This repository has been archived by the owner on Jan 20, 2025. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathmain.tf
132 lines (116 loc) · 4.23 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
/*
* # aws-terraform-codedeploy
*
* This module creates a CodeDeploy deployment group and optionally a CodeDeploy application.
*
* ## Basic Usage
*
* ```
* module "codedeploy_prod" {
* source = "[email protected]:rackspace-infrastructure-automation/aws-terraform-codedeploy//?ref=v0.12.0"
*
* application_name = "MyCodeDeployApp"
* autoscaling_groups = ["myASG"]
* environment = "Prod"
* }
* ```
*
* Full working references are available at [examples](examples)
* ## Limitations
*
* AWS APIs do not properly clear out the load_balancer_info field of a deployment group after removing the CLB\Target group reference. This results in the Deployment Group trying to apply the change on every update. We hope this behavior to be resolved after adapting Terraform v0.12. In the meantime, a new Deployment Group should be created if the load balancer information must be removed. This issue does not occur when replacing the referenced CLB or Target Group, or when switching between CLB and Target Groups, only when the references are completely removed.
*
* ## Terraform 0.12 upgrade
*
* Several changes were required while adding terraform 0.12 compatibility. The following changes should be
* made when upgrading from a previous release to version 0.12.0 or higher.
*
* ### Terraform State File
*
* Several resources were updated with new logical names, better meet current Rackspace style guides.
* The following statements can be used to update existing resources. In each command, `<MODULE_NAME>`
* should be replaced with the logic name used where the module is referenced.
*
* ```
* terraform state mv module.<MODULE_NAME>.aws_iam_role_policy_attachment.AWSCodeDeployRole module.<MODULE_NAME>.aws_iam_role_policy_attachment.code_deploy_policy_attachment
* ```
*
*/
terraform {
required_version = ">= 0.12"
required_providers {
aws = ">= 2.7.0"
}
}
locals {
application_name = element(
concat(
aws_codedeploy_app.application.*.name,
[var.application_name],
),
0,
)
default_deployment_group_name = "${var.application_name}-${var.environment}"
deployment_group_name = var.deployment_group_name == "" ? local.default_deployment_group_name : var.deployment_group_name
ec2_tag_filters = {
key = var.ec2_tag_key
type = "KEY_AND_VALUE"
value = var.ec2_tag_value
}
enable_trafic_control = var.clb_name != "" || var.target_group_name != ""
}
resource "aws_codedeploy_app" "application" {
count = var.create_application ? 1 : 0
name = var.application_name
}
data "aws_iam_policy_document" "assume_role_policy" {
statement {
effect = "Allow"
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["codedeploy.amazonaws.com"]
}
}
}
resource "aws_iam_role" "role" {
name_prefix = "${local.deployment_group_name}-"
assume_role_policy = data.aws_iam_policy_document.assume_role_policy.json
}
resource "aws_iam_role_policy_attachment" "code_deploy_policy_attachment" {
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole"
role = aws_iam_role.role.name
}
resource "aws_codedeploy_deployment_group" "deployment_group" {
app_name = local.application_name
autoscaling_groups = var.autoscaling_groups
deployment_config_name = var.deployment_config_name
deployment_group_name = local.deployment_group_name
dynamic "ec2_tag_filter" {
for_each = var.ec2_tag_key != "" && var.ec2_tag_value != "" ? [local.ec2_tag_filters] : []
content {
key = lookup(ec2_tag_filter.value, "key", null)
type = lookup(ec2_tag_filter.value, "type", null)
value = lookup(ec2_tag_filter.value, "value", null)
}
}
service_role_arn = aws_iam_role.role.arn
deployment_style {
deployment_option = local.enable_trafic_control ? "WITH_TRAFFIC_CONTROL" : "WITHOUT_TRAFFIC_CONTROL"
deployment_type = "IN_PLACE"
}
load_balancer_info {
dynamic "elb_info" {
for_each = var.clb_name == "" ? [] : [var.clb_name]
content {
name = elb_info.value
}
}
dynamic "target_group_info" {
for_each = var.target_group_name == "" ? [] : [var.target_group_name]
content {
name = target_group_info.value
}
}
}
}