improvement: apply best practice for getting-started/cicd/codebuild terraform code

getting-started/cicd/codebuild/main.tf

@@ -1,115 +1,39 @@
+# Set AWS Provider
 provider "aws" {
   region = "us-east-1" # Replace with your desired region
 }
 
-# Create S3 buckets
-resource "aws_s3_bucket" "demo_aws_codebuild_bucket_output" {
-  bucket = "tungbq-demo-aws-codebuild-bucket-output"
+# Module: S3 Bucket Creation
+module "s3_bucket" {
+  source = "./modules/s3_bucket"
 
+  bucket_name = "tungbq-demo-aws-codebuild-bucket-output"
   tags = {
     Name        = "S3 bucket to store output code"
     Environment = "Dev"
   }
-
-  force_destroy = true
 }
 
+# Module: IAM Role Creation
+module "iam_role" {
+  source = "./modules/iam_role"
 
-
-data "aws_iam_policy_document" "assume_role" {
-  statement {
-    effect = "Allow"
-
-    principals {
-      type        = "Service"
-      identifiers = ["codebuild.amazonaws.com"]
-    }
-
-    actions = ["sts:AssumeRole"]
-  }
-}
-
-resource "aws_iam_role" "demo_codebuild" {
-  name               = "demo_codebuild"
-  assume_role_policy = data.aws_iam_policy_document.assume_role.json
+  service_name = "codebuild.amazonaws.com"
 }
 
-data "aws_iam_policy_document" "demo_codebuild" {
-  statement {
-    effect = "Allow"
-
-    actions = [
-      "logs:CreateLogGroup",
-      "logs:CreateLogStream",
-      "logs:PutLogEvents",
-    ]
-
-    resources = ["*"]
-  }
-
-  statement {
-    effect = "Allow"
-
-    actions = [
-      "ec2:CreateNetworkInterface",
-      "ec2:DescribeDhcpOptions",
-      "ec2:DescribeNetworkInterfaces",
-      "ec2:DeleteNetworkInterface",
-      "ec2:DescribeSubnets",
-      "ec2:DescribeSecurityGroups",
-      "ec2:DescribeVpcs",
-    ]
-
-    resources = ["*"]
-  }
-
+# Module: IAM Role Policy Creation
+module "iam_role_policy" {
+  source = "./modules/iam_role_policy"
 
-  statement {
-    effect  = "Allow"
-    actions = ["s3:*"]
-    resources = [
-      aws_s3_bucket.demo_aws_codebuild_bucket_output.arn,
-      "${aws_s3_bucket.demo_aws_codebuild_bucket_output.arn}/*",
-    ]
-  }
-}
-
-resource "aws_iam_role_policy" "demo_codebuild" {
-  role   = aws_iam_role.demo_codebuild.name
-  policy = data.aws_iam_policy_document.demo_codebuild.json
+  role_name     = module.iam_role.role_name
+  s3_bucket_arn = module.s3_bucket.bucket_arn
 }
 
+# Module: CodeBuild Project Creation
+module "codebuild_project" {
+  source = "./modules/codebuild_project"
 
-### CODE BUILD PROJECT
-resource "aws_codebuild_project" "demo_project" {
-  name           = "demo_project"
-  description    = "Demo project"
-  build_timeout  = 5
-  queued_timeout = 5
-
-  service_role = aws_iam_role.demo_codebuild.arn
-
-  artifacts {
-    type     = "S3"
-    location = aws_s3_bucket.demo_aws_codebuild_bucket_output.id
-  }
-
-  environment {
-    compute_type                = "BUILD_GENERAL1_SMALL"
-    image                       = "aws/codebuild/amazonlinux2-x86_64-standard:4.0"
-    type                        = "LINUX_CONTAINER"
-    image_pull_credentials_type = "CODEBUILD"
-  }
-
-  source {
-    type            = "GITHUB"
-    location        = "https://github.com/tungbq/aws-cicd-source-example.git"
-    git_clone_depth = 1
-  }
-
-  source_version = "main"
-
-  tags = {
-    Environment = "Test"
-  }
+  project_name = "demo_project"
+  service_role = module.iam_role.role_arn
+  s3_bucket_id = module.s3_bucket.bucket_id
 }

