Skip to content

Instantly share code, notes, and snippets.

@wreulicke
Last active December 11, 2019 11:28
Show Gist options
  • Save wreulicke/50b205856fa96b6189f4732107d975d3 to your computer and use it in GitHub Desktop.
Save wreulicke/50b205856fa96b6189f4732107d975d3 to your computer and use it in GitHub Desktop.
S3からS3のpipeline
version: 0.2
phases:
install:
runtime-versions:
docker: 18
java: openjdk11
commands:
- echo Starting...
build:
commands:
- echo Build started on `date`
- IMAGE_DEF="{\"name\":\"test\",\"imageUri\":\"${ImageURI}\"}"
- echo "[${IMAGE_DEF}]" > ${CODEBUILD_SRC_DIR}/imagedefinitions.json
artifacts:
files: imagedefinitions.json
provider "aws" {
version = "~> 2.0"
region = "ap-northeast-1"
profile = "test"
}
resource "aws_s3_bucket" "artifact" {
bucket_prefix = "artifact"
versioning {
enabled = true
}
}
resource "aws_s3_bucket" "input" {
bucket_prefix = "input"
}
resource "aws_s3_bucket" "output" {
bucket_prefix = "output"
}
resource "aws_iam_role" "codepipeline_role" {
name = "codepipeline-role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "codepipeline.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
}
resource "aws_iam_role_policy" "codepipeline_policy" {
name = "codepipeline_policy"
role = "${aws_iam_role.codepipeline_role.id}"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect":"Allow",
"Action": [
"s3:*"
],
"Resource": "*"
}
]
}
EOF
}
/* codepipeline */
resource "aws_codepipeline" "codepipeline_test" {
name = "test-pipeline"
role_arn = "${aws_iam_role.codepipeline_role.arn}"
artifact_store {
location = "${aws_s3_bucket.artifact.bucket}"
type = "S3"
}
stage {
name = "Source"
action {
name = "Source1"
category = "Source"
owner = "AWS"
provider = "S3"
version = "1"
output_artifacts = ["s3_input1"]
configuration = {
S3Bucket = "${aws_s3_bucket.input.bucket}"
S3ObjectKey = "input1"
PollForSourceChanges = true
}
}
action {
name = "Source2"
category = "Source"
owner = "AWS"
provider = "S3"
version = "1"
output_artifacts = ["s3_input2"]
configuration = {
S3Bucket = "${aws_s3_bucket.input.bucket}"
S3ObjectKey = "input2"
PollForSourceChanges = true
}
}
}
stage {
name = "Deploy"
action {
name = "Deploy"
category = "Deploy"
owner = "AWS"
provider = "S3"
input_artifacts = ["s3_input2"]
version = "1"
configuration = {
BucketName = "${aws_s3_bucket.output.bucket}"
Extract = false
ObjectKey = "test"
}
}
}
}
provider "aws" {
version = "~> 2.0"
region = "ap-northeast-1"
profile = "test"
}
provider "archive" {}
resource "aws_s3_bucket" "artifact" {
bucket_prefix = "artifact"
versioning {
enabled = true
}
}
resource "aws_s3_bucket" "input" {
bucket_prefix = "input"
}
resource "aws_s3_bucket" "output" {
bucket_prefix = "output"
}
data "archive_file" "source" {
type = "zip"
source_dir = "codebuild"
output_path = "build/codebuild.zip"
}
resource "aws_s3_bucket_object" "buildspec" {
bucket = "${aws_s3_bucket.input.id}"
key = "test.zip"
source = "${data.archive_file.source.output_path}"
}
resource "aws_iam_role" "codepipeline_role" {
name = "codepipeline-role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "codepipeline.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
}
resource "aws_iam_role_policy" "codepipeline_policy" {
name = "codepipeline_policy"
role = "${aws_iam_role.codepipeline_role.id}"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect":"Allow",
"Action": [
"s3:*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"codebuild:BatchGetBuilds",
"codebuild:StartBuild"
],
"Resource": "*"
}
]
}
EOF
}
/* codepipeline */
resource "aws_codepipeline" "codepipeline_test" {
name = "test-pipeline"
