optional sequential pipeline

optional input (`var.sequential`) for sequential pipeline

Author: jakebark

README.md

@@ -60,6 +60,8 @@ module "pipeline" {
     "workload2" = "223344556677"
     "workload3" = "334455667788"
   }
+  # Optional: For sequential deployment in specific order
+  # sequential = ["workload1", "workload2", "workload3"]
 }
 ```
 
@@ -69,15 +71,31 @@ module "pipeline" {
 
 `accounts` is a map of the target AWS accounts. 
 
-`connection` is the connection arn of the [connection](https://docs.aws.amazon.com/dtconsole/latest/userguide/welcome-connections.html) to the third-party repo. 
+`connection` is the connection arn of the [connection](https://docs.aws.amazon.com/dtconsole/latest/userguide/welcome-connections.html) to the third-party repo.
+
+### Sequential Deployment
+By default, the pipeline deploys terraform to AWS accounts in parallel. To deploy terraform sequentially (Eg dev -> test -> prod), use the `sequential` input:
+
+```hcl
+module "pipeline" {
+  ... 
+  accounts   = {
+    "dev"  = "112233445566"
+    "test" = "223344556677"
+    "prod" = "334455667788"
+  }
+  sequential = ["dev", "test", "prod"]
+}
+```
+
+`sequential` is an ordered list of the AWS accounts in `accounts`. 
 
 ### Optional Inputs
 
 ```hcl
 module "pipeline" {
   ...
   branch                = "main"
-  deployment_type       = "parallel"
   mode                  = "SUPERSEDED"
   detect_changes        = false
   kms_key               = aws_kms_key.this.arn

codepipeline.tf

@@ -49,8 +49,10 @@ resource "aws_codepipeline" "this" {
       }
     }
   }
+
+  // parallel
   dynamic "stage" {
-    for_each = var.deployment_type == "sequential" ? [] : ["plan"]
+    for_each = length(var.sequential) == 0 ? ["plan"] : []
     content {
       name = "Plan"
       dynamic "action" {
@@ -102,9 +104,8 @@ resource "aws_codepipeline" "this" {
       }
     }
   }
-
   dynamic "stage" {
-    for_each = var.deployment_type == "sequential" ? [] : ["apply"]
+    for_each = length(var.sequential) == 0 ? ["apply"] : []
     content {
       name = "Apply"
       dynamic "action" {
@@ -146,10 +147,11 @@ resource "aws_codepipeline" "this" {
     }
   }
 
+  // sequential
   dynamic "stage" {
-    for_each = var.deployment_type == "sequential" ? var.accounts : {}
+    for_each = local.ordered_accounts
     content {
-      name = stage.key
+      name = stage.value.name
 
       action {
         name            = "Plan"
@@ -164,22 +166,22 @@ resource "aws_codepipeline" "this" {
           EnvironmentVariables = jsonencode([
             {
               name  = "WORKSPACE"
-              value = stage.value
+              value = stage.value.account_id
               type  = "PLAINTEXT"
             },
             {
               name  = "ACCOUNT_NAME"
-              value = stage.key
+              value = stage.value.name
               type  = "PLAINTEXT"
             },
             {
               name  = "TF_VAR_account_id"
-              value = stage.value
+              value = stage.value.account_id
               type  = "PLAINTEXT"
             },
             {
               name  = "TF_VAR_account_name"
-              value = stage.key
+              value = stage.value.name
               type  = "PLAINTEXT"
           }])
         }
@@ -210,22 +212,22 @@ resource "aws_codepipeline" "this" {
           EnvironmentVariables = jsonencode([
             {
               name  = "WORKSPACE"
-              value = stage.value
+              value = stage.value.account_id
               type  = "PLAINTEXT"
             },
             {
               name  = "ACCOUNT_NAME"
-              value = stage.key
+              value = stage.value.name
               type  = "PLAINTEXT"
             },
             {
               name  = "TF_VAR_account_id"
-              value = stage.value
+              value = stage.value.account_id
               type  = "PLAINTEXT"
             },
             {
               name  = "TF_VAR_account_name"
-              value = stage.key
+              value = stage.value.name
               type  = "PLAINTEXT"
           }])
         }

locals.tf

@@ -12,6 +12,13 @@ locals {
     tags = "aws/codebuild/amazonlinux2-x86_64-standard:5.0"
   })
 
+  ordered_accounts = length(var.sequential) > 0 ? [
+    for name in var.sequential : {
+      name = name
+      account_id = var.accounts[name]
+    }
+  ] : []
+
   env_var = {
     CHECKOV_SKIPS       = join(",", "${var.checkov_skip}")
     CHECKOV_VERSION     = var.checkov_version

variables.tf

@@ -74,16 +74,6 @@ variable "codebuild_policy" {
   default     = null
 }
 
-variable "deployment_type" {
-  description = "deployment type, parallel or sequential"
-  type        = string
-  default     = "parallel"
-  validation {
-    condition     = contains(["parallel", "sequential"], var.deployment_type)
-    error_message = "The pipeline mode must be 'parallel' or 'sequential'"
-  }
-}
-
 variable "detect_changes" {
   description = "allows third-party servicesm like GitHub to invoke the pipeline"
   type        = bool
@@ -126,6 +116,12 @@ variable "notifications" {
   default = null
 }
 
+variable "sequential" {
+  description = "list of account names in sequential deployment order"
+  type        = list(string)
+  default     = []
+}
+
 variable "tags" {
   description = "tags to check for"
   type        = string