Add requested inputs

README.yaml

@@ -30,45 +30,50 @@ usage: |-
 
   ```hcl
   module "build" {
-      source = "cloudposse/codebuild/aws"
-      # Cloud Posse recommends pinning every module to a specific version
-      # version     = "x.x.x"
-      namespace           = "eg"
-      stage               = "staging"
-      name                = "app"
+    source = "cloudposse/codebuild/aws"
+    # Cloud Posse recommends pinning every module to a specific version
+    # version     = "x.x.x"
+    namespace           = "eg"
+    stage               = "staging"
+    name                = "app"
 
-      # https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html
-      build_image         = "aws/codebuild/standard:2.0"
-      build_compute_type  = "BUILD_GENERAL1_SMALL"
-      build_timeout       = 60
+    # https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html
+    build_image         = "aws/codebuild/standard:2.0"
+    build_compute_type  = "BUILD_GENERAL1_SMALL"
+    build_timeout       = 60
 
-      # These attributes are optional, used as ENV variables when building Docker images and pushing them to ECR
-      # For more info:
-      # http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html
-      # https://www.terraform.io/docs/providers/aws/r/codebuild_project.html
+    # These attributes are optional, used as ENV variables when building Docker images and pushing them to ECR
+    # For more info:
+    # http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html
+    # https://www.terraform.io/docs/providers/aws/r/codebuild_project.html
 
-      privileged_mode     = true
-      aws_region          = "us-east-1"
-      aws_account_id      = "xxxxxxxxxx"
-      image_repo_name     = "ecr-repo-name"
-      image_tag           = "latest"
+    privileged_mode     = true
+    aws_region          = "us-east-1"
+    aws_account_id      = "xxxxxxxxxx"
+    image_repo_name     = "ecr-repo-name"
+    image_tag           = "latest"
 
-      # Optional extra environment variables
-      environment_variables = [{
-          name  = "JENKINS_URL"
-          value = "https://jenkins.example.com"
-        },
-        {
-          name  = "COMPANY_NAME"
-          value = "Amazon"
-        },
-        {
-          name = "TIME_ZONE"
-          value = "Pacific/Auckland"
-
-        }]
+    # Optional extra environment variables
+    environment_variables = [
+      {
+        name  = "JENKINS_URL"
+        value = "https://jenkins.example.com"
+        type  = "PLAINTEXT"
+      },
+      {
+        name  = "COMPANY_NAME"
+        value = "Amazon"
+        type  = "PLAINTEXT"
+      },
+      {
+        name = "TIME_ZONE"
+        value = "Pacific/Auckland"
+        type  = "PLAINTEXT"
+      }
+    ]
   }
   ```
+
 include:
 - docs/targets.md
 - docs/terraform.md

examples/complete/versions.tf

@@ -0,0 +1,14 @@
+terraform {
+  required_version = ">= 0.13.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 2.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 2.1"
+    }
+  }
+}

main.tf

@@ -1,8 +1,6 @@
-data "aws_caller_identity" "default" {
-}
+data "aws_caller_identity" "default" {}
 
-data "aws_region" "default" {
-}
+data "aws_region" "default" {}
 
 resource "aws_s3_bucket" "cache_bucket" {
   #bridgecrew:skip=BC_AWS_S3_13:Skipping `Enable S3 Bucket Logging` check until bridgecrew will support dynamic blocks (https://github.com/bridgecrewio/checkov/issues/776).
@@ -125,15 +123,16 @@ resource "aws_iam_policy" "default" {
   name   = module.this.id
   path   = "/service-role/"
   policy = data.aws_iam_policy_document.combined_permissions.json
+  tags   = module.this.tags
 }
 
 resource "aws_iam_policy" "default_cache_bucket" {
   count = module.this.enabled && local.s3_cache_enabled ? 1 : 0
 
-
   name   = "${module.this.id}-cache-bucket"
   path   = "/service-role/"
   policy = join("", data.aws_iam_policy_document.permissions_cache_bucket.*.json)
+  tags   = module.this.tags
 }
 
 data "aws_s3_bucket" "secondary_artifact" {
@@ -469,4 +468,15 @@ resource "aws_codebuild_project" "default" {
       }
     }
   }
-}
+
+  dynamic "file_system_locations" {
+    for_each = length(var.file_system_locations) > 0 ? [""] : []
+    content {
+      identifier    = lookup(file_system_locations.value, "identifier", null)
+      location      = lookup(file_system_locations.value, "location", null)
+      mount_options = lookup(file_system_locations.value, "mount_options", null)
+      mount_point   = lookup(file_system_locations.value, "mount_point", null)
+      type          = lookup(file_system_locations.value, "type", null)
+    }
+  }
+}

variables.tf

@@ -4,14 +4,16 @@ variable "environment_variables" {
       name  = string
       value = string
       type  = string
-  }))
+    }
+  ))
 
   default = [
     {
       name  = "NO_ADDITIONAL_BUILD_VARS"
       value = "TRUE"
       type  = "PLAINTEXT"
-  }]
+    }
+  ]
 
   description = "A list of maps, that contain the keys 'name', 'value', and 'type' to be used as additional environment variables for the build. Valid types are 'PLAINTEXT', 'PARAMETER_STORE', or 'SECRETS_MANAGER'"
 }
@@ -275,3 +277,9 @@ variable "access_log_bucket_name" {
   default     = ""
   description = "Name of the S3 bucket where s3 access log will be sent to"
 }
+
+variable "file_system_locations" {
+  type        = any
+  default     = {}
+  description = "A set of file system locations to to mount inside the build. File system locations are documented below."
+}

versions.tf

@@ -11,4 +11,4 @@ terraform {
       version = ">= 2.1"
     }
   }
-}
+}