tungbq · tungbq · Dec 12, 2023 · Dec 9, 2023 · Dec 9, 2023 · Dec 10, 2023
@@ -0,0 +1,37 @@
+# Set AWS Provider
+provider "aws" {
+  region = "us-east-1" # Replace with your desired region
+}
+
+
+# Module: S3 Bucket Creation
+module "s3_bucket" {
+  source      = "./modules/s3_bucket"
+  bucket_name = "tungbq-demo-codepipeline-bucket"
+}
+
+
+# Module: Launch EC2 instance and install code deploy on it
+module "iam" {
+  source = "./modules/iam"
+}
+
+# Module: Launch EC2 instance and install code deploy on it
+module "ec2_codedeploy" {
+  source       = "./modules/ec2_codedeploy"
+  profile_name = module.iam.profile_name
+}
+
+# Module: Codedeploy
+module "codedeploy" {
+  source           = "./modules/codedeploy"
+  service_role_arn = module.iam.service_role_arn
+}
+
+
+# Module: Codepipeline
+module "codepipeline" {
+  source        = "./modules/codepipeline"
+  s3_bucket_id  = module.s3_bucket.bucket_id
+  s3_bucket_arn = module.s3_bucket.bucket_arn
+}
@@ -0,0 +1,48 @@
+resource "aws_codedeploy_app" "demo_codepipeline" {
+  compute_platform = "Server"
+  name             = "aws_codedeploy_app_demo"
+}
+
+resource "aws_codedeploy_deployment_config" "demo_codepipeline" {
+  deployment_config_name = "test-deployment-config"
+
+  minimum_healthy_hosts {
+    type  = "HOST_COUNT"
+    value = 0
+  }
+}
+
+
+resource "aws_codedeploy_deployment_group" "demo_codepipeline" {
+  app_name              = aws_codedeploy_app.demo_codepipeline.name
+  deployment_group_name = "example-group"
+  service_role_arn      = var.service_role_arn
+
+  deployment_config_name = aws_codedeploy_deployment_config.demo_codepipeline.id
+
+  deployment_style {
+    deployment_option = "WITHOUT_TRAFFIC_CONTROL"
+    deployment_type   = "IN_PLACE"
+  }
+
+  ec2_tag_set {
+    ec2_tag_filter {
+      type  = "KEY_AND_VALUE"
+      key   = "Name"
+      value = "MyCodePipelineDemo"
+    }
+  }
+
+  # trigger_configuration {
+  #   trigger_events     = ["DeploymentFailure"]
+  #   trigger_name       = "example-trigger"
+  #   trigger_target_arn = aws_sns_topic.example.arn
+  # }
+
+  auto_rollback_configuration {
+    enabled = true
+    events  = ["DEPLOYMENT_FAILURE"]
+  }
+
+  outdated_instances_strategy = "UPDATE"
+}
@@ -0,0 +1,4 @@
+variable "service_role_arn" {
+  description = "ARN of the IAM profile"
+  type        = string
+}
@@ -0,0 +1,132 @@
+
+resource "aws_codepipeline" "codepipeline" {
+  name     = "tf-test-pipeline"
+  role_arn = aws_iam_role.codepipeline_role.arn
+
+  artifact_store {
+    location = var.s3_bucket_id
+    type     = "S3"
+
+  }
+
+  stage {
+    name = "Source"
+
+    action {
+      name             = "Source"
+      category         = "Source"
+      owner            = "AWS"
+      provider         = "CodeStarSourceConnection"
+      version          = "1"
+      output_artifacts = ["source_output"]
+
+      configuration = {
+        ConnectionArn    = aws_codestarconnections_connection.example.arn
+        FullRepositoryId = "tungbq/aws-codepipeline-demo"
+        BranchName       = "main"
+      }
+    }
+  }
+
+  stage {
+    name = "Deploy"
+
+    action {
+      name            = "MyDemoApplicationStage"
+      category        = "Deploy"
+      owner           = "AWS"
+      provider        = "CodeDeploy"
+      version         = "1"
+      input_artifacts = ["source_output"]
+      configuration = {
+        ApplicationName     = "aws_codedeploy_app_demo"
+        DeploymentGroupName = "example-group"
+      }
+    }
+  }
+}
+
+resource "aws_codestarconnections_connection" "example" {
+  name          = "example-connection"
+  provider_type = "GitHub"
+}
+
