use weseek/terraform-aws-codebuild

packages/app/docker/codebuild/.terraform.lock.hcl

@@ -23,3 +23,43 @@ provider "registry.terraform.io/hashicorp/aws" {
     "zh:ce065bc3962cb71fa7652562226b9d486f3d7fcb88285c1020ebe2f550e28641",
   ]
 }
+
+provider "registry.terraform.io/hashicorp/random" {
+  version     = "3.4.3"
+  constraints = ">= 2.1.0"
+  hashes = [
+    "h1:xZGZf18JjMS06pFa4NErzANI98qi59SEcBsOcS2P2yQ=",
+    "zh:41c53ba47085d8261590990f8633c8906696fa0a3c4b384ff6a7ecbf84339752",
+    "zh:59d98081c4475f2ad77d881c4412c5129c56214892f490adf11c7e7a5a47de9b",
+    "zh:686ad1ee40b812b9e016317e7f34c0d63ef837e084dea4a1f578f64a6314ad53",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:84103eae7251384c0d995f5a257c72b0096605048f757b749b7b62107a5dccb3",
+    "zh:8ee974b110adb78c7cd18aae82b2729e5124d8f115d484215fd5199451053de5",
+    "zh:9dd4561e3c847e45de603f17fa0c01ae14cae8c4b7b4e6423c9ef3904b308dda",
+    "zh:bb07bb3c2c0296beba0beec629ebc6474c70732387477a65966483b5efabdbc6",
+    "zh:e891339e96c9e5a888727b45b2e1bb3fcbdfe0fd7c5b4396e4695459b38c8cb1",
+    "zh:ea4739860c24dfeaac6c100b2a2e357106a89d18751f7693f3c31ecf6a996f8d",
+    "zh:f0c76ac303fd0ab59146c39bc121c5d7d86f878e9a69294e29444d4c653786f8",
+    "zh:f143a9a5af42b38fed328a161279906759ff39ac428ebcfe55606e05e1518b93",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/tls" {
+  version     = "4.0.4"
+  constraints = ">= 3.0.0"
+  hashes = [
+    "h1:pe9vq86dZZKCm+8k1RhzARwENslF3SXb9ErHbQfgjXU=",
+    "zh:23671ed83e1fcf79745534841e10291bbf34046b27d6e68a5d0aab77206f4a55",
+    "zh:45292421211ffd9e8e3eb3655677700e3c5047f71d8f7650d2ce30242335f848",
+    "zh:59fedb519f4433c0fdb1d58b27c210b27415fddd0cd73c5312530b4309c088be",
+    "zh:5a8eec2409a9ff7cd0758a9d818c74bcba92a240e6c5e54b99df68fff312bbd5",
+    "zh:5e6a4b39f3171f53292ab88058a59e64825f2b842760a4869e64dc1dc093d1fe",
+    "zh:810547d0bf9311d21c81cc306126d3547e7bd3f194fc295836acf164b9f8424e",
+    "zh:824a5f3617624243bed0259d7dd37d76017097dc3193dac669be342b90b2ab48",
+    "zh:9361ccc7048be5dcbc2fafe2d8216939765b3160bd52734f7a9fd917a39ecbd8",
+    "zh:aa02ea625aaf672e649296bce7580f62d724268189fe9ad7c1b36bb0fa12fa60",
+    "zh:c71b4cd40d6ec7815dfeefd57d88bc592c0c42f5e5858dcc88245d371b4b8b1e",
+    "zh:dabcd52f36b43d250a3d71ad7abfa07b5622c69068d989e60b79b2bb4f220316",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+  ]
+}

packages/app/docker/codebuild/codebuild.tf

@@ -1,117 +1,31 @@
-resource "aws_iam_role" "iam_role" {
-  name = "growi-official-image-builder"
+module "codebuild" {
+  source = "github.com/weseek/terraform-aws-codebuild"
 
