update tags dns iam profile

clouddrove · Nov 1, 2019 · 01ccf91 · 01ccf91
1 parent d83a91f
commit 01ccf91
Show file tree

Hide file tree

Showing 5 changed files with 128 additions and 24 deletions.
diff --git a/README.md b/README.md
@@ -111,12 +111,14 @@ Here is an example of how you can use this module in your inventory structure:
 | assign_eip_address | Assign an Elastic IP address to the instance. | bool | `false` | no |
 | associate_public_ip_address | Associate a public IP address with the instance. | bool | `true` | no |
 | attributes | Additional attributes (e.g. `1`). | list | `<list>` | no |
-| availability_zone | Availability Zone the instance is launched in. If not set, will be launched in the first AZ of the region. | string | `` | no |
+| availability_zone | Availability Zone the instance is launched in. If not set, will be launched in the first AZ of the region. | list | `<list>` | no |
 | cpu_core_count | Sets the number of CPU cores for an instance. | string | `` | no |
 | cpu_credits | The credit option for CPU usage. Can be `standard` or `unlimited`. T3 instances are launched as unlimited by default. T2 instances are launched as standard by default. | string | `standard` | no |
 | delimiter | Delimiter to be used between `organization`, `environment`, `name` and `attributes`. | string | `-` | no |
 | disable_api_termination | If true, enables EC2 Instance Termination Protection. | bool | `false` | no |
 | disk_size | Size of the root volume in gigabytes. | number | `8` | no |
+| dns_enabled | Flag to control the dns_enable. | bool | `false` | no |
+| dns_zone_id | The Zone ID of Route53. | string | `` | no |
 | ebs_block_device | Additional EBS block devices to attach to the instance. | list | `<list>` | no |
 | ebs_device_name | Name of the EBS device to mount. | list(string) | `<list>` | no |
 | ebs_iops | Amount of provisioned IOPS. This must be set with a volume_type of io1. | number | `0` | no |
@@ -127,10 +129,12 @@ Here is an example of how you can use this module in your inventory structure:
 | environment | Environment (e.g. `prod`, `dev`, `staging`). | string | `` | no |
 | ephemeral_block_device | Customize Ephemeral (also known as Instance Store) volumes on the instance. | list | `<list>` | no |
 | host_id | The Id of a dedicated host that the instance will be assigned to. Use when an instance is to be launched on a specific dedicated host. | string | `` | no |
+| hostname | DNS records to create. | string | `` | no |
 | iam_instance_profile | The IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile. | string | `` | no |
 | instance_count | Number of instances to launch. | number | `1` | no |
 | instance_enabled | Flag to control the instance creation. | bool | `true` | no |
 | instance_initiated_shutdown_behavior | Shutdown behavior for the instance. | string | `` | no |
+| instance_profile_enabled | Flag to control the instance profile creation. | bool | `false` | no |
 | instance_tags | Instance tags. | map | `<map>` | no |
 | instance_type | The type of instance to start. Updates to this field will trigger a stop/start of the EC2 instance. | string | - | yes |
 | ipv6_address_count | Number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet. | number | `0` | no |
@@ -147,6 +151,8 @@ Here is an example of how you can use this module in your inventory structure:
 | subnet_ids | A list of VPC Subnet IDs to launch in. | list(string) | `<list>` | no |
 | tags | Additional tags (e.g. map(`BusinessUnit`,`XYZ`). | map | `<map>` | no |
 | tenancy | The tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. The host tenancy is not supported for the import-instance command. | string | `` | no |
+| ttl | The TTL of the record to add to the DNS zone to complete certificate validation. | string | `300` | no |
+| type | Type of DNS records to create. | string | `CNAME` | no |
 | user_data | The Base64-encoded user data to provide when launching the instances. | string | `` | no |
 | vpc_security_group_ids_list | A list of security group IDs to associate with. | list(string) | `<list>` | no |
 

diff --git a/_example/.terraform.tfstate.lock.info b/_example/.terraform.tfstate.lock.info
diff --git a/_example/example.tf b/_example/example.tf
@@ -62,31 +62,76 @@ module "ssh" {
   allowed_ports = [22]
 }
 
+module "iam-role" {
+  source = "git::https://github.com/clouddrove/terraform-aws-iam-role.git?ref=tags/0.12.0"
+
+  name               = "iam-role"
+  application        = "clouddrove"
+  environment        = "test"
+  label_order        = ["application", "name", "name"]
+  assume_role_policy = data.aws_iam_policy_document.default.json
+
+  policy_enabled = true
+  policy         = data.aws_iam_policy_document.iam-policy.json
+}
+
+data "aws_iam_policy_document" "default" {
+  statement {
+    effect  = "Allow"
+    actions = ["sts:AssumeRole"]
+    principals {
+      type        = "Service"
+      identifiers = ["ec2.amazonaws.com"]
+    }
+  }
+}
+
+data "aws_iam_policy_document" "iam-policy" {
+  statement {
+    actions = [
+      "ssm:UpdateInstanceInformation",
+      "ssmmessages:CreateControlChannel",
+      "ssmmessages:CreateDataChannel",
+      "ssmmessages:OpenControlChannel",
+    "ssmmessages:OpenDataChannel"]
+    effect    = "Allow"
+    resources = ["*"]
+  }
+}
+
 module "ec2" {
-  source = "git::https://github.com/clouddrove/terraform-aws-ec2.git?ref=tags/0.12.2"
+  source = "git::https://github.com/clouddrove/terraform-aws-ec2.git?ref=tags/0.12.3"
 
   name        = "ec2-instance"
   application = "clouddrove"
   environment = "test"
   label_order = ["environment", "name", "application"]
 
-  instance_count              = 2
-  ami                         = "ami-08d658f84a6d84a80"
-  ebs_optimized               = false
-  instance_type               = "t2.nano"
-  key_name                    = module.keypair.name
-  monitoring                  = false
-  associate_public_ip_address = true
-  tenancy                     = "default"
-  disk_size                   = 8
+  instance_count = 2
+  ami            = "ami-08d658f84a6d84a80"
+  instance_type  = "t2.nano"
+  key_name       = module.keypair.name
+  monitoring     = false
+  tenancy        = "default"
+
   vpc_security_group_ids_list = [module.ssh.security_group_ids, module.http-https.security_group_ids]
   subnet_ids                  = tolist(module.public_subnets.public_subnet_id)
 
-  assign_eip_address = true
+  assign_eip_address          = true
+  associate_public_ip_address = true
 
+  instance_profile_enabled = true
+  iam_instance_profile     = module.iam-role.name
+
+  disk_size          = 8
+  ebs_optimized      = false
   ebs_volume_enabled = true
   ebs_volume_type    = "gp2"
   ebs_volume_size    = 30
-  user_data          = "./_bin/user_data.sh"
-  instance_tags      = { "snapshot" = true }
+
+  user_data     = "./_bin/user_data.sh"
+  instance_tags = { "snapshot" = true }
+
+  dns_zone_id = "Z1XJD7SSBKXLC1"
+  hostname    = "ec2"
 }
diff --git a/main.tf b/main.tf
@@ -19,7 +19,8 @@ locals {
 
 
 #Module      : EC2
-#Description : Terraform module to create an EC2 resource on AWS with Elastic IP Addresses #              and Elastic Block Store.
+#Description : Terraform module to create an EC2 resource on AWS with Elastic IP Addresses
+#              and Elastic Block Store.
 resource "aws_instance" "default" {
   count = var.instance_enabled == true ? var.instance_count : 0
 
@@ -38,11 +39,10 @@ resource "aws_instance" "default" {
   host_id                              = var.host_id
   cpu_core_count                       = var.cpu_core_count
   user_data                            = var.user_data != "" ? base64encode(file(var.user_data)) : ""
-  iam_instance_profile                 = var.iam_instance_profile
+  iam_instance_profile                 = join("", aws_iam_instance_profile.default.*.name)
   source_dest_check                    = var.source_dest_check
   ipv6_address_count                   = var.ipv6_address_count
   ipv6_addresses                       = var.ipv6_addresses
-
   root_block_device {
     volume_size           = var.disk_size
     delete_on_termination = true
@@ -56,15 +56,15 @@ resource "aws_instance" "default" {
     module.labels.tags,
     {
 
-      "Name" = format("%s%s%s", module.labels.id, var.delimiter, (count.index + 1))
+      "Name" = format("%s%s%s", module.labels.id, var.delimiter, (count.index + 0))
     },
     var.instance_tags
   )
 
   volume_tags = merge(
     module.labels.tags,
     {
-      "Name" = format("%s%s%s", module.labels.id, var.delimiter, (count.index + 1))
+      "Name" = format("%s%s%s", module.labels.id, var.delimiter, (count.index + 0))
     }
   )
 
@@ -91,7 +91,7 @@ resource "aws_eip" "default" {
   tags = merge(
     module.labels.tags,
     {
-      "Name" = format("%s%s%s", module.labels.id, var.delimiter, (count.index + 1))
+      "Name" = format("%s%s%s-eip", module.labels.id, var.delimiter, (count.index + 0))
     }
   )
 }
@@ -109,7 +109,7 @@ resource "aws_ebs_volume" "default" {
   tags = merge(
     module.labels.tags,
     {
-      "Name" = format("%s%s%s", module.labels.id, var.delimiter, (count.index + 1))
+      "Name" = format("%s%s%s-volume", module.labels.id, var.delimiter, (count.index + 0))
     }
   )
 }
@@ -122,4 +122,23 @@ resource "aws_volume_attachment" "default" {
   device_name = element(var.ebs_device_name, count.index)
   volume_id   = element(aws_ebs_volume.default.*.id, count.index)
   instance_id = element(aws_instance.default.*.id, count.index)
+}
+
+#Module      : IAM INSTANCE PROFILE
+#Description : Provides an IAM instance profile.
+resource "aws_iam_instance_profile" "default" {
+  count = var.instance_profile_enabled ? 1 : 0
+  name  = format("%s%sinstance-profile", module.labels.id, var.delimiter)
+  role  = var.iam_instance_profile
+}
+
+#Module      : ROUTE53
+#Description : Provides a Route53 record resource.
+resource "aws_route53_record" "default" {
+  count   = var.dns_enabled ? var.instance_count : 0
+  zone_id = var.dns_zone_id
+  name    = format("%s%s%s", var.hostname, var.delimiter, (count.index + 0))
+  type    = var.type
+  ttl     = var.ttl
+  records = [element(aws_instance.default.*.private_dns, count.index)]
 }
diff --git a/variables.tf b/variables.tf
@@ -151,8 +151,8 @@ variable "ebs_iops" {
 }
 
 variable "availability_zone" {
-  type        = string
-  default     = ""
+  type        = list
+  default     = []
   description = "Availability Zone the instance is launched in. If not set, will be launched in the first AZ of the region."
 }
 
@@ -191,6 +191,11 @@ variable "ebs_volume_enabled" {
   default     = false
   description = "Flag to control the ebs creation."
 }
+variable "instance_profile_enabled" {
+  type        = bool
+  default     = false
+  description = "Flag to control the instance profile creation."
+}
 
 variable "subnet_ids" {
   type        = list(string)
@@ -256,4 +261,34 @@ variable "instance_tags" {
   type        = map
   default     = {}
   description = "Instance tags."
+}
+
+variable "dns_zone_id" {
+  type        = string
+  default     = ""
+  description = "The Zone ID of Route53."
+}
+
+variable "dns_enabled" {
+  type        = bool
+  default     = false
+  description = "Flag to control the dns_enable."
+}
+
+variable "hostname" {
+  type        = string
+  default     = ""
+  description = "DNS records to create."
+}
+
+variable "type" {
+  type        = string
+  default     = "CNAME"
+  description = "Type of DNS records to create."
+}
+
+variable "ttl" {
+  type        = string
+  default     = "300"
+  description = "The TTL of the record to add to the DNS zone to complete certificate validation."
 }