From a759f2e913b105acb8a58f7c4e8172bccff49005 Mon Sep 17 00:00:00 2001
From: sakruthijupalli <108491140+sakruthijupalli@users.noreply.github.com>
Date: Wed, 26 Apr 2023 17:35:08 -0400
Subject: [PATCH] AWS Amplify App Module (#429)

---
 terraform-modules/aws/amplify/README.md    | 49 ++++++++++++++
 terraform-modules/aws/amplify/main.tf      | 61 ++++++++++++++++++
 terraform-modules/aws/amplify/outputs.tf   | 19 ++++++
 terraform-modules/aws/amplify/variables.tf | 75 ++++++++++++++++++++++
 4 files changed, 204 insertions(+)
 create mode 100644 terraform-modules/aws/amplify/README.md
 create mode 100644 terraform-modules/aws/amplify/main.tf
 create mode 100644 terraform-modules/aws/amplify/outputs.tf
 create mode 100644 terraform-modules/aws/amplify/variables.tf

diff --git a/terraform-modules/aws/amplify/README.md b/terraform-modules/aws/amplify/README.md
new file mode 100644
index 000000000..3f6f04681
--- /dev/null
+++ b/terraform-modules/aws/amplify/README.md
@@ -0,0 +1,49 @@
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_amplify_app.amplify](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/amplify_app) | resource |
+| [aws_amplify_branch.deploy_branches](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/amplify_branch) | resource |
+| [aws_amplify_domain_association.domain](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/amplify_domain_association) | resource |
+| [aws_iam_role.amplify](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [aws_iam_role_policy_attachment.role_attach](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_branch_name"></a> [branch\_name](#input\_branch\_name) | The branch name to be deployed. | `string` | `null` | no |
+| <a name="input_build_spec"></a> [build\_spec](#input\_build\_spec) | Build spec for the Amplify App | `string` | `null` | no |
+| <a name="input_custom_rules"></a> [custom\_rules](#input\_custom\_rules) | Custom rules for the AWS Amplify App | <pre>list(object({<br>    source    = string<br>    target    = string<br>    status    = string<br>    condition = optional(string)<br>  }))</pre> | `[]` | no |
+| <a name="input_domain_name"></a> [domain\_name](#input\_domain\_name) | The domain name to associate with the Amplify app. | `string` | `null` | no |
+| <a name="input_enable_branch_auto_build"></a> [enable\_branch\_auto\_build](#input\_enable\_branch\_auto\_build) | Enable branch auto-build for the Amplify App | `bool` | `false` | no |
+| <a name="input_environment_variables"></a> [environment\_variables](#input\_environment\_variables) | Environment variables for the Amplify App | `map(string)` | `{}` | no |
+| <a name="input_gh_access_token"></a> [gh\_access\_token](#input\_gh\_access\_token) | GitHub access token for the Amplify App | `string` | n/a | yes |
+| <a name="input_name"></a> [name](#input\_name) | The name of the Amplify App | `string` | `null` | no |
+| <a name="input_repository_url"></a> [repository\_url](#input\_repository\_url) | The URL of the Git repository for the Amplify App | `string` | n/a | yes |
+| <a name="input_sub_domain_branch"></a> [sub\_domain\_branch](#input\_sub\_domain\_branch) | The branch name to associate with the subdomain. | `string` | `null` | no |
+| <a name="input_sub_domain_prefix"></a> [sub\_domain\_prefix](#input\_sub\_domain\_prefix) | The subdomain prefix to associate with the branch. | `string` | `null` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | A set of tags to place on the items | `any` | `{}` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_amplify_app_arn"></a> [amplify\_app\_arn](#output\_amplify\_app\_arn) | The ARN of the created Amplify App |
+| <a name="output_amplify_app_default_domain"></a> [amplify\_app\_default\_domain](#output\_amplify\_app\_default\_domain) | The default domain of the created Amplify App |
+| <a name="output_amplify_app_id"></a> [amplify\_app\_id](#output\_amplify\_app\_id) | The ID of the created Amplify App |
+| <a name="output_amplify_app_name"></a> [amplify\_app\_name](#output\_amplify\_app\_name) | The name of the created Amplify App |
diff --git a/terraform-modules/aws/amplify/main.tf b/terraform-modules/aws/amplify/main.tf
new file mode 100644
index 000000000..e183b32c4
--- /dev/null
+++ b/terraform-modules/aws/amplify/main.tf
@@ -0,0 +1,61 @@
+resource "aws_iam_role" "amplify" {
+  name = "${var.name}-amplify-role"
+  tags = var.tags
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Principal = {
+          Service = "amplify.amazonaws.com"
+        }
+      }
+    ]
+  })
+}
+
+# Base policy for Amplify app allows access to resources needed by Amplify applications.
