code系を暫定的にコメントアウト

umanari145 · Oct 5, 2024 · 9f3d360 · 9f3d360
1 parent 6946c29
commit 9f3d360
Show file tree

Hide file tree

Showing 3 changed files with 69 additions and 32 deletions.
diff --git a/aws_cicd/main.tf b/aws_cicd/main.tf
@@ -11,6 +11,14 @@ module "LB" {
   subnet_ids = module.VPC.subnet_ids
 }
 
+##module "CodeBuild" {
+##  source = "../modules/CICD/build"
+##  project_pre = var.project_pre
+##  account_id = var.account_id
+##  aws_region = var.aws_region
+##  repo = var.repo
+##}
+
 module "ECS" {
   source = "../modules/ecs"
   project_pre = var.project_pre
@@ -21,20 +29,12 @@ module "ECS" {
   subnet_ids = module.VPC.subnet_ids
 }
 
-module "CodeBuild" {
-  source = "../modules/CICD/build"
-  project_pre = var.project_pre
-  account_id = var.account_id
-  aws_region = var.aws_region
-  repo = var.repo
-}
-
-module "CodeDeploy" {
-  source = "../modules/CICD/deploy/container"
-  project_pre = var.project_pre
-  ecs_cluster_name = module.ECS.ecs_cluster_name
-  ecs_service_name = module.ECS.ecs_service_name
-  lb_listener_arn = module.LB.lb_listener_arn
-  blue_tag_name = module.LB.blue_tag_name
-  green_tag_name = module.LB.green_tag_name
-}
+##module "CodeDeploy" {
+##  source = "../modules/CICD/deploy/container"
+##  project_pre = var.project_pre
+##  ecs_cluster_name = module.ECS.ecs_cluster_name
+##  ecs_service_name = module.ECS.ecs_service_name
+##  lb_listener_arn = module.LB.lb_listener_arn
+##  blue_tag_name = module.LB.blue_tag_name
+##  green_tag_name = module.LB.green_tag_name
+##}
diff --git a/modules/CICD/build/common/main.tf b/modules/CICD/build/common/main.tf
@@ -1,21 +1,37 @@
-# IAMロールを作成
-resource "aws_iam_role" "codebuild_role" {
-  name = "${var.project_pre}-codebuild-role"
 
-  assume_role_policy = jsonencode({
+# S3バケットを作成（CodeBuildのアーティファクトを保存）
+resource "aws_s3_bucket" "codebuild_bucket" {
+  bucket = "${var.project_pre}-my-codebuild-bucket"
+}
+
+resource "aws_s3_object" "artifacts" {
+  bucket = aws_s3_bucket.codebuild_bucket.id
+  key    = "artifacts/"
+}
+
+resource "aws_iam_policy" "codebuild_s3_policy" {
+  name        = "${var.project_pre}-CodeBuildS3AccessPolicy"
+  description = "Policy to allow CodeBuild to upload artifacts to S3"
+  policy = jsonencode({
     Version = "2012-10-17"
     Statement = [
       {
-        Action    = "sts:AssumeRole"
-        Effect    = "Allow"
-        Principal = {
-          Service = "codebuild.amazonaws.com"
-        }
-      },
+        Action = [
+          "s3:PutObject",
+          "s3:GetObject",
+          "s3:ListBucket"
+        ]
+        Effect   = "Allow"
+        Resource = [
+          "arn:aws:s3:::${var.project_pre}-my-codebuild-bucket",            # バケット自体へのアクセス
+          "arn:aws:s3:::${var.project_pre}-my-codebuild-bucket/*"           # バケット内のオブジェクトへのアクセス
+        ]
+      }
     ]
   })
 }
 
+
 resource "aws_iam_policy" "cloudwatch_logs_policy" {
   name        = "${var.project_pre}-CloudWatchLogsPolicy"
   description = "Allows access to specific CloudWatch Logs resources for CodeBuild"
@@ -38,6 +54,24 @@ resource "aws_iam_policy" "cloudwatch_logs_policy" {
   })
 }
 
+# IAMロールを作成
+resource "aws_iam_role" "codebuild_role" {
+  name = "${var.project_pre}-codebuild-role"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action    = "sts:AssumeRole"
+        Effect    = "Allow"
+        Principal = {
+          Service = "codebuild.amazonaws.com"
+        }
+      },
+    ]
+  })
+}
+
 resource "aws_iam_role_policy_attachment" "attach_cloudwatch_logs_policy" {
   role       = aws_iam_role.codebuild_role.name
   policy_arn = aws_iam_policy.cloudwatch_logs_policy.arn
@@ -47,3 +81,9 @@ resource "aws_iam_role_policy_attachment" "codebuild_role_policy" {
   role       = aws_iam_role.codebuild_role.name
   policy_arn = "arn:aws:iam::aws:policy/AWSCodeBuildDeveloperAccess"
 }
+
+resource "aws_iam_role_policy_attachment" "codebuild_s3_policy_attachment" {
+  role       = aws_iam_role.codebuild_role.name
+  policy_arn = aws_iam_policy.codebuild_s3_policy.arn
+}
+
diff --git a/modules/CICD/build/main.tf b/modules/CICD/build/main.tf
@@ -101,17 +101,14 @@ resource "aws_codebuild_project" "my_project" {
   build_timeout = 20
 
   artifacts {
-    type            = "S3"
-    location        = aws_s3_bucket.codebuild_bucket.bucket
-    packaging       = "ZIP"
-    name            = "output.zip"
-    path            = "artifacts/"
+    type = "NO_ARTIFACTS"
   }
 
   environment {
     compute_type = "BUILD_GENERAL1_SMALL"
     image        = "aws/codebuild/standard:6.0"
     type         = "LINUX_CONTAINER"
+    image_pull_credentials_type = "CODEBUILD"
     privileged_mode = true
 
     environment_variable {