Laura

examples/terraform.tfvars

@@ -1,15 +1,21 @@
-project_name       = "tf-validate-project"
-environment        = "dev"
+## CodeCommit repository variables
+create_new_repo    = true
 source_repo_name   = "terraform-sample-repo"
 source_repo_branch = "main"
-create_new_repo    = false
-repo_approvers_arn = "arn:aws:sts::123456789012:assumed-role/CodeCommitReview/*" #Update ARN (IAM Role/User/Group) of Approval Members
+source_repo_description = "Terraform deployments repository"
+
+project_name       = "tf-validate-project"
+environment        = "dev"
+# repo_approvers_arn = "arn:aws:sts::123456789012:assumed-role/CodeCommitReview/*" #Update ARN (IAM Role/User/Group) of Approval Members
+# repo_approvers_arn = "arn:aws:iam::641026500518:user/laura.pena"
 create_new_role    = true
 #codepipeline_iam_role_name = <Role name> - Use this to specify the role name to be used by codepipeline if the create_new_role flag is set to false.
 stage_input = [
   { name = "validate", category = "Test", owner = "AWS", provider = "CodeBuild", input_artifacts = "SourceOutput", output_artifacts = "ValidateOutput" },
   { name = "plan", category = "Test", owner = "AWS", provider = "CodeBuild", input_artifacts = "ValidateOutput", output_artifacts = "PlanOutput" },
   { name = "apply", category = "Build", owner = "AWS", provider = "CodeBuild", input_artifacts = "PlanOutput", output_artifacts = "ApplyOutput" },
-  { name = "destroy", category = "Build", owner = "AWS", provider = "CodeBuild", input_artifacts = "ApplyOutput", output_artifacts = "DestroyOutput" }
+]
+stage_destroy_input = [
+  { name = "destroy", category = "Build", owner = "AWS", provider = "CodeBuild", input_artifacts = "SourceOutput", output_artifacts = "DestroyOutput" }
 ]
 build_projects = ["validate", "plan", "apply", "destroy"]

main.tf

@@ -39,8 +39,9 @@ module "codecommit_infrastructure_source_repo" {
   create_new_repo          = var.create_new_repo
   source_repository_name   = var.source_repo_name
   source_repository_branch = var.source_repo_branch
-  repo_approvers_arn       = var.repo_approvers_arn
-  kms_key_arn              = module.codepipeline_kms.arn
+  source_repository_description = var.source_repo_description
+  ## repo_approvers_arn       = var.repo_approvers_arn
+  ## kms_key_arn              = module.codepipeline_kms.arn
   tags = {
     Project_Name = var.project_name
     Environment  = var.environment
@@ -102,6 +103,7 @@ module "codepipeline_iam_role" {
     Region       = local.region
   }
 }
+
 # Module for Infrastructure Validate, Plan, Apply and Destroy - CodePipeline
 module "codepipeline_terraform" {
   depends_on = [
@@ -124,3 +126,26 @@ module "codepipeline_terraform" {
     Region       = local.region
   }
 }
+
+# Module for Infrastructure Validate, Plan, Apply and Destroy - CodePipeline
+module "codepipeline_terraform_destroy" {
+  depends_on = [
+    module.codebuild_terraform,
+    module.s3_artifacts_bucket
+  ]
+  source = "./modules/codepipeline"
+
+  project_name          = "${var.project_name}-destroy"
+  source_repo_name      = var.source_repo_name
+  source_repo_branch    = var.source_repo_branch
+  s3_bucket_name        = module.s3_artifacts_bucket.bucket
+  codepipeline_role_arn = module.codepipeline_iam_role.role_arn
+  stages                = var.stage_destroy_input
+  kms_key_arn           = module.codepipeline_kms.arn
+  tags = {
+    Project_Name = var.project_name
+    Environment  = var.environment
+    Account_ID   = local.account_id
+    Region       = local.region
+  }
+}

