Refactor Terraform configuration to update variable name for the deployer key and simplify volume mapping

Author: arnol377

modules/codebuild/main.tf

@@ -33,7 +33,7 @@ locals {
   # value is a map with keys vars, environment_variables, and buildspec. 
   # This map is assigned to the build_projects local value.
   _build_projects = var.docker_build ? concat([
-    for project in var.build_projects : project if !contains(["test", "build"], project.name)
+    for project in var.build_projects : project if ! contains(["test", "build"], project.name)
     ],
     [
       {
@@ -131,7 +131,8 @@ resource "aws_codebuild_project" "terraform_codebuild_project" {
       merge(
         each.value.vars,
         {
-          required_packages = var.required_packages
+          required_packages = var.required_packages,
+          bucket            = var.assets_bucket_name,
         }
       )) : templatefile(
       lookup(each.value, "buildspec") == null ? lookup(local.buildspecs, each.key) : lookup(each.value, "buildspec"),

modules/codebuild/templates/buildspec_build.yml

@@ -36,10 +36,8 @@ phases:
             - /bin/packer init ${packer_config}
             - ln -s $${CODEBUILD_SRC_DIR_SourceAnsibleOutput}/roles
             - aws secretsmanager get-secret-value --secret-id ${ssh_private_key_secret_id} --query SecretString --output text > ${ssh_private_key_file}
-            %{ for package in required_packages ~}
-            - aws s3 cp ${package.src} ${package.dest}
-            %{ endfor ~}
-            - /bin/packer build -var project_name=${project_name} -var ansible_dir=$${CODEBUILD_SRC_DIR_SourceAnsibleOutput} -var ssh_private_key_file=${ssh_private_key_file} ${packer_config}
+            - echo '${required_packages}' > required_packages.json
+            - /bin/packer build -var bucket=${bucket} -var project_name=${project_name} -var ansible_dir=$${CODEBUILD_SRC_DIR_SourceAnsibleOutput} -var ssh_private_key_file=${ssh_private_key_file} ${packer_config}
     post_build:
         commands:
             - cd $${CODEBUILD_SRC_DIR}/$${CODE_SRC_DIR}

modules/codebuild/variables.tf

@@ -15,6 +15,12 @@ variable "role_arn" {
   default     = ""
 }
 
+variable assets_bucket_name {
+  description = "Name of the S3 bucket used to store the deployment artifacts"
+  type        = string
+  default     = "image-pipeline-assets"
+}
+
 variable "s3_bucket_name" {
   description = "Name of the S3 bucket used to store the deployment artifacts"
   type        = string

parameters_and_secrets.tf

@@ -74,7 +74,7 @@ locals {
   nonsensitive_parameters = tomap(
     { for k, v in local.ssm_parameters :
       (issensitive(k) ? nonsensitive(k) : k) => (issensitive(v) ? nonsensitive(v) : v)
-      if !contains(var.nonmanaged_parameters, issensitive(k) ? nonsensitive(k) : k)
+      if ! contains(var.nonmanaged_parameters, issensitive(k) ? nonsensitive(k) : k)
     }
   )
 }