Backup your AWS CodeCommit repositories to Amazon S3.
(or risk unwillingly discovering that deleting an AWS CodeCommit repository is a one-way operation)
This module is designed for a GitHub source type but it could be cloned and deployed locally, or from a private registry.
module "codecommit_s3_backup" {
source = "github.com/aws-samples/aws-codecommit-s3-backups-with-terraform"
name = "codecommit-s3-backup"
}
The name
will be used in the resource names, such as eventbridge rules and IAM roles.
module "codecommit_s3_backup" {
...
kms_key = aws_kms_key.this.arn
access_logging_bucket = aws_s3_bucket.this.id
}
kms_key
can be used to encrypt the Amazon S3 bucket with a AWS KMS key of your choice. Otherwise the bucket will be encrypted using SSE-S3. Your AWS KMS key policy will need to allow codebuild to kms:GenerateDataKey*
and kms:Decrypt
.
access_logging_bucket
is the arn of your Amazon S3 access logging bucket.
- Users push code to a repository in CodeCommit.
- Amazon EventBridge monitors for changes to any repository.
- EventBridge invokes AWS CodeBuild and sends it information about the repository.
- CodeBuild clones the repository and packages it into a .zip file.
- CodeBuild uploads the .zip file to an S3 bucket.
Issue | Fix |
---|---|
Errors containing NO_ARTIFACTS or NO_SOURCE |
Run a destroy and then a fresh apply. CodeBuild projects with no artifacts and defined source may generate errors when they are being edited (rather than built fresh). |
- Automate event-driven backups from CodeCommit to Amazon S3 using CodeBuild and CloudWatch Events
- Resource: aws_codebuild_project
- Resource: aws_cloudwatch_event_rule
See CONTRIBUTING for more information.
This library is licensed under the MIT-0 License. See the LICENSE file.