-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy patheventbridge.tf
88 lines (75 loc) · 2.04 KB
/
eventbridge.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: MIT-0
resource "aws_cloudwatch_event_rule" "this" {
name = var.pipeline_name
description = "Invokes pipeline when there is a new CodeCommit repo commit"
event_pattern = jsonencode({
"source" : [
"aws.codecommit"
],
"detail-type" : [
"CodeCommit Repository State Change"
],
"resources" : [
"arn:aws:codecommit:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:${var.repo}"
],
"detail" : {
"event" : [
"referenceCreated",
"referenceUpdated"
],
"referenceType" : [
"branch"
],
"referenceName" : [
"${var.branch}",
]
}
})
}
resource "aws_cloudwatch_event_target" "this" {
rule = aws_cloudwatch_event_rule.this.name
target_id = var.pipeline_name
arn = aws_codepipeline.this.arn
role_arn = aws_iam_role.eventbridge.arn
}
resource "aws_iam_role" "eventbridge" {
name = "${var.pipeline_name}-eventbridge"
assume_role_policy = data.aws_iam_policy_document.eventbridge_assume.json
}
data "aws_iam_policy_document" "eventbridge_assume" {
statement {
effect = "Allow"
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["events.amazonaws.com"]
}
condition {
test = "StringEquals"
variable = "aws:SourceAccount"
values = [
data.aws_caller_identity.current.account_id
]
}
}
}
resource "aws_iam_role_policy_attachment" "eventbridge" {
role = aws_iam_role.eventbridge.name
policy_arn = aws_iam_policy.eventbridge.arn
}
resource "aws_iam_policy" "eventbridge" {
name = "${var.pipeline_name}-eventbridge"
policy = data.aws_iam_policy_document.eventbridge.json
}
data "aws_iam_policy_document" "eventbridge" {
statement {
effect = "Allow"
actions = [
"codepipeline:StartPipelineExecution"
]
resources = [
aws_codepipeline.this.arn
]
}
}