{"id":21725466,"url":"https://github.com/jameswoolfenden/terraform-aws-codebuild","last_synced_at":"2025-04-12T22:54:45.584Z","repository":{"id":49846096,"uuid":"161480311","full_name":"JamesWoolfenden/terraform-aws-codebuild","owner":"JamesWoolfenden","description":"A Terraform module for making AWS codebuilds","archived":false,"fork":false,"pushed_at":"2023-04-25T10:46:45.000Z","size":344,"stargazers_count":13,"open_issues_count":0,"forks_count":8,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-12T22:54:41.255Z","etag":null,"topics":["aws","codebuild","module","terraform"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JamesWoolfenden.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null}},"created_at":"2018-12-12T11:45:17.000Z","updated_at":"2023-11-28T04:54:46.000Z","dependencies_parsed_at":"2023-01-18T15:01:39.611Z","dependency_job_id":null,"html_url":"https://github.com/JamesWoolfenden/terraform-aws-codebuild","commit_stats":null,"previous_names":[],"tags_count":100,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JamesWoolfenden%2Fterraform-aws-codebuild","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JamesWoolfenden%2Fterraform-aws-codebuild/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JamesWoolfenden%2Fterraform-aws-codebuild/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JamesWoolfenden%2Fterraform-aws-codebuild/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JamesWoolfenden","download_url":"https://codeload.github.com/JamesWoolfenden/terraform-aws-codebuild/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248643048,"owners_count":21138353,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","codebuild","module","terraform"],"created_at":"2024-11-26T03:17:49.629Z","updated_at":"2025-04-12T22:54:45.553Z","avatar_url":"https://github.com/JamesWoolfenden.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# terraform-aws-codebuild\n\n[![Build Status](https://github.com/JamesWoolfenden/terraform-aws-codebuild/workflows/Verify/badge.svg?branch=master)](https://github.com/JamesWoolfenden/terraform-aws-codebuild)\n[![Latest Release](https://img.shields.io/github/release/JamesWoolfenden/terraform-aws-codebuild.svg)](https://github.com/JamesWoolfenden/terraform-aws-codebuild/releases/latest)\n[![GitHub tag (latest SemVer)](https://img.shields.io/github/tag/JamesWoolfenden/terraform-aws-codebuild.svg?label=latest)](https://github.com/JamesWoolfenden/terraform-aws-codebuild/releases/latest)\n![Terraform Version](https://img.shields.io/badge/tf-%3E%3D0.14.0-blue.svg)\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/JamesWoolfenden/terraform-aws-codebuild/cis_aws)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=JamesWoolfenden%2Fterraform-aws-codebuild\u0026benchmark=CIS+AWS+V1.2)\n[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit\u0026logoColor=white)](https://github.com/pre-commit/pre-commit)\n[![checkov](https://img.shields.io/badge/checkov-verified-brightgreen)](https://www.checkov.io/)\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/jameswoolfenden/terraform-aws-codebuild/general)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=JamesWoolfenden%2Fterraform-aws-codebuild\u0026benchmark=INFRASTRUCTURE+SECURITY)\n\nTerraform module to provision an AWS [`codebuild`](https://aws.amazon.com/codebuild/) CI/CD system.\n\nWhen to use Codebuild:\nIf you want to stay with AWS, or when you are using ECR, Codepipeline or CodeCommit.\n\n---\n\n![alt text](./diagram/codebuild.png)\n\nIt's 100% Open Source and licensed under the [APACHE2](LICENSE).\n\n## Usage\n\nInclude this repository as a module in your existing Terraform code:\n\n```hcl\nmodule \"codebuild\" {\n source = \"jameswoolfenden/codebuild/aws\"\n version = \"0.2.70\"\n common_tags = var.common_tags\n description = var.description\n force_artifact_destroy = var.force_artifact_destroy\n name = var.name\n projectroot = var.projectroot\n sourcecode = var.sourcecode\n}\n```\n\nAs always a full example is included for reference.