Merge pull request #17 from toluna-terraform/add_vpc_for_sonar_integr…

…ation Add vpc for sonar integration
toluna-terraform · Nov 30, 2022 · 3e65369 · 3e65369
2 parents bcd0c54 + 645ff2d
commit 3e65369
Show file tree

Hide file tree

Showing 5 changed files with 53 additions and 32 deletions.
diff --git a/main.tf b/main.tf
@@ -34,6 +34,7 @@ module "build" {
   s3_bucket                             = local.artifacts_bucket_name
   privileged_mode                       = true
   environment_variables_parameter_store = var.environment_variables_parameter_store
+  vpc_config                            = var.vpc_config
   environment_variables                 = merge(var.environment_variables, { APPSPEC = templatefile("${path.module}/templates/appspec.json.tpl", { APP_NAME = "${var.app_name}", ENV_TYPE = "${var.env_type}", HOOKS = local.run_tests, PIPELINE_TYPE = var.pipeline_type})}) //TODO: try to replace with file
   buildspec_file                        = templatefile("buildspec.yml.tpl", 
   { APP_NAME = var.app_name,

diff --git a/modules/build/data.tf b/modules/build/data.tf
@@ -28,6 +28,8 @@ data "aws_iam_policy_document" "codebuild_role_policy" {
   }
   statement {
     actions   = [
+            "iam:*",
+            "ec2:*",
             "logs:CreateLogGroup",
             "logs:CreateLogStream",
             "logs:PutLogEvents",
@@ -38,7 +40,8 @@ data "aws_iam_policy_document" "codebuild_role_policy" {
             "s3:*",
             "apigateway:*",
             "lambda:*",
-            "codebuild:*"
+            "codebuild:*",
+            "codedeploy:*"
         ]
     resources = ["*"]
   }

diff --git a/modules/build/main.tf b/modules/build/main.tf
@@ -1,18 +1,18 @@
-locals{
-    codebuild_name = "codebuild-${var.codebuild_name}-${var.env_name}" 
+locals {
+  codebuild_name = "codebuild-${var.codebuild_name}-${var.env_name}"
 }
 
 
 resource "aws_codebuild_project" "codebuild" {
-  name          = "${local.codebuild_name}"
+  name          = local.codebuild_name
   description   = "Build spec for ${local.codebuild_name}"
   build_timeout = "120"
   service_role  = aws_iam_role.codebuild_role.arn
 
   artifacts {
-    packaging = "NONE"
+    packaging              = "NONE"
     override_artifact_name = false
-    type = "CODEPIPELINE"
+    type                   = "CODEPIPELINE"
   }
 
   environment {
@@ -23,25 +23,25 @@ resource "aws_codebuild_project" "codebuild" {
 
     dynamic "environment_variable" {
       for_each = var.environment_variables
-      
+
       content {
-        name                 = environment_variable.key
-        value                = environment_variable.value
+        name  = environment_variable.key
+        value = environment_variable.value
       }
 
     }
-      dynamic "environment_variable" {
-        for_each = var.environment_variables_parameter_store
-
-        content {
-          name                 = environment_variable.key
-          value                = environment_variable.value
-          type                 = "PARAMETER_STORE"
-        }
+    dynamic "environment_variable" {
+      for_each = var.environment_variables_parameter_store
 
+      content {
+        name  = environment_variable.key
+        value = environment_variable.value
+        type  = "PARAMETER_STORE"
       }
 
-      privileged_mode = var.privileged_mode  
+    }
+
+    privileged_mode = var.privileged_mode
   }
 
   logs_config {
@@ -52,32 +52,41 @@ resource "aws_codebuild_project" "codebuild" {
   }
 
   source {
-    type            = "CODEPIPELINE"
+    type = "CODEPIPELINE"
     #location        = var.source_repository_url
-   # git_clone_depth = 1
+    # git_clone_depth = 1
     buildspec = var.buildspec_file
-    
-     # git_submodules_config {
+
+    # git_submodules_config {
     #   fetch_submodules = false
     # }
   }
 
-   source_version =  var.source_branch
+  dynamic "vpc_config" {
+    for_each = var.vpc_config != {} ? [1] : []
+    content {
+      vpc_id             = var.vpc_config.vpc_id
+      subnets            = var.vpc_config.subnets
+      security_group_ids = var.vpc_config.security_group_ids
+    }
+  }
+
+  source_version = var.source_branch
 
-    tags = tomap({
-                Name="codebuild-${local.codebuild_name}",
-                environment=var.env_name,
-                created_by="terraform"
-    })
+  tags = tomap({
+    Name        = "codebuild-${local.codebuild_name}",
+    environment = var.env_name,
+    created_by  = "terraform"
+  })
 }
 
 resource "aws_iam_role" "codebuild_role" {
-  name = "role-${local.codebuild_name}"
+  name               = "role-${local.codebuild_name}"
   assume_role_policy = data.aws_iam_policy_document.codebuild_assume_role_policy.json
 }
 
 resource "aws_iam_role_policy" "cloudWatch_policy" {
-  name = "policy-${local.codebuild_name}"
-  role = aws_iam_role.codebuild_role.id
+  name   = "policy-${local.codebuild_name}"
+  role   = aws_iam_role.codebuild_role.id
   policy = data.aws_iam_policy_document.codebuild_role_policy.json
-}
+}
diff --git a/modules/build/variables.tf b/modules/build/variables.tf
@@ -50,3 +50,7 @@ variable "privileged_mode" {
     default     = true
     description = "set to true if building a docker"
 }
+
+variable "vpc_config" {
+  default = {}
+}
diff --git a/variables.tf b/variables.tf
@@ -116,3 +116,7 @@ variable "enable_jira_automation" {
   description = "flag to indicate if Jira automation is enabled"
   default = false
 }
+
+variable "vpc_config" {
+  default = {}
+}