application | `any` | n/a | yes |
 23 | | project | The current project | `any` | n/a | yes |
 24 | | s3_bucket_arn | ARN of the S3 bucket where to fetch the application revision packages | `string` | `""` | no |
 25 | 
 26 | ## Outputs
 27 | 
 28 | | Name | Description |
 29 | |------|-------------|
 30 | | app_name | n/a |
 31 | | deployer_policy_arn | n/a |
 32 | | deployer_policy_id | n/a |
 33 | | deployer_policy_name | n/a |
 34 | 
 35 | ## Example
 36 | ```
 37 |   module "codedeploy" {
 38 |     source  = "github.com/skyscrapers/terraform-codedeploy//app"
 39 |     name    = "application"
 40 |     project = "example"
 41 |   }
 42 | ```
 43 | 
 44 | # deployment-group
 45 | Create an deployment group for a codedeploy app
 46 | 
 47 | ## Requirements
 48 | 
 49 | | Name | Version |
 50 | |------|---------|
 51 | | terraform | >= 0.12 |
 52 | 
 53 | ## Providers
 54 | 
 55 | | Name | Version |
 56 | |------|---------|
 57 | | aws | n/a |
 58 | 
 59 | ## Inputs
 60 | 
 61 | | Name | Description | Type | Default | Required |
 62 | |------|-------------|------|---------|:--------:|
 63 | | app_name | Name of the app | `any` | n/a | yes |
 64 | | autoscaling_groups | Autoscaling groups you want to attach to the deployment group | `list(string)` | n/a | yes |
 65 | | environment | Environment where your codedeploy deployment group is used for | `any` | n/a | yes |
 66 | | service_role_arn | IAM role that is used by the deployment group | `any` | n/a | yes |
 67 | | alb_target_group | Name of the ALB target group to use, define it when traffic need to be blocked from ALB during deployment | `string` | `null` | no |
 68 | | blue_termination_behavior | The action to take on instances in the original environment after a successful deployment. Only relevant when `enable_bluegreen` is `true` | `string` | `"KEEP_ALIVE"` | no |
 69 | | bluegreen_timeout_action | When to reroute traffic from an original environment to a replacement environment. Only relevant when `enable_bluegreen` is `true` | `string` | `"CONTINUE_DEPLOYMENT"` | no |
 70 | | ec2_tag_filter | Filter key and value you want to use for tags filters. Defined as key/value format, example: `{"Environment":"staging"}` | `map(string)` | `null` | no |
 71 | | enable_bluegreen | Enable all bluegreen deployment options | `bool` | `false` | no |
 72 | | green_provisioning | The method used to add instances to a replacement environment. Only relevant when `enable_bluegreen` is `true` | `string` | `"COPY_AUTO_SCALING_GROUP"` | no |
 73 | | rollback_enabled | Whether to enable auto rollback | `bool` | `false` | no |
 74 | | rollback_events | The event types that trigger a rollback | `list(string)` | <pre>[<br>  "DEPLOYMENT_FAILURE"<br>]</pre> | no |
 75 | | trigger_events | events that can trigger the notifications | `list(string)` | <pre>[<br>  "DeploymentStop",<br>  "DeploymentRollback",<br>  "DeploymentSuccess",<br>  "DeploymentFailure",<br>  "DeploymentStart"<br>]</pre> | no |
 76 | | trigger_target_arn | The ARN of the SNS topic through which notifications are sent | `string` | `null` | no |
 77 | 
 78 | ## Outputs
 79 | 
 80 | No output.
 81 | 
 82 | 
 83 | ## Example
 84 | ```
 85 |   module "deployment_group" {
 86 |     source             = "github.com/skyscrapers/terraform-codedeploy//deployment-group"
 87 |     environment        = "production"
 88 |     app_name           = module.codedeploy.app_name
 89 |     service_role_arn   = module.iam.arn_role
 90 |     autoscaling_groups = ["autoscaling1", "autoscaling2"]
 91 |   }
 92 | ```
 93 | 
 94 | 
 95 | # S3 bucket
 96 | 
 97 | Create an S3 bucket to use with Codedeploy, to store application revisions.
 98 | ## Requirements
 99 | 
100 | | Name | Version |
101 | |------|---------|
102 | | terraform | >= 0.12 |
103 | 
104 | ## Providers
105 | 
106 | | Name | Version |
107 | |------|---------|
108 | | aws | n/a |
109 | 
110 | ## Inputs
111 | 
112 | | Name | Description | Type | Default | Required |
113 | |------|-------------|------|---------|:--------:|
114 | | name_prefix | Prefix for the bucket name. Note that the same bucket is used for all codedeploy deployment groups | `any` | n/a | yes |
115 | 
116 | ## Outputs
117 | 
118 | | Name | Description |
119 | |------|-------------|
120 | | bucket_arn | n/a |
121 | | bucket_id | n/a |
122 | | policy_arn | n/a |
123 | | policy_id | n/a |
124 | | policy_name | n/a |
125 | 
126 | ## Example
127 | 
128 | ```
129 | module "codedeploy_bucket" {
130 |   source      = "github.com/skyscrapers/terraform-codedeploy//s3bucket?ref=478373f6f8d4a46b7a1ec96090707365e0ae3e42"
131 |   name_prefix = "app"
132 | }
133 | ```
134 | 
135 | # notify-slack
136 | Creates a lambda function that notifies Slack via the [incoming webhooks](https://skyscrapers.slack.com/apps/A0F7XDUAZ-incoming-webhooks) when a deployment event happens using an SNS topic to call the lambda function.
137 | 
138 | 
139 | ## Requirements
140 | 
141 | | Name | Version |
142 | |------|---------|
143 | | terraform | >= 0.12 |
144 | 
145 | ## Providers
146 | 
147 | | Name | Version |
148 | |------|---------|
149 | | archive | n/a |
150 | | aws | n/a |
151 | 
152 | ## Inputs
153 | 
154 | | Name | Description | Type | Default | Required |
155 | |------|-------------|------|---------|:--------:|
156 | | kms_key_arn | KMS used for encrypting the webhook | `any` | n/a | yes |
157 | | slack_channel | E.g. #channel_name | `any` | n/a | yes |
158 | | slack_webhook_url | Needs to be encrypted from a file with _no_ encryption context, using: aws kms encrypt --key-id 'arn:' --plaintext 'fileb://webhook' --output text --query CiphertextBlob | `any` | n/a | yes |
159 | | notify_users | Slack usernames for mentions as a space separated string as '<@name1> <@name2>' or '<!channel>' or '<!here>' | `string` | `""` | no |
160 | | verbose | All codedeploy messages will be output if true. Only CREATED, FAILED, STOPPED and SUCCEEDED if it is empty or false | `string` | `"true"` | no |
161 | 
162 | ## Outputs
163 | 
164 | | Name | Description |
165 | |------|-------------|
166 | | sns_topic | n/a |
167 | 
168 | 
169 | ## Example
170 | ```
171 |   module "slack-notification" {
172 |     source  = "github.com/skyscrapers/terraform-codedeploy//notify-slack"
173 |     slack_webhook_url = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
174 |     slack_channel = "#channel_name"
175 |     kms_key_arn = aws_kms_key.kms_key.arn
176 |   }
177 | ```
178 | 
179 | 