-  assume_role_policy = <<EOF
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Effect": "Allow",
-      "Principal": {
-        "Service": "codebuild.amazonaws.com"
-      },
-      "Action": "sts:AssumeRole"
-    }
-  ]
-}
-EOF
-}
-
-resource "aws_secretsmanager_secret" "secret" {
-  name = "growi/official-image-builder"
-}
+  name                = "growi-official-image-builder"
+  description         = "The CodeBuild Project for GROWI official docker image"
 
-resource "aws_secretsmanager_secret_version" "main" {
-  secret_id     = aws_secretsmanager_secret.secret.id
-  secret_string = "CHANGE THIS"
+  artifact_type       = "NO_ARTIFACTS"
 
-  lifecycle {
-    ignore_changes = [secret_string, version_stages]
-  }
-}
-
-resource "aws_iam_role_policy" "growi-official-image-builder" {
-  role = aws_iam_role.iam_role.name
+  source_type         = "GITHUB"
+  source_location     = "https://github.com/weseek/growi.git"
+  source_version      = "refs/heads/support/build-with-codebuild"
+  git_clone_depth     = 1
 
-  policy = <<POLICY
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Effect": "Allow",
-      "Resource": [
-        "*"
-      ],
-      "Action": [
-        "logs:CreateLogGroup",
-        "logs:CreateLogStream",
-        "logs:PutLogEvents"
-      ]
-    },
-    {
-      "Effect": "Allow",
-      "Action": [
-        "secretsmanager:GetResourcePolicy",
-        "secretsmanager:GetSecretValue",
-        "secretsmanager:DescribeSecret",
-        "secretsmanager:ListSecretVersionIds"
-      ],
-      "Resource": [
-        "${aws_secretsmanager_secret.secret.arn}"
-      ]
-    },
-    {
-      "Effect": "Allow",
-      "Action": [
-        "codebuild:StartBuild",
-        "codebuild:StopBuild",
-        "codebuild:RetryBuild",
-        "codebuild:CreateReportGroup",
-        "codebuild:CreateReport",
-        "codebuild:UpdateReport",
-        "codebuild:BatchPutTestCases",
-        "codebuild:BatchPutCodeCoverages"
-      ],
-      "Resource": [
-        "*"
-      ]
-    }
-  ]
-}
-POLICY
-}
 
-resource "aws_codebuild_project" "codebuild" {
-  name           = "growi-official-image-builder"
-  description    = "The CodeBuild Project for GROWI official docker image"
+  buildspec           = "packages/app/docker/codebuild/buildspec/root.yml"
 
-  service_role = aws_iam_role.iam_role.arn
-  build_batch_config {
-    service_role = aws_iam_role.iam_role.arn
-  }
+  # https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html
+  build_image         = "aws/codebuild/standard:6.0"
+  build_compute_type  = "BUILD_GENERAL1_LARGE"
 
-  artifacts {
-    type = "NO_ARTIFACTS"
-  }
+  # These attributes are optional, used as ENV variables when building Docker images and pushing them to ECR
+  # For more info:
+  # http://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html
+  # https://www.terraform.io/docs/providers/aws/r/codebuild_project.html
 
-  environment {
-    compute_type                = "BUILD_GENERAL1_LARGE"
-    image                       = "aws/codebuild/standard:6.0"
-    type                        = "LINUX_CONTAINER"
-    privileged_mode             = true
-  }
+  privileged_mode     = true
 
-  source {
-    # type = "NO_SOURCE"
-    type = "GITHUB"
-    location = "https://github.com/weseek/growi.git"
-    git_clone_depth = 1
-    buildspec = "packages/app/docker/codebuild/buildspec/root.yml"
-  }
-  source_version = "refs/heads/support/build-with-codebuild"
+  cache_type          = "LOCAL"
+  local_cache_modes   = ["LOCAL_DOCKER_LAYER_CACHE", "LOCAL_CUSTOM_CACHE"]
 
