-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdata.tf
83 lines (71 loc) · 2.61 KB
/
data.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
# Get current account id
data "aws_caller_identity" "current" {}
# Get KMS key ARN for aft
data "aws_kms_key" "alias_aft" {
key_id = "alias/aft"
}
# Get KMS key ARN for aft-backend
data "aws_kms_key" "alias_aft_backend" {
key_id = "alias/aft-backend-${data.aws_caller_identity.current.account_id}-kms-key"
}
# eventbridge pattern to trigger lambda
data "template_file" "eventbridge_pattern" {
template = file("./policy_files/event_pattern.json")
}
########################
# Template file to render S3 bucket policy
########################
data "template_file" "cfn_templates_bucket-policy" {
template = file("./policy_files/bucket_policy.json")
vars = {
bucket_arn = aws_s3_bucket.cfn_templates.arn
}
}
data "template_file" "codepipeline_artifacts_bucket-policy" {
template = file("./policy_files/bucket_policy.json")
vars = {
bucket_arn = aws_s3_bucket.codepipeline_artifacts.arn
}
}
########################
# Template file to render lambda policy
########################
data "template_file" "lambda_policy" {
template = file("./policy_files/lambda_policy.json")
vars = {
account_id = data.aws_caller_identity.current.account_id
bucket_name = aws_s3_bucket.cfn_templates.id
codebuild_role = aws_iam_role.aft_feature_branch_codebuild_role.arn
codepipeline_role = aws_iam_role.aft_feature_branch_codepipeline_role.arn
}
}
########################
# Template file to render codebuild policy
########################
data "template_file" "codebuild_policy" {
template = file("./policy_files/codebuild_policy.json")
vars = {
account_id = data.aws_caller_identity.current.account_id
bucket_name = aws_s3_bucket.cfn_templates.id
kms_key_aft = data.aws_kms_key.alias_aft.arn
kms_key_aft_backend = data.aws_kms_key.alias_aft_backend.arn
}
}
########################
# Template file to render codepipeline policy
########################
data "template_file" "codepipeline_policy" {
template = file("./policy_files/codepipeline_policy.json")
vars = {
account_id = data.aws_caller_identity.current.account_id
artifacts_bucket = aws_s3_bucket.codepipeline_artifacts.id
kms_key_aft = data.aws_kms_key.alias_aft.arn
kms_key_aft_backend = data.aws_kms_key.alias_aft_backend.arn
}
}
# zipped lambda source code
data "archive_file" "zipfile" {
type = "zip"
source_file = "${path.module}/aft-repo-feature-branch-pipeline/aft-repo-feature-branch-pipeline.py"
output_path = "${path.module}/aft-repo-feature-branch-pipeline.zip"
}