DS-4011 Updating pipeline trigger mechanism

build/automation/var/project.mk

@@ -50,6 +50,8 @@ TF_VAR_pipeline_topic_name := $(PROJECT_ID)-$(ENVIRONMENT)-pipeline-topic
 TF_VAR_pipeline_notification_name := $(PROJECT_ID)-$(ENVIRONMENT)-pipeline-notification
 TF_VAR_cicd_blue_green_deployment_pipeline_nofitication_name := $(PROJECT_ID)-$(ENVIRONMENT)-blue-green-pipeline-notification
 TF_VAR_cicd_shared_resources_deployment_pipeline_nofitication_name := $(PROJECT_ID)-$(ENVIRONMENT)-shared-resources-pipeline-notification
+TF_VAR_cicd_blue_green_deployment_pipeline_eventbridge_rule_name := $(PROJECT_ID)-$(ENVIRONMENT)-trigger-blue-green-pipeline
+TF_VAR_cicd_shared_resources_deployment_pipeline_eventbridge_rule_name := $(PROJECT_ID)-$(ENVIRONMENT)-trigger-shared-resources-pipeline
 TF_VAR_pipeline_chatbot_channel := $(PROJECT_ID)-cicd-slk-channel
 TF_VAR_nightly_rule_name := $(PROJECT_ID)-$(ENVIRONMENT)-performance-pipeline-nightly-rule
 

infrastructure/modules/eventbridge_pipeline_trigger/main.tf

@@ -0,0 +1,22 @@
+resource "aws_cloudwatch_event_rule" "trigger_pipeline" {
+  name          = var.rule_name
+  description   = var.description
+  event_pattern = <<EOF
+{
+  "source": ["aws.s3"],
+  "detail-type": ["Object Created"],
+  "resources": ["arn:aws:s3:::${var.bucket_name}"],
+  "detail": {
+    "object": {
+      "key": ["${var.object_key}"]
+    }
+  }
+}
+EOF
+}
+
+resource "aws_cloudwatch_event_target" "pipeline_target" {
+  rule     = aws_cloudwatch_event_rule.trigger_pipeline.name
+  arn      = var.pipeline_arn
+  role_arn = var.pipeline_role_arn
+}

infrastructure/modules/eventbridge_pipeline_trigger/outputs.tf

@@ -0,0 +1,9 @@
+output "eventbridge_rule_id" {
+  description = "The EventBridge rule Name we just created."
+  value       = aws_cloudwatch_event_rule.trigger_pipeline.id
+}
+
+output "eventbridge_rule_arn" {
+  description = "The EventBridge rule ARN we just created."
+  value       = aws_cloudwatch_event_rule.trigger_pipeline.arn
+}

infrastructure/modules/eventbridge_pipeline_trigger/variables.tf

@@ -0,0 +1,30 @@
+variable "bucket_name" {
+  description = "Name of the S3 bucket to monitor."
+  type        = string
+}
+
+variable "pipeline_arn" {
+  description = "ARN of the CodePipeline to trigger."
+  type        = string
+}
+
+variable "pipeline_role_arn" {
+  description = "Role ARN for EventBridge to trigger the pipeline."
+  type        = string
+}
+
+variable "rule_name" {
+  description = "Name of the EventBridge rule."
+  type        = string
+}
+
+variable "description" {
+  description = "Description of the EventBridge rule."
+  type        = string
+}
+
+variable "object_key" {
+  description = "S3 object key to filter on."
+  type        = string
+  default     = "repository.zip"
+}

infrastructure/stacks/development-and-deployment-tools/cicd_blue_green_deployment_pipeline.tf

@@ -21,7 +21,7 @@ resource "aws_codepipeline" "cicd_blue_green_deployment_pipeline" {
       configuration = {
         S3Bucket             = var.cicd_blue_green_deployment_pipeline_artefact_bucket
         S3ObjectKey          = "repository.zip"
-        PollForSourceChanges = "True"
+        PollForSourceChanges = "False"
       }
     }
   }
@@ -332,7 +332,6 @@ resource "aws_codepipeline" "cicd_blue_green_deployment_pipeline" {
   ]
 }
 
-
 module "cicd_blue_green_deployment_pipeline_artefact_bucket" {
   source             = "../../modules/s3"
   name               = var.cicd_blue_green_deployment_pipeline_artefact_bucket
@@ -341,3 +340,19 @@ module "cicd_blue_green_deployment_pipeline_artefact_bucket" {
   versioning_enabled = "true"
   force_destroy      = "true"
 }
+
+resource "aws_s3_bucket_notification" "uec-dos-int-dev-eventbridge_blue_green" {
+  bucket      = module.cicd_blue_green_deployment_pipeline_artefact_bucket.s3_bucket_id
+  eventbridge = true
+  depends_on  = [module.cicd_blue_green_deployment_pipeline_artefact_bucket]
+}
+
+module "blue_green_eventbridge_trigger" {
+  source            = "../../modules/eventbridge_pipeline_trigger"
+  bucket_name       = module.cicd_blue_green_deployment_pipeline_artefact_bucket.s3_bucket_id
+  pipeline_arn      = aws_codepipeline.cicd_blue_green_deployment_pipeline.arn
+  pipeline_role_arn = data.aws_iam_role.pipeline_role.arn
+  rule_name         = var.cicd_blue_green_deployment_pipeline_eventbridge_rule_name
+  description       = "Trigger Blue/Green pipeline when repository.zip is updated"
+  depends_on        = [module.cicd_blue_green_deployment_pipeline_artefact_bucket]
+}

infrastructure/stacks/development-and-deployment-tools/cicd_shared_resources_pipeline.tf

@@ -20,7 +20,7 @@ resource "aws_codepipeline" "cicd_shared_resources_deployment_pipeline" {
       configuration = {
         S3Bucket             = var.cicd_shared_resoures_deployment_pipeline_artefact_bucket
         S3ObjectKey          = "repository.zip"
-        PollForSourceChanges = "True"
+        PollForSourceChanges = "False"
       }
     }
   }
@@ -212,3 +212,19 @@ module "cicd_shared_resoures_deployment_pipeline_artefact_bucket" {
   versioning_enabled = "true"
   force_destroy      = "true"
 }
+
+resource "aws_s3_bucket_notification" "uec-dos-int-dev-eventbridge_shared_resources" {
+  bucket      = module.cicd_shared_resoures_deployment_pipeline_artefact_bucket.s3_bucket_id
+  eventbridge = true
+  depends_on  = [module.cicd_shared_resoures_deployment_pipeline_artefact_bucket]
+}
+
+module "shared_resources_eventbridge_trigger" {
+  source            = "../../modules/eventbridge_pipeline_trigger"
+  bucket_name       = module.cicd_shared_resoures_deployment_pipeline_artefact_bucket.s3_bucket_id
+  pipeline_arn      = aws_codepipeline.cicd_shared_resources_deployment_pipeline.arn
+  pipeline_role_arn = data.aws_iam_role.pipeline_role.arn
+  rule_name         = var.cicd_shared_resources_deployment_pipeline_eventbridge_rule_name
+  description       = "Trigger Shared Resources pipeline when repository.zip is updated"
+  depends_on        = [module.cicd_shared_resoures_deployment_pipeline_artefact_bucket]
+}

infrastructure/stacks/development-and-deployment-tools/variables.tf

@@ -41,6 +41,17 @@ variable "cicd_shared_resources_deployment_pipeline_nofitication_name" {
   description = "Shared resources deployment pipeline notification name"
 }
 
+variable "cicd_blue_green_deployment_pipeline_eventbridge_rule_name" {
+  type        = string
+  description = "Shared resources deployment pipeline notification name"
+}
+
+variable "cicd_shared_resources_deployment_pipeline_eventbridge_rule_name" {
+  type        = string
+  description = "Shared resources deployment pipeline notification name"
+}
+
+
 variable "pipeline_chatbot_channel" {
   type        = string
   description = ""

infrastructure/stacks/shared-resources/dynamodb.tf

@@ -1,8 +1,8 @@
 resource "aws_dynamodb_table" "message-history-table" {
-  name         = var.change_events_table_name
-  billing_mode = "PAY_PER_REQUEST"
-  hash_key     = "Id"
-  range_key    = "ODSCode"
+  name                        = var.change_events_table_name
+  billing_mode                = "PAY_PER_REQUEST"
+  hash_key                    = "Id"
+  range_key                   = "ODSCode"
   deletion_protection_enabled = var.ddb_delete_protection
 
   server_side_encryption {

infrastructure/stacks/shared-resources/waf.tf

@@ -76,13 +76,13 @@ resource "aws_wafv2_web_acl" "di_endpoint_waf" {
         sensitivity_level = "HIGH"
         text_transformation {
           priority = 0
-          type = "NONE"
+          type     = "NONE"
         }
       }
     }
     visibility_config {
-      sampled_requests_enabled = true
-      metric_name = var.waf_custom_sqli_rule_name
+      sampled_requests_enabled   = true
+      metric_name                = var.waf_custom_sqli_rule_name
       cloudwatch_metrics_enabled = true
     }
   }