Skip to content

Commit

Permalink
Adding S3 resource bucket for codebuild
Browse files Browse the repository at this point in the history
  • Loading branch information
alanrana7 committed Oct 19, 2023
1 parent 15acd06 commit 6551657
Show file tree
Hide file tree
Showing 2 changed files with 53 additions and 0 deletions.
33 changes: 33 additions & 0 deletions terraform/environments/apex/modules/codebuild/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,39 @@ data "aws_iam_policy_document" "local-ecr-policy-data" {
}
}

######################################################
# S3 Resource Bucket for Codebuild
######################################################

resource "aws_s3_bucket" "codebuild_resources" {
bucket = "laa-${var.app_name}-management-resourcebucket"
# force_destroy = true
}

resource "aws_s3_bucket_server_side_encryption_configuration" "resources_sse" {
bucket = aws_s3_bucket.codebuild_resources.id
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}

data "template_file" "s3_resource_bucket_policy" {
template = "${file("${path.module}/s3_bucket_policy.json.tpl")}"

vars = {
account_id = var.account_id,
s3_resource_name = aws_s3_bucket.codebuild_resources.id,
codebuild_role_name = aws_iam_role.codebuild_s3.id
}
}

resource "aws_s3_bucket_policy" "allow_access_from_codebuild" {
bucket = aws_s3_bucket.codebuild_resources.id
policy = data.template_file.s3_resource_bucket_policy.rendered
}

######################################################
# CodeBuild projects
######################################################
Expand Down
20 changes: 20 additions & 0 deletions terraform/environments/apex/modules/s3_bucket_policy.json.tpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
{
"Version": "2012-10-17",
"Statement": [
{
"Principal": {
"AWS": [
"arn:aws:iam::${account_id}:role/${codebuild_role_name}"
]
},
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::${s3_resource_name}",
"arn:aws:s3:::${s3_resource_name}/*"
]
}
]
}

0 comments on commit 6551657

Please sign in to comment.