\n\n## Testing\n\nEvery version of this module is built in Terraform using the the example **examplea** using Github Actions. It 100% has worked.\nSee the successes and failures here: \u003chttps://github.com/JamesWoolfenden/terraform-aws-codebuild/actions\u003e\n\n## Detailed Notes\n\nThese templates implement the module terraform-aws-codebuild. It includes a number of defaulted behaviours.\n\n### Sample buildspec files\n\nIn the root directory there is an example `buildspec.yml`. This is a build specification you can supply to CodeCommit. It includes some basic codebuild functionality to drive semantic versioning using SSM parameters.\n\n\u003c!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n## Requirements\n\nNo requirements.\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | n/a |\n\n## Modules\n\nNo modules.\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [aws_cloudwatch_event_rule.codechange](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource |\n| [aws_cloudwatch_event_target.triggerbuild](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource |\n| [aws_codebuild_project.project](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codebuild_project) | resource |\n| [aws_iam_policy.trigger](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |\n| [aws_iam_role.codebuild](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |\n| [aws_iam_role.trigger](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |\n| [aws_iam_role_policy.codebuild](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |\n| [aws_iam_role_policy.codecommit](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |\n| [aws_iam_role_policy_attachment.attachtotriggerrole](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_s3_bucket.artifacts](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |\n| [aws_s3_bucket_acl.example](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl) | resource |\n| [aws_s3_bucket_lifecycle_configuration.pike](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_lifecycle_configuration) | resource |\n| [aws_s3_bucket_public_access_block.artifacts](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource |\n| [aws_s3_bucket_server_side_encryption_configuration.example](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource |\n| [aws_s3_bucket_versioning.example](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning) | resource |\n| [aws_ssm_parameter.buildnumber](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_parameter) | resource |\n| [aws_ssm_parameter.latest](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_parameter) | resource |\n| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |\n| [aws_iam_policy_document.codebuild](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_role.existing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | data source |\n| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_artifact\"\u003e\u003c/a\u003e [artifact](#input\\_artifact) | Populates the Artifact block | `map` | \u003cpre\u003e{\u003cbr\u003e \"namespace_type\": \"NONE\",\u003cbr\u003e \"packaging\": \"NONE\"\u003cbr\u003e}\u003c/pre\u003e | no |\n| \u003ca name=\"input_artifact_expiry\"\u003e\u003c/a\u003e [artifact\\_expiry](#input\\_artifact\\_expiry) | number of days | `number` | `365` | no |\n| \u003ca name=\"input_artifact_type\"\u003e\u003c/a\u003e [artifact\\_type](#input\\_artifact\\_type) | The Artifact type, S3, CODEPIPELINE or NO\\_ARTIFACT | `string` | `\"S3\"` | no |\n| \u003ca name=\"input_bucketname\"\u003e\u003c/a\u003e [bucketname](#input\\_bucketname) | n/a | `string` | `\"\"` | no |\n| \u003ca name=\"input_build_timeout\"\u003e\u003c/a\u003e [build\\_timeout](#input\\_build\\_timeout) | The time to wait for a CodeBuild to complete before timing out in minutes (default: 5) | `string` | `\"60\"` | no |\n| \u003ca name=\"input_common_tags\"\u003e\u003c/a\u003e [common\\_tags](#input\\_common\\_tags) | An AWS tagging scheme | `map(any)` | n/a | yes |\n| \u003ca name=\"input_defaultbranch\"\u003e\u003c/a\u003e [defaultbranch](#input\\_defaultbranch) | The default git branch | `string` | `\"master\"` | no |\n| \u003ca name=\"input_description\"\u003e\u003c/a\u003e [description](#input\\_description) | Yeah it's the description | `string` | `\"\"` | no |\n| \u003ca name=\"input_encryption_disabled\"\u003e\u003c/a\u003e [encryption\\_disabled](#input\\_encryption\\_disabled) | Disable the encryption of artifacts | `bool` | `false` | no |\n| \u003ca name=\"input_environment\"\u003e\u003c/a\u003e [environment](#input\\_environment) | A map to describe the build environment and populate the environment block | `map(any)` | \u003cpre\u003e{\u003cbr\u003e \"compute_type\": \"BUILD_GENERAL1_SMALL\",\u003cbr\u003e \"image\": \"aws/codebuild/nodejs:6.3.1\",\u003cbr\u003e \"privileged_mode\": \"false\",\u003cbr\u003e \"type\": \"LINUX_CONTAINER\"\u003cbr\u003e}\u003c/pre\u003e | no |\n| \u003ca name=\"input_force_artifact_destroy\"\u003e\u003c/a\u003e [force\\_artifact\\_destroy](#input\\_force\\_artifact\\_destroy) | Force the removal of the artifact S3 bucket on destroy (default: false). | `string` | `false` | no |\n| \u003ca name=\"input_kms_key_id\"\u003e\u003c/a\u003e [kms\\_key\\_id](#input\\_kms\\_key\\_id) | Your Custom KMS key | `string` | `\"\"` | no |\n| \u003ca name=\"input_logs_bucket\"\u003e\u003c/a\u003e [logs\\_bucket](#input\\_logs\\_bucket) | The bucket id and path for storing the logs | `string` | n/a | yes |\n| \u003ca name=\"input_mfa_delete\"\u003e\u003c/a\u003e [mfa\\_delete](#input\\_mfa\\_delete) | Require MFA to delete | `string` | `\"Disabled\"` | no |\n| \u003ca name=\"input_name\"\u003e\u003c/a\u003e [name](#input\\_name) | The name of the Build | `string` | n/a | yes |\n| \u003ca name=\"input_projectroot\"\u003e\u003c/a\u003e [projectroot](#input\\_projectroot) | The name of the parent project for SSM | `string` | `\"core\"` | no |\n| \u003ca name=\"input_reponame\"\u003e\u003c/a\u003e [reponame](#input\\_reponame) | The name of the repository | `string` | `\"\"` | no |\n| \u003ca name=\"input_role\"\u003e\u003c/a\u003e [role](#input\\_role) | Override for providing a role | `string` | `\"\"` | no |\n| \u003ca name=\"input_sourcecode\"\u003e\u003c/a\u003e [sourcecode](#input\\_sourcecode) | A map to describe where your sourcecode comes from, to fill the sourcecode block in a Codebuild project | `map(any)` | \u003cpre\u003e{\u003cbr\u003e \"buildspec\": \"\",\u003cbr\u003e \"location\": \"\",\u003cbr\u003e \"type\": \"CODECOMMIT\"\u003cbr\u003e}\u003c/pre\u003e | no |\n| \u003ca name=\"input_sse_algorithm\"\u003e\u003c/a\u003e [sse\\_algorithm](#input\\_sse\\_algorithm) | The type of encryption algorithm to use | `string` | `\"aws:kms\"` | no |\n| \u003ca name=\"input_versioning\"\u003e\u003c/a\u003e [versioning](#input\\_versioning) | Set bucket to version | `string` | `\"Enabled\"` | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_artifact_bucket\"\u003e\u003c/a\u003e [artifact\\_bucket](#output\\_artifact\\_bucket) | n/a |\n| \u003ca name=\"output_codebuild_role_name\"\u003e\u003c/a\u003e [codebuild\\_role\\_name](#output\\_codebuild\\_role\\_name) | n/a |\n| \u003ca name=\"output_project\"\u003e\u003c/a\u003e [project](#output\\_project) | n/a |\n\u003c!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n\n## Policy Requirement\n\n\u003c!-- BEGINNING OF PRE-COMMIT-PIKE DOCS HOOK --\u003e\nThe Terraform resource required is:\n\n```golang\nresource \"aws_iam_policy\" \"terraform_pike\" {\n name_prefix = \"terraform_pike\"\n path = \"/\"\n description = \"Pike Autogenerated policy from IAC\"\n\n policy = jsonencode({\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"VisualEditor0\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"codebuild:BatchGetProjects\",\n \"codebuild:CreateProject\",\n \"codebuild:DeleteProject\",\n \"codebuild:UpdateProject\"\n ],\n \"Resource\": [\n \"*\"\n ]\n },\n {\n \"Sid\": \"VisualEditor1\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"events:DeleteRule\",\n \"events:DescribeRule\",\n \"events:ListTagsForResource\",\n \"events:ListTargetsByRule\",\n \"events:PutRule\",\n \"events:PutTargets\",\n \"events:RemoveTargets\"\n ],\n \"Resource\": [\n \"*\"\n ]\n },\n {\n \"Sid\": \"VisualEditor2\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"iam:AttachRolePolicy\",\n \"iam:CreatePolicy\",\n \"iam:CreateRole\",\n \"iam:DeletePolicy\",\n \"iam:DeleteRole\",\n \"iam:DeleteRolePolicy\",\n \"iam:DetachRolePolicy\",\n \"iam:GetPolicy\",\n \"iam:GetPolicyVersion\",\n \"iam:GetRole\",\n \"iam:GetRolePolicy\",\n \"iam:ListAttachedRolePolicies\",\n \"iam:ListInstanceProfilesForRole\",\n \"iam:ListPolicyVersions\",\n \"iam:ListRolePolicies\",\n \"iam:PassRole\",\n \"iam:PutRolePolicy\",\n \"iam:TagRole\"\n ],\n \"Resource\": [\n \"*\"\n ]\n },\n {\n \"Sid\": \"VisualEditor3\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kms:Decrypt\"\n ],\n \"Resource\": [\n \"*\"\n ]\n },\n {\n \"Sid\": \"VisualEditor4\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:CreateBucket\",\n \"s3:DeleteBucket\",\n \"s3:GetAccelerateConfiguration\",\n \"s3:GetBucketAcl\",\n \"s3:GetBucketCORS\",\n \"s3:GetBucketLogging\",\n \"s3:GetBucketObjectLockConfiguration\",\n \"s3:GetBucketPolicy\",\n \"s3:GetBucketPublicAccessBlock\",\n \"s3:GetBucketRequestPayment\",\n \"s3:GetBucketTagging\",\n \"s3:GetBucketVersioning\",\n \"s3:GetBucketWebsite\",\n \"s3:GetEncryptionConfiguration\",\n \"s3:GetLifecycleConfiguration\",\n \"s3:GetObject\",\n \"s3:GetObjectAcl\",\n \"s3:GetReplicationConfiguration\",\n \"s3:ListAllMyBuckets\",\n \"s3:ListBucket\",\n \"s3:PutBucketAcl\",\n \"s3:PutBucketLogging\",\n \"s3:PutBucketPublicAccessBlock\",\n \"s3:PutBucketVersioning\",\n \"s3:PutEncryptionConfiguration\",\n \"s3:PutLifecycleConfiguration\"\n ],\n \"Resource\": [\n \"*\"\n ]\n },\n {\n \"Sid\": \"VisualEditor5\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ssm:AddTagsToResource\",\n \"ssm:DeleteParameter\",\n \"ssm:DescribeParameters\",\n \"ssm:GetParameter\",\n \"ssm:GetParameters\",\n \"ssm:ListTagsForResource\",\n \"ssm:PutParameter\"\n ],\n \"Resource\": [\n \"*\"\n ]\n }\n ]\n})\n}\n\n\n```\n\u003c!-- END OF PRE-COMMIT-PIKE DOCS HOOK --\u003e\n\n## Related Projects\n\nCheck out these related projects.\n\n- [terraform-aws-codecommit](https://github.com/jameswoolfenden/terraform-aws-codebuild) - Storing ones code\n\n## Help\n\n**Got a question?**\n\nFile a GitHub [issue](https://github.com/jameswoolfenden/terraform-aws-codebuild/issues).\n\n## Contributing\n\n### Bug Reports \u0026 Feature Requests\n\nPlease use the [issue tracker](https://github.com/jameswoolfenden/terraform-aws-codebuild/issues) to report any bugs or file feature requests.\n\n## Copyrights\n\nCopyright © 2019-2023 James Woolfenden\n\n## License\n\n[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)\n\nSee [LICENSE](LICENSE) for full details.\n\nLicensed to the Apache Software Foundation (ASF) under one\nor more contributor license agreements. See the NOTICE file\ndistributed with this work for additional information\nregarding copyright ownership. The ASF licenses this file\nto you under the Apache License, Version 2.0 (the\n\"License\"); you may not use this file except in compliance\nwith the License. You may obtain a copy of the License at\n\n\u003chttps://www.apache.org/licenses/LICENSE-2.0\u003e\n\nUnless required by applicable law or agreed to in writing,\nsoftware distributed under the License is distributed on an\n\"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\nKIND, either express or implied. See the License for the\nspecific language governing permissions and limitations\nunder the License.\n\n### Contributors\n\n[![James Woolfenden][jameswoolfenden_avatar]][jameswoolfenden_homepage]\u003cbr/\u003e[James Woolfenden][jameswoolfenden_homepage]\n\n[jameswoolfenden_homepage]: https://github.com/jameswoolfenden\n[jameswoolfenden_avatar]: https://github.com/jameswoolfenden.png?size=150\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjameswoolfenden%2Fterraform-aws-codebuild","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjameswoolfenden%2Fterraform-aws-codebuild","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjameswoolfenden%2Fterraform-aws-codebuild/lists"}