xdr-terraform-modules/base/codebuild_splunk_docs

Codebuild Splunk Docs

Based heavily off codebuild_artifact and codebuild_splunk_apps, this module creates a CodeBuild job to deposit docs into the xdr-[environment]-portal-shared-artifacts bucket.

It uses an ECR container from common services.

How to Use this Module

This module is where the CodeBuild artifacts are created. It uses the Terraform GitHub Provider and requires a Personal Access Token. This should be your Personal Access Token not mdr-aws-codebuild's token (see how-to below). The provider will look in the environmental variables for the token.

export GITHUB_TOKEN=<gihub_token>

This module should NOT create the github repo. That is a manual process. I am not comfortable with terraform adding/removing github repos. The github repo should have the same name as the name variable in the terrafgrunt.hcl file. The user associated with the Personal Access Token needs to have admin permissions on the github repo.

Github Service Account ( mdr-aws-codebuild )

AWS CodeBuild needs a Github Personal Access Token to pull code after the code in a repository has been updated. This is the mdr-aws-codebuild account. The secret github token is stored in the C2 account and automatically added.

Despite the Web Interface, there can be only one GHE token per account and region.

The mdr-aws-codebuild user must have read access to the repositories you wish to build from.

Creating a Personal Access Token

1) In github, go to settings->Developer Settings->Personal Access Tokens 2) Click 'Generate Token' 3) Give it a name (e.g. terragrunt) 4) Give it the following permission groups:

• repo
• admin:repo_hook 5) Create the token.

Record it someplace safe.