--------------------------------------------------------------------------------
/app/codedeploy.tf:
--------------------------------------------------------------------------------
 1 | data "aws_region" "current" {
 2 | }
 3 | 
 4 | data "aws_caller_identity" "current" {
 5 | }
 6 | 
 7 | resource "aws_codedeploy_app" "app" {
 8 |   name = "${var.project}-${var.name}"
 9 | }
10 | 
11 | # This policy allows to upload application revisions to S3 (if the S3 bucket arn is provided),
12 | # register application revisions and trigger deployments on all deployment groups
13 | # It's basically taken from the AWS documentation here
14 | # http://docs.aws.amazon.com/codedeploy/latest/userguide/auth-and-access-control-iam-identity-based-access-control.html
15 | resource "aws_iam_policy" "deployer_policy" {
16 |   name        = "${var.project}-${var.name}-deployer-policy"
17 |   description = "Policy to create a codedeploy application revision and to deploy it, for application ${aws_codedeploy_app.app.name}"
18 | 
19 |   policy = <<EOF
20 | {
21 |   "Version": "2012-10-17",
22 |   "Statement": [
23 |     {
24 |       "Effect" : "Allow",
25 |       "Action" : [
26 |         "codedeploy:CreateDeployment"
27 |       ],
28 |       "Resource" : [
29 |         "arn:aws:codedeploy:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:deploymentgroup:${aws_codedeploy_app.app.name}/*"
30 |       ]
31 |     },
32 |     {
33 |       "Effect" : "Allow",
34 |       "Action" : [
35 |         "codedeploy:GetDeploymentConfig"
36 |       ],
37 |       "Resource" : [
38 |         "arn:aws:codedeploy:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:deploymentconfig:*"
39 |       ]
40 |     },
41 |     {
42 |       "Effect" : "Allow",
43 |       "Action" : [
44 |         "codedeploy:GetApplicationRevision"
45 |       ],
46 |       "Resource" : [
47 |         "arn:aws:codedeploy:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:application:${aws_codedeploy_app.app.name}"
48 |       ]
49 |     },
50 |     {
51 |       "Effect" : "Allow",
52 |       "Action" : [
53 |         "codedeploy:RegisterApplicationRevision"
54 |       ],
55 |       "Resource" : [
56 |         "arn:aws:codedeploy:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:application:${aws_codedeploy_app.app.name}"
57 |       ]
58 |     }
59 |     ${element(formatlist(", { \"Effect\" : \"Allow\", \"Action\" : [ \"s3:PutObject*\", \"s3:ListBucket\" ], \"Resource\" : [ \"%s/*\", \"%s\" ] }, { \"Effect\" : \"Allow\", \"Action\" : [ \"s3:ListAllMyBuckets\" ], \"Resource\" : [ \"*\" ] }", compact(list(var.s3_bucket_arn)), compact(list(var.s3_bucket_arn))), 0)}
60 |    ]
61 | }
62 | EOF
63 | 
64 | }
65 | 


