cloudposse / terraform-aws-cicd Goto Github PK

When deploying my docker image to my elastic beanstalk I received this error in the pipeline UI:

Deployment failed. The provided role does not have sufficient permissions: Failed to deploy application. Service:AWSLogs, Message:User: arn:aws:sts::xxxxx:assumed-role/xxxx-development-app/xxxxx is not authorized to perform: logs:PutRetentionPolicy on resource: arn:aws:logs:us-east-1:xxxx:log-group:/aws/elasticbeanstalk/xxxxx-dev-node-demo/var/log/nginx/error.log:log-stream:

Using terraform-aws-cicd and getting the source code from the private repo in GitHub,
and everything is applied already
whenever one executes plan, terraform wants to change OAuthToken every time

Output of terraform plan

  ~ module.build_frontend.aws_codepipeline.source_build
      stage.0.action.0.configuration.%:          "4" => "5"
      stage.0.action.0.configuration.OAuthToken: "" => "deadbeefdeadbeefdeadbeefdeadbeefdeadbeef"

Usage

module "build_frontend" {
    source              = "github.com/cloudposse/terraform-aws-cicd?ref=master"
    namespace           = "${var.namespace}"
    name                = "${var.frontend}"
    stage               = "${var.stage}"
    enabled             = "true"
    github_oauth_token  = "${var.github_oauth_token}"
    repo_owner          = "${var.github_group}"
    repo_name           = "${var.github_project_frontend}"
    branch              = "${var.github_branch_frontend}"
    build_image         = "aws/codebuild/nodejs:8.11.0"
    build_compute_type  = "BUILD_GENERAL1_SMALL"
    aws_region          = "${var.aws_region}"
    aws_account_id      = "${var.aws_account_id}"
}

Probably a reason for this is OAuthToken can be only set, not read in AWS CodePipeline.
Are there any approaches to this to have "clean" plan without any changes?

From https://www.terraform.io/docs/providers/aws/r/codepipeline.html:

NOTE on aws_codepipeline: - the GITHUB_TOKEN environment variable must be set if the GitHub provider is specified.

Tried that, nothing happens...

With Terraform v0.11.11 when setting environment_variables this error is thrown:
"environment.0.environment_variable.6.value": required field is not set
I think in build module you should do concact with var.environment_variables since this way you are inserting list inside a list.

    environment_variable = [{
      "name"  = "AWS_REGION"
      "value" = "${signum(length(var.aws_region)) == 1 ? var.aws_region : data.aws_region.default.name}"
    },
      {
        "name"  = "AWS_ACCOUNT_ID"
        "value" = "${signum(length(var.aws_account_id)) == 1 ? var.aws_account_id : data.aws_caller_identity.default.account_id}"
      },
      {
        "name"  = "IMAGE_REPO_NAME"
        "value" = "${signum(length(var.image_repo_name)) == 1 ? var.image_repo_name : "UNSET"}"
      },
      {
        "name"  = "IMAGE_TAG"
        "value" = "${signum(length(var.image_tag)) == 1 ? var.image_tag : "latest"}"
      },
      {
        "name"  = "STAGE"
        "value" = "${signum(length(var.stage)) == 1 ? var.stage : "UNSET"}"
      },
      {
        "name"  = "GITHUB_TOKEN"
        "value" = "${signum(length(var.github_token)) == 1 ? var.github_token : "UNSET"}"
      },
      "${var.environment_variables}",
    ]

Note: I did tried it with a list but still not working with different error, it seems concact is not returning list(propably problem with Terraform interpolation)

The module outputs the param codebuild_badge_url (as documented in the Outputs section of README) but seems like there is no input variable called badge_enabled. Seems like a simple fix and would be greatly appreciated if this could be added. Thanks

Don't you think at least name would be appropriate?

Hi, I have a github project that can be cloned without needing a github token, but if I remove github_oauth_token from my terraform I get the following error:

Error: module "build": missing required argument "github_oauth_token"

If I set it to "" I get this:

* aws_codebuild_project.default: [ERROR] Error updating CodeBuild project (arn:aws:codebuild:eu-west-1:***): InvalidParameter: 1 validation error(s) found.
- missing required field, UpdateProjectInput.Environment.EnvironmentVariables[5].Value.

The README says it's both optional and required so not sure what I should be using. Is an oauth token always required?

Thanks :)

As a user, I would like to be able to pass in an environment_variables variable that can be utilized by the aws_codebuild module.

Using 0.11 branch , latest tag 0.6.0;
Terraform 0.11.14
AWS provider 2.24

Start getting an error while applying module to create codebuild project:

        * module.build_ms_email.module.build.aws_codebuild_project.default: 1 error occurred:
        * aws_codebuild_project.default: Error creating CodeBuild project: AccessDeniedException: User: arn:aws:sts::ACCOUNTHERE:assumed-role/Playground/1566405491326350000 is not authorized to perform: iam:PassRole on resource: arn:aws:iam::ACCOUNTHERE:role/sweet-integration-microservice-email-build
        status code: 400, request id: edfdb965-1e8b-48d5-982f-ff2b7f52e43a

Had nothing similar last week, have terraform policy without IAM PassRole allow for my Playground role.

Found a bug? Maybe our Slack Community can help.

Describe the Bug

Terraform plan is failing on Terraform v1.0.0 with Error: cache location is required when cache type is "S3"

Expected Behavior

It should not be failing to create the CodeBuild resource

Steps to Reproduce

1.) I initialize a module:

module "build" {
  source     = "cloudposse/cicd/aws"
  attributes = (concat(var.attributes, ["codepipeline"]))
  namespace  = var.namespace
  stage      = var.stage
  name       = var.name
  enabled    = var.codepipeline_enabled

  # Application repository on GitHub
  github_oauth_token = var.codepipeline_github_token
  repo_owner         = var.codepipeline_repo_owner
  repo_name          = var.codepipeline_repo_name
  branch             = var.codepipeline_branch
}

2.) I commit and push.

3.) Terraform Cloud gives this error:

│ Error: cache location is required when cache type is "S3"
│ 
│   with module.landing_page.module.build.module.codebuild.aws_codebuild_project.default[0],
│   on .terraform/modules/landing_page.build.codebuild/main.tf line 265, in resource "aws_codebuild_project" "default":
│  265: resource "aws_codebuild_project" "default" {
│ 
╵

Environment (please complete the following information):

Using Terraform v1.0.0 in Terraform Cloud

https://aws.amazon.com/blogs/devops/access-resources-in-a-vpc-from-aws-codebuild-builds/

Would be nice to see support for the label_order variable, to be passed on to the terraform-null-label. In fact, would be sweet to have this in all of the sweetops modules, as the naming convention gets messed up if you mix your own modules with those that doesn't support it (unless using the defaults of course).

Currently there's only a ZIP deployed to the build output bucket. To accept a separate bucket where the extracted files will be deployed after each build.

I am trying to add some target groups to my load balancer, however I can't see a logical way to do so. I am aware that I could create a listener on the lb using aws_lb_listener.

Is there a way to do so using Terraform? Thanks.

what

• Add example invocation

why

• We need this so we can soon enable automated continuous integration testing of module

Dependabot couldn't parse the main.tf found at /main.tf.

The error Dependabot encountered was:

unable to parse HCL: At 9:16: Unknown token: 9:16 IDENT var.enabled

View the update logs.

Dependabot couldn't parse the context.tf found at /context.tf.

The error Dependabot encountered was:

unable to parse HCL: At 25:25: Unknown token: 25:25 IDENT var.enabled

View the update logs.

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Error type: undefined. Note: this is a nested preset so please contact the preset author if you are unable to fix it yourself.

Dependabot couldn't parse the main.tf found at /main.tf.

You can mention @dependabot in the comments below to contact the Dependabot team.

Describe the Bug

[Container] 2022/11/23 03:53:37 Processing environment variables
[Container] 2022/11/23 03:53:37 Decrypting parameter store environment variables
[Container] 2022/11/23 03:53:39 Phase complete: DOWNLOAD_SOURCE State: FAILED
[Container] 2022/11/23 03:53:39 Phase context status code: Decrypted Variables Error Message: parameter does not exist: ghp_...

Expected Behavior

I expected the build to finish without errors.

Steps to Reproduce

Use the following code:

module "build" {
  source = "cloudposse/cicd/aws"
  version = "v0.19.5"
  namespace           = "eg"
  stage               = "staging"
  name                = "backend-app"

  # Enable the pipeline creation
  enabled             = true

  # Elastic Beanstalk
  elastic_beanstalk_application_name = "backend-app"
  elastic_beanstalk_environment_name = "dev"

  # Application repository on GitHub
  github_oauth_token  = "ghp_..."
  repo_owner          = "cloudposse"
  repo_name           = "backend-app"
  branch              = "development"

  # http://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref.html
  # http://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html
  build_image         = "aws/codebuild/standard:2.0"
  build_compute_type  = "BUILD_GENERAL1_SMALL"
}

Have a question? Please checkout our Slack Community or visit our Slack Archive.

Describe the Feature

Cannot use codestar_connection_arn to authenticate to Github as source for CICD static website. Must use (Github Version 1) and manually log in inside console after deployment.

Works perfectly with:
module "ecs_codepipeline" {
source = "cloudposse/ecs-codepipeline/aws"
codestar_connection_arn = var.codestar_connection_arn

A clear and concise description of what the bug is.

Expected Behavior

Doesn't seem to be coded in .terraform

A clear and concise description of what you expected to happen.

Use Case

Is your feature request related to a problem/challenge you are trying to solve? Please provide some additional context of why this feature or capability will be valuable.

Describe Ideal Solution

A clear and concise description of what you want to happen. If you don't know, that's okay.

Alternatives Considered

Explain what alternative solutions or features you've considered.

Additional Context

Add any other context or screenshots about the feature request here.

AWS CI/CD is awesome, with the one drawback of the slow builds when docker image is being built. I saw that AWS recently released this blogpost about the new Local Cache feature.

I think it can be simple and awesome to see it also part of this Terraform module

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Ignored or Blocked

These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.

• chore(deps): update terraform cloudposse/codebuild/aws to v2.0.2
• chore(deps): update terraform cloudposse/repository-webhooks/github to v0.14.0

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

Describe the Bug

I'm not able to run this module on terraform 0.13.5.

Expected Behavior

The versions.tf file seems to suggest that this should be possible.

Steps to Reproduce

Try running the example module with terraform 0.13.5.

Screenshots

Environment (please complete the following information):

Anything that will help us triage the bug will help. Here are some ideas:

• OS: Linux
• Version 0.13.5