+# https://docs.aws.amazon.com/amplify/latest/userguide/security-iam-awsmanpol.html?authuser=1
+resource "aws_iam_role_policy_attachment" "role_attach" {
+  role       = aws_iam_role.amplify.name
+  policy_arn = "arn:aws:iam::aws:policy/AdministratorAccess-Amplify"
+  tags       = var.tags
+}
+
+resource "aws_amplify_app" "amplify" {
+  name                     = var.name
+  repository               = var.repository_url
+  enable_branch_auto_build = var.enable_branch_auto_build
+  build_spec               = var.build_spec
+  oauth_token              = var.gh_access_token
+  iam_service_role_arn     = aws_iam_role.amplify.arn
+  dynamic "custom_rule" {
+    for_each = var.custom_rules
+    content {
+      source    = custom_rule.value.source
+      target    = custom_rule.value.target
+      status    = custom_rule.value.status
+      condition = custom_rule.value.condition
+    }
+  }
+
+  environment_variables = var.environment_variables
+  tags                  = var.tags
+}
+
+resource "aws_amplify_branch" "deploy_branches" {
+  app_id      = aws_amplify_app.amplify.id
+  branch_name = var.branch_name
+}
+
+resource "aws_amplify_domain_association" "domain" {
+  app_id      = aws_amplify_app.amplify.id
+  domain_name = var.domain_name
+
+  depends_on = [aws_amplify_branch.deploy_branches]
+  sub_domain {
+    prefix      = var.sub_domain_prefix
+    branch_name = var.sub_domain_branch
+  }
+}
diff --git a/terraform-modules/aws/amplify/outputs.tf b/terraform-modules/aws/amplify/outputs.tf
new file mode 100644
index 000000000..c5e294268
--- /dev/null
+++ b/terraform-modules/aws/amplify/outputs.tf
@@ -0,0 +1,19 @@
+output "amplify_app_id" {
+  description = "The ID of the created Amplify App"
+  value       = aws_amplify_app.amplify.id
+}
+
+output "amplify_app_arn" {
+  description = "The ARN of the created Amplify App"
+  value       = aws_amplify_app.amplify.arn
+}
+
+output "amplify_app_name" {
+  description = "The name of the created Amplify App"
+  value       = aws_amplify_app.amplify.name
+}
+
+output "amplify_app_default_domain" {
+  description = "The default domain of the created Amplify App"
+  value       = aws_amplify_app.amplify.default_domain
+}
\ No newline at end of file
diff --git a/terraform-modules/aws/amplify/variables.tf b/terraform-modules/aws/amplify/variables.tf
new file mode 100644
index 000000000..327e93618
--- /dev/null
+++ b/terraform-modules/aws/amplify/variables.tf
@@ -0,0 +1,75 @@
+variable "name" {
+  description = "The name of the Amplify App"
+  type        = string
+  default     = null
+}
+
+variable "repository_url" {
+  description = "The URL of the Git repository for the Amplify App"
+  type        = string
+}
+
+variable "enable_branch_auto_build" {
+  description = "Enable branch auto-build for the Amplify App"
+  type        = bool
+  default     = false
+}
+
+variable "build_spec" {
+  description = "Build spec for the Amplify App"
+  type        = string
+  default     = null
+}
+
+variable "custom_rules" {
+  description = "Custom rules for the AWS Amplify App"
+  type        = list(object({
+    source    = string
+    target    = string
+    status    = string
+    condition = optional(string)
+  }))
+  default = []
+}
+
+variable "environment_variables" {
+  description = "Environment variables for the Amplify App"
+  type        = map(string)
+  default     = {}
+}
+
+variable "gh_access_token" {
+  description = "GitHub access token for the Amplify App"
+  type        = string
+  sensitive   = true
+}
+
+variable "branch_name" {
+  description = "The branch name to be deployed."
+  type        = string
+  default     = null
+}
+
+variable "domain_name" {
+  description = "The domain name to associate with the Amplify app."
+  type        = string
+  default     = null
+}
+
+variable "sub_domain_prefix" {
+  description = "The subdomain prefix to associate with the branch."
+  type        = string
+  default     = null
+}
+
+variable "sub_domain_branch" {
+  description = "The branch name to associate with the subdomain."
+  type        = string
+  default     = null
+}
+
+variable "tags" {
+  type        = any
+  default     = {}
+  description = "A set of tags to place on the items"
+}