--------------------------------------------------------------------------------
/app/outputs.tf:
--------------------------------------------------------------------------------
 1 | output "app_name" {
 2 |   value = aws_codedeploy_app.app.name
 3 | }
 4 | 
 5 | output "deployer_policy_id" {
 6 |   value = aws_iam_policy.deployer_policy.id
 7 | }
 8 | 
 9 | output "deployer_policy_arn" {
10 |   value = aws_iam_policy.deployer_policy.arn
11 | }
12 | 
13 | output "deployer_policy_name" {
14 |   value = aws_iam_policy.deployer_policy.name
15 | }
16 | 
17 | 


--------------------------------------------------------------------------------
/app/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "name" {
 2 |   description = "Name of your codedeploy application"
 3 | }
 4 | 
 5 | variable "project" {
 6 |   description = "The current project"
 7 | }
 8 | 
 9 | variable "s3_bucket_arn" {
10 |   description = "ARN of the S3 bucket where to fetch the application revision packages"
11 |   default     = ""
12 | }
13 | 
14 | 


--------------------------------------------------------------------------------
/app/versions.tf:
--------------------------------------------------------------------------------
1 | 
2 | terraform {
3 |   required_version = ">= 0.12"
4 | }
5 | 


--------------------------------------------------------------------------------
/deployment-group/main.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_codedeploy_deployment_group" "deployment_group" {
 2 |   app_name              = var.app_name
 3 |   deployment_group_name = "${var.app_name}-${var.environment}"
 4 |   service_role_arn      = var.service_role_arn
 5 |   autoscaling_groups    = var.autoscaling_groups
 6 | 
 7 |   auto_rollback_configuration {
 8 |     enabled = var.rollback_enabled
 9 |     events  = var.rollback_events
10 |   }
11 | 
12 |   deployment_style {
13 |     deployment_option = var.alb_target_group == null ? "WITHOUT_TRAFFIC_CONTROL" : "WITH_TRAFFIC_CONTROL"
14 |     deployment_type   = var.enable_bluegreen == false ? "IN_PLACE" : "BLUE_GREEN"
15 |   }
16 | 
17 |   dynamic "blue_green_deployment_config" {
18 |     for_each = var.enable_bluegreen == true ? [1] : []
19 |     content {
20 |       deployment_ready_option {
21 |         action_on_timeout = var.bluegreen_timeout_action
22 |       }
23 | 
24 |       terminate_blue_instances_on_deployment_success {
25 |         action = var.blue_termination_behavior
26 |       }
27 |       green_fleet_provisioning_option {
28 |         action = var.green_provisioning
29 |       }
30 |     }
31 |   }
32 | 
33 |   dynamic "load_balancer_info" {
34 |     for_each = var.alb_target_group == null ? [] : [var.alb_target_group]
35 |     content {
36 |       target_group_info {
37 |         name = var.alb_target_group
38 |       }
39 |     }
40 |   }
41 | 
42 |   dynamic "trigger_configuration" {
43 |     for_each = var.trigger_target_arn == null ? [] : [var.trigger_target_arn]
44 |     content {
45 |       trigger_events     = var.trigger_events
46 |       trigger_name       = "${var.app_name}-${var.environment}"
47 |       trigger_target_arn = var.trigger_target_arn
48 |     }
49 |   }
50 | 
51 |   dynamic "ec2_tag_filter" {
52 |     for_each = var.ec2_tag_filter == null ? {} : var.ec2_tag_filter
53 |     content {
54 |       key   = ec2_tag_filter.key
55 |       type  = "KEY_AND_VALUE"
56 |       value = ec2_tag_filter.value
57 |     }
58 |   }
59 | 
60 | }
61 | 
62 | 


--------------------------------------------------------------------------------
/deployment-group/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "environment" {
 2 |   description = "Environment where your codedeploy deployment group is used for"
 3 | }
 4 | 
 5 | variable "app_name" {
 6 |   description = "Name of the app"
 7 | }
 8 | 
 9 | variable "service_role_arn" {
10 |   description = "IAM role that is used by the deployment group"
11 | }
12 | 
13 | variable "autoscaling_groups" {
14 |   type        = list(string)
15 |   description = "Autoscaling groups you want to attach to the deployment group"
16 | }
17 | 
18 | variable "rollback_enabled" {
19 |   description = "Whether to enable auto rollback"
20 |   default     = false
21 | }
22 | 
23 | variable "rollback_events" {
24 |   description = "The event types that trigger a rollback"
25 |   type        = list(string)
26 |   default     = ["DEPLOYMENT_FAILURE"]
27 | }
28 | 
29 | variable "trigger_events" {
30 |   description = "events that can trigger the notifications"
31 |   type        = list(string)
32 |   default     = ["DeploymentStop", "DeploymentRollback", "DeploymentSuccess", "DeploymentFailure", "DeploymentStart"]
33 | }
34 | 
35 | variable "trigger_target_arn" {
36 |   description = "The ARN of the SNS topic through which notifications are sent"
37 |   type        = string
38 |   default     = null
39 | }
40 | 
41 | variable "enable_bluegreen" {
42 |   description = "Enable all bluegreen deployment options"
43 |   type        = bool
44 |   default     = false
45 | 
46 | }
47 | 
48 | variable "bluegreen_timeout_action" {
49 |   description = "When to reroute traffic from an original environment to a replacement environment. Only relevant when `enable_bluegreen` is `true`"
50 |   type        = string
51 |   default     = "CONTINUE_DEPLOYMENT"
52 | }
53 | 
54 | variable "blue_termination_behavior" {
55 |   description = " The action to take on instances in the original environment after a successful deployment. Only relevant when `enable_bluegreen` is `true`"
56 |   default     = "KEEP_ALIVE"
57 | }
58 | 
59 | variable "green_provisioning" {
60 |   description = "The method used to add instances to a replacement environment. Only relevant when `enable_bluegreen` is `true`"
61 |   type        = string
62 |   default     = "COPY_AUTO_SCALING_GROUP"
63 | 
64 | 
65 | }
66 | 
67 | variable "alb_target_group" {
68 |   description = "Name of the ALB target group to use, define it when traffic need to be blocked from ALB during deployment"
69 |   default     = null
70 |   type        = string
71 | }
72 | 
73 | variable "ec2_tag_filter" {
74 |   description = "Filter key and value you want to use for tags filters. Defined as key/value format, example: `{\"Environment\":\"staging\"}`"
75 |   type        = map(string)
76 |   default     = null
77 | }
78 | 


