I need to create a pipeline with a buildstep with terraform. I need to get the source from the artifact but the Terraform documentation is not very clear. This is my code so far:
resource "aws_codebuild_project" "authorization" {
name = "authorization"
description = "BuildProject for authrorization service"
build_timeout = "5"
service_role = "${aws_iam_role.codebuild_role.arn}"
artifacts {
type = "CODEPIPELINE"
}
environment {
compute_type = "BUILD_GENERAL1_SMALL"
image = "aws/codebuild/docker:17.09.0"
type = "LINUX_CONTAINER"
privileged_mode = true
environment_variable {
"name" = "SOME_KEY1"
"value" = "SOME_VALUE1"
}
environment_variable {
"name" = "SOME_KEY2"
"value" = "SOME_VALUE2"
}
}
source {
type = "CODEPIPELINE"
buildspec = "buildspecs.yml"
}
tags {
"Environment" = "alpha"
}
}
The problem is that pointing to file gets me this error during pipeline execution of that step:
DOWNLOAD_SOURCE Failed
[Container] 2018/03/29 11:15:31 Waiting for agent ping
[Container] 2018/03/29 11:15:31 Waiting for DOWNLOAD_SOURCE
Message: Access Denied
This is how my Pipeline looks like:
resource "aws_codepipeline" "foo" {
name = "tf-test-pipeline"
role_arn = "${aws_iam_role.codepipeline_role.arn}"
artifact_store {
location = "${aws_s3_bucket.foo.bucket}"
type = "S3"
encryption_key {
id = "${aws_kms_key.a.arn}"
type = "KMS"
}
}
stage {
name = "Source"
action {
name = "Source"
category = "Source"
owner = "AWS"
provider = "CodeCommit"
version = "1"
output_artifacts = ["src"]
configuration {
RepositoryName = "authorization"
BranchName = "master"
}
}
}
stage {
name = "Build"
action {
name = "Build"
category = "Build"
owner = "AWS"
provider = "CodeBuild"
input_artifacts = ["src"]
version = "1"
configuration {
ProjectName = "${aws_codebuild_project.authorization.name}"
}
}
}
}
I guess i did something wrong but i can't seem to find my case described somewhere.
Source needs to be received from the Source step in CodePipeline and this step is ok. I know how the pipeline works but the terraform implementation is pretty confusing.
EDIT: I've checked the S3 bucket and i can confirm that the Source step is successfully uploading the artifacts there. So the problem remains that i cannot access the source when i am in the second step. Role is allowing all access on all resources. Console version of the pipeline looks normal and nothing not filled. Role is fine.
This generally happens when you have a CodeBuild project already and you integrate it to the CodePipeline project. The Codebuild now does not download the sources from CodeCommit/Github repo. Instead, it will try to download the source artifact created in the codepipeline bucket in S3. So, you will need to provide permissions to the CodeBuild role to access the codepipline bucket in S3.
Related
I am provisioning codebuild project with terraform. This codebuild project will use docker image of terraform. as I need to run terraform commands inside the container.
My workflow.
Created secrets for login credentials of docker hub in secrets manger.
setup configuration for secrets in codebuild configuration.
Here is my code build config.
resource "aws_codebuild_project" "tf-plan" {
name = "tf-cicd-plan"
description = "Plan stage for terraform"
service_role = aws_iam_role.codebuild_role.arn
artifacts {
type = "CODEPIPELINE"
}
# cache {
# type = "S3"
# location = aws_s3_bucket.example.bucket
# }
environment {
compute_type = "BUILD_GENERAL1_SMALL"
image = "hashicorp/terraform:1.3.5"
type = "LINUX_CONTAINER"
image_pull_credentials_type = "SERVICE_ROLE"
registry_credential {
credential = var.dockerhub_credentials
credential_provider = "SECRETS_MANAGER"
}
}
codebuild_iam.tf
data "aws_iam_policy_document" "codebuild_role_policy" {
statement {
sid = ""
actions = ["logs:*", "s3:*", "codebuild:*", "secretsmanager:*", "iam:*"]
resources = ["*"]
effect = "Allow"
}
}
variables.tf
variable "dockerhub_credentials" {
type = string
}
terraform.tfvars
dockerhub_credentials = "<secrets manager arn>"
Upon running the build stage it fails with an incorrect username or password error. though credentials are absolutely fine.
I'm trying to deploy my service in the region that is just newly available (Jakarta). But it looks like the Codepipeline is not available so I have to create the Codepipeline in the nearest region (Singapore) and deploy it to Jakarta region. It is also my first time setting up Codepipeline in Terraform, so I'm not sure if I do it right or not.
P.S. The default region of all these infrastructures is in "Jakarta" region. I will exclude the deploy part since the issue is showing up without it.
resource "aws_codepipeline" "pipeline" {
name = local.service_name
role_arn = var.codepipeline_role_arn
artifact_store {
type = "S3"
region = var.codepipeline_region
location = var.codepipeline_artifact_bucket_name
}
stage {
name = "Source"
action {
name = "Source"
category = "Source"
owner = "AWS"
provider = "CodeStarSourceConnection"
version = "1"
output_artifacts = ["SourceArtifact"]
region = var.codepipeline_region
configuration = {
ConnectionArn = var.codestar_connection
FullRepositoryId = "${var.team_name}/${local.repo_name}"
BranchName = local.repo_branch
OutputArtifactFormat = "CODEBUILD_CLONE_REF" // NOTE: Full clone
}
}
}
stage {
name = "Build"
action {
name = "Build"
category = "Build"
owner = "AWS"
provider = "CodeBuild"
version = "1"
input_artifacts = ["SourceArtifact"]
output_artifacts = ["BuildArtifact"]
run_order = 1
region = var.codepipeline_region
configuration = {
"ProjectName" = local.service_name
}
}
}
tags = {
Name = "${local.service_name}-pipeline"
Environment = local.env
}
}
Above is the Terraform configuration that I created, but it gives me an error like this:
│ Error: region cannot be set for a single-region CodePipeline
If I try to remove the region on the root block, the Terraform will try to access the default region which is Jakarta region (and it will fail since Codepipeline is not available in Jakarta).
