Skip to content

Instantly share code, notes, and snippets.

@DerPauli

DerPauli/ecr_cwr.tf

Last active April 25, 2020 16:28
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save DerPauli/1d69f04b1afe70d68bb7bd84b69d4ea2 to your computer and use it in GitHub Desktop.
Save DerPauli/1d69f04b1afe70d68bb7bd84b69d4ea2 to your computer and use it in GitHub Desktop.
Download ZIP
ECR CWR
Raw
ecr_cwr.tf
# ECR TRIGGER
resource "aws_cloudwatch_event_rule" "cwt-rule" {
name = "ecr-trigger-deploy-authms"
description = "Trigger codepipeline on image change"
event_pattern = <<PATTERN
{
"detail-type": [
"ECR Image Action"
],
"source": [
"aws.ecr"
],
"detail": {
"action-type": [
"PUSH"
],
"image-tag": [
"${var.ecr_tag_auth}"
],
"repository-name": [
"${var.ecr_auth_ms.name}"
],
"result": [
"SUCCESS"
]
}
}
PATTERN
}
resource "aws_cloudwatch_event_target" "cw-evtg" {
rule = aws_cloudwatch_event_rule.cwt-rule.name
arn = aws_codepipeline.cp-image.arn
role_arn = aws_iam_role.cw-trigger-role.arn
}
resource "aws_iam_role" "cw-trigger-role" {
name = "AWSCWTriggerRole"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "events.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
}
resource "aws_iam_role_policy" "cw-trigger-role-policy" {
name = "AWSCWExecuteTriggerPolicy"
role = aws_iam_role.cw-trigger-role.id
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"batch:SubmitJob",
"codepipeline:*"
],
"Resource": "${aws_codepipeline.cp-image.arn}"
}
]
}
EOF
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment