Merge pull request #15 from aws-samples/approval

- merged approval into plan stage
- default to superseded
- pipeline mode input

Author: jakebark

README.md

@@ -62,6 +62,7 @@ module "pipeline" {
 module "pipeline" {
   ...
   branch                = "main"
+  mode                  = "SUPERSEDED"
   detect_changes        = true
   kms_key               = aws_kms_key.this.arn
   access_logging_bucket = aws_s3_bucket.this.id
@@ -85,7 +86,9 @@ module "pipeline" {
   ]
 }
 ```
-`branch` is the branch to source. It defaults to "main" and may need to be altered if you are using pre-commit hooks that default to "master". 
+`branch` is the branch to source. It defaults to `main`.
+
+`mode` is [pipeline execution mode](https://docs.aws.amazon.com/codepipeline/latest/userguide/concepts-how-it-works.html#concepts-how-it-works-executions). It defaults to `SUPERSEDED`.
 
 `detect_changes` is used with third-party services, like GitHub. It enables AWS CodeConnections to invoke the pipeline when there is a commit to the repo.  
 

codepipeline.tf

@@ -5,7 +5,7 @@ resource "aws_codepipeline" "this" {
   name           = var.pipeline_name
   pipeline_type  = "V2"
   role_arn       = aws_iam_role.codepipeline_role.arn
-  execution_mode = "QUEUED"
+  execution_mode = var.mode
 
   artifact_store {
     location = aws_s3_bucket.this.id
@@ -34,7 +34,6 @@ resource "aws_codepipeline" "this" {
 
   stage {
     name = "Validation"
-
     dynamic "action" {
       for_each = var.tags == "" ? local.validation_stages : local.conditional_validation_stages
       content {
@@ -49,48 +48,40 @@ resource "aws_codepipeline" "this" {
           ProjectName = module.validation[action.key].codebuild_project.name
         }
       }
-
     }
-
   }
 
   stage {
     name = "Plan"
-
     action {
       name            = "Plan"
       category        = "Build"
       owner           = "AWS"
       provider        = "CodeBuild"
       input_artifacts = ["source_output"]
       version         = "1"
+      run_order       = 1
 
       configuration = {
         ProjectName = module.plan.codebuild_project.name
       }
     }
-  }
-
-  stage {
-    name = "Approve"
-
     action {
-      name     = "Approval"
-      category = "Approval"
-      owner    = "AWS"
-      provider = "Manual"
-      version  = "1"
+      name      = "Approval"
+      category  = "Approval"
+      owner     = "AWS"
+      provider  = "Manual"
+      version   = "1"
+      run_order = 2
 
       configuration = {
-        CustomData         = "This action will approve the deployment of resources in ${var.pipeline_name}. Please ensure that you review the build logs of the plan stage before approving."
-        ExternalEntityLink = "https://${data.aws_region.current.name}.console.aws.amazon.com/codesuite/codebuild/${data.aws_caller_identity.current.account_id}/projects/${var.pipeline_name}-plan/"
+        CustomData = "This action will approve the deployment of resources in ${var.pipeline_name}. Please review the plan action before approving."
       }
     }
   }
 
   stage {
     name = "Apply"
-
     action {
       name            = "Apply"
       category        = "Build"
@@ -106,7 +97,6 @@ resource "aws_codepipeline" "this" {
   }
 }
 
-
 resource "aws_iam_role" "codepipeline_role" {
   name               = "${var.pipeline_name}-role"
   assume_role_policy = data.aws_iam_policy_document.codepipeline-assume-role.json

variables.tf

@@ -71,6 +71,21 @@ variable "log_retention" {
   default     = 90
 }
 
+variable "mode" {
+  description = "pipeline execution mode"
+  type        = string
+  default     = "SUPERSEDED"
+  validation {
+    condition = contains([
+      "SUPERSEDED",
+      "PARALLEL",
+      "QUEUED"
+    ], var.mode)
+    error_message = "unsupported pipeline mode"
+  }
+
+}
+
 variable "kms_key" {
   description = "AWS KMS key ARN"
   type        = string