--------------------------------------------------------------------------------
/deployment-group/versions.tf:
--------------------------------------------------------------------------------
1 | 
2 | terraform {
3 |   required_version = ">= 0.12"
4 | }
5 | 


--------------------------------------------------------------------------------
/notify-slack/README.md:
--------------------------------------------------------------------------------
 1 | # notify-slack
 2 | 
 3 | ## Encrypting the webhook
 4 | 
 5 | The Slack webhook needs to be encrypted with KMS.
 6 | It has to be in a file and not simply as a string e.g. `--plaintext 'https://...'` as KMS will try to resolve it as a resource.
 7 | 
 8 | `aws kms encrypt --key-id "alias/keyName" --plaintext 'fileb://webhook' --output text --query CiphertextBlob`
 9 | 
10 | ## on CodeDeploy failures
11 | 
12 | - [notify_users]: String (optional) It is possible to use mentions on failues. This is a simple string, e.g. "<@name1> <@name2>" or if the customer requests it, it can simply be "<!channel>" or "<!here>".
13 | 
14 | ## Testing
15 | 
16 | To test that the lamda code is working, you can publish to the topic from the AWS CLI, setting the SNS ARN for the below command.
17 | Please note that currently the built in AWS Lamda test for SNS does not supply a correct JSON formatted message.
18 | 
19 | `aws sns publish --topic-arn arn:...:cd-sns-lambda --message '{"applicationName": "test-slack-notify", "deploymentId": "d-12A3BCDEF", "deploymentGroupName": "dep-group-def-123", "status": "succeeded"}'`
20 | 


--------------------------------------------------------------------------------
/notify-slack/functions/lambda-slack.py:
--------------------------------------------------------------------------------
 1 | from __future__ import print_function
 2 | import json,urllib2,urllib
 3 | import os, boto3
 4 | from base64 import b64decode
 5 | import re
 6 | import sys
 7 | import traceback
 8 | import logging
 9 | logger = logging.getLogger()
10 | logger.setLevel(logging.INFO)
11 | 
12 | def decrypt(in_message):
13 |     """
14 |     Decrypts the message with kms
15 |     AWS lamda SNS test is not valid json at 13-03-18
16 |     """
17 |     region = os.environ['AWS_DEFAULT_REGION']
18 |     try:
19 |         kms = boto3.client('kms', region_name=region)
20 |         return kms.decrypt(CiphertextBlob=b64decode(in_message))['Plaintext']
21 |     except:
22 |         logger.error(''.join(traceback.format_exception(sys.exc_info())))
23 | 
24 | 
25 | def send_slack(message):
26 |     """
27 |     Send Slack Message to Deployments Channel
28 |     """
29 |     region = os.environ['AWS_DEFAULT_REGION']
30 |     slack_url = decrypt(os.environ['SLACK_WEBHOOK'])
31 |     slack_channel = os.environ['SLACK_CHANNEL']
32 |     notify_users = os.environ['NOTIFY_USERS']
33 |     
34 |     severity_level = "good"
35 |     icon_emoji = ":codedeploy:"
36 |     title = message['status']
37 |     pretext = ""
38 |     deployment_url = '<https://' + region + '.console.aws.amazon.com/codesuite/codedeploy/deployments/' + message['deploymentId'] + '?region=' + region + '|' + message['deploymentId'] + '>'
39 | 
40 |     text = "The deployment for app *%s* in group %s\n with id %s" % ( message['applicationName'], 
41 |     message['deploymentGroupName'], deployment_url)
42 | 
43 |     matchObj = re.match( r'fail', message['status'], re.I) # Check for FAILED state
44 |     if matchObj :
45 |       severity_level = "danger"
46 |       text = text + ' failed.'
47 |       if notify_users != "" :
48 |         pretext = '*' + notify_users + '*'
49 | 
50 | 
51 |     matchObj = re.match(r'stop', message['status'], re.I) # Check for STOPPED state
52 |     if matchObj :
53 |         severity_level = "warning"
54 |         text = text + ' stopped.'
55 | 
56 |     payload = {
57 |       "channel": slack_channel,
58 |       "username": "codedeploy",
59 |       "icon_emoji": icon_emoji,
60 |       "attachments":  [{
61 |         "pretext": pretext,
62 |         "title": title,
63 |         "markdwn_in" : ["text", "pretext"],
64 |         "color": severity_level,
65 |         "text": text,
66 |       }]
67 |    }
68 | 
69 |     data = urllib.urlencode({"payload":json.dumps(payload)})
70 |     req = urllib2.Request(slack_url, data)
71 |     response = urllib2.urlopen(req)
72 | 
73 | def lambda_handler(event, context):
74 |     message = json.loads(event['Records'][0]['Sns']['Message'])
75 |     
76 |     # Verbose outputs all messages, otherwise only those set for ['status']
77 |     if os.environ['VERBOSE'] :
78 |       send_slack(message)
79 |     elif message['status'] == 'CREATED' or message['status'] == 'STOPPED' or message['status'] == 'FAILED' or message['status'] == 'SUCCEEDED':
80 |       send_slack(message)
81 |     else :
82 |       send_slack(message)
83 | 
84 |     return message
85 | 


