{"id":21725479,"url":"https://github.com/jameswoolfenden/terraform-aws-codecommit","last_synced_at":"2025-04-12T22:54:25.045Z","repository":{"id":49845920,"uuid":"159794304","full_name":"JamesWoolfenden/terraform-aws-codecommit","owner":"JamesWoolfenden","description":"Contains the module, permissions and sample code to create a feature branching enabled repo.","archived":false,"fork":false,"pushed_at":"2023-12-04T15:31:04.000Z","size":260,"stargazers_count":8,"open_issues_count":0,"forks_count":7,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-26T16:55:11.848Z","etag":null,"topics":["aws","codebuild","codecommit","feature-branching","module","terraform"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JamesWoolfenden.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null}},"created_at":"2018-11-30T08:44:31.000Z","updated_at":"2024-08-27T23:08:14.000Z","dependencies_parsed_at":"2023-12-03T23:36:08.388Z","dependency_job_id":null,"html_url":"https://github.com/JamesWoolfenden/terraform-aws-codecommit","commit_stats":null,"previous_names":[],"tags_count":98,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JamesWoolfenden%2Fterraform-aws-codecommit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JamesWoolfenden%2Fterraform-aws-codecommit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JamesWoolfenden%2Fterraform-aws-codecommit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JamesWoolfenden%2Fterraform-aws-codecommit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JamesWoolfenden","download_url":"https://codeload.github.com/JamesWoolfenden/terraform-aws-codecommit/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248643045,"owners_count":21138353,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","codebuild","codecommit","feature-branching","module","terraform"],"created_at":"2024-11-26T03:18:09.198Z","updated_at":"2025-04-12T22:54:25.022Z","avatar_url":"https://github.com/JamesWoolfenden.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# terraform-aws-codecommit\n\n[![Build Status](https://github.com/JamesWoolfenden/terraform-aws-codecommit/workflows/Verify%20and%20Bump/badge.svg?branch=master)](https://github.com/JamesWoolfenden/terraform-aws-codecommit)\n[![Latest Release](https://img.shields.io/github/release/JamesWoolfenden/terraform-aws-codecommit.svg)](https://github.com/JamesWoolfenden/terraform-aws-codecommit/releases/latest)\n[![GitHub tag (latest SemVer)](https://img.shields.io/github/tag/JamesWoolfenden/terraform-aws-codecommit.svg?label=latest)](https://github.com/JamesWoolfenden/terraform-aws-codecommit/releases/latest)\n![Terraform Version](https://img.shields.io/badge/tf-%3E%3D0.14.0-blue.svg)\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/JamesWoolfenden/terraform-aws-codecommit/cis_aws)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=JamesWoolfenden%2Fterraform-aws-codecommit\u0026benchmark=CIS+AWS+V1.2)\n[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit\u0026logoColor=white)](https://github.com/pre-commit/pre-commit)\n[![checkov](https://img.shields.io/badge/checkov-verified-brightgreen)](https://www.checkov.io/)\n[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/jameswoolfenden/terraform-aws-codecommit/general)](https://www.bridgecrew.cloud/link/badge?vcs=github\u0026fullRepo=JamesWoolfenden%2Fterraform-aws-codecommit\u0026benchmark=INFRASTRUCTURE+SECURITY)\n\nTerraform module to provision an AWS [`Codecommit`](https://aws.amazon.com/codecommit/) as part of a CI/CD system, includes SNS and triggers. It also includes a policy and group to restrict/branch protect the master branch.\n\n---\n\nIt's 100% Open Source and licensed under the [APACHE2](LICENSE).\n\n## Usage\n\n![alt text](./diagram/aws_codecommit.png)\n\nInclude this repository as a module in your existing Terraform code:\n\n```hcl\nmodule \"codecommit\" {\n source = \"JamesWoolfenden/codecommit/aws\"\n version = \"v0.3.0\"\n default_branch = var.default_branch\n repository_name = var.repository_name\n developer_group = var.developer_group\n}\n```\n\n## Costs\n\n```md\n✔ Calculating monthly cost estimate\n\nProject: .\n\nName Monthly Qty Unit Monthly Cost\n\nmodule.codecommit.aws_sns_topic.notification\n└─ Requests Cost depends on usage: $0.50 per 1M requests\n\nPROJECT TOTAL $0.00\n```\n\n\u003c!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n## Requirements\n\nNo requirements.\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | n/a |\n\n## Modules\n\nNo modules.