From 9cf4eca1f7d72334a7300423fe32449f16467764 Mon Sep 17 00:00:00 2001 From: Duleendra Date: Mon, 7 Apr 2025 13:30:05 +0800 Subject: [PATCH 1/3] [PES-974] Enable CloudWatch logs --- main.tf | 7 +++++++ variables.tf | 6 ++++++ 2 files changed, 13 insertions(+) diff --git a/main.tf b/main.tf index 205d23a..d0a3649 100644 --- a/main.tf +++ b/main.tf @@ -42,4 +42,11 @@ resource "aws_codebuild_project" "this" { location = var.source_location report_build_status = var.report_build_status } + + logs_config { + cloudwatch_logs { + group_name = var.cloudwatch_log_group != null ? var.cloudwatch_log_group : null + status = "ENABLED" + } + } } diff --git a/variables.tf b/variables.tf index 9c3ffc8..219313f 100644 --- a/variables.tf +++ b/variables.tf @@ -140,3 +140,9 @@ variable "additional_iam" { type = list(any) default = [] } + +variable "cloudwatch_log_group" { + description = "Custom log group for CodeBuild Project" + type = string + default = null +} From 50011da900e1c78aa7d9af9e5917c0ba7d681103 Mon Sep 17 00:00:00 2001 From: Duleendra Date: Mon, 7 Apr 2025 13:32:47 +0800 Subject: [PATCH 2/3] Update doc --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 69a91e0..3c50fe3 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ | Name | Version | |------|---------| -| [aws](#provider\_aws) | 4.24.0 | +| [aws](#provider\_aws) | 5.94.1 | ## Modules @@ -46,6 +46,7 @@ | [build\_type](#input\_build\_type) | Type of build environment to use for related builds. | `string` | `"LINUX_CONTAINER"` | no | | [buildspec](#input\_buildspec) | The build spec declaration to use for this build project's related builds. | `string` | `""` | no | | [cache](#input\_cache) | Cache configuration block. | 
object({
    type     = optional(string)       # Valid values: NO_CACHE, LOCAL, S3. Defaults to NO_CACHE.
    modes    = optional(list(string)) # Required when cache type is LOCAL
    location = optional(string)       # Required when cache type is S3
  })
| `{}` | no | +| [cloudwatch\_log\_group](#input\_cloudwatch\_log\_group) | Custom log group for CodeBuild Project | `string` | `null` | no | | [create\_service\_role](#input\_create\_service\_role) | Create new IAM service role and policy if `true`. | `bool` | `true` | no | | [description](#input\_description) | Short description of the project. | `string` | n/a | yes | | [encryption\_key\_arn](#input\_encryption\_key\_arn) | AWS Key Management Service (AWS KMS) customer master key (CMK) to be used for encrypting the build project's build output artifacts. | `string` | `null` | no | From 163f78acd9a0235f23ba9a5946c9b250bcb28b7f Mon Sep 17 00:00:00 2001 From: Duleendra Date: Mon, 7 Apr 2025 13:38:39 +0800 Subject: [PATCH 3/3] fix fmt --- iam.tf | 2 ++ main.tf | 4 ++-- variables.tf | 4 ++-- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/iam.tf b/iam.tf index 9f6624b..f7f6c76 100644 --- a/iam.tf +++ b/iam.tf @@ -1,4 +1,5 @@ module "codebuild_service_role" { + #checkov:skip=CKV_TF_1:Ensure Terraform module sources use a commit hash source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role" version = "~> 5.2.0" @@ -17,6 +18,7 @@ module "codebuild_service_role" { } module "codebuild_service_role_policy" { + #checkov:skip=CKV_TF_1:Ensure Terraform module sources use a commit hash source = "terraform-aws-modules/iam/aws//modules/iam-policy" version = "~> 5.2.0" diff --git a/main.tf b/main.tf index d0a3649..6ba2b24 100644 --- a/main.tf +++ b/main.tf @@ -45,8 +45,8 @@ resource "aws_codebuild_project" "this" { logs_config { cloudwatch_logs { - group_name = var.cloudwatch_log_group != null ? var.cloudwatch_log_group : null - status = "ENABLED" + group_name = var.cloudwatch_log_group != null && var.cloudwatch_log_group != "" ? var.cloudwatch_log_group : null + status = "ENABLED" } } } diff --git a/variables.tf b/variables.tf index 219313f..a04542a 100644 --- a/variables.tf +++ b/variables.tf @@ -143,6 +143,6 @@ variable "additional_iam" { variable "cloudwatch_log_group" { description = "Custom log group for CodeBuild Project" - type = string - default = null + type = string + default = null }