-  cache {
-    type  = "LOCAL"
-    modes = ["LOCAL_DOCKER_LAYER_CACHE", "LOCAL_CUSTOM_CACHE"]
-  }
 }

packages/app/docker/codebuild/terraform.tfstate

@@ -1,17 +1,182 @@
 {
   "version": 4,
   "terraform_version": "1.3.7",
-  "serial": 79,
+  "serial": 137,
   "lineage": "7413839f-c67c-02f5-4933-fcb84251bb29",
   "outputs": {},
   "resources": [
     {
+      "module": "module.codebuild",
+      "mode": "data",
+      "type": "aws_caller_identity",
+      "name": "default",
+      "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "account_id": "259692501178",
+            "arn": "arn:aws:iam::259692501178:user/yuki",
+            "id": "259692501178",
+            "user_id": "AIDAI6K42G2YZESELYLD4"
+          },
+          "sensitive_attributes": []
+        }
+      ]
+    },
+    {
+      "module": "module.codebuild",
+      "mode": "data",
+      "type": "aws_iam_policy_document",
+      "name": "combined_permissions",
+      "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "id": "1570789323",
+            "json": "{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Sid\": \"\",\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"ssm:GetParameters\",\n        \"secretsmanager:GetSecretValue\",\n        \"logs:PutLogEvents\",\n        \"logs:CreateLogStream\",\n        \"logs:CreateLogGroup\",\n        \"iam:PassRole\",\n        \"ecs:RunTask\",\n        \"ecr:UploadLayerPart\",\n        \"ecr:PutImage\",\n        \"ecr:InitiateLayerUpload\",\n        \"ecr:GetAuthorizationToken\",\n        \"ecr:CompleteLayerUpload\",\n        \"ecr:BatchCheckLayerAvailability\",\n        \"codecommit:GitPull\"\n      ],\n      \"Resource\": \"*\"\n    }\n  ]\n}",
+            "override_json": null,
+            "override_policy_documents": [
+              "{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Sid\": \"\",\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"ssm:GetParameters\",\n        \"secretsmanager:GetSecretValue\",\n        \"logs:PutLogEvents\",\n        \"logs:CreateLogStream\",\n        \"logs:CreateLogGroup\",\n        \"iam:PassRole\",\n        \"ecs:RunTask\",\n        \"ecr:UploadLayerPart\",\n        \"ecr:PutImage\",\n        \"ecr:InitiateLayerUpload\",\n        \"ecr:GetAuthorizationToken\",\n        \"ecr:CompleteLayerUpload\",\n        \"ecr:BatchCheckLayerAvailability\",\n        \"codecommit:GitPull\"\n      ],\n      \"Resource\": \"*\"\n    }\n  ]\n}"
+            ],
+            "policy_id": null,
+            "source_json": null,
+            "source_policy_documents": null,
+            "statement": null,
+            "version": "2012-10-17"
+          },
+          "sensitive_attributes": []
+        }
+      ]
+    },
+    {
+      "module": "module.codebuild",
+      "mode": "data",
+      "type": "aws_iam_policy_document",
+      "name": "permissions",
+      "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
+      "instances": [
+        {
+          "index_key": 0,
+          "schema_version": 0,
+          "attributes": {
+            "id": "1570789323",
+            "json": "{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Sid\": \"\",\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"ssm:GetParameters\",\n        \"secretsmanager:GetSecretValue\",\n        \"logs:PutLogEvents\",\n        \"logs:CreateLogStream\",\n        \"logs:CreateLogGroup\",\n        \"iam:PassRole\",\n        \"ecs:RunTask\",\n        \"ecr:UploadLayerPart\",\n        \"ecr:PutImage\",\n        \"ecr:InitiateLayerUpload\",\n        \"ecr:GetAuthorizationToken\",\n        \"ecr:CompleteLayerUpload\",\n        \"ecr:BatchCheckLayerAvailability\",\n        \"codecommit:GitPull\"\n      ],\n      \"Resource\": \"*\"\n    }\n  ]\n}",
+            "override_json": null,
+            "override_policy_documents": null,
+            "policy_id": null,
+            "source_json": null,
+            "source_policy_documents": null,
+            "statement": [
+              {
+                "actions": [
+                  "codecommit:GitPull",
+                  "ecr:BatchCheckLayerAvailability",
+                  "ecr:CompleteLayerUpload",
+                  "ecr:GetAuthorizationToken",
+                  "ecr:InitiateLayerUpload",
+                  "ecr:PutImage",
+                  "ecr:UploadLayerPart",
+                  "ecs:RunTask",
+                  "iam:PassRole",
+                  "logs:CreateLogGroup",
+                  "logs:CreateLogStream",
+                  "logs:PutLogEvents",
+                  "secretsmanager:GetSecretValue",
+                  "ssm:GetParameters"
+                ],
+                "condition": [],
+                "effect": "Allow",
+                "not_actions": [],
+                "not_principals": [],
+                "not_resources": [],
+                "principals": [],
+                "resources": [
+                  "*"
+                ],
+                "sid": ""
+              }
+            ],
+            "version": "2012-10-17"
+          },
+          "sensitive_attributes": []
+        }
+      ]
+    },
+    {
+      "module": "module.codebuild",
+      "mode": "data",
+      "type": "aws_iam_policy_document",
+      "name": "role",
+      "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "id": "442947395",
+            "json": "{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Sid\": \"\",\n      \"Effect\": \"Allow\",\n      \"Action\": \"sts:AssumeRole\",\n      \"Principal\": {\n        \"Service\": \"codebuild.amazonaws.com\"\n      }\n    }\n  ]\n}",
+            "override_json": null,
+            "override_policy_documents": null,
+            "policy_id": null,
+            "source_json": null,
+            "source_policy_documents": null,
+            "statement": [
+              {
+                "actions": [
+                  "sts:AssumeRole"
+                ],
+                "condition": [],
+                "effect": "Allow",
+                "not_actions": [],
+                "not_principals": [],
+                "not_resources": [],
+                "principals": [
+                  {
+                    "identifiers": [
+                      "codebuild.amazonaws.com"
+                    ],
+                    "type": "Service"
+                  }
+                ],
+                "resources": [],
+                "sid": ""
+              }
+            ],
+            "version": "2012-10-17"
+          },
+          "sensitive_attributes": []
+        }
+      ]
+    },
+    {
+      "module": "module.codebuild",
+      "mode": "data",
+      "type": "aws_region",
+      "name": "default",
+      "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "description": "Asia Pacific (Tokyo)",
+            "endpoint": "ec2.ap-northeast-1.amazonaws.com",
+            "id": "ap-northeast-1",
+            "name": "ap-northeast-1"
+          },
+          "sensitive_attributes": []
+        }
+      ]
+    },
+    {
+      "module": "module.codebuild",
       "mode": "managed",
       "type": "aws_codebuild_project",
-      "name": "codebuild",
+      "name": "default",
       "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
       "instances": [
         {
+          "index_key": 0,
           "schema_version": 0,
           "attributes": {
             "arn": "arn:aws:codebuild:ap-northeast-1:259692501178:project/growi-official-image-builder",
@@ -62,7 +227,33 @@
               {
                 "certificate": "",
                 "compute_type": "BUILD_GENERAL1_LARGE",
-                "environment_variable": [],
+                "environment_variable": [
+                  {
+                    "name": "AWS_REGION",
+                    "type": "PLAINTEXT",
+                    "value": "ap-northeast-1"
+                  },
+                  {
+                    "name": "AWS_ACCOUNT_ID",
+                    "type": "PLAINTEXT",
+                    "value": "259692501178"
+                  },
+                  {
+                    "name": "IMAGE_REPO_NAME",
+                    "type": "PLAINTEXT",
+                    "value": "UNSET"
+                  },
+                  {
+                    "name": "IMAGE_TAG",