\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [aws_cloudwatch_event_rule.eventrule](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_rule) | resource |\n| [aws_cloudwatch_event_target.target](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource |\n| [aws_codecommit_approval_rule_template.example](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codecommit_approval_rule_template) | resource |\n| [aws_codecommit_approval_rule_template_association.link](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codecommit_approval_rule_template_association) | resource |\n| [aws_codecommit_repository.repo](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codecommit_repository) | resource |\n| [aws_iam_group_policy_attachment.restrict-attach](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group_policy_attachment) | resource |\n| [aws_iam_policy.restrictmaster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |\n| [aws_sns_topic.notification](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |\n| [aws_sns_topic_policy.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_policy) | resource |\n| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |\n| [aws_iam_policy_document.restrictmaster](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.sns_topic_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_approver_role\"\u003e\u003c/a\u003e [approver\\_role](#input\\_approver\\_role) | ARN of approver role | `string` | n/a | yes |\n| \u003ca name=\"input_default_branch\"\u003e\u003c/a\u003e [default\\_branch](#input\\_default\\_branch) | The name of the default repository branch | `string` | `\"main\"` | no |\n| \u003ca name=\"input_developer_group\"\u003e\u003c/a\u003e [developer\\_group](#input\\_developer\\_group) | An existing Iam Group to attach the policy permissions to | `string` | `\"\"` | no |\n| \u003ca name=\"input_kms_master_key_id\"\u003e\u003c/a\u003e [kms\\_master\\_key\\_id](#input\\_kms\\_master\\_key\\_id) | The kms key to use | `string` | n/a | yes |\n| \u003ca name=\"input_repository_name\"\u003e\u003c/a\u003e [repository\\_name](#input\\_repository\\_name) | The name of your GIT repository | `string` | n/a | yes |\n| \u003ca name=\"input_template\"\u003e\u003c/a\u003e [template](#input\\_template) | n/a | `map` | \u003cpre\u003e{\u003cbr\u003e \"approvers\": 2,\u003cbr\u003e \"description\": \"This is an example approval rule template\",\u003cbr\u003e \"name\": \"MyExampleApprovalRuleTemplate\"\u003cbr\u003e}\u003c/pre\u003e | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_clone_url_https\"\u003e\u003c/a\u003e [clone\\_url\\_https](#output\\_clone\\_url\\_https) | n/a |\n| \u003ca name=\"output_clone_url_ssh\"\u003e\u003c/a\u003e [clone\\_url\\_ssh](#output\\_clone\\_url\\_ssh) | n/a |\n\u003c!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n\n## Policy Requirement\n\n\u003c!-- BEGINNING OF PRE-COMMIT-PIKE DOCS HOOK --\u003e\nThe Terraform resource required is:\n\n```golang\nresource \"aws_iam_policy\" \"terraform_pike\" {\n name_prefix = \"terraform_pike\"\n path = \"/\"\n description = \"Pike Autogenerated policy from IAC\"\n\n policy = jsonencode({\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"VisualEditor0\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"codecommit:CreateRepository\",\n \"codecommit:DeleteRepository\",\n \"codecommit:GetRepository\",\n \"codecommit:ListBranches\",\n \"codecommit:ListTagsForResource\",\n \"codecommit:UpdateRepositoryDescription\"\n ],\n \"Resource\": [\n \"*\"\n ]\n },\n {\n \"Sid\": \"VisualEditor1\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"events:DeleteRule\",\n \"events:DescribeRule\",\n \"events:ListTagsForResource\",\n \"events:ListTargetsByRule\",\n \"events:PutRule\",\n \"events:PutTargets\",\n \"events:RemoveTargets\"\n ],\n \"Resource\": [\n \"*\"\n ]\n },\n {\n \"Sid\": \"VisualEditor2\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"iam:AttachGroupPolicy\",\n \"iam:CreatePolicy\",\n \"iam:DeletePolicy\",\n \"iam:DetachGroupPolicy\",\n \"iam:GetPolicy\",\n \"iam:GetPolicyVersion\",\n \"iam:ListAttachedGroupPolicies\",\n \"iam:ListPolicyVersions\"\n ],\n \"Resource\": [\n \"*\"\n ]\n },\n {\n \"Sid\": \"VisualEditor3\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"sns:CreateTopic\",\n \"sns:DeleteTopic\",\n \"sns:GetTopicAttributes\",\n \"sns:ListTagsForResource\",\n \"sns:SetTopicAttributes\"\n ],\n \"Resource\": [\n \"*\"\n ]\n }\n ]\n})\n}\n\n\n```\n\u003c!