From d39145eee1f03c1eaad9faeb8ae1ceab63f3d40b Mon Sep 17 00:00:00 2001
From: Sion Smith <sion.smith@gmail.com>
Date: Thu, 16 Jan 2020 17:27:28 +0000
Subject: [PATCH] update code build with encryption

---
 aws_codebuild_project.tf             | 22 ++++++++++++----------
 data_null_data_source_lambda_file.tf | 16 +++++++---------
 functions/ami_encryption.py          |  2 +-
 variables.tf                         |  4 ++--
 4 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/aws_codebuild_project.tf b/aws_codebuild_project.tf
index e58c5ee..297e8e8 100644
--- a/aws_codebuild_project.tf
+++ b/aws_codebuild_project.tf
@@ -1,23 +1,25 @@
 resource "aws_codebuild_project" "builder" {
-  name                  = "${upper(var.project_name)}"
+  name                  = upper(var.project_name)
   description           = "Managed by Terraform: AMI builder using Packer and Ansible."
-  build_timeout         = "${var.build_timeout}"
-  service_role          = "${aws_iam_role.local_codebuild_role.arn}"
+  build_timeout         = var.build_timeout
+  service_role          = aws_iam_role.local_codebuild_role.arn
 
   artifacts {
     type = "NO_ARTIFACTS"
   }
 
   environment {
-    compute_type        = "${var.compute_type}"
-    image               = "${var.environment_build_image}"
-    type                = "LINUX_CONTAINER"
+    compute_type                = var.compute_type
+    image                       = var.environment_build_image
+    type                        = "LINUX_CONTAINER"
+    image_pull_credentials_type = "CODEBUILD"
+    privileged_mode             = true
   }
 
   source {
     type                = "GITHUB"
-    location            = "${var.source_repository_url}"
-    buildspec           = "${data.template_file.ami_buildspec.rendered}"
+    location            = var.source_repository_url
+    buildspec           = data.template_file.ami_buildspec.rendered
     git_clone_depth     = "0"
     report_build_status = true
 
@@ -28,8 +30,8 @@ resource "aws_codebuild_project" "builder" {
   }
 
   vpc_config {
-    security_group_ids  = ["${aws_security_group.codebuild.id}"]
-    subnets             = ["${var.codebuild_private_subnet_ids[0]}"]
+    security_group_ids  = [aws_security_group.codebuild.id]
+    subnets             = [var.codebuild_private_subnet_ids[0]]
     vpc_id              = "${var.vpc_id}"
   }
 }
diff --git a/data_null_data_source_lambda_file.tf b/data_null_data_source_lambda_file.tf
index 568b303..dcaa3ae 100644
--- a/data_null_data_source_lambda_file.tf
+++ b/data_null_data_source_lambda_file.tf
@@ -1,20 +1,18 @@
 data "null_data_source" "lambda_file" {
-  count         = var.encrypt_ami ? 1 : 0
   inputs = {
     filename = "${substr("${path.module}/functions/ami_encryption.py", length(path.cwd) + 1, -1)}"
   }
 }
 
-data "null_data_source" "lambda_archive" {
+data "archive_file" "ami_encryption" {
   count         = var.encrypt_ami ? 1 : 0
+  type        = "zip"
+  source_file = "${path.module}/functions/ami_encryption.py"
+  output_path = data.null_data_source.lambda_archive.outputs.filename
+}
+
+data "null_data_source" "lambda_archive" {
   inputs = {
     filename = "${path.module}/functions/ami_encryption.zip"
   }
-}
-
-data "archive_file" "ami_encryption" {
-  count         = var.encrypt_ami ? 1 : 0
-  type        = "zip"
-  source_file = data.null_data_source.lambda_file[0].outputs.filename
-  output_path = data.null_data_source.lambda_archive[0].outputs.filename
 }
\ No newline at end of file
diff --git a/functions/ami_encryption.py b/functions/ami_encryption.py
index c69c384..cc11158 100644
--- a/functions/ami_encryption.py
+++ b/functions/ami_encryption.py
@@ -1,4 +1,4 @@
-# Automated AMI Backups
+# Automated AMI Encryption
 import copy
 import os
 
diff --git a/variables.tf b/variables.tf
index 54819fd..08763f7 100644
--- a/variables.tf
+++ b/variables.tf
@@ -31,7 +31,7 @@ variable "kms_key_arn" {
 
 variable "environment_build_image" {
   type = "string"
-  default = "aws/codebuild/standard:3.0"
+  default = "aws/codebuild/standard:1.0"
   description = "Docker image used by CodeBuild"
 }
 
@@ -94,7 +94,7 @@ locals {
       "egrep \"${data.aws_region.current.name}\\:\\sami\\-\" build.log | cut -d' ' -f2 > ami_id.txt",
       # Packer doesn't return non-zero status; we must do that if Packer build failed
       "test -s ami_id.txt || exit 1",
-      "if [ ${var.encrypt_ami} =  1 ] ; then curl -qL -o ami_builder_event.json https://gist.githubusercontent.com/sionsmith/23b7dfcd3ab9c302dc1c172c871a589a/raw/cf96e3cde40f413afa1d3405f33d4163bdb8db0b/ami_builder_event.json && sed -i.bak \"s/<<AMI-ID>>/$(cat ami_id.txt)/g\" ami_builder_event.json && aws events put-events --entries file://ami_builder_event.json; fi",
+      "if [ \"${var.encrypt_ami}\" = true ] ; then curl -qL -o ami_builder_event.json https://gist.githubusercontent.com/sionsmith/23b7dfcd3ab9c302dc1c172c871a589a/raw/cf96e3cde40f413afa1d3405f33d4163bdb8db0b/ami_builder_event.json && sed -i.bak \"s/<<AMI-ID>>/$(cat ami_id.txt)/g\" ami_builder_event.json && aws events put-events --entries file://ami_builder_event.json; fi",
       "echo build completed on `date`"
   ]
 }
\ No newline at end of file