» aws_codepipeline

Provides a CodePipeline.

» Example Usage

resource "aws_s3_bucket" "foo" {
  bucket = "test-bucket"
  acl    = "private"
}

resource "aws_iam_role" "foo" {
  name = "test-role"

  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "codepipeline.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
EOF
}

resource "aws_iam_role_policy" "codepipeline_policy" {
  name = "codepipeline_policy"
  role = "${aws_iam_role.codepipeline_role.id}"

  policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect":"Allow",
      "Action": [
        "s3:GetObject",
        "s3:GetObjectVersion",
        "s3:GetBucketVersioning"
      ],
      "Resource": [
        "${aws_s3_bucket.foo.arn}",
        "${aws_s3_bucket.foo.arn}/*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "codebuild:BatchGetBuilds",
        "codebuild:StartBuild"
      ],
      "Resource": "*"
    }
  ]
}
EOF
}

data "aws_kms_alias" "s3kmskey" {
  name = "alias/myKmsKey"
}

resource "aws_codepipeline" "foo" {
  name     = "tf-test-pipeline"
  role_arn = "${aws_iam_role.foo.arn}"

  artifact_store {
    location = "${aws_s3_bucket.foo.bucket}"
    type     = "S3"

    encryption_key {
      id   = "${data.aws_kms_alias.s3kmskey.arn}"
      type = "KMS"
    }
  }

  stage {
    name = "Source"

    action {
      name             = "Source"
      category         = "Source"
      owner            = "ThirdParty"
      provider         = "GitHub"
      version          = "1"
      output_artifacts = ["test"]

      configuration {
        Owner  = "my-organization"
        Repo   = "test"
        Branch = "master"
      }
    }
  }

  stage {
    name = "Build"

    action {
      name            = "Build"
      category        = "Build"
      owner           = "AWS"
      provider        = "CodeBuild"
      input_artifacts = ["test"]
      version         = "1"

      configuration {
        ProjectName = "test"
      }
    }
  }
}

» Argument Reference

The following arguments are supported:

  • name - (Required) The name of the pipeline.
  • role_arn - (Required) A service role Amazon Resource Name (ARN) that grants AWS CodePipeline permission to make calls to AWS services on your behalf.
  • artifact_store (Required) An artifact_store block. Artifact stores are documented below.
  • stage (Minimum of at least two stage blocks is required) A stage block. Stages are documented below.

An artifact_store block supports the following arguments:

  • location - (Required) The location where AWS CodePipeline stores artifacts for a pipeline, such as an S3 bucket.
  • type - (Required) The type of the artifact store, such as Amazon S3
  • encryption_key - (Optional) The encryption key block AWS CodePipeline uses to encrypt the data in the artifact store, such as an AWS Key Management Service (AWS KMS) key. If you don't specify a key, AWS CodePipeline uses the default key for Amazon Simple Storage Service (Amazon S3). An encryption_key block is documented below.

An encryption_key block supports the following arguments:

  • id - (Required) The KMS key ARN or ID
  • type - (Required) The type of key; currently only KMS is supported

A stage block supports the following arguments:

  • name - (Required) The name of the stage.
  • action - (Required) The action(s) to include in the stage. Defined as an action block below

A action block supports the following arguments:

  • category - (Required) A category defines what kind of action can be taken in the stage, and constrains the provider type for the action. Possible values are Approval, Build, Deploy, Invoke, Source and Test.
  • owner - (Required) The creator of the action being called. Possible values are AWS, Custom and ThirdParty.
  • name - (Required) The action declaration's name.
  • provider - (Required) The provider of the service being called by the action. Valid providers are determined by the action category. For example, an action in the Deploy category type might have a provider of AWS CodeDeploy, which would be specified as CodeDeploy.
  • version - (Required) A string that identifies the action type.
  • configuration - (Optional) A Map of the action declaration's configuration. Find out more about configuring action configurations in the Reference Pipeline Structure documentation.
  • input_artifacts - (Optional) A list of artifact names to be worked on.
  • output_artifacts - (Optional) A list of artifact names to output. Output artifact names must be unique within a pipeline.
  • role_arn - (Optional) The ARN of the IAM service role that will perform the declared action. This is assumed through the roleArn for the pipeline.
  • run_order - (Optional) The order in which actions are run.

» Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The codepipeline ID.
  • arn - The codepipeline ARN.

» Import

CodePipelines can be imported using the name, e.g.

$ terraform import aws_codepipeline.foo example