-- END OF PRE-COMMIT-PIKE DOCS HOOK --\u003e\n\n\n## Instructions\n\nThis modules creates a repo with direct updates to the master denied. Its has been a common DevOps process pattern to use the mainline model or trunk-based development \u003chttps://paulhammant.com/2013/04/05/what-is-trunk-based-development/,\u003e however it is with experience that the optimal pattern is of short lived single activity feature branches, YMMV.\n\nTo use this repository the expected behaviour is to branch when starting a new piece of work, for example.\n\n`git pull`\n\n`git branch -b feature/JGW-121-Remove-Project-Managers`\n\nDo your work, check-in.\nPush to your feature branch.\n\n`git push -u origin feature/JGW-121-Remove-Project-Managers`\n\nThen when your done create a PR and request the merge.\n\n## Details\n\nCreates a group called developer, to which the policy is attached.\nTo use the repo you need to add the your users to that group.\n\n## Using Codecommit\n\nTo use codecommit you need to set some git config properties for the credential helper:\n\n`git config --global credential.helper '!aws codecommit credential-helper $@'`\n\n`git config --global credential.UseHttpPath true`\n\nAnd for SSH look at: \u003chttps://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-ssh-unixes.html\u003e\n\nUse ssh-keygen and create a key in your home folder called codecommit\n\n`publickey=$(\u003c~/.ssh/codecommit.pub)`\n\n`user=$(aws iam get-user --query 'User.UserName' --output text)`\n\n### On Windows\n\n`$publickey=get-content ~/.ssh/codecommit.pub`\n\n`$user=aws iam get-user --query 'User.UserName'`\n\nOn both:\n`aws iam upload-ssh-public-key --user-name $user --ssh-public-key-body $publickey`\n\nGet your ssh key id from the previous commands output\n\n`SSHPublicKeyId=$(aws iam list-ssh-public-keys --user-name $user --query 'SSHPublicKeys[*].SSHPublicKeyId' --output text)`\n\nOR\n\n`$SSHPublicKeyId=(aws iam list-ssh-public-keys --user-name $user --query 'SSHPublicKeys[*].SSHPublicKeyId')|convertfrom-json`\n\nUpdate your config file with:\n\n$gitconfigupdate=@\"\nHost git-codecommit.\\*.amazonaws.com\nUser $SSHPublicKeyId\nIdentityFile ~/.ssh/codecommit\n\"@\nAdd-content ~/.ssh/config \\$gitconfigupdate\n\n### linux\n\ncat \u003c\u003c EOF \u003e ~/.ssh/config\nHost git-codecommit.\\*.amazonaws.com\nUser \\$SSHPublicKeyId\nIdentityFile ~/.ssh/codecommit\nEOF\n\neval \\$(ssh-agent -s)\nssh-add codecommit\n\nTest with:\n`ssh git-codecommit.us-east-2.amazonaws.com`\n\n## Related Projects\n\nCheck out these related projects.\n\n- [terraform-aws-codebuild](https://github.com/jameswoolfenden/terraform-aws-codebuild) - Making a Build pipeline\n\n## Help\n\n**Got a question?**\n\nFile a GitHub [issue](https://github.com/jameswoolfenden/terraform-aws-codecommit/issues).\n\n## Contributing\n\n### Bug Reports \u0026 Feature Requests\n\nPlease use the [issue tracker](https://github.com/jameswoolfenden/terraform-aws-codecommit/issues) to report any bugs or file feature requests.\n\n## Copyrights\n\nCopyright © 2019-2023 James Woolfenden\n\n## License\n\n[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)\n\nSee [LICENSE](LICENSE) for full details.\n\nLicensed to the Apache Software Foundation (ASF) under one\nor more contributor license agreements. See the NOTICE file\ndistributed with this work for additional information\nregarding copyright ownership. The ASF licenses this file\nto you under the Apache License, Version 2.0 (the\n\"License\"); you may not use this file except in compliance\nwith the License. You may obtain a copy of the License at\n\n\u003chttps://www.apache.org/licenses/LICENSE-2.0\u003e\n\nUnless required by applicable law or agreed to in writing,\nsoftware distributed under the License is distributed on an\n\"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\nKIND, either express or implied. See the License for the\nspecific language governing permissions and limitations\nunder the License.\n\n### Contributors\n\n[![James Woolfenden][jameswoolfenden_avatar]][jameswoolfenden_homepage]\u003cbr/\u003e[James Woolfenden][jameswoolfenden_homepage]\n\n[jameswoolfenden_homepage]: https://github.com/jameswoolfenden\n[jameswoolfenden_avatar]: https://github.com/jameswoolfenden.png?size=150\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjameswoolfenden%2Fterraform-aws-codecommit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjameswoolfenden%2Fterraform-aws-codecommit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjameswoolfenden%2Fterraform-aws-codecommit/lists"}