diff --git a/examples/terraform.tfvars b/examples/terraform.tfvars index 517eebe..a371b52 100644 --- a/examples/terraform.tfvars +++ b/examples/terraform.tfvars @@ -1,15 +1,21 @@ -project_name = "tf-validate-project" -environment = "dev" +## CodeCommit repository variables +create_new_repo = true source_repo_name = "terraform-sample-repo" source_repo_branch = "main" -create_new_repo = false -repo_approvers_arn = "arn:aws:sts::123456789012:assumed-role/CodeCommitReview/*" #Update ARN (IAM Role/User/Group) of Approval Members +source_repo_description = "Terraform deployments repository" + +project_name = "tf-validate-project" +environment = "dev" +# repo_approvers_arn = "arn:aws:sts::123456789012:assumed-role/CodeCommitReview/*" #Update ARN (IAM Role/User/Group) of Approval Members +# repo_approvers_arn = "arn:aws:iam::641026500518:user/laura.pena" create_new_role = true #codepipeline_iam_role_name = - Use this to specify the role name to be used by codepipeline if the create_new_role flag is set to false. stage_input = [ { name = "validate", category = "Test", owner = "AWS", provider = "CodeBuild", input_artifacts = "SourceOutput", output_artifacts = "ValidateOutput" }, { name = "plan", category = "Test", owner = "AWS", provider = "CodeBuild", input_artifacts = "ValidateOutput", output_artifacts = "PlanOutput" }, { name = "apply", category = "Build", owner = "AWS", provider = "CodeBuild", input_artifacts = "PlanOutput", output_artifacts = "ApplyOutput" }, - { name = "destroy", category = "Build", owner = "AWS", provider = "CodeBuild", input_artifacts = "ApplyOutput", output_artifacts = "DestroyOutput" } +] +stage_destroy_input = [ + { name = "destroy", category = "Build", owner = "AWS", provider = "CodeBuild", input_artifacts = "SourceOutput", output_artifacts = "DestroyOutput" } ] build_projects = ["validate", "plan", "apply", "destroy"] diff --git a/main.tf b/main.tf index f2398c5..7d01443 100644 --- a/main.tf +++ b/main.tf @@ -39,8 +39,9 @@ module "codecommit_infrastructure_source_repo" { create_new_repo = var.create_new_repo source_repository_name = var.source_repo_name source_repository_branch = var.source_repo_branch - repo_approvers_arn = var.repo_approvers_arn - kms_key_arn = module.codepipeline_kms.arn + source_repository_description = var.source_repo_description + ## repo_approvers_arn = var.repo_approvers_arn + ## kms_key_arn = module.codepipeline_kms.arn tags = { Project_Name = var.project_name Environment = var.environment @@ -102,6 +103,7 @@ module "codepipeline_iam_role" { Region = local.region } } + # Module for Infrastructure Validate, Plan, Apply and Destroy - CodePipeline module "codepipeline_terraform" { depends_on = [ @@ -124,3 +126,26 @@ module "codepipeline_terraform" { Region = local.region } } + +# Module for Infrastructure Validate, Plan, Apply and Destroy - CodePipeline +module "codepipeline_terraform_destroy" { + depends_on = [ + module.codebuild_terraform, + module.s3_artifacts_bucket + ] + source = "./modules/codepipeline" + + project_name = "${var.project_name}-destroy" + source_repo_name = var.source_repo_name + source_repo_branch = var.source_repo_branch + s3_bucket_name = module.s3_artifacts_bucket.bucket + codepipeline_role_arn = module.codepipeline_iam_role.role_arn + stages = var.stage_destroy_input + kms_key_arn = module.codepipeline_kms.arn + tags = { + Project_Name = var.project_name + Environment = var.environment + Account_ID = local.account_id + Region = local.region + } +} diff --git a/modules/codecommit/main.tf b/modules/codecommit/main.tf index 1150c97..7b43b62 100644 --- a/modules/codecommit/main.tf +++ b/modules/codecommit/main.tf @@ -1,16 +1,12 @@ -#This solution, non-production-ready template describes AWS Codepipeline based CICD Pipeline for terraform code deployment. -#© 2023 Amazon Web Services, Inc. or its affiliates. All Rights Reserved. -#This AWS Content is provided subject to the terms of the AWS Customer Agreement available at -#http://aws.amazon.com/agreement or other written agreement between Customer and either -#Amazon Web Services, Inc. or Amazon Web Services EMEA SARL or both. - resource "aws_codecommit_repository" "source_repository" { count = var.create_new_repo ? 