modules/codecommit/main.tf

@@ -1,16 +1,12 @@
-#This solution, non-production-ready template describes AWS Codepipeline based CICD Pipeline for terraform code deployment.
-#© 2023 Amazon Web Services, Inc. or its affiliates. All Rights Reserved.
-#This AWS Content is provided subject to the terms of the AWS Customer Agreement available at
-#http://aws.amazon.com/agreement or other written agreement between Customer and either
-#Amazon Web Services, Inc. or Amazon Web Services EMEA SARL or both.
-
 resource "aws_codecommit_repository" "source_repository" {
   count           = var.create_new_repo ? 1 : 0
   repository_name = var.source_repository_name
   default_branch  = var.source_repository_branch
-  description     = "Code Repository for hosting the terraform code and pipeline configuration files"
+  description     = var.source_repository_description
   tags            = var.tags
 }
+
+/* 
 resource "aws_codecommit_approval_rule_template" "source_repository_approval" {
   count       = var.create_new_repo ? 1 : 0
   name        = "${var.source_repository_name}-${var.source_repository_branch}-Rule"
@@ -34,3 +30,5 @@ resource "aws_codecommit_approval_rule_template_association" "source_repository_
   approval_rule_template_name = aws_codecommit_approval_rule_template.source_repository_approval[0].name
   repository_name             = aws_codecommit_repository.source_repository[0].repository_name
 }
+
+*/

modules/codecommit/variables.tf

@@ -1,9 +1,3 @@
-#This solution, non-production-ready template describes AWS Codepipeline based CICD Pipeline for terraform code deployment.
-#© 2023 Amazon Web Services, Inc. or its affiliates. All Rights Reserved.
-#This AWS Content is provided subject to the terms of the AWS Customer Agreement available at
-#http://aws.amazon.com/agreement or other written agreement between Customer and either
-#Amazon Web Services, Inc. or Amazon Web Services EMEA SARL or both.
-
 variable "create_new_repo" {
   type        = bool
   description = "Flag for deciding if a new repository needs to be created"
@@ -20,17 +14,24 @@ variable "source_repository_branch" {
   description = "Branch of the Source CodeCommit repository used in pipeline"
 }
 
+variable "source_repository_description" {
+  type        = string
+  description = "Description of the Source CodeCommit repository used in pipeline"
+}
+
+/* 
 variable "repo_approvers_arn" {
   description = "ARN or ARN pattern for the IAM User/Role/Group etc that can be used for approving Pull Requests"
   type        = string
 }
+*/
 
 variable "tags" {
   type        = map(any)
   description = "Tags to be attached to the source CodeCommit repository"
 }
 
-variable "kms_key_arn" {
+/* variable "kms_key_arn" {
   description = "Name of the project to be prefixed to create the s3 bucket"
   type        = string
-}
+} */

modules/codepipeline/main.tf

@@ -62,4 +62,4 @@ resource "aws_codepipeline" "terraform_pipeline" {
     }
   }
 
-}
+}

modules/iam-role/main.tf

@@ -115,6 +115,13 @@ resource "aws_iam_policy" "codepipeline_policy" {
         "logs:PutLogEvents"
       ],
       "Resource": "arn:${data.aws_partition.current.partition}:logs:${data.aws_region.current.id}:${data.aws_caller_identity.current.account_id}:log-group:*"
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "codepipeline:ListPipelineExecutions"
+      ],
+      "Resource": "*"
     }
   ]
 }

modules/s3/provider.tf

@@ -6,5 +6,5 @@
 
 provider "aws" {
   alias  = "replication"
-  region = "us-east-2"
-}
+  region = "eu-west-2"
+}

variables.tf

@@ -37,10 +37,17 @@ variable "source_repo_branch" {
   type        = string
 }
 
+variable "source_repo_description" {
+  type        = string
+  description = "Description of the Source CodeCommit repository used in pipeline"
+}
+
+/*
 variable "repo_approvers_arn" {
   description = "ARN or ARN pattern for the IAM User/Role/Group that can be used for approving Pull Requests"
   type        = string
-}
+} 
+*/
 
 variable "environment" {
   description = "Environment in which the script is run. Eg: dev, prod, etc"
@@ -52,6 +59,11 @@ variable "stage_input" {
   type        = list(map(any))
 }
 
+variable "stage_destroy_input" {
+  description = "Tags to be attached to the CodePipeline"
+  type        = list(map(any))
+}
+
 variable "build_projects" {
   description = "Tags to be attached to the CodePipeline"
   type        = list(string)