diff --git a/README.md b/README.md index 69a91e0..3c50fe3 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ | Name | Version | |------|---------| -| [aws](#provider\_aws) | 4.24.0 | +| [aws](#provider\_aws) | 5.94.1 | ## Modules @@ -46,6 +46,7 @@ | [build\_type](#input\_build\_type) | Type of build environment to use for related builds. | `string` | `"LINUX_CONTAINER"` | no | | [buildspec](#input\_buildspec) | The build spec declaration to use for this build project's related builds. | `string` | `""` | no | | [cache](#input\_cache) | Cache configuration block. |
object({
type = optional(string) # Valid values: NO_CACHE, LOCAL, S3. Defaults to NO_CACHE.
modes = optional(list(string)) # Required when cache type is LOCAL
location = optional(string) # Required when cache type is S3
})
| `{}` | no | +| [cloudwatch\_log\_group](#input\_cloudwatch\_log\_group) | Custom log group for CodeBuild Project | `string` | `null` | no | | [create\_service\_role](#input\_create\_service\_role) | Create new IAM service role and policy if `true`. | `bool` | `true` | no | | [description](#input\_description) | Short description of the project. | `string` | n/a | yes | | [encryption\_key\_arn](#input\_encryption\_key\_arn) | AWS Key Management Service (AWS KMS) customer master key (CMK) to be used for encrypting the build project's build output artifacts. | `string` | `null` | no | diff --git a/iam.tf b/iam.tf index 9f6624b..f7f6c76 100644 --- a/iam.tf +++ b/iam.tf @@ -1,4 +1,5 @@ module "codebuild_service_role" { + #checkov:skip=CKV_TF_1:Ensure Terraform module sources use a commit hash source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role" version = "~> 5.2.0" @@ -17,6 +18,7 @@ module "codebuild_service_role" { } module "codebuild_service_role_policy" { + #checkov:skip=CKV_TF_1:Ensure Terraform module sources use a commit hash source = "terraform-aws-modules/iam/aws//modules/iam-policy" version = "~> 5.2.0" diff --git a/main.tf b/main.tf index 205d23a..6ba2b24 100644 --- a/main.tf +++ b/main.tf @@ -42,4 +42,11 @@ resource "aws_codebuild_project" "this" { location = var.source_location report_build_status = var.report_build_status } + + logs_config { + cloudwatch_logs { + group_name = var.cloudwatch_log_group != null && var.cloudwatch_log_group != "" ? var.cloudwatch_log_group : null + status = "ENABLED" + } + } } diff --git a/variables.tf b/variables.tf index 9c3ffc8..a04542a 100644 --- a/variables.tf +++ b/variables.tf @@ -140,3 +140,9 @@ variable "additional_iam" { type = list(any) default = [] } + +variable "cloudwatch_log_group" { + description = "Custom log group for CodeBuild Project" + type = string + default = null +}