1 : 0 repository_name = var.source_repository_name default_branch = var.source_repository_branch - description = "Code Repository for hosting the terraform code and pipeline configuration files" + description = var.source_repository_description tags = var.tags } + +/* resource "aws_codecommit_approval_rule_template" "source_repository_approval" { count = var.create_new_repo ? 1 : 0 name = "${var.source_repository_name}-${var.source_repository_branch}-Rule" @@ -34,3 +30,5 @@ resource "aws_codecommit_approval_rule_template_association" "source_repository_ approval_rule_template_name = aws_codecommit_approval_rule_template.source_repository_approval[0].name repository_name = aws_codecommit_repository.source_repository[0].repository_name } + +*/ diff --git a/modules/codecommit/variables.tf b/modules/codecommit/variables.tf index c082594..f324bd0 100644 --- a/modules/codecommit/variables.tf +++ b/modules/codecommit/variables.tf @@ -1,9 +1,3 @@ -#This solution, non-production-ready template describes AWS Codepipeline based CICD Pipeline for terraform code deployment. -#© 2023 Amazon Web Services, Inc. or its affiliates. All Rights Reserved. -#This AWS Content is provided subject to the terms of the AWS Customer Agreement available at -#http://aws.amazon.com/agreement or other written agreement between Customer and either -#Amazon Web Services, Inc. or Amazon Web Services EMEA SARL or both. - variable "create_new_repo" { type = bool description = "Flag for deciding if a new repository needs to be created" @@ -20,17 +14,24 @@ variable "source_repository_branch" { description = "Branch of the Source CodeCommit repository used in pipeline" } +variable "source_repository_description" { + type = string + description = "Description of the Source CodeCommit repository used in pipeline" +} + +/* variable "repo_approvers_arn" { description = "ARN or ARN pattern for the IAM User/Role/Group etc that can be used for approving Pull Requests" type = string } +*/ variable "tags" { type = map(any) description = "Tags to be attached to the source CodeCommit repository" } -variable "kms_key_arn" { +/* variable "kms_key_arn" { description = "Name of the project to be prefixed to create the s3 bucket" type = string -} \ No newline at end of file +} */ diff --git a/modules/codepipeline/main.tf b/modules/codepipeline/main.tf index 6c882ec..ce52926 100644 --- a/modules/codepipeline/main.tf +++ b/modules/codepipeline/main.tf @@ -62,4 +62,4 @@ resource "aws_codepipeline" "terraform_pipeline" { } } -} \ No newline at end of file +} diff --git a/modules/iam-role/main.tf b/modules/iam-role/main.tf index dae33fd..7518b12 100644 --- a/modules/iam-role/main.tf +++ b/modules/iam-role/main.tf @@ -115,6 +115,13 @@ resource "aws_iam_policy" "codepipeline_policy" { "logs:PutLogEvents" ], "Resource": "arn:${data.aws_partition.current.partition}:logs:${data.aws_region.current.id}:${data.aws_caller_identity.current.account_id}:log-group:*" + }, + { + "Effect": "Allow", + "Action": [ + "codepipeline:ListPipelineExecutions" + ], + "Resource": "*" } ] } diff --git a/modules/s3/provider.tf b/modules/s3/provider.tf index 146f8ad..7e5c494 100644 --- a/modules/s3/provider.tf +++ b/modules/s3/provider.tf @@ -6,5 +6,5 @@ provider "aws" { alias = "replication" - region = "us-east-2" -} \ No newline at end of file + region = "eu-west-2" +} diff --git a/templates/buildspec_destroy.yml b/templates/buildspec_destroy_destroy.yml similarity index 100% rename from templates/buildspec_destroy.yml rename to templates/buildspec_destroy_destroy.yml diff --git a/tfplan b/tfplan new file mode 100644 index 0000000..072b4b8 Binary files /dev/null and b/tfplan differ diff --git a/variables.tf b/variables.tf index 5e65300..0d4f3db 100644 --- a/variables.tf +++ b/variables.tf @@ -37,10 +37,17 @@ variable "source_repo_branch" { type = string } +variable "source_repo_description" { + type = string + description = "Description of the Source CodeCommit repository used in pipeline" +} + +/* variable "repo_approvers_arn" { description = "ARN or ARN pattern for the IAM User/Role/Group that can be used for approving Pull Requests" type = string -} +} +*/ variable "environment" { description = "Environment in which the script is run. Eg: dev, prod, etc" @@ -52,6 +59,11 @@ variable "stage_input" { type = list(map(any)) } +variable "stage_destroy_input" { + description = "Tags to be attached to the CodePipeline" + type = list(map(any)) +} + variable "build_projects" { description = "Tags to be attached to the CodePipeline" type = list(string)