Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/jameswoolfenden/terraform-aws-codebuild-container

Terraform module to provision a container pipeline.
https://github.com/jameswoolfenden/terraform-aws-codebuild-container

aws codebuild codecommit containers docker ecr module terraform

Last synced: 7 months ago
JSON representation

Terraform module to provision a container pipeline.

Awesome Lists containing this project

README 

          
# terraform-aws-codebuild-container



[![Build Status](https://api.github.com/JamesWoolfenden/terraform-aws-codebuild-container/workflows/Verify%20and%20Bump/badge.svg?branch=master)](https://github.com/JamesWoolfenden/terraform-aws-codebuild-container)

[![Latest Release](https://img.shields.io/github/release/JamesWoolfenden/terraform-aws-codebuild-container.svg)](https://github.com/JamesWoolfenden/terraform-aws-codebuild-container/releases/latest)

[![GitHub tag (latest SemVer)](https://img.shields.io/github/tag/JamesWoolfenden/terraform-aws-codebuild-container.svg?label=latest)](https://github.com/JamesWoolfenden/terraform-aws-codebuild-container/releases/latest)

![Terraform Version](https://img.shields.io/badge/tf-%3E%3D0.14.0-blue.svg)

[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/JamesWoolfenden/terraform-aws-codebuild-container/cis_aws)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=JamesWoolfenden%2Fterraform-aws-codebuild-container&benchmark=CIS+AWS+V1.2)

[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit)

[![checkov](https://img.shields.io/badge/checkov-verified-brightgreen)](https://www.checkov.io/)

[![Infrastructure Tests](https://www.bridgecrew.cloud/badges/github/jameswoolfenden/terraform-aws-codebuild-container/general)](https://www.bridgecrew.cloud/link/badge?vcs=github&fullRepo=JamesWoolfenden%2Fterraform-aws-codebuild-container&benchmark=INFRASTRUCTURE+SECURITY)



Terraform module to provision a container pipeline.



---



It's 100% Open Source and licensed under the [APACHE2](LICENSE).



## Usage



Makes a codecommit repo, a codebuild build and ECR, to builds a container using codebuild and and stores them in ECR.



## to do



Once provisioned, you'll need to add this code to the newly created repo to get it to build the container.



## Requirements



No requirements.



## Providers



| Name | Version |

|------|---------|

|  [aws](#provider\_aws) | n/a |



## Modules



| Name | Source | Version |

|------|--------|---------|

|  [codebuild](#module\_codebuild) | jameswoolfenden/codebuild/aws | v0.3.1 |

|  [codecommit](#module\_codecommit) | jameswoolfenden/codecommit/aws | v0.3.59 |

|  [ecr](#module\_ecr) | jameswoolfenden/ecr/aws | 0.2.60 |



## Resources



| Name | Type |

|------|------|

| [aws_iam_policy.additionalneeds](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |

| [aws_iam_role_policy_attachment.lex](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |

| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |

| [aws_iam_policy_document.allowlocals](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |

| [aws_iam_role.codebuild](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_role) | data source |

| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |



## Inputs



| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [approver\_role](#input\_approver\_role) | Arn of approver role | `string` | n/a | yes |

|  [common\_tags](#input\_common\_tags) | n/a | `map(any)` | n/a | yes |

|  [description](#input\_description) | Description of build project | `string` | n/a | yes |

|  [force\_artifact\_destroy](#input\_force\_artifact\_destroy) | n/a | `string` | n/a | yes |

|  [kms\_key](#input\_kms\_key) | KMS key id | `string` | n/a | yes |

|  [name](#input\_name) | The name of the registry, repository and build | `string` | n/a | yes |

|  [otherawsaccount](#input\_otherawsaccount) | n/a | `string` | n/a | yes |

|  [projectroot](#input\_projectroot) | The root project name | `string` | n/a | yes |

|  [sourcecode](#input\_sourcecode) | n/a | `map(any)` | 
{
  "buildspec": "",
  "location": "",
  "type": "CODECOMMIT"
}
 | no |



