Skip to content

frank-wang-xero/terraform-aws-imagebuilder-pipeline

BranchesTags
 
 

Repository files navigation

terraform-aws-imagebuilder-pipeline

tflint tfsec yamllint misspell pre-commit-check follow on Twitter

Terraform module for creating EC2 Image Builder Pipelines from CloudFormation

Example

Here's what using the module will look like. Note that this module needs at least one recipe and component to be useful. See examples for details.

module "test_pipeline" {
  source  = "rhythmictech/imagebuilder-pipeline/aws"

  description = "Testing pipeline"
  name        = "test-pipeline"
  recipe_arn  = module.test_recipe.recipe_arn
  public      = false
}

About

Allows the creation of EC2 Image Builder Pipelines with Cloudformation until native support is added to TF

Build Scheduling

Builds are scheduled by a cron pattern. The pipeline takes a schedule argument as follows:

  schedule = {
    PipelineExecutionStartCondition = "EXPRESSION_MATCH_AND_DEPENDENCY_UPDATES_AVAILABLE"
    ScheduleExpression              = "cron(0 0 * * mon)"
  }

The default expects an upstream AMI as a parent image and will build weekly only if an updated image is found upstream. By setting PipelineExecutionStartCondition = "EXPRESSION_MATCH_ONLY", the build pipeline will always run.

When scheduling linked jobs, it is important to be mindful of the cron schedules. If both pipelines run with ScheduleExpression = "cron(0 0 * * mon)", the downstream build will always run one week late. Due to the testing phase and startup/teardown time, even a short EC2 Image Builder process can take over 15 minutes to run end to end. Complex test suites can take much longer.

See Amazon's EC2 Image Builder API Reference for further details.

Requirements

Name Version
terraform >= 0.12.19
aws >= 2.44

Providers

Name Version
aws >= 2.44

Inputs

Name Description Type Default Required
name name to use for component string n/a yes
recipe_arn ARN of the recipe to use. Must change with Recipe version string n/a yes
additional_iam_policy_arns List of ARN policies for addional builder permissions list(string) [] no
cloudformation_timeout How long to wait (in minutes) for CFN to apply before giving up number 10 no
description description of component string null no
enabled Whether pipeline is ENABLED or DISABLED bool true no
image_name The name prefix given to the AMI created by the pipeline (a timestamp will be added to the end) string "" no
instance_types Instance types to create images from. It's unclear why this is a list. Possibly because different types can result in different images (like ARM instances) list(string) 
[
  "t3.medium"
]
 no
key_pair EC2 key pair to add to the default user on the builder string null no
license_config_arns If you're using License Manager, your ARNs go here list(string) null no
log_bucket Bucket to store logs in. If this is ommited logs will not be stored string null no
log_prefix S3 prefix to store logs at. Recommended if sharing bucket with other pipelines string null no
public Whether resulting AMI should be public bool false no
regions Regions that AMIs will be available in list(string) 
[
  "us-east-1",
  "us-east-2",
  "us-west-1",
  "us-west-2",
  "ca-central-1"
]
 no
schedule Schedule expression for when pipeline should run automatically https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-imagebuilder-imagepipeline-schedule.html 
object({
    PipelineExecutionStartCondition = string
    ScheduleExpression              = string
  })
 
{
  "PipelineExecutionStartCondition": "EXPRESSION_MATCH_AND_DEPENDENCY_UPDATES_AVAILABLE",
  "ScheduleExpression": "cron(0 0 * * mon)"
}
 no
security_group_ids Security group IDs for the Image Builder list(string) null no
shared_account_ids AWS accounts to share AMIs with. If this is left null AMIs will be public list(string) [] no
sns_topic_arn SNS topic to notify when new images are created string null no
ssh_key_secret_arn ARN of a secretsmanager secret containing an SSH key (use arn OR name, not both) string null no
ssh_key_secret_name Name of a secretsmanager secret containing an SSH key (use arn OR name, not both) string null no
subnet Subnet ID to use for builder string null no
tags map of tags to use for CFN stack and component map(string) {} no
terminate_on_failure Change to false if you want to ssh into a builder for debugging after failure bool true no
test_config Whether to run tests during image creation and maximum time to allow tests to run 
object({
    ImageTestsEnabled = bool
    TimeoutMinutes    = number
  })
 
{
  "ImageTestsEnabled": true,
  "TimeoutMinutes": 60
}
 no

Outputs

Name Description
pipeline_arn ARN of EC2 Image Builder Pipeline
role_name The name of the IAM role for use if additional permissions are needed.

The Giants underneath this module

  • pre-commit.com/
  • terraform.io/
  • github.com/tfutils/tfenv
  • github.com/segmentio/terraform-docs

About

Terraform module to create an EC2 Image Builder Pipeline

registry.terraform.io/modules/rhythmictech/imagebuilder-pipeline/aws

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

9 tags

Packages

No packages published

Languages

  • HCL 69.6%
  • Smarty 20.0%
  • Shell 10.4%