+data "aws_secretsmanager_secret" "my_secret" {
+  name = "prod/github/tungb" # Replace with your secret name
+}
+
+data "aws_secretsmanager_secret_version" "my_secret_version" {
+  secret_id = data.aws_secretsmanager_secret.my_secret.id
+}
+
+data "aws_iam_policy_document" "assume_role" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["codepipeline.amazonaws.com"]
+    }
+
+    actions = ["sts:AssumeRole"]
+  }
+}
+
+resource "aws_iam_role" "codepipeline_role" {
+  name               = "test-role"
+  assume_role_policy = data.aws_iam_policy_document.assume_role.json
+}
+
+data "aws_iam_policy_document" "codepipeline_policy" {
+  statement {
+    effect = "Allow"
+
+    actions = [
+      "s3:GetObject",
+      "s3:GetObjectVersion",
+      "s3:GetBucketVersioning",
+      "s3:GetBucketAcl",
+      "s3:PutObjectAcl",
+      "s3:PutBucketAcl",
+      "s3:PutObject",
+    ]
+
+    resources = [
+      var.s3_bucket_arn,
+      "${var.s3_bucket_arn}/*"
+    ]
+  }
+
+  statement {
+    effect    = "Allow"
+    actions   = ["codestar-connections:UseConnection"]
+    resources = [aws_codestarconnections_connection.example.arn]
+  }
+
+  statement {
+    effect = "Allow"
+
+    actions = [
+      "codebuild:BatchGetBuilds",
+      "codebuild:StartBuild",
+    ]
+
+    resources = ["*"]
+  }
+
+  statement {
+    effect = "Allow"
+
+    actions = [
+      "codedeploy:*",
+    ]
+
+    resources = ["*"]
+  }
+}
+
+resource "aws_iam_role_policy" "codepipeline_policy" {
+  name   = "codepipeline_policy"
+  role   = aws_iam_role.codepipeline_role.id
+  policy = data.aws_iam_policy_document.codepipeline_policy.json
+}
@@ -0,0 +1,8 @@
+variable "s3_bucket_id" {
+  description = "ID of the S3 bucket"
+  type        = string
+}
+variable "s3_bucket_arn" {
+  description = "The ARN for the S3 bucket"
+  type        = string
+}
@@ -0,0 +1,66 @@
+
+resource "aws_instance" "basic_ec2_instance" {
+  # To get the AMI ID, visit: https://us-east-1.console.aws.amazon.com/ec2/home?region=us-east-1#AMICatalog
+  ami           = "ami-0f34c5ae932e6f0e4"
+  instance_type = "t2.micro"
+
+  iam_instance_profile = var.profile_name
+  security_groups      = [aws_security_group.ec2_codedeploy.name]
+
+  user_data = file("${path.module}/scripts/install_codedeploy.sh")
+  tags = {
+    Name = "MyCodePipelineDemo"
+  }
+}
+
+resource "aws_security_group" "ec2_codedeploy" {
+  name        = "ec2-codedeploy-security-group"
+  description = "Focalboard security group allowing ports 22 and 80"
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port        = 0
+    to_port          = 0
+    protocol         = "-1"
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = ["::/0"]
+  }
+}
+
+# resource "null_resource" "install_codedeploy" {
+#   provisioner "remote-exec" {
+#     inline = [
+#       "chmod +x /path/to/your/install_codedeploy_agent.sh",
+#       "/path/to/your/install_codedeploy_agent.sh"
+#     ]
+
+#     connection {
+#       type        = "ssh"
+#       user        = "ec2-user" # or your SSH user
+#       private_key = file("/path/to/your/private_key.pem")
+#       host        = aws_instance.example.public_ip # or your instance's public IP
+#     }
+#   }
+
+#   depends_on = [aws_instance.basic_ec2_instance]
+# }
@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+sudo yum update -y
+sudo yum install -y ruby wget
+
+wget https://aws-codedeploy-us-east-1.s3.amazonaws.com/latest/install -O /tmp/codedeploy-install
+chmod +x /tmp/codedeploy-install
+
+sudo /tmp/codedeploy-install auto
+
@@ -0,0 +1,4 @@
+variable "profile_name" {
+  description = "Name of the IAM profile"
+  type        = string
+}