|
1 | | - |
2 | 1 | [](https://github.com/HappyPathway/terraform-aws-image-pipeline/actions/workflows/terraform.yaml) |
3 | 2 |
|
| 3 | +# Terraform AWS Image Pipeline |
| 4 | + |
| 5 | +This Terraform module provides a complete solution for building and managing AMIs and container images using AWS CodePipeline, CodeBuild, and associated services. It sets up a fully automated pipeline that supports Packer for image building, Ansible for configuration management, and Goss for testing. |
| 6 | + |
| 7 | +## Features |
| 8 | + |
| 9 | +- Automated image building pipeline using AWS CodePipeline and CodeBuild |
| 10 | +- Support for both AMI and container image creation |
| 11 | +- Integrated configuration management using Ansible |
| 12 | +- Automated testing using Goss |
| 13 | +- Secure secret management using AWS Secrets Manager |
| 14 | +- KMS encryption for artifacts and secrets |
| 15 | +- VPC support for network isolation |
| 16 | +- S3 artifact storage with encryption |
| 17 | +- IAM role and policy management |
| 18 | +- Support for custom build environments |
| 19 | + |
| 20 | +## Usage |
| 21 | + |
| 22 | +```hcl |
| 23 | +module "image_pipeline" { |
| 24 | + source = "HappyPathway/image-pipeline/aws" |
| 25 | + project_name = "my-image-pipeline" |
| 26 | + builder_image = "aws/codebuild/standard:7.0" |
| 27 | + create_new_role = true |
| 28 | + ssh_user = "ec2-user" |
| 29 | + |
| 30 | + # S3 bucket configurations for source artifacts |
| 31 | + packer_bucket = { |
| 32 | + name = "my-artifacts-bucket" |
| 33 | + key = "packer-templates.zip" |
| 34 | + } |
| 35 | + |
| 36 | + ansible_bucket = { |
| 37 | + name = "my-artifacts-bucket" |
| 38 | + key = "ansible-playbooks.zip" |
| 39 | + } |
| 40 | + |
| 41 | + goss_bucket = { |
| 42 | + name = "my-artifacts-bucket" |
| 43 | + key = "goss-tests.zip" |
| 44 | + } |
| 45 | +
|
| 46 | + # VPC Configuration |
| 47 | + vpc_config = { |
| 48 | + security_group_ids = ["sg-xxx"] |
| 49 | + subnets = ["subnet-xxx"] |
| 50 | + vpc_id = "vpc-xxx" |
| 51 | + region = "us-west-2" |
| 52 | + } |
| 53 | +
|
| 54 | + # Container image configuration (optional) |
| 55 | + image = { |
| 56 | + dest_tag = "latest" |
| 57 | + dest_docker_repo = "my-repo/my-image" |
| 58 | + source_image = "amazonlinux" |
| 59 | + source_tag = "2" |
| 60 | + source_docker_repo = "public.ecr.aws/amazonlinux/amazonlinux" |
| 61 | + } |
| 62 | +} |
| 63 | +``` |
| 64 | + |
| 65 | +## Requirements |
| 66 | + |
| 67 | +| Name | Version | |
| 68 | +|------|---------| |
| 69 | +| terraform | >= 1.0.0 | |
| 70 | +| aws | >= 4.20.1 | |
| 71 | + |
| 72 | +## Modules |
| 73 | + |
| 74 | +| Name | Description | |
| 75 | +|------|-------------| |
| 76 | +| codebuild_terraform | Manages CodeBuild projects for building and testing images | |
| 77 | +| codepipeline_terraform | Manages the CI/CD pipeline for image creation | |
| 78 | +| s3_artifacts_bucket | Manages S3 buckets for storing build artifacts | |
| 79 | +| codepipeline_iam_role | Manages IAM roles and policies for the pipeline | |
| 80 | +| codepipeline_kms | Manages KMS keys for encryption | |
| 81 | +| build_user | Manages the build user credentials (optional) | |
| 82 | + |
| 83 | +## Core Components |
| 84 | + |
| 85 | +### CodeBuild Projects |
| 86 | +The module creates two main CodeBuild projects: |
| 87 | +- `build`: Handles image building using Packer |
| 88 | +- `test`: Executes Goss tests against the built image |
| 89 | + |
| 90 | +### S3 Storage |
| 91 | +Creates and manages buckets for: |
| 92 | +- Pipeline artifacts |
| 93 | +- Build logs |
| 94 | +- Source code archives |
| 95 | +- Test results |
| 96 | + |
| 97 | +### Security |
| 98 | +- KMS encryption for artifacts and secrets |
| 99 | +- IAM roles with least privilege access |
| 100 | +- VPC isolation support |
| 101 | +- Secrets management for sensitive data |
| 102 | + |
| 103 | +## Input Variables |
| 104 | + |
| 105 | +### Required Variables |
| 106 | + |
| 107 | +| Name | Description | Type | |
| 108 | +|------|-------------|------| |
| 109 | +| project_name | Unique name for the pipeline | string | |
| 110 | +| vpc_config | VPC configuration for build isolation | object | |
| 111 | +| state | Backend state configuration | object | |
| 112 | + |
| 113 | +### Optional Variables |
| 114 | + |
| 115 | +| Name | Description | Type | Default | |
| 116 | +|------|-------------|------|---------| |
| 117 | +| builder_image | CodeBuild container image | string | "aws/codebuild/standard:7.0" | |
| 118 | +| create_new_role | Create new IAM role | bool | true | |
| 119 | +| docker_build | Enable container image building | bool | false | |
| 120 | +| packer_version | Version of Packer to use | string | "1.10.3" | |
| 121 | +| terraform_version | Version of Terraform to use | string | "1.3.10" | |
| 122 | +| build_environment_variables | Additional environment variables | list(object) | null | |
| 123 | + |
| 124 | +## Outputs |
| 125 | + |
| 126 | +| Name | Description | |
| 127 | +|------|-------------| |
| 128 | +| codepipeline_arn | ARN of the created CodePipeline | |
| 129 | +| codebuild_project_names | Names of the created CodeBuild projects | |
| 130 | +| s3_bucket | Name of the artifact S3 bucket | |
| 131 | +| kms_arn | ARN of the KMS key used for encryption | |
| 132 | +| role_name | Name of the IAM role used for builds | |
| 133 | + |
| 134 | +## License |
| 135 | + |
| 136 | +Apache 2.0 |
| 137 | + |
| 138 | +## Authors |
| 139 | + |
| 140 | +HappyPathway |
| 141 | + |
4 | 142 | <!-- BEGIN_TF_DOCS --> |
5 | 143 | ## Requirements |
6 | 144 |
|
|
0 commit comments