│ Error: Error creating CodePipeline: RequestError: send request failed
│ caused by: Post "https://codepipeline.ap-southeast-3.amazonaws.com/": dial tcp: lookup codepipeline.ap-southeast-3.amazonaws.com on 103.86.96.100:53: no such host
You need to setup alias provider with different region. For exmaple:
provider "aws" {
alias = "singapore"
region = "ap-southeast-1"
}
Then you deploy your pipeline to that region using the alias:
resource "aws_codepipeline" "pipeline" {
provider = aws.singapore
name = local.service_name
role_arn = var.codepipeline_role_arn
# ...
}
I've been trying to host a web app on AWS Amplify by using Terraform. I have used the following code:
# Ressource 1: AWS Amplify
resource "aws_amplify_app" "wildrydes-site" {
name = "wildrydes-site"
repository = "https://github.com/userx/wildrydes-site"
# GitHub personal access token
access_token = "xxxxxxxxxxx"
# The default rewrites and redirects added by the Amplify Console.
custom_rule {
source = "/<*>"
status = "404"
target = "/index.html"
}
#Auto Branch Creation
enable_auto_branch_creation = true
# The default patterns added by the Amplify Console.
auto_branch_creation_patterns = [
"*",
"*/**",
]
auto_branch_creation_config {
# Enable auto build for the created branch.
enable_auto_build = true
}
The resource is actually created, but I have to manually connect my source code from my Git repository and add repository branch. Anyone knows what I have missed ? Thanks for you help.
After many tries, this ended up working for me. Might have to dissect the why though.
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.27"
}
}
required_version = ">= 0.14.9"
}
provider "aws" {
profile = "default"
region = "us-west-2"
}
resource "aws_amplify_app" "example" {
name = "blah"
repository = "repo here"
access token = "..."
environment_variables = {
ENV = "test"
}
# The default rewrites and redirects added by the Amplify Console.
custom_rule {
source = "/<*>"
status = "404"
target = "/index.html"
}
#Auto Branch Creation
enable_auto_branch_creation = true
# The default patterns added by the Amplify Console.
auto_branch_creation_patterns = [
"*",
"*/**",
]
auto_branch_creation_config {
# Enable auto build for the created branch.
enable_auto_build = true
}
}
resource "aws_amplify_branch" "master" {
app_id = aws_amplify_app.example.id
branch_name = "main"
stage = "PRODUCTION"
}
I'm writing AWS CodePipeLine using Terraform. While defining stage for CodeDeploy as below, I get error :
Action configuration for action 'Deploy' contains unknown configuration 'DeploymentGroup'
stage {
name = "Deploy"
action {
name = "Deploy"
category = "Deploy"
owner = "AWS"
provider = "CodeDeploy"
version = "1"
input_artifacts = ["SourceArtifact"]
configuration = {
ApplicationName = "windowsappdeployment"
DeploymentGroup = "windowsapp"
}
}
}
I checked documentation on Terraform but i didn't find anything related to configuration for CodeDeploy provider.
I think configuration parameter "DeploymentGroup" is not correct here.
What should I mention instead of DeploymentGroup.
It should probably be DeploymentGroupName instead of "DeploymentGroup".
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/codepipeline links to https://docs.aws.amazon.com/codepipeline/latest/userguide/reference-pipeline-structure.html#action-requirements which mentions ApplicationName and DeploymentGroupName for CodeDeploy.
I'm attempting to use AWS CodePipeline to deploy an app to an EC2 instance using CodeDeploy agent, but it's failing with this frustratingly vague
"InternalError":
I can't find any other meaningful error.
I'm using terraform to define the CodePipeline. This is the "Deploy" section:
stage {
name = "Deploy"
action {
name = "Deploy"
category = "Deploy"
owner = "AWS"
provider = "CodeDeploy"
input_artifacts = ["buildOut"]
run_order = 1
version = "1"
configuration = {
ApplicationName = aws_codedeploy_app.my-codedeploy-app.id
DeploymentGroupName = aws_codedeploy_deployment_group.my-codedeploy-group.id
}
}
}
What am I doing wrong?
There are two small problems with your deployment definition.
ApplicationName should reference app.name, not app.id
DeploymentGroupName should reference deployment_group_name, not group.id
Try this:
stage {
name = "Deploy"
action {
name = "Deploy"
category = "Deploy"
owner = "AWS"
provider = "CodeDeploy"
input_artifacts = ["buildOut"]
run_order = 1
version = "1"
configuration = {
ApplicationName = aws_codedeploy_app.my-codedeploy-app.name // This should be name, not id
DeploymentGroupName = aws_codedeploy_deployment_group.my-codedeploy-group.deployment_group_name // this should be deployment_group_name, not id
}
}
}