I am Making a CI/CD pipeline with terraform AWS. This pipeline works 100 percent perfect if I don't configure webhooks rather than goes with default option i.e AWS CodePipeline which periodically checks for changes in github.
When I configure webhooks for my pipeline to make it start automatically on every push. I am getting below error which is at the end after the code. I understand one solution that is "if I make an organization and set individual=false in my providers settings" it will work.
But I don't want to make an organization rather wants to work with individual = true. Is there any way by which I can solve this problem?
P.S: I added only those files in this question which are related to my problem. If you want me to add my whole code please request revision
Filename: Provider.tf
provider "aws" {
region = var.aws_region
version = "2.55"
}
provider "github" {
token = var.github_token
individual = true
}
terraform {
backend "s3" {
key = "ecs_fargate/infrastructure.tfstate"
bucket = "umartahir-terraform-buckettestus-east-1"
region = "us-east-1"
}
}
Filename: Codepipeline.tf
#Code Pipeline
resource "aws_codepipeline" "codepipeline" {
name = var.pipeline_name
role_arn = aws_iam_role.codepipeline_role.arn
artifact_store {
location = var.bucket_for_codepipeline
type = var.artifact_store_type
}
stage {
name = "Source"
action {
name = "Source"
category = "Source"
owner = var.source_stage_owner
provider = var.source_stage_provider
version = "1"
output_artifacts = var.source_stage_output_artifact_name
configuration = {
PollForSourceChanges = false
OAuthToken = var.github_token
Owner = var.git_hub_owner
Repo = var.repo_name
Branch = var.branch_name
}
}
}
stage {
name = "Build"
action {
name = "Build"
category = "Build"
owner = "AWS"
provider = "CodeBuild"
input_artifacts = var.source_stage_output_artifact_name
output_artifacts = ["build_output"]
version = "1"
configuration = {
ProjectName = aws_codebuild_project.code_build_stage_pipeline.name
}
}
}
}
# See this in detail later
# A shared secret between GitHub and AWS that allows AWS
# CodePipeline to authenticate the request came from GitHub.
# Would probably be better to pull this from the environment
# or something like SSM Parameter Store.
locals {
webhook_secret = "super-secret"
}
resource "aws_codepipeline_webhook" "github_hook" {
name = var.github_hook_name
authentication = "GITHUB_HMAC"
target_action = "Source"
target_pipeline = aws_codepipeline.codepipeline.name
authentication_configuration {
secret_token = "${local.webhook_secret}"
}
filter {
json_path = "$.ref"
match_equals = "refs/heads/{Branch}" #see this later
}
}
# # See this in detail later
# # Wire the CodePipeline webhook into a GitHub repository.
resource "github_repository_webhook" "web_hook_github" {
repository = var.repo_name
configuration {
url = aws_codepipeline_webhook.github_hook.url
content_type = "json"
insecure_ssl = true
secret = local.webhook_secret
}
events = ["push"]
}
Logs:
aws_iam_role.example: Creating...
aws_iam_role.codepipeline_role: Creating...
aws_iam_role.codepipeline_role: Creation complete after 3s [id=test-role]
aws_iam_role_policy.codepipeline_policy: Creating...
aws_iam_role.example: Creation complete after 3s [id=example]
aws_iam_role_policy.example: Creating...
aws_codebuild_project.code_build_stage_pipeline: Creating...
aws_iam_role_policy.example: Creation complete after 4s [id=example:terraform-20200414180138343300000001]
aws_iam_role_policy.codepipeline_policy: Creation complete after 4s [id=test-role:codepipeline_policy]
aws_codebuild_project.code_build_stage_pipeline: Creation complete after 9s [id=arn:aws:codebuild:us-east-1:359761372359:project/umartahir-terraform-codebuild]
aws_codepipeline.codepipeline: Creating...
aws_codepipeline.codepipeline: Creation complete after 7s [id=umar-tahir-terraform-codepipeline]
aws_codepipeline_webhook.github_hook: Creating...
aws_codepipeline_webhook.github_hook: Creation complete after 4s [id=arn:aws:codepipeline:us-east-1:359761372359:webhook:webhook-github-codepipeline]
github_repository_webhook.web_hook_github: Creating...
Error: This resource requires GitHub organization to be set on the provider.
on codepipeline.tf line 87, in resource "github_repository_webhook" "web_hook_github":
87: resource "github_repository_webhook" "web_hook_github"
