This configures everything except Auth to source control.
module "codebuild_example" {
source = "Lupus-Metallum/codebuild-project/aws"
version = "1.0.0
name = "Example"
description = "This is an example"
build_timeout = 5
queued_timeout = 5
concurrent_build_limit = 1
encryption_key = "arn:aws:kms:us-east-1:00000:alias/aws/s3"
environment_image = "aws/codebuild/amazonlinux2-x86_64-standard:3.0"
add_ecr_write_permissions = true
compute_type = "BUILD_GENERAL1_MEDIUM"
environment_type = "LINUX_CONTAINER"
privileged_mode = true
repo_location = "https://github.com/MyOrg/example.git"
source_version = "dev"
build_spec = file("./src/buildspec.yml")
enable_logs = true
cloudwatch_kms_key_arn = "arn:..."
cloudwatch_retention_days = 14
log_stream_name = "my-stream"
environment_variables = {
"IMAGE_REPO_NAME" = "example"
"AWS_DEFAULT_REGION" = data.aws_region.current.name
"AWS_ACCOUNT_ID" = data.aws_caller_identity.current.account_id
"IMAGE_TAG" = "latest"
}
secondary_sources = [
{
git_clone_depth = 1
insecure_ssl = false
location = "https://github.com/MyOrg/example2.git"
report_build_status = false
source_identifier = "dev"
type = "GITHUB"
fetch_submodules = false
},
{
git_clone_depth = 1
insecure_ssl = false
location = "https://github.com/MyOrg/example3.git"
report_build_status = false
source_identifier = "example3"
type = "GITHUB"
fetch_submodules = false
},
]
notification_rules = [
{
notification_arn = "arn:aws:chatbot::0000000:chat-configuration/slack-channel/Codebuild-Notifications",
notification_type = "AWSChatbotSlack",
notification_name = "Codebuild-Default",
notification_detail = "FULL",
notification_events = [
"codebuild-project-build-phase-failure",
"codebuild-project-build-state-failed",
"codebuild-project-build-state-in-progress",
"codebuild-project-build-state-stopped",
"codebuild-project-build-state-succeeded",
]
}
]
webhooks = [
{
branch = "dev"
events = ["PUSH", "PULL_REQUEST_MERGED"]
}
]
}
| Name | Version |
|---|---|
| aws | n/a |
| Name | Type |
|---|---|
| aws_cloudwatch_log_group.this | resource |
| aws_codebuild_project.this | resource |
| aws_codebuild_webhook.this | resource |
| aws_codestarnotifications_notification_rule.this | resource |
| aws_iam_policy.this | resource |
| aws_iam_policy.this_cloudwatch | resource |
| aws_iam_role.this | resource |
| aws_iam_role_policy_attachment.this | resource |
| aws_iam_role_policy_attachment.this_AmazonEC2ContainerRegistryFullAccess | resource |
| aws_iam_role_policy_attachment.this_cloudwatch | resource |
| aws_caller_identity.current | data source |
| aws_iam_policy_document.this | data source |
| aws_iam_policy_document.this_assume | data source |
| aws_iam_policy_document.this_cloudwatch | data source |
| aws_region.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| build_spec | Yaml for the build, best to provide via file() or template_file datasource | string |
n/a | yes |
| build_timeout | Time in minutes for the build to timeout | number |
n/a | yes |
| description | Description of CodeBuild Project | string |
n/a | yes |
| name | Name of CodeBuild Project | string |
n/a | yes |
| queued_timeout | Time in minutes for the queue to timeout | number |
n/a | yes |
| repo_location | URL to use for location of repo | string |
n/a | yes |
| add_ecr_write_permissions | Should add AmazonEC2ContainerRegistryFullAccess Policy to the role? | bool |
false |
no |
| artifacts | Should the build create artifacts | string |
"NO_ARTIFACTS" |
no |
| badge_enabled | Should we enable the build badge | bool |
true |
no |
| cache_mode | Type of cache to use for builds | list(string) |
[] |
no |
| cache_type | Type of cache to use for builds | string |
"NO_CACHE" |
no |
| cloudwatch_kms_key_arn | What is the KMS Key ID that we should encrypt logs with | string |
"" |
no |
| cloudwatch_retention_days | How many days should we retain logs | number |
14 |
no |
| compute_type | Type of compute to use for the build | string |
"BUILD_GENERAL1_SMALL" |
no |
| concurrent_build_limit | How many concurrent builds should be allowed | number |
1 |
no |
| enable_logs | Should we enable cloudwatch logs? Requires a group name and stream name | bool |
false |
no |
| encryption_key | Encryption key to use to encrypt the pipeline | string |
"" |
no |
| environment_image | Image to use for builds | string |
"aws/codebuild/standard:1.0" |
no |
| environment_type | Type of environment to use for the build | string |
"LINUX_CONTAINER" |
no |
| environment_variables | Environment variables to use for build | map(string) |
{} |
no |
| fetch_submodules | Should we fetch submodules | bool |
false |
no |
| git_clone_depth | Depth of git clone | number |
1 |
no |
| image_pull_credentials_type | Type of image pull credentials to use for the build | string |
"CODEBUILD" |
no |
| log_stream_name | Name of log stream to use for builds, requires enable_logs=true | string |
"" |
no |
| notification_rules | Disable or enable notifications | list(object({ |
[] |
no |
| privileged_mode | Should we enable privileged mode | bool |
false |
no |
| repo_type | Type of git repo | string |
"GITHUB" |
no |
| secondary_sources | addtional sources to use for the build | list(map(string)) |
[] |
no |
| security_group_ids | List of security_group_ids for the build, requires use_vpc=true | list(string) |
[] |
no |
| service_role_arn | Time in minutes for the queue to timeout | string |
"" |
no |
| source_version | Name of source version | string |
"main" |
no |
| subnet_ids | List of subnet_ids for the build, requires use_vpc=true | list(string) |
[] |
no |
| tags | Tags to apply to resources | map(string) |
{} |
no |
| use_vpc | Should we build in a vpc? Requires security_group_ids, subnet_ids, and vpc_id | bool |
false |
no |
| vpc_id | ID of vpc to use for the build, requires use_vpc=true | string |
"" |
no |
| webhooks | Should webhooks to the git repo be enabled | list(object({ |
[] |
no |
| Name | Description |
|---|---|
| codebuild_arn | n/a |
| codebuild_badge_url | n/a |
| codebuild_id | n/a |
