Update data.tf and main.tf

Eli-Meitner · Eli-Meitner · commit b714e37cd6db · 2023-06-06T07:36:50.000+03:00
diff --git a/modules/ci-cd-codepipeline/data.tf b/modules/ci-cd-codepipeline/data.tf
@@ -15,7 +15,7 @@ data "aws_iam_policy_document" "codepipeline_assume_role_policy" {
     actions = ["sts:AssumeRole"]
     principals {
       type        = "Service"
-      identifiers = ["codepipeline.amazonaws.com", "codedeploy.amazonaws.com"]
+      identifiers = ["codepipeline.amazonaws.com", "codedeploy.amazonaws.com", "events.amazonaws.com"]
     }
   }
 }
@@ -31,6 +31,12 @@ data "aws_iam_policy_document" "codepipeline_role_policy" {
     ]
     resources = ["*"]
   }
+  statement {
+    actions = [
+      "codepipeline:StartPipelineExecution"
+    ]
+    resources = ["*"]
+  }
   statement {
     actions   = ["codestar-connections:UseConnection"]
     resources = ["*"]
diff --git a/modules/ci-cd-codepipeline/main.tf b/modules/ci-cd-codepipeline/main.tf
@@ -24,7 +24,7 @@ resource "aws_codepipeline" "codepipeline" {
       configuration = {
         S3Bucket             = "${var.s3_bucket}"
         S3ObjectKey          = "${var.env_name}/source_artifacts.zip"
-        PollForSourceChanges = true
+        PollForSourceChanges = false
       }
     }
   }
@@ -137,3 +137,27 @@ resource "aws_iam_role_policy" "codepipeline_policy" {
   policy = data.aws_iam_policy_document.codepipeline_role_policy.json
 }
 
+resource "aws_cloudwatch_event_rule" "trigger_pipeline" {
+  name        = "${local.codepipeline_name}-trigger"
+  description = "Trigger ${local.codepipeline_name}"
+
+  event_pattern = jsonencode({
+    "source" : ["aws.s3"],
+    "detail-type" : ["AWS API Call via CloudTrail"],
+    "detail" : {
+      "eventSource" : ["s3.amazonaws.com"],
+      "eventName" : ["PutObject", "CompleteMultipartUpload", "CopyObject"],
+      "requestParameters" : {
+        "bucketName" : ["${var.s3_bucket}"],
+        "key" : ["${var.env_name}/source_artifacts.zip"]
+      }
+    }
+  })
+}
+
+resource "aws_cloudwatch_event_target" "trigger_pipeline" {
+  rule      = aws_cloudwatch_event_rule.trigger_pipeline.name
+  target_id = "${local.codepipeline_name}"
+  arn       = aws_codepipeline.codepipeline.arn
+  role_arn = aws_iam_role.codepipeline_role.arn
+}

Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,7 @@ data "aws_iam_policy_document" "codepipeline_assume_role_policy" {`
`15`	`15`	`actions = ["sts:AssumeRole"]`
`16`	`16`	`principals {`
`17`	`17`	`type = "Service"`
`18`		`- identifiers = ["codepipeline.amazonaws.com", "codedeploy.amazonaws.com"]`
	`18`	`+ identifiers = ["codepipeline.amazonaws.com", "codedeploy.amazonaws.com", "events.amazonaws.com"]`
`19`	`19`	`}`
`20`	`20`	`}`
`21`	`21`	`}`
`@@ -31,6 +31,12 @@ data "aws_iam_policy_document" "codepipeline_role_policy" {`
`31`	`31`	`]`
`32`	`32`	`resources = ["*"]`
`33`	`33`	`}`
	`34`	`+ statement {`
	`35`	`+ actions = [`
	`36`	`+ "codepipeline:StartPipelineExecution"`
	`37`	`+ ]`
	`38`	`+ resources = ["*"]`
	`39`	`+ }`
`34`	`40`	`statement {`
`35`	`41`	`actions = ["codestar-connections:UseConnection"]`
`36`	`42`	`resources = ["*"]`