+                    "type": "PLAINTEXT",
+                    "value": "latest"
+                  },
+                  {
+                    "name": "NO_ADDITIONAL_BUILD_VARS",
+                    "type": "PLAINTEXT",
+                    "value": "TRUE"
+                  }
+                ],
                 "image": "aws/codebuild/standard:6.0",
                 "image_pull_credentials_type": "CODEBUILD",
                 "privileged_mode": true,
@@ -114,133 +305,162 @@
               }
             ],
             "source_version": "refs/heads/support/build-with-codebuild",
-            "tags": {},
-            "tags_all": {},
+            "tags": {
+              "Name": "growi-official-image-builder"
+            },
+            "tags_all": {
+              "Name": "growi-official-image-builder"
+            },
             "vpc_config": []
           },
           "sensitive_attributes": [],
           "private": "bnVsbA==",
           "dependencies": [
-            "aws_iam_role.iam_role"
+            "module.codebuild.aws_codebuild_source_credential.authorization",
+            "module.codebuild.aws_iam_role.default",
+            "module.codebuild.aws_s3_bucket.cache_bucket",
+            "module.codebuild.data.aws_caller_identity.default",
+            "module.codebuild.data.aws_region.default"
           ]
         }
       ]
     },
     {
+      "module": "module.codebuild",
       "mode": "managed",
-      "type": "aws_iam_role",
-      "name": "iam_role",
+      "type": "aws_iam_policy",
+      "name": "default",
       "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
       "instances": [
         {
+          "index_key": 0,
           "schema_version": 0,
           "attributes": {
-            "arn": "arn:aws:iam::259692501178:role/growi-official-image-builder",
-            "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"codebuild.amazonaws.com\"}}],\"Version\":\"2012-10-17\"}",
-            "create_date": "2023-01-12T20:35:25Z",
+            "arn": "arn:aws:iam::259692501178:policy/service-role/growi-official-image-builder",
             "description": "",
-            "force_detach_policies": false,
-            "id": "growi-official-image-builder",
-            "inline_policy": [
-              {
-                "name": "terraform-20230112203526188400000001",
-                "policy": "{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Resource\": [\n        \"*\"\n      ],\n      \"Action\": [\n        \"logs:CreateLogGroup\",\n        \"logs:CreateLogStream\",\n        \"logs:PutLogEvents\"\n      ]\n    },\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"secretsmanager:GetResourcePolicy\",\n        \"secretsmanager:GetSecretValue\",\n        \"secretsmanager:DescribeSecret\",\n        \"secretsmanager:ListSecretVersionIds\"\n      ],\n      \"Resource\": [\n        \"arn:aws:secretsmanager:ap-northeast-1:259692501178:secret:growi/official-image-builder-9sraQN\"\n      ]\n    },\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"codebuild:StartBuild\",\n        \"codebuild:StopBuild\",\n        \"codebuild:RetryBuild\",\n        \"codebuild:CreateReportGroup\",\n        \"codebuild:CreateReport\",\n        \"codebuild:UpdateReport\",\n        \"codebuild:BatchPutTestCases\",\n        \"codebuild:BatchPutCodeCoverages\"\n      ],\n      \"Resource\": [\n        \"*\"\n      ]\n    }\n  ]\n}\n"
-              }
-            ],
-            "managed_policy_arns": [
-              "arn:aws:iam::259692501178:policy/service-role/CodeBuildBasePolicy-growi-official-image-builder-ap-northeast-1",
-              "arn:aws:iam::259692501178:policy/service-role/CodeBuildSecretsManagerPolicy-growi-official-image-builder-ap-northeast-1"
-            ],
-            "max_session_duration": 3600,
+            "id": "arn:aws:iam::259692501178:policy/service-role/growi-official-image-builder",
             "name": "growi-official-image-builder",
-            "name_prefix": "",
-            "path": "/",
-            "permissions_boundary": null,
-            "tags": {},
-            "tags_all": {},
-            "unique_id": "AROATY5XBDC5BIKKM3GAO"
+            "name_prefix": null,
+            "path": "/service-role/",
+            "policy": "{\"Statement\":[{\"Action\":[\"ssm:GetParameters\",\"secretsmanager:GetSecretValue\",\"logs:PutLogEvents\",\"logs:CreateLogStream\",\"logs:CreateLogGroup\",\"iam:PassRole\",\"ecs:RunTask\",\"ecr:UploadLayerPart\",\"ecr:PutImage\",\"ecr:InitiateLayerUpload\",\"ecr:GetAuthorizationToken\",\"ecr:CompleteLayerUpload\",\"ecr:BatchCheckLayerAvailability\",\"codecommit:GitPull\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"\"}],\"Version\":\"2012-10-17\"}",
+            "policy_id": "ANPATY5XBDC5HSN3IY7CW",
+            "tags": {
+              "Name": "growi-official-image-builder"
+            },
+            "tags_all": {
+              "Name": "growi-official-image-builder"
+            }
           },
           "sensitive_attributes": [],
-          "private": "bnVsbA=="
+          "private": "bnVsbA==",
+          "dependencies": [
+            "module.codebuild.data.aws_iam_policy_document.combined_permissions",
+            "module.codebuild.data.aws_iam_policy_document.permissions",
+            "module.codebuild.data.aws_iam_policy_document.vpc_permissions",
+            "module.codebuild.data.aws_s3_bucket.secondary_artifact"
+          ]
         }
       ]
     },
     {
+      "module": "module.codebuild",
       "mode": "managed",
-      "type": "aws_iam_role_policy",
-      "name": "growi-official-image-builder",
+      "type": "aws_iam_role",
+      "name": "default",
       "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
       "instances": [
         {
+          "index_key": 0,
           "schema_version": 0,
           "attributes": {
-            "id": "growi-official-image-builder:terraform-20230112203526188400000001",
-            "name": "terraform-20230112203526188400000001",
-            "name_prefix": null,
-            "policy": "{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Resource\": [\n        \"*\"\n      ],\n      \"Action\": [\n        \"logs:CreateLogGroup\",\n        \"logs:CreateLogStream\",\n        \"logs:PutLogEvents\"\n      ]\n    },\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"secretsmanager:GetResourcePolicy\",\n        \"secretsmanager:GetSecretValue\",\n        \"secretsmanager:DescribeSecret\",\n        \"secretsmanager:ListSecretVersionIds\"\n      ],\n      \"Resource\": [\n        \"arn:aws:secretsmanager:ap-northeast-1:259692501178:secret:growi/official-image-builder-9sraQN\"\n      ]\n    },\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"codebuild:StartBuild\",\n        \"codebuild:StopBuild\",\n        \"codebuild:RetryBuild\",\n        \"codebuild:CreateReportGroup\",\n        \"codebuild:CreateReport\",\n        \"codebuild:UpdateReport\",\n        \"codebuild:BatchPutTestCases\",\n        \"codebuild:BatchPutCodeCoverages\"\n      ],\n      \"Resource\": [\n        \"*\"\n      ]\n    }\n  ]\n}\n",
-            "role": "growi-official-image-builder"
+            "arn": "arn:aws:iam::259692501178:role/growi-official-image-builder",
+            "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"codebuild.amazonaws.com\"},\"Sid\":\"\"}],\"Version\":\"2012-10-17\"}",
+            "create_date": "2023-01-16T09:02:08Z",
+            "description": "",
+            "force_detach_policies": true,
+            "id": "growi-official-image-builder",
+            "inline_policy": [],
+            "managed_policy_arns": [
+              "arn:aws:iam::259692501178:policy/service-role/CodeBuildBuildBatchPolicy-growi-official-image-builder-ap-northeast-1-growi-official-image-builder",
+              "arn:aws:iam::259692501178:policy/service-role/growi-official-image-builder"
+            ],
+            "max_session_duration": 3600,
+            "name": "growi-official-image-builder",
+            "name_prefix": "",
+            "path": "/",
+            "permissions_boundary": null,
+            "tags": {
+              "Name": "growi-official-image-builder"
+            },
+            "tags_all": {
+              "Name": "growi-official-image-builder"
+            },
+            "unique_id": "AROATY5XBDC5EIUMPRJKC"
           },
           "sensitive_attributes": [],
           "private": "bnVsbA==",
           "dependencies": [
-            "aws_iam_role.iam_role",
-            "aws_secretsmanager_secret.secret"
+            "module.codebuild.data.aws_iam_policy_document.role"
           ]
         }
       ]
     },
     {
+      "module": "module.codebuild",
       "mode": "managed",
-      "type": "aws_secretsmanager_secret",
-      "name": "secret",
+      "type": "aws_iam_role_policy_attachment",
+      "name": "default",
       "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
       "instances": [
         {
+          "index_key": 0,
           "schema_version": 0,
           "attributes": {
-            "arn": "arn:aws:secretsmanager:ap-northeast-1:259692501178:secret:growi/official-image-builder-9sraQN",
-            "description": "",
-            "force_overwrite_replica_secret": false,
-            "id": "arn:aws:secretsmanager:ap-northeast-1:259692501178:secret:growi/official-image-builder-9sraQN",
-            "kms_key_id": "",
-            "name": "growi/official-image-builder",
-            "name_prefix": "",
-            "policy": "",
-            "recovery_window_in_days": 30,
-            "replica": [],
-            "rotation_enabled": false,
-            "rotation_lambda_arn": "",
-            "rotation_rules": [],
-            "tags": {},
-            "tags_all": {}
+            "id": "growi-official-image-builder-20230116090200654500000001",
+            "policy_arn": "arn:aws:iam::259692501178:policy/service-role/growi-official-image-builder",
+            "role": "growi-official-image-builder"
           },
           "sensitive_attributes": [],
-          "private": "bnVsbA=="
+          "private": "bnVsbA==",
+          "dependencies": [
+            "module.codebuild.aws_iam_policy.default",
+            "module.codebuild.aws_iam_role.default",
+            "module.codebuild.data.aws_iam_policy_document.combined_permissions",
+            "module.codebuild.data.aws_iam_policy_document.permissions",
+            "module.codebuild.data.aws_iam_policy_document.role",
+            "module.codebuild.data.aws_iam_policy_document.vpc_permissions",
+            "module.codebuild.data.aws_s3_bucket.secondary_artifact"
+          ]
         }
       ]
     },
     {
+      "module": "module.codebuild",
       "mode": "managed",
-      "type": "aws_secretsmanager_secret_version",
-      "name": "main",
-      "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
+      "type": "random_string",
+      "name": "bucket_prefix",
+      "provider": "provider[\"registry.terraform.io/hashicorp/random\"]",
       "instances": [
         {
-          "schema_version": 0,
+          "index_key": 0,
+          "schema_version": 2,
           "attributes": {
-            "arn": "arn:aws:secretsmanager:ap-northeast-1:259692501178:secret:growi/official-image-builder-9sraQN",
-            "id": "arn:aws:secretsmanager:ap-northeast-1:259692501178:secret:growi/official-image-builder-9sraQN|032079BF-5A86-42F2-BBA0-CCDCA4F53CBC",
-            "secret_binary": "",
-            "secret_id": "arn:aws:secretsmanager:ap-northeast-1:259692501178:secret:growi/official-image-builder-9sraQN",
-            "secret_string": "CHANGE THIS",
-            "version_id": "032079BF-5A86-42F2-BBA0-CCDCA4F53CBC",
-            "version_stages": []
+            "id": "vpkowftojwbb",
+            "keepers": null,
+            "length": 12,
+            "lower": true,
+            "min_lower": 0,
+            "min_numeric": 0,
+            "min_special": 0,
+            "min_upper": 0,
+            "number": false,
+            "numeric": false,
+            "override_special": null,
+            "result": "vpkowftojwbb",
+            "special": false,
+            "upper": false
           },
-          "sensitive_attributes": [],
-          "private": "bnVsbA==",
-          "dependencies": [
-            "aws_secretsmanager_secret.secret"
-          ]
+          "sensitive_attributes": []
         }
       ]
     }