## Outputs



| Name | Description |

|------|-------------|

|  [artifact\_bucket](#output\_artifact\_bucket) | n/a |



## Policy Requirement



The Terraform resource required is:



```golang

resource "aws_iam_policy" "terraform_pike" {

  name_prefix = "terraform_pike"

  path        = "/"

  description = "Pike Autogenerated policy from IAC"



  policy = jsonencode({

    "Version": "2012-10-17",

    "Statement": [

        {

            "Sid": "VisualEditor0",

            "Effect": "Allow",

            "Action": [

                "SNS:CreateTopic",

                "SNS:DeleteTopic",

                "SNS:GetTopicAttributes",

                "SNS:ListTagsForResource",

                "SNS:SetTopicAttributes"

            ],

            "Resource": "*"

        },

        {

            "Sid": "VisualEditor1",

            "Effect": "Allow",

            "Action": [

                "codebuild:BatchGetProjects",

                "codebuild:CreateProject",

                "codebuild:DeleteProject",

                "codebuild:UpdateProject"

            ],

            "Resource": "*"

        },

        {

            "Sid": "VisualEditor2",

            "Effect": "Allow",

            "Action": [

                "codecommit:CreateRepository",

                "codecommit:DeleteRepository",

                "codecommit:GetRepository",

                "codecommit:ListBranches",

                "codecommit:ListTagsForResource",

                "codecommit:UpdateRepositoryDescription"

            ],

            "Resource": "*"

        },

        {

            "Sid": "VisualEditor3",

            "Effect": "Allow",

            "Action": [

                "ecr:CreateRepository",

                "ecr:DeleteLifecyclePolicy",

                "ecr:DeleteRepository",

                "ecr:DescribeRepositories",

                "ecr:GetLifecyclePolicy",

                "ecr:ListTagsForResource",

                "ecr:PutImageScanningConfiguration",

                "ecr:PutLifecyclePolicy",

                "ecr:TagResource",

                "ecr:UntagResource"

            ],

            "Resource": "*"

        },

        {

            "Sid": "VisualEditor4",

            "Effect": "Allow",

            "Action": [

                "events:DeleteRule",

                "events:DescribeRule",

                "events:ListTagsForResource",

                "events:ListTargetsByRule",

                "events:PutRule",

                "events:PutTargets",

                "events:RemoveTargets"

            ],

            "Resource": "*"

        },

        {

            "Sid": "VisualEditor5",

            "Effect": "Allow",

            "Action": [

                "iam:AttachGroupPolicy",

                "iam:AttachRolePolicy",

                "iam:CreatePolicy",

                "iam:CreateRole",

                "iam:DeletePolicy",

                "iam:DeleteRole",

                "iam:DeleteRolePolicy",

                "iam:DetachGroupPolicy",

                "iam:DetachRolePolicy",

                "iam:GetPolicy",

                "iam:GetPolicyVersion",

                "iam:GetRole",

                "iam:GetRolePolicy",

                "iam:ListAttachedGroupPolicies",

                "iam:ListAttachedRolePolicies",

                "iam:ListInstanceProfilesForRole",

                "iam:ListPolicyVersions",

                "iam:ListRolePolicies",

                "iam:PassRole",

                "iam:PutRolePolicy",

                "iam:TagRole"

            ],

            "Resource": "*"

        },

        {

            "Sid": "VisualEditor6",

            "Effect": "Allow",

            "Action": [

                "kms:CreateGrant",

                "kms:Decrypt",

                "kms:DescribeKey"

            ],

            "Resource": "*"

        },

        {

            "Sid": "VisualEditor7",

            "Effect": "Allow",

            "Action": [

                "s3:CreateBucket",

                "s3:DeleteBucket",

                "s3:GetAccelerateConfiguration",

                "s3:GetBucketAcl",

                "s3:GetBucketCORS",

                "s3:GetBucketLogging",

                "s3:GetBucketObjectLockConfiguration",

                "s3:GetBucketPolicy",

                "s3:GetBucketPublicAccessBlock",

                "s3:GetBucketRequestPayment",

                "s3:GetBucketTagging",

                "s3:GetBucketVersioning",

                "s3:GetBucketWebsite",

                "s3:GetEncryptionConfiguration",

                "s3:GetLifecycleConfiguration",

                "s3:GetObject",

                "s3:GetObjectAcl",

                "s3:GetReplicationConfiguration",

                "s3:ListAllMyBuckets",

                "s3:ListBucket",

                "s3:PutBucketAcl",

                "s3:PutBucketPublicAccessBlock",

                "s3:PutBucketVersioning",

                "s3:PutEncryptionConfiguration"

            ],

            "Resource": "*"

        },

        {

            "Sid": "VisualEditor8",

            "Effect": "Allow",

            "Action": [

                "ssm:AddTagsToResource",

                "ssm:DeleteParameter",

                "ssm:DescribeParameters",

                "ssm:GetParameter",

                "ssm:GetParameters",

                "ssm:ListTagsForResource",

                "ssm:PutParameter"

            ],

            "Resource": "*"

        }

    ]

})

}



```



## Related Projects



Check out these related projects.



- [terraform-aws-codecommit](https://github.com/jameswoolfenden/terraform-aws-codebuild) - Storing ones code



## Help



**Got a question?**



File a GitHub [issue](https://github.com/jameswoolfenden/terraform-aws-codebuild-container/issues).



## Contributing



### Bug Reports & Feature Requests



Please use the [issue tracker](https://github.com/jameswoolfenden/terraform-aws-codebuild-container/issues) to report any bugs or file feature requests.



## Copyrights



Copyright © 2019-2022 James Woolfenden



## License



[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)



See [LICENSE](LICENSE) for full details.



Licensed to the Apache Software Foundation (ASF) under one

or more contributor license agreements. See the NOTICE file

distributed with this work for additional information

regarding copyright ownership. The ASF licenses this file

to you under the Apache License, Version 2.0 (the

"License"); you may not use this file except in compliance

with the License. You may obtain a copy of the License at



Unless required by applicable law or agreed to in writing,

software distributed under the License is distributed on an

"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

KIND, either express or implied. See the License for the

specific language governing permissions and limitations

under the License.



### Contributors



[![James Woolfenden][jameswoolfenden_avatar]][jameswoolfenden_homepage]
[James Woolfenden][jameswoolfenden_homepage]



[jameswoolfenden_homepage]: https://github.com/jameswoolfenden

[jameswoolfenden_avatar]: https://github.com/jameswoolfenden.png?size=150