added required resources for codedeploy as part of codepipeline

Shaked Braimok Yosef · Shaked Braimok Yosef · commit 229eb0b4fd1d · 2024-04-27T23:29:21.000+03:00
diff --git a/README.md b/README.md
@@ -0,0 +1,27 @@
+# terraform-aws-codedeploy  [![Senora](https://github.com/Senora-dev/assets/blob/main/senora-logo.png?raw=true)](https://senora.dev)
+A Terraform module that implements Blue-Green deployment using AWS CodeDeploy as part of a AWS CodePipeline pipeline.
+
+Learn more in the [AWS CodeDeploy Guides Series](https://medium.com/@senora-dev).
+
+## Usage
+```terraform
+module "codedeploy"{
+    source  = "Senora-dev/codedeploy/aws"
+    version = "~>1.0.0"
+
+    app_name = "my-app-name"
+    s3_bucket = "codepipeline-bucket-name"
+    ecs_cluster_name = "my-app-cluster-name"
+    ecs_cluster_name = "my-app-ecs-sevrice-name"
+    load_balancer_listener_arn = "${data.my_alb_listener_arn}"
+    load_balancer_test_listener_arn = "${data.my_test_listener_arn}"
+    load_balancer_blue_target_group = "my-blue-tg-name"
+    load_balancer_green_target_group = "my-green-tg-name"
+}
+```
+
+## Contributing
+Contributions to this project are welcome! Feel free to submit issues, feature requests, or pull requests to help improve the self-service backend.
+
+## License
+This project is licensed under the [Apache 2.0 License](LICENSE).
diff --git a/data.tf b/data.tf
@@ -0,0 +1,60 @@
+data "aws_s3_bucket" "codepipeline_bucket" {
+  bucket = var.s3_bucket
+}
+data "aws_iam_policy_document" "codedeploy_role_policy" {
+  statement {
+    actions   = [
+            "ecs:DescribeServices",
+            "ecs:CreateTaskSet",
+            "ecs:UpdateServicePrimaryTaskSet",
+            "ecs:DeleteTaskSet",
+        ]
+    resources = [data.ecs]
+  }
+  statement {
+    actions   = ["cloudwatch:DescribeAlarms"]
+    resources = ["*"]
+  }
+  statement {
+    actions   = ["sns:Publish"]
+    resources = ["arn:aws:sns:*:*:CodeDeployTopic_*"]
+  }
+  statement {
+    actions   = [
+        "elasticloadbalancing:DescribeTargetGroups",
+        "elasticloadbalancing:DescribeListeners",
+        "elasticloadbalancing:ModifyListener",
+        "elasticloadbalancing:DescribeRules",
+        "elasticloadbalancing:ModifyRule"
+        ]
+    resources = [var.alb_listener_arn,var.alb_test_listener_arn]
+  }
+  statement {
+    actions   = ["lambda:InvokeFunction"]
+    resources = ["arn:aws:lambda:*:*:function:CodeDeployHook_*"]
+  }
+  statement {
+    actions   = [
+          "s3:GetObject",
+          "s3:GetObjectVersion",
+          "s3:GetBucketVersioning",
+          "s3:PutObjectAcl",
+          "s3:PutObject"
+        ]
+    resources = [
+          "${data.aws_s3_bucket.codepipeline_bucket.arn}",
+          "${data.aws_s3_bucket.codepipeline_bucket.arn}/*"
+        ]
+  }
+  #statement {
+  #  actions   = ["iam:PassRole"]
+  #  resources = var.ecs_iam_roles_arns
+  #}
+
+  #statement {
+  #  actions = [
+  #    "codedeploy:*"
+  #  ]
+  #  resources = ["*"]
+  #}
+}
diff --git a/main.tf b/main.tf
@@ -0,0 +1,109 @@
+resource "aws_codedeploy_app" "codedeploy_app" {
+  name = "codedeploy-${var.app_name}"
+  compute_platform = "ECS"
+}
+
+
+resource "aws_codedeploy_deployment_group" "deployment_group" {
+  app_name               = aws_codedeploy_app.codedeploy_app.name
+  deployment_config_name = "CodeDeployDefault.ECSAllAtOnce"
+  deployment_group_name  = "ecs-deployment-group-${var.app_name}"
+  service_role_arn       = aws_iam_role.codedeploy_role.arn
+
+  auto_rollback_configuration {
+    enabled = true
+    events  = ["DEPLOYMENT_FAILURE"]
+  }
+
+  blue_green_deployment_config {
+    deployment_ready_option {
+      action_on_timeout = "CONTINUE_DEPLOYMENT"
+    }
+
+    terminate_blue_instances_on_deployment_success {
+      action                           = "TERMINATE"
+      termination_wait_time_in_minutes = var.termination_wait_time_in_minutes
+    }
+  }
+
+  deployment_style {
+    deployment_option = "WITH_TRAFFIC_CONTROL"
+    deployment_type   = "BLUE_GREEN"
+  }
+
+  ecs_service {
+    cluster_name = var.ecs_cluster_name
+    service_name = var.ecs_service_name
+  }
+
+  load_balancer_info {
+    target_group_pair_info {
+      prod_traffic_route {
+        listener_arns = [var.load_balancer_listener_arn]
+      }
+
+      test_traffic_route {
+        listener_arns = [var.load_balancer_test_listener_arn]
+      }
+
+      target_group {
+        name = var.load_balancer_blue_target_group 
+      }
+
+      target_group {
+        name = var.load_balancer_green_target_group 
+      }
+    }
+  }
+}
+
+resource "aws_iam_role" "codedeploy_role" {
+  name = "iam-role-codedeploy-${var.app_name}"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Sid    = ""
+        Principal = {
+          Service = "codedeploy.amazonaws.com"
+        }
+      },
+    ]
+  })
+}
+
+resource "aws_iam_role_policy" "cloudWatch_policy" {
+  name = "iam-policy-cloudwatch-${var.app_name}"
+  role = aws_iam_role.codedeploy_role.id
+
+  # Terraform's "jsonencode" function converts a
+  # Terraform expression result to valid JSON syntax.
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = [
+            "logs:CreateLogGroup",
+            "logs:CreateLogStream",
+            "logs:PutLogEvents"
+        ]
+        Effect   = "Allow"
+        Resource = "*"
+      },
+    ]
+  })
+}
+
+resource "aws_iam_role_policy" "ecs_policy" {
+  name = "iam-policy-ecs-${var.app_name}"
+  role = aws_iam_role.codedeploy_role.id
+  policy = data.aws_iam_policy_document.codedeploy_role_policy.json
+}
+
+resource "aws_iam_role_policy_attachment" "role-lambda-execution" {
+    role       = "${aws_iam_role.codedeploy_role.name}"
+    policy_arn = "arn:aws:iam::aws:policy/AWSLambda_FullAccess"
+}
diff --git a/variables.tf b/variables.tf
@@ -0,0 +1,39 @@
+variable "name" {
+  type = string
+}
+
+variable "s3_bucket" {
+  type = string
+}
+
+variable "ecs_cluster_name" {
+  type = string
+}
+
+variable "ecs_service_name" {
+  type = string
+}
+
+variable "alb_listener_arn" {
+  type = string
+}
+
+variable "alb_test_listener_arn" {
+     type = string
+ }
+ 
+variable "alb_tg_blue_name" {
+  type = string
+}
+
+variable "alb_tg_green_name" {
+  type = string
+}
+
+variable "ecs_iam_roles_arns" {
+  type = list(string)
+}
+
+variable "termination_wait_time_in_minutes" {
+  default = 120
+}
