af

.dockerignore

@@ -2,17 +2,14 @@
 *.iml
 *.iws
 .target/
-target/
 .sonar/
 .sonarlint/
 
 .github/
 .gradle/
-.build/
-build/
 fluentbit/
 grafana/
-infra/
+infra/app/
 k8s/
 log/
 logs/

infra/app/main.tf

@@ -0,0 +1,16 @@
+locals {
+  tags = {
+    Project     = var.project_name
+    CreatedBy   = var.createdBy
+    CreatedOn   = timestamp()
+    Environment = terraform.workspace
+  }
+}
+
+module "app_aws_s3_buckets" {
+  source = "./modules/aws/s3/buckets"
+}
+
+#module "project_aws_cloudfront_distribution" {
+#  source = "./modules/aws/cloudfront/distribution"
+#}

infra/app/variables.tf

@@ -0,0 +1,24 @@
+variable "region" {
+  type        = string
+  description = "AWS region for all resources."
+
+  default = "ap-south-1"
+}
+
+variable "project_name" {
+  type        = string
+  description = "Template service in java, spring-boot project."
+  default = "template-service-java-spring-boot"
+}
+
+variable "environment" {
+  type        = string
+  description = "environment"
+  default = "test"
+}
+
+variable "createdBy" {
+  type        = string
+  description = "createdBy"
+  default = "terraform"
+}

infra/pipeline/main.tf

@@ -0,0 +1,12 @@
+locals {
+  tags = {
+    Project     = var.project_name
+    CreatedBy   = var.createdBy
+    CreatedOn   = timestamp()
+    Environment = terraform.workspace
+  }
+}
+
+module "pipeline_aws_s3_buckets" {
+  source = "./modules/aws/s3/buckets"
+}

infra/pipeline/modules/aws/s3/buckets/outputs.tf

@@ -0,0 +1,4 @@
+output "aws_code_artifact_s3_bucket_id" {
+  value       = aws_s3_bucket.private-code-artifacts.id
+  description = "aws_code_artifact_s3_bucket_id"
+}

infra/pipeline/modules/aws/s3/buckets/private-code-artifacts.tf

@@ -0,0 +1,10 @@
+resource "aws_s3_bucket" "private-code-artifacts" {
+  bucket = "private-code-artifacts"
+
+  tags = {
+    Name        = "private-code-artifacts"
+    Owner       = "${var.project_name}"
+    Environment = "${var.environment}"
+    Region      = "${var.region}"
+  }
+}

infra/variables.tf → infra/pipeline/modules/aws/s3/buckets/variables.tf

@@ -1,20 +1,17 @@
 variable "region" {
   type        = string
   description = "AWS region for all resources."
-
   default = "ap-south-1"
 }
 
 variable "project_name" {
   type        = string
   description = "Template service in java, spring-boot project."
-
   default = "template-service-java-spring-boot"
 }
 
 variable "environment" {
   type        = string
   description = "Template service in java, spring-boot project."
-
   default = "test"
 }

infra/pipeline/outputs.tf

@@ -0,0 +1,4 @@
+output "aws_codepipeline_arn" {
+  value       = aws_codepipeline.this.arn
+  description = "aws codepipeline project arn"
+}

infra/pipeline/pipeline.tf

@@ -0,0 +1,77 @@
+resource "aws_codepipeline" "this" {
+
+  name     = var.project_name
+  role_arn = aws_iam_role.this.arn
+
+  artifact_store {
+    type     = var.artifacts_store_type
+    location = module.pipeline_aws_s3_buckets.aws_code_artifact_s3_bucket_id
+  }
+
+  stage {
+    name = "Source"
+    action {
+      name             = "Source"
+      category         = "Source"
+      owner            = "AWS"
+      provider         = var.source_provider
+      version          = "1"
+      output_artifacts = [var.output_artifacts]
+      configuration = {
+        FullRepositoryId     = var.full_repository_id
+        BranchName           = var.branch_name
+        ConnectionArn        = var.codestar_connector_credentials
+        OutputArtifactFormat = var.output_artifact_format
+      }
+    }
+  }
+
+  stage {
+    name = "Apply" #"Plan"
+    action {
+      name            = "Build"
+      category        = "Build"
+      provider        = "CodeBuild"
+      version         = "1"
+      owner           = "AWS"
+      input_artifacts = [var.input_artifacts]
+      configuration = {
+        ProjectName = var.project_name
+      }
+    }
+  }
+
+  # stage {
+  #   name = "Approve"
+
+  #   action {
+  #     name            = "Approval"
+  #     category        = "Approval"
+  #     owner           = "AWS"
+  #     provider        = "Manual"
+  #     version         = "1"
+  #     input_artifacts = [var.input_artifacts]
+  #     configuration = {
+  #       #NotificationArn = var.approve_sns_arn
+  #       CustomData = var.approve_comment
+  #       #ExternalEntityLink = var.approve_url
+  #     }
+  #   }
+  # }
+
+  # stage {
+  #   name = "Deploy"
+  #   action {
+  #     name            = "Deploy"
+  #     category        = "Build"
+  #     provider        = "CodeBuild"
+  #     version         = "1"
+  #     owner           = "AWS"
+  #     input_artifacts = [var.input_artifacts]
+  #     configuration = {
+  #       ProjectName = var.project_name
+  #     }
+  #   }
+  # }
+
+}

infra/pipeline/provider.tf

@@ -0,0 +1,7 @@
+provider "aws" {
+  region = var.region
+}
+
+provider "random" {}
+
+provider "time" {}

infra/pipeline/role.tf

@@ -0,0 +1,45 @@
+resource "aws_iam_role" "this" {
+  name = var.role_name
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "codepipeline.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    sid       = ""
+    actions   = ["cloudwatch:*", "s3:*", "codebuild:*"]
+    resources = ["*"]
+    effect    = "Allow"
+  }
+  statement {
+    sid       = ""
+    actions   = ["codestar-connections:UseConnection"]
+    resources = ["*"]
+    effect    = "Allow"
+  }
+}
+
+resource "aws_iam_policy" "this" {
+  name        = var.policy_name
+  path        = "/"
+  description = "CodePipeline policy"
+  policy      = data.aws_iam_policy_document.this.json
+}
+
+resource "aws_iam_role_policy_attachment" "attachment" {
+  policy_arn = aws_iam_policy.this.arn
+  role       = aws_iam_role.this.id
+}