From b478c150e1dfa23be965089bd782ab38f0acaae9 Mon Sep 17 00:00:00 2001
From: Moritz Zimmer <moritz.zimmer+github@posteo.de>
Date: Tue, 9 Jan 2024 09:01:58 +0100
Subject: [PATCH] feat: use Lambda aarch64 architecture as default for
 CodeBuild

---
 README.md                        |  3 +++
 main.tf                          |  3 +++
 modules/deployment/backend.tf    |  2 +-
 modules/deployment/code_build.tf |  8 ++++----
 modules/deployment/variables.tf  | 18 ++++++++++++++++++
 variables.tf                     | 18 ++++++++++++++++++
 6 files changed, 47 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 4f2c08c..540c2a6 100644
--- a/README.md
+++ b/README.md
@@ -222,6 +222,9 @@ for example.
 | <a name="input_capacity_provider_strategy"></a> [capacity\_provider\_strategy](#input\_capacity\_provider\_strategy) | Capacity provider strategies to use for the service. Can be one or more. | <pre>list(object({<br>    capacity_provider = string<br>    weight            = string<br>    base              = optional(string, null)<br>  }))</pre> | `null` | no |
 | <a name="input_cloudwatch_logs"></a> [cloudwatch\_logs](#input\_cloudwatch\_logs) | CloudWatch logs configuration for the containers of this service. CloudWatch logs will be used as the default log configuration if Firelens is disabled and for the fluentbit and otel containers. | <pre>object({<br>    enabled           = optional(bool, true)<br>    name              = optional(string, "")<br>    retention_in_days = optional(number, 7)<br>  })</pre> | `{}` | no |
 | <a name="input_cluster_id"></a> [cluster\_id](#input\_cluster\_id) | The ECS cluster id that should run this service | `string` | n/a | yes |
+| <a name="input_code_build_environment_compute_type"></a> [code\_build\_environment\_compute\_type](#input\_code\_build\_environment\_compute\_type) | Information about the compute resources the CodeBuild stage of the deployment pipeline will use. | `string` | `"BUILD_LAMBDA_1GB"` | no |
+| <a name="input_code_build_environment_image"></a> [code\_build\_environment\_image](#input\_code\_build\_environment\_image) | Docker image to use for the CodeBuild stage of the deployment pipeline. | `string` | `"aws/codebuild/amazonlinux-aarch64-lambda-standard:python3.12"` | no |
+| <a name="input_code_build_environment_type"></a> [code\_build\_environment\_type](#input\_code\_build\_environment\_type) | Type of build environment for the CodeBuild stage of the deployment pipeline. | `string` | `"ARM_LAMBDA_CONTAINER"` | no |
 | <a name="input_code_build_log_retention_in_days"></a> [code\_build\_log\_retention\_in\_days](#input\_code\_build\_log\_retention\_in\_days) | Log retention in days of the CodeBuild CloudWatch log group. | `number` | `7` | no |
 | <a name="input_code_build_role_name"></a> [code\_build\_role\_name](#input\_code\_build\_role\_name) | Use an existing role for codebuild permissions that can be reused for multiple services. Otherwise a separate role for this service will be created. | `string` | `""` | no |
 | <a name="input_code_pipeline_artifact_bucket"></a> [code\_pipeline\_artifact\_bucket](#input\_code\_pipeline\_artifact\_bucket) | Use an existing bucket for codepipeline artifacts that can be reused for multiple services. Otherwise a separate bucket for each service will be created. | `string` | `""` | no |
diff --git a/main.tf b/main.tf
index b8c4e73..93c08d4 100644
--- a/main.tf
+++ b/main.tf
@@ -229,6 +229,9 @@ module "code_deploy" {
 
   cluster_name                            = var.cluster_id
   container_name                          = local.container_name
+  code_build_environment_compute_type     = var.code_build_environment_compute_type
+  code_build_environment_image            = var.code_build_environment_image
+  code_build_environment_type             = var.code_build_environment_type
   codestar_notifications_detail_type      = var.codestar_notifications_detail_type
   codestar_notifications_event_type_ids   = var.codestar_notifications_event_type_ids
   codestar_notifications_target_arn       = var.codestar_notifications_target_arn
diff --git a/modules/deployment/backend.tf b/modules/deployment/backend.tf
index dbc484a..869f362 100644
--- a/modules/deployment/backend.tf
+++ b/modules/deployment/backend.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 4.9"
+      version = ">= 5.32.0"
     }
   }
 }
diff --git a/modules/deployment/code_build.tf b/modules/deployment/code_build.tf
index e48aa47..3411cfb 100644
--- a/modules/deployment/code_build.tf
+++ b/modules/deployment/code_build.tf
@@ -33,9 +33,9 @@ resource "aws_codebuild_project" "this" {
   }
 
   environment {
-    compute_type = "BUILD_GENERAL1_SMALL"
-    image        = "aws/codebuild/amazonlinux2-x86_64-standard:4.0"
-    type         = "LINUX_CONTAINER"
+    compute_type = var.code_build_environment_compute_type
+    image        = var.code_build_environment_image
+    type         = var.code_build_environment_type
 
     environment_variable {
       name  = "CONTAINER_NAME"
@@ -51,7 +51,7 @@ version: 0.2
 phases:
   install:
     runtime-versions:
-      python: 3.9
+      python: 3.12
   build:
     commands:
       - |
diff --git a/modules/deployment/variables.tf b/modules/deployment/variables.tf
index 394798d..5aeaa25 100644
--- a/modules/deployment/variables.tf
+++ b/modules/deployment/variables.tf
@@ -46,6 +46,24 @@ variable "code_pipeline_role" {
   type        = string
 }
 
+variable "code_build_environment_compute_type" {
+  description = "Information about the compute resources the CodeBuild stage of the deployment pipeline will use."
+  default     = "BUILD_LAMBDA_1GB"
+  type        = string
+}
+
+variable "code_build_environment_image" {
+  description = "Docker image to use for the CodeBuild stage of the deployment pipeline."
+  default     = "aws/codebuild/amazonlinux-aarch64-lambda-standard:python3.12"
+  type        = string
+}
+
+variable "code_build_environment_type" {
+  description = "Type of build environment for the CodeBuild stage of the deployment pipeline."
+  default     = "ARM_LAMBDA_CONTAINER"
+  type        = string
+}
+
 variable "code_build_role" {
   default     = ""
   description = "Use an existing role for codebuild permissions that can be reused for multiple services."
diff --git a/variables.tf b/variables.tf
index df65090..ced0d30 100644
--- a/variables.tf
+++ b/variables.tf
@@ -149,6 +149,24 @@ variable "code_pipeline_role_name" {
   type        = string
 }
 
+variable "code_build_environment_compute_type" {
+  description = "Information about the compute resources the CodeBuild stage of the deployment pipeline will use."
+  default     = "BUILD_LAMBDA_1GB"
+  type        = string
+}
+
+variable "code_build_environment_image" {
+  description = "Docker image to use for the CodeBuild stage of the deployment pipeline."
+  default     = "aws/codebuild/amazonlinux-aarch64-lambda-standard:python3.12"
+  type        = string
+}
+
+variable "code_build_environment_type" {
+  description = "Type of build environment for the CodeBuild stage of the deployment pipeline."
+  default     = "ARM_LAMBDA_CONTAINER"
+  type        = string
+}
+
 variable "code_build_role_name" {
   default     = ""
   description = "Use an existing role for codebuild permissions that can be reused for multiple services. Otherwise a separate role for this service will be created."