--------------------------------------------------------------------------------
/notify-slack/main.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_iam_role" "iam_for_lambda" {
 2 |   name               = "default_lambda"
 3 |   assume_role_policy = data.aws_iam_policy_document.iam_for_lambda.json
 4 | }
 5 | 
 6 | data "aws_iam_policy_document" "iam_for_lambda" {
 7 |   statement {
 8 |     actions = [
 9 |       "sts:AssumeRole",
10 |     ]
11 |     principals {
12 |       type        = "Service"
13 |       identifiers = ["lambda.amazonaws.com"]
14 |     }
15 |   }
16 | }
17 | 
18 | resource "aws_iam_role_policy" "cd_sns_lambda_policy" {
19 |   name = "cd_sns-lambda-policy"
20 |   role = aws_iam_role.iam_for_lambda.id
21 | 
22 |   policy = data.aws_iam_policy_document.cd_sns_lambda_policy.json
23 | }
24 | 
25 | data "aws_iam_policy_document" "cd_sns_lambda_policy" {
26 |   statement {
27 |     actions = [
28 |       "logs:CreateLogGroup",
29 |       "logs:CreateLogStream",
30 |       "logs:PutLogEvents",
31 |       "kms:Decrypt"
32 |     ]
33 |     resources = ["*"]
34 |   }
35 | }
36 | 
37 | resource "aws_sns_topic" "cd-sns-lambda" {
38 |   name = "cd-sns-lambda"
39 | }
40 | 
41 | resource "aws_sns_topic_subscription" "lambda-subscription" {
42 |   topic_arn = aws_sns_topic.cd-sns-lambda.arn
43 |   protocol  = "lambda"
44 |   endpoint  = aws_lambda_function.cd_sns_lambda.arn
45 | }
46 | 
47 | data "archive_file" "slack_notification_zip" {
48 |   type        = "zip"
49 |   output_path = "${path.module}/lambda-slack.zip"
50 | 
51 |   source_dir = "${path.module}/functions/"
52 | }
53 | 
54 | 
55 | resource "aws_lambda_function" "cd_sns_lambda" {
56 |   function_name = "cd_sns_lambda"
57 |   role          = aws_iam_role.iam_for_lambda.arn
58 |   handler       = "lambda-slack.lambda_handler"
59 | 
60 |   filename         = data.archive_file.slack_notification_zip.output_path
61 |   source_code_hash = data.archive_file.slack_notification_zip.output_base64sha256
62 | 
63 |   runtime     = "python2.7"
64 |   timeout     = "120"
65 |   kms_key_arn = var.kms_key_arn
66 | 
67 |   environment {
68 |     variables = {
69 |       SLACK_WEBHOOK = var.slack_webhook_url
70 |       SLACK_CHANNEL = var.slack_channel
71 |       NOTIFY_USERS  = var.notify_users
72 |       VERBOSE       = var.verbose
73 |     }
74 |   }
75 | }
76 | 
77 | resource "aws_lambda_permission" "cd_sns_lambda" {
78 |   statement_id  = "AllowExecutionFromSNS"
79 |   action        = "lambda:InvokeFunction"
80 |   function_name = aws_lambda_function.cd_sns_lambda.function_name
81 |   principal     = "sns.amazonaws.com"
82 |   source_arn    = aws_sns_topic.cd-sns-lambda.arn
83 | }
84 | 


--------------------------------------------------------------------------------
/notify-slack/outputs.tf:
--------------------------------------------------------------------------------
1 | output "sns_topic" {
2 |   value = aws_sns_topic.cd-sns-lambda.arn
3 | }
4 | 
5 | 


--------------------------------------------------------------------------------
/notify-slack/variables.tf:
--------------------------------------------------------------------------------
 1 | variable "slack_webhook_url" {
 2 |   description = "Needs to be encrypted from a file with _no_ encryption context, using: aws kms encrypt --key-id 'arn:' --plaintext 'fileb://webhook' --output text --query CiphertextBlob"
 3 | }
 4 | 
 5 | variable "slack_channel" {
 6 |   description = "E.g. #channel_name"
 7 | }
 8 | 
 9 | variable "kms_key_arn" {
10 |   description = "KMS used for encrypting the webhook"
11 | }
12 | 
13 | variable "notify_users" {
14 |   description = "Slack usernames for mentions as a space separated string as '<@name1> <@name2>' or '<!channel>' or '<!here>'"
15 |   type        = string
16 |   default     = ""
17 | }
18 | 
19 | variable "verbose" {
20 |   description = "All codedeploy messages will be output if true. Only CREATED, FAILED, STOPPED and SUCCEEDED if it is empty or false"
21 |   type        = string
22 |   default     = "true"
23 | }
24 | 
25 | 


--------------------------------------------------------------------------------
/notify-slack/versions.tf:
--------------------------------------------------------------------------------
1 | 
2 | terraform {
3 |   required_version = ">= 0.12"
4 | }
5 | 