role_arn = "${aws_iam_role.codepipeline_role.arn}"
artifact_store {
location = "${aws_s3_bucket.artifact.bucket}"
type = "S3"
}
stage {
name = "Source"
action {
name = "Source"
category = "Source"
owner = "AWS"
provider = "S3"
version = "1"
output_artifacts = ["s3_input"]
configuration = {
S3Bucket = "${aws_s3_bucket.input.bucket}"
S3ObjectKey = "test.zip"
PollForSourceChanges = true
}
}
}
stage {
name = "Build"
action {
name = "Build"
category = "Build"
owner = "AWS"
provider = "CodeBuild"
input_artifacts = ["s3_input"]
output_artifacts = ["build_output"]
version = "1"
configuration = {
ProjectName = "${aws_codebuild_project.codebuild.name}"
}
}
}
stage {
name = "Deploy"
action {
name = "Deploy"
category = "Deploy"
owner = "AWS"
provider = "S3"
input_artifacts = ["build_output"]
version = "1"
configuration = {
BucketName = "${aws_s3_bucket.output.bucket}"
Extract = true
ObjectKey = "output"
}
}
}
}
resource "aws_codebuild_project" "codebuild" {
name = "test-pipeline-codebuild"
description = "test-pipeline-codebuild"
build_timeout = "5"
service_role = "${aws_iam_role.codebuild_role.arn}"
artifacts {
type = "CODEPIPELINE"
}
cache {
type = "LOCAL"
modes = ["LOCAL_SOURCE_CACHE"]
}
environment {
compute_type = "BUILD_GENERAL1_LARGE"
image = "aws/codebuild/standard:2.0"
type = "LINUX_CONTAINER"
image_pull_credentials_type = "CODEBUILD"
privileged_mode = true
}
logs_config {
cloudwatch_logs {
group_name = "test-pipeline-codebuild"
stream_name = "log-stream"
}
s3_logs {
status = "DISABLED"
}
}
source {
type = "CODEPIPELINE"
buildspec = "buildspec.yml"
}
}
resource "aws_iam_role" "codebuild_role" {
name = "test-pipeline-codebuild-role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "codebuild.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
}
resource "aws_iam_role_policy" "codebuild_policy" {
role = "test-pipeline-codebuild-role"
policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": [
"*"
],
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
]
},
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": "*"
}
]
}
POLICY
}
provider "aws" {
version = "~> 2.0"
region = "ap-northeast-1"
profile = "test"
}
resource "aws_s3_bucket" "artifact" {
bucket_prefix = "artifact"
versioning {
enabled = true
}
}
resource "aws_s3_bucket" "input" {
bucket_prefix = "input"
}
resource "aws_s3_bucket" "output" {
bucket_prefix = "output"
}
resource "aws_iam_role" "codepipeline_role" {
name = "codepipeline-role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "codepipeline.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
}
resource "aws_iam_role_policy" "codepipeline_policy" {
name = "codepipeline_policy"
role = "${aws_iam_role.codepipeline_role.id}"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect":"Allow",
"Action": [
"s3:*"
],
"Resource": "*"
}
]
}
EOF
}
/* codepipeline */
resource "aws_codepipeline" "codepipeline_test" {
name = "test-pipeline"
role_arn = "${aws_iam_role.codepipeline_role.arn}"
artifact_store {
location = "${aws_s3_bucket.artifact.bucket}"
type = "S3"
}
stage {
name = "Source"
action {
name = "Source"
category = "Source"
owner = "AWS"
provider = "S3"
version = "1"
output_artifacts = ["s3_input"]
configuration = {
S3Bucket = "${aws_s3_bucket.input.bucket}"
S3ObjectKey = "test"
PollForSourceChanges = true
}
}
}
stage {
name = "Deploy"
action {
name = "Deploy"
category = "Deploy"
owner = "AWS"
provider = "S3"
input_artifacts = ["s3_input"]
version = "1"
configuration = {
BucketName = "${aws_s3_bucket.output.bucket}"
Extract = false
ObjectKey = "test"
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment