Terraform module to provision an AWS codepipeline CI/CD system.
The module also creates the build itself and the example sets a deployment up for a Fargate project. The module has been fully updated to work with Terraform 0.12 and Terraform Cloud.
It's 100% Open Source and licensed under the APACHE2.
Include this repository as a module in your existing Terraform code:
module "codepipeline" {
source = "JamesWoolfenden/codepipeline/aws"
version = "0.4.21"
artifact_store = var.artifact_store
common_tags = var.common_tags
description = var.description
name = var.name
stages = var.stages
}From infracost: make cost Makefile target in example/examplea
✔ Calculating monthly cost estimate
Project: .
Name Monthly Qty Unit Monthly Cost
aws_s3_bucket.codepipeline
├─ Glacier deep archive
│ ├─ Storage 0 GB-months $0.00
│ ├─ PUT, COPY, POST, LIST requests 0 1k requests $0.00
│ ├─ GET, SELECT, and all other requests 0 1k requests $0.00
│ ├─ Lifecycle transition 0 1k requests $0.00
│ ├─ Retrieval requests (standard) 0 1k requests $0.00
│ ├─ Retrievals (standard) 0 GB-months $0.00
│ ├─ Retrieval requests (bulk) 0 1k requests $0.00
│ ├─ Retrievals (bulk) 0 GB-months $0.00
│ └─ Early delete (within 180 days) 0 GB-months $0.00
├─ Standard
│ ├─ Storage 0 GB-months $0.00
│ ├─ PUT, COPY, POST, LIST requests 0 1k requests $0.00
│ ├─ GET, SELECT, and all other requests 0 1k requests $0.00
│ ├─ Select data scanned 0 GB-months $0.00
│ └─ Select data returned 0 GB-months $0.00
├─ Intelligent tiering
│ ├─ Storage (frequent access) 0 GB-months $0.00
│ ├─ Storage (infrequent access) 0 GB-months $0.00
│ ├─ Monitoring and automation 0 1k objects $0.00
│ ├─ PUT, COPY, POST, LIST requests 0 1k requests $0.00
│ ├─ GET, SELECT, and all other requests 0 1k requests $0.00
│ ├─ Lifecycle transition 0 1k requests $0.00
│ ├─ Select data scanned 0 GB-months $0.00
│ ├─ Select data returned 0 GB-months $0.00
│ └─ Early delete (within 30 days) 0 GB-months $0.00
├─ Standard - infrequent access
│ ├─ Storage 0 GB-months $0.00
│ ├─ PUT, COPY, POST, LIST requests 0 1k requests $0.00
│ ├─ GET, SELECT, and all other requests 0 1k requests $0.00
│ ├─ Lifecycle transition 0 1k requests $0.00
│ ├─ Retrievals 0 GB-months $0.00
│ ├─ Select data scanned 0 GB-months $0.00
│ └─ Select data returned 0 GB-months $0.00
├─ One zone - infrequent access
│ ├─ Storage 0 GB-months $0.00
│ ├─ PUT, COPY, POST, LIST requests 0 1k requests $0.00
│ ├─ GET, SELECT, and all other requests 0 1k requests $0.00
│ ├─ Lifecycle transition 0 1k requests $0.00
│ ├─ Retrievals 0 GB-months $0.00
│ ├─ Select data scanned 0 GB-months $0.00
│ └─ Select data returned 0 GB-months $0.00
└─ Glacier
├─ Storage 0 GB-months $0.00
├─ PUT, COPY, POST, LIST requests 0 1k requests $0.00
├─ GET, SELECT, and all other requests 0 1k requests $0.00
├─ Lifecycle transition 0 1k requests $0.00
├─ Retrieval requests (standard) 0 1k requests $0.00
├─ Retrievals (standard) 0 GB-months $0.00
├─ Select data scanned (standard) 0 GB-months $0.00
├─ Select data returned (standard) 0 GB-months $0.00
├─ Retrieval requests (expedited) 0 1k requests $0.00
├─ Retrievals (expedited) 0 GB-months $0.00
├─ Select data scanned (expedited) 0 GB-months $0.00
├─ Select data returned (expedited) 0 GB-months $0.00
├─ Retrieval requests (bulk) 0 1k requests $0.00
├─ Retrievals (bulk) 0 GB-months $0.00
├─ Select data scanned (bulk) 0 GB-months $0.00
├─ Select data returned (bulk) 0 GB-months $0.00
└─ Early delete (within 90 days) 0 GB-months $0.00
PROJECT TOTAL $0.00No requirements.
| Name | Version |
|---|---|
| aws | n/a |
No modules.
| Name | Type |
|---|---|
| aws_codepipeline.pipe | resource |
| aws_iam_role.pipeline | resource |
| aws_iam_role_policy.inline_policy | resource |
| aws_iam_policy_document.pipeline | data source |
| aws_region.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| artifact_store | Map to populate the artifact block | map(any) |
n/a | yes |
| common_tags | Implements the common tags scheme | map(any) |
n/a | yes |
| description | Description of build project | string |
n/a | yes |
| kms_key_arn | n/a | string |
n/a | yes |
| name | n/a | string |
n/a | yes |
| policypath | n/a | string |
"" |
no |
| role_arn | Optionally supply an existing role | string |
"" |
no |
| stages | This list describes each stage of the build | list(any) |
n/a | yes |
| Name | Description |
|---|---|
| pipeline | The output of the aws_codepipeline resource |
| role_arn | ARN of the pipeline role |
| role_name | Name of the pipeline role created if var.role_arn is not supplied |
The Terraform resource required is:
resource "aws_iam_policy" "terraform_pike" {
name_prefix = "terraform_pike"
path = "/"
description = "Pike Autogenerated policy from IAC"
policy = jsonencode({
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"codepipeline:CreatePipeline",
"codepipeline:DeletePipeline",
"codepipeline:GetPipeline",
"codepipeline:ListTagsForResource",
"codepipeline:TagResource",
"codepipeline:UntagResource"
],
"Resource": [
"*"
]
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"iam:CreateRole",
"iam:DeleteRole",
"iam:DeleteRolePolicy",
"iam:GetRole",
"iam:GetRolePolicy",
"iam:ListAttachedRolePolicies",
"iam:ListInstanceProfilesForRole",
"iam:ListRolePolicies",
"iam:PassRole",
"iam:PutRolePolicy"
],
"Resource": [
"*"
]
}
]
})
}
'stages' is a list of maps, whose format is :
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| name | Stage name | string |
n/a | yes |
| enabled | If false, this stage will be ignored | bool |
true | no |
| action | A map described below | map |
n/a | yes |
'action' is a map whose format is described below. For more information on possible values, please refer to the AWS documentation:
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| name | Name | string |
n/a | yes |
| owner | Owner | string |
n/a | yes |
| version | Version | string |
n/a | yes |
| category | Category | string |
n/a | yes |
| provider | Provider | string |
n/a | yes |
| input_artifacts | A list of artifacts declared as output artifacts by other actions | list(string) |
[] |
no |
| output_artifacts | A list of artifacts to be declared as inputs in other actions | list(string) |
[] |
no |
| configuration | A map whose content depends on the 5 first fields | map |
{} |
no |
| role_arn | If set, ovverrides the global role ARN for this action only | string |
global value | no |
| run_order | Run order | number |
null | no |
| region | If set, overrides the default region for this action only | string |
current region | no |
Check out these related projects.
- terraform-aws-codebuild - Making a Build pipeline
Got a question?
File a GitHub issue.
Please use the issue tracker to report any bugs or file feature requests.
Copyright © 2019-2023 James Woolfenden
See LICENSE for full details.
Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent