code build example

yanivpaz · May 17, 2020 · cb7934e · cb7934e
1 parent c6e272b
commit cb7934e
Show file tree

Hide file tree

Showing 3 changed files with 104 additions and 33 deletions.
diff --git a/5-aws-tools-setup/commands.txt b/5-aws-tools-setup/commands.txt
@@ -0,0 +1,16 @@
+# We are going to create the CodeCommit, CodeBuild, and CodePipeline objects
+# This will NOT add code to CodeCommit, that must be done separately
+# You will need the name of the state_bucket created in 4-remote-state-setup
+
+# Rename terraform.tfvars.example to terraform.tfvars and update values
+
+# Initialize the terraform configuration
+terraform init
+
+# Plan the terraform deployment
+terraform plan -out code.tfplan
+
+# Apply the deployment
+terraform apply "code.tfplan"
+
+
diff --git a/5-aws-tools-setup/main.tf b/5-aws-tools-setup/main.tf
@@ -1,23 +1,60 @@
-# We need to setup a CodeCommit repo, CodeBuild project, and CodePipeline
-#Bucket variables
+#############################################################################
+# VARIABLES
+#############################################################################
+
 variable "aws_bucket_prefix" {
   type    = string
   default = "globo"
 }
 
-resource "random_integer" "rand" {
-  min = 10000
-  max = 99999
+variable "region" {
+  type    = string
+  default = "us-east-1"
+}
+
+variable "state_bucket" {
+  type = string
+  description = "Name of bucket for remote state"
+}
+
+variable "dynamodb_table_name" {
+  type = string
+  description = "Name of dynamodb table for remote state locking"
 }
 
 locals {
-  bucket_name         = "${var.aws_bucket_prefix}-build-logs-${random_integer.rand.result}"
+  bucket_name = "${var.aws_bucket_prefix}-build-logs-${random_integer.rand.result}"
+}
+
+#############################################################################
+# PROVIDERS
+#############################################################################
+
+provider "aws" {
+  version = "~> 2.0"
+  region  = var.region
 }
 
+#############################################################################
+# DATA SOURCES
+#############################################################################
+
 data "aws_s3_bucket" "state_bucket" {
-    bucket = var.state_bucket
+  bucket = var.state_bucket
 }
 
+data "aws_dynamodb_table" "state_table" {
+  name = var.dynamodb_table_name
+}
+
+#############################################################################
+# RESOURCES
+#############################################################################  
+
+resource "random_integer" "rand" {
+  min = 10000
+  max = 99999
+}
 
 resource "aws_codecommit_repository" "vpc_code" {
   repository_name = "vpc-deploy"
@@ -73,14 +110,23 @@ resource "aws_iam_role_policy" "cloud_build_policy" {
       ],
       "Resource": "*"
     },
+    {
+            "Effect": "Allow",
+            "Action": ["dynamodb:*"],
+            "Resource": [
+                "${data.aws_dynamodb_table.state_table.arn}"
+            ]
+        },
     {
       "Effect": "Allow",
       "Action": [
         "s3:*"
       ],
       "Resource": [
         "${data.aws_s3_bucket.state_bucket.arn}",
-        "${data.aws_s3_bucket.state_bucket.arn}/*"
+        "${data.aws_s3_bucket.state_bucket.arn}/*",
+        "${aws_s3_bucket.vpc_deploy_logs.arn}",
+        "${aws_s3_bucket.vpc_deploy_logs.arn}/*"
       ]
     }
   ]
@@ -90,13 +136,13 @@ POLICY
 
 resource "aws_codebuild_project" "build_project" {
   name          = "vpc-deploy-project"
-  description   = "Porject to deploy VPCs"
+  description   = "Project to deploy VPCs"
   build_timeout = "5"
   service_role  = aws_iam_role.code_build_assume_role.arn
 
   artifacts {
-    type = "S3"
-    location = aws_s3_bucket.vpc_deploy_logs.name
+    type     = "S3"
+    location = aws_s3_bucket.vpc_deploy_logs.bucket
   }
 
   environment {
@@ -111,8 +157,8 @@ resource "aws_codebuild_project" "build_project" {
     }
 
     environment_variable {
-        name = "TF_VERSION_INSTALL"
-        value = "0.12.24"
+      name  = "TF_VERSION_INSTALL"
+      value = "0.12.24"
     }
 
     environment_variable {
@@ -141,8 +187,8 @@ resource "aws_codebuild_project" "build_project" {
   }
 
   source {
-    type            = "CODECOMMIT"
-    location        = aws_codecommit_repository.vpc_code.clone_url_http
+    type     = "CODECOMMIT"
+    location = aws_codecommit_repository.vpc_code.clone_url_http
   }
 
   source_version = "master"
@@ -207,7 +253,7 @@ resource "aws_codepipeline" "codepipeline" {
   role_arn = aws_iam_role.codepipeline_role.arn
 
   artifact_store {
-    location = aws_s3_bucket.codepipeline_bucket.bucket
+    location = aws_s3_bucket.vpc_deploy_logs.bucket
     type     = "S3"
 
   }
@@ -224,8 +270,8 @@ resource "aws_codepipeline" "codepipeline" {
       output_artifacts = ["source_output"]
 
       configuration = {
-        RepositoryName  = aws_codecommit_repository.vpc_code.repository_name
-        BranchName = "master"
+        RepositoryName = aws_codecommit_repository.vpc_code.repository_name
+        BranchName     = "master"
       }
     }
   }
@@ -234,51 +280,55 @@ resource "aws_codepipeline" "codepipeline" {
     name = "Development"
 
     action {
-      name             = "Build"
+      name             = "Plan"
       category         = "Build"
       owner            = "AWS"
       provider         = "CodeBuild"
       input_artifacts  = ["source_output"]
-      output_artifacts = ["build_output"]
+      output_artifacts = ["plan_output"]
       version          = "1"
 
       configuration = {
         ProjectName = aws_codebuild_project.build_project.name
         EnvironmentVariables = jsonencode(
-            [
+          [
             {
-                name = "TF_ACTION"
-                value = "PLAN"
+              name  = "TF_ACTION"
+              value = "PLAN"
+              type  = "PLAINTEXT"
             },
             {
-                name = "WORKSPACE_NAME"
-                value = "Development"
+              name  = "WORKSPACE_NAME"
+              value = "Development"
+              type  = "PLAINTEXT"
             }
           ]
         )
       }
     }
 
-        action {
-      name             = "Build"
+    action {
+      name             = "Apply"
       category         = "Build"
       owner            = "AWS"
       provider         = "CodeBuild"
       input_artifacts  = ["source_output"]
-      output_artifacts = ["build_output"]
+      output_artifacts = ["apply_output"]
       version          = "1"
 
       configuration = {
         ProjectName = aws_codebuild_project.build_project.name
         EnvironmentVariables = jsonencode(
-            [
+          [
             {
-                name = "TF_ACTION"
-                value = "APPLY"
+              name  = "TF_ACTION"
+              value = "APPLY"
+              type  = "PLAINTEXT"
             },
             {
-                name = "WORKSPACE_NAME"
-                value = "Development"
+              name  = "WORKSPACE_NAME"
+              value = "Development"
+              type  = "PLAINTEXT"
             }
           ]
         )

diff --git a/5-aws-tools-setup/terraform.tfvars.example b/5-aws-tools-setup/terraform.tfvars.example
@@ -0,0 +1,5 @@
+region = "us-east-1"
+
+state_bucket = "STATE_BUCKET_NAME"
+
+dynamodb_table_name = "DYNAMODB_TABLE_NAME"