--------------------------------------------------------------------------------
/s3bucket/main.tf:
--------------------------------------------------------------------------------
 1 | resource "aws_s3_bucket" "codedeploy_bucket" {
 2 |   bucket = "${var.name_prefix}-codedeploy-releases"
 3 |   acl    = "private"
 4 | 
 5 |   versioning {
 6 |     enabled = true
 7 |   }
 8 | }
 9 | 
10 | resource "aws_iam_policy" "codedeploy_policy" {
11 |   name = "${var.name_prefix}_codedeploy_s3bucket_access"
12 | 
13 |   policy = <<EOF
14 | {
15 |   "Version": "2012-10-17",
16 |   "Statement": [
17 |     {
18 |       "Effect": "Allow",
19 |       "Action": [
20 |         "s3:Get*",
21 |         "s3:List*"
22 |       ],
23 |       "Resource": [
24 |         "${aws_s3_bucket.codedeploy_bucket.arn}",
25 |         "${aws_s3_bucket.codedeploy_bucket.arn}/*",
26 |         "arn:aws:s3:::aws-codedeploy-us-east-1/*",
27 |         "arn:aws:s3:::aws-codedeploy-us-east-2/*",
28 |         "arn:aws:s3:::aws-codedeploy-us-west-1/*",
29 |         "arn:aws:s3:::aws-codedeploy-us-west-2/*",
30 |         "arn:aws:s3:::aws-codedeploy-ap-northeast-1/*",
31 |         "arn:aws:s3:::aws-codedeploy-ap-northeast-2/*",
32 |         "arn:aws:s3:::aws-codedeploy-ap-south-1/*",
33 |         "arn:aws:s3:::aws-codedeploy-ap-southeast-1/*",
34 |         "arn:aws:s3:::aws-codedeploy-ap-southeast-2/*",
35 |         "arn:aws:s3:::aws-codedeploy-eu-central-1/*",
36 |         "arn:aws:s3:::aws-codedeploy-eu-west-1/*",
37 |         "arn:aws:s3:::aws-codedeploy-sa-east-1/*"
38 |       ]
39 |     },
40 |     {
41 |       "Effect": "Allow",
42 |       "Action": [
43 |         "elasticloadbalancing:Describe*",
44 |         "elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
45 |         "elasticloadbalancing:RegisterInstancesWithLoadBalancer",
46 |         "autoscaling:Describe*",
47 |         "autoscaling:EnterStandby",
48 |         "autoscaling:ExitStandby",
49 |         "autoscaling:UpdateAutoScalingGroup",
50 |         "autoscaling:SuspendProcesses",
51 |         "autoscaling:ResumeProcesses"
52 |       ],
53 |       "Resource": "*"
54 |     }
55 |   ]
56 | }
57 | EOF
58 | 
59 | }
60 | 
61 | 


--------------------------------------------------------------------------------
/s3bucket/outputs.tf:
--------------------------------------------------------------------------------
 1 | output "bucket_id" {
 2 |   value = aws_s3_bucket.codedeploy_bucket.id
 3 | }
 4 | 
 5 | output "bucket_arn" {
 6 |   value = aws_s3_bucket.codedeploy_bucket.arn
 7 | }
 8 | 
 9 | output "policy_id" {
10 |   value = aws_iam_policy.codedeploy_policy.id
11 | }
12 | 
13 | output "policy_arn" {
14 |   value = aws_iam_policy.codedeploy_policy.arn
15 | }
16 | 
17 | output "policy_name" {
18 |   value = aws_iam_policy.codedeploy_policy.name
19 | }
20 | 
21 | 


--------------------------------------------------------------------------------
/s3bucket/variables.tf:
--------------------------------------------------------------------------------
1 | variable "name_prefix" {
2 |   description = "Prefix for the bucket name. Note that the same bucket is used for all codedeploy deployment groups"
3 | }
4 | 
5 | 


--------------------------------------------------------------------------------
/s3bucket/versions.tf:
--------------------------------------------------------------------------------
1 | 
2 | terraform {
3 |   required_version = ">= 0.12"
4 | }
5 | 


--------------------------------------------------------------------------------