Add s3_cache_bucket_name

cloudposse · Jun 21, 2022 · ce35678 · ce35678
1 parent f42c5fb
commit ce35678
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 4 deletions.
diff --git a/main.tf b/main.tf
@@ -6,7 +6,7 @@ resource "aws_s3_bucket" "cache_bucket" {
   #bridgecrew:skip=BC_AWS_S3_13:Skipping `Enable S3 Bucket Logging` check until bridgecrew will support dynamic blocks (https://github.com/bridgecrewio/checkov/issues/776).
   #bridgecrew:skip=BC_AWS_S3_14:Skipping `Ensure all data stored in the S3 bucket is securely encrypted at rest` check until bridgecrew will support dynamic blocks (https://github.com/bridgecrewio/checkov/issues/776).
   #bridgecrew:skip=CKV_AWS_52:Skipping `Ensure S3 bucket has MFA delete enabled` due to issue in terraform (https://github.com/hashicorp/terraform-provider-aws/issues/629).
-  count         = module.this.enabled && local.s3_cache_enabled ? 1 : 0
+  count         = module.this.enabled && local.create_s3_cache_bucket ? 1 : 0
   bucket        = local.cache_bucket_name_normalised
   acl           = "private"
   force_destroy = true
@@ -69,16 +69,17 @@ locals {
     min(length(local.cache_bucket_name), 63),
   )
 
-  s3_cache_enabled = var.cache_type == "S3"
+  s3_cache_enabled       = var.cache_type == "S3"
+  create_s3_cache_bucket = local.s3_cache_enabled && var.s3_cache_bucket_name == ""
+  s3_bucket_name         = local.create_s3_cache_bucket ? join("", aws_s3_bucket.cache_bucket.*.bucket) : var.s3_cache_bucket_name
 
   ## This is the magic where a map of a list of maps is generated
   ## and used to conditionally add the cache bucket option to the
   ## aws_codebuild_project
   cache_options = {
     "S3" = {
       type     = "S3"
-      location = module.this.enabled && local.s3_cache_enabled ? join("", aws_s3_bucket.cache_bucket.*.bucket) : "none"
-
+      location = module.this.enabled && local.s3_cache_enabled ? local.s3_bucket_name : "none"
     },
     "LOCAL" = {
       type  = "LOCAL"

diff --git a/variables.tf b/variables.tf
@@ -294,4 +294,10 @@ variable "build_image_pull_credentials_type" {
   type        = string
   default     = "CODEBUILD"
   description = "Type of credentials AWS CodeBuild uses to pull images in your build.Valid values: CODEBUILD, SERVICE_ROLE. When you use a cross-account or private registry image, you must use SERVICE_ROLE credentials."
+}
+
+variable "s3_cache_bucket_name" {
+  type        = string
+  default     = null
+  description = "Use an existing s3 bucket name for cache. Relevant if `cache_type` is set to `S3`."
 }