Terraform - Multiple AWS codebuild projects require aws_codebuild_source_credential

Question

I have a lot of codebuild projects that are in use and they rely on aws_codebuild_source_credential to be created.

The problem for me is that some of the projects are specified in different folders and there is only one source credential for codebuild for an account.

This means that if I then delete a 'stack' which has created a aws_codebuild_source_credential in order to be able to create codebuild projects then the auth token is deleted for all codebuilds from that point on.

I cannot seem to find a data provider for the aws_codebuild_source_credential so I am looking for a way to reference one that is already created elsewhere.

When creating a codebuild project the oAuth token needs to be provided:

auth {
      type     = "OAUTH"
      resource = aws_codebuild_source_credential.github.arn
    }

The problem is how do I share a single aws_codebuild_source_credential so that I can pass this into separate code build projects, and should I run a destroy against any folder the token be left alone?

Answer 1

Comes down how you want to organise your terraform code, what I would do is

• move aws_codebuild_source_credential resource in a separate repository together with a aws_ssm_parameter resource (potentially even create is as a module).

• Provision those resources first (pre seeding), when you provision the aws_codebuild_source_credential store it's arn in aws_ssm_parameter under a known name.

• Next time you provision a new codebuild project, retrieve the source credential arn from the SSM via the corresponding data resource ssm_parameter