getting-started/cicd/codebuild/modules/codebuild_project/main.tf

@@ -0,0 +1,33 @@
+# modules/codebuild_project/main.tf
+resource "aws_codebuild_project" "demo_project" {
+  name           = var.project_name
+  description    = "Demo project"
+  build_timeout  = 5
+  queued_timeout = 5
+
+  service_role = var.service_role
+
+  artifacts {
+    type     = "S3"
+    location = var.s3_bucket_id
+  }
+
+  environment {
+    compute_type                = "BUILD_GENERAL1_SMALL"
+    image                       = "aws/codebuild/amazonlinux2-x86_64-standard:4.0"
+    type                        = "LINUX_CONTAINER"
+    image_pull_credentials_type = "CODEBUILD"
+  }
+
+  source {
+    type            = "GITHUB"
+    location        = "https://github.com/tungbq/aws-cicd-source-example.git"
+    git_clone_depth = 1
+  }
+
+  source_version = "main"
+
+  tags = {
+    Environment = "Test"
+  }
+}

getting-started/cicd/codebuild/modules/codebuild_project/variables.tf

@@ -0,0 +1,15 @@
+# modules/codebuild_project/variables.tf
+variable "project_name" {
+  description = "Name of the CodeBuild project"
+  type        = string
+}
+
+variable "service_role" {
+  description = "ARN of the service role for CodeBuild"
+  type        = string
+}
+
+variable "s3_bucket_id" {
+  description = "ID of the S3 bucket"
+  type        = string
+}

getting-started/cicd/codebuild/modules/iam_role/main.tf

@@ -0,0 +1,27 @@
+# modules/iam_role/main.tf
+resource "aws_iam_role" "demo_codebuild" {
+  name = var.service_name
+
+  assume_role_policy = data.aws_iam_policy_document.assume_role.json
+}
+
+data "aws_iam_policy_document" "assume_role" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = [var.service_name]
+    }
+
+    actions = ["sts:AssumeRole"]
+  }
+}
+
+output "role_arn" {
+  value = aws_iam_role.demo_codebuild.arn
+}
+
+output "role_name" {
+  value = aws_iam_role.demo_codebuild.name
+}

getting-started/cicd/codebuild/modules/iam_role/variables.tf

@@ -0,0 +1,5 @@
+# modules/iam_role/variables.tf
+variable "service_name" {
+  description = "Service name for IAM role"
+  type        = string
+}

getting-started/cicd/codebuild/modules/iam_role_policy/main.tf

@@ -0,0 +1,41 @@
+# modules/iam_role_policy/main.tf
+resource "aws_iam_role_policy" "demo_codebuild" {
+  role   = var.role_name
+  policy = data.aws_iam_policy_document.demo_codebuild.json
+}
+
+data "aws_iam_policy_document" "demo_codebuild" {
+  statement {
+    effect = "Allow"
+
+    actions = [
+      "logs:CreateLogGroup",
+      "logs:CreateLogStream",
+      "logs:PutLogEvents",
+    ]
+
+    resources = ["*"]
+  }
+
+  statement {
+    effect = "Allow"
+
+    actions = [
+      "ec2:CreateNetworkInterface",
+      "ec2:DescribeDhcpOptions",
+      "ec2:DescribeNetworkInterfaces",
+      "ec2:DeleteNetworkInterface",
+      "ec2:DescribeSubnets",
+      "ec2:DescribeSecurityGroups",
+      "ec2:DescribeVpcs",
+    ]
+
+    resources = ["*"]
+  }
+
+  statement {
+    effect    = "Allow"
+    actions   = ["s3:*"]
+    resources = [var.s3_bucket_arn, "${var.s3_bucket_arn}/*"]
+  }
+}

getting-started/cicd/codebuild/modules/iam_role_policy/variables.tf

@@ -0,0 +1,10 @@
+# modules/iam_role_policy/variables.tf
+variable "role_name" {
+  description = "Name of the IAM role"
+  type        = string
+}
+
+variable "s3_bucket_arn" {
+  description = "ARN of the S3 bucket"
+  type        = string
+}

getting-started/cicd/codebuild/modules/s3_bucket/main.tf

@@ -0,0 +1,16 @@
+# modules/s3_bucket/main.tf
+resource "aws_s3_bucket" "demo_aws_codebuild_bucket_output" {
+  bucket = var.bucket_name
+
+  tags = var.tags
+
+  force_destroy = true
+}
+
+output "bucket_arn" {
+  value = aws_s3_bucket.demo_aws_codebuild_bucket_output.arn
+}
+
+output "bucket_id" {
+  value = aws_s3_bucket.demo_aws_codebuild_bucket_output.id
+}

getting-started/cicd/codebuild/modules/s3_bucket/variables.tf

@@ -0,0 +1,10 @@
+# modules/s3_bucket/variables.tf
+variable "bucket_name" {
+  description = "The name for the S3 bucket"
+  type        = string
+}
+
+variable "tags" {
+  description = "Tags for the S3 bucket"
+  type        = map(string)
+}