Initial commit (#50)

Author: LeoDiazL

README.md

@@ -143,11 +143,11 @@ The following inputs can be used as `step.with` keys
 | `aws_ec2_ami_owner` | String | 'Owner of AWS AMI image. This ensures the provider is the one we are looking for. Defaults to `099720109477`, Canonical (Ubuntu).' |
 | `aws_ec2_ami_id` | String | AWS AMI ID. Will default to latest Ubuntu 22.04 server image (HVM). Accepts `ami-###` values. |
 | `aws_ec2_ami_update` | Boolean | Set this to `true` if you want to recreate the EC2 instance if there is a newer version of the AMI. Defaults to `false`.|
-| `aws_ec2_iam_instance_profile` | String | The AWS IAM instance profile to use for the EC2 instance. Default is `${GITHUB_ORG_NAME}-${GITHUB_REPO_NAME}-${GITHUB_BRANCH_NAME}`|
 | `aws_ec2_instance_type` | String | The AWS IAM instance type to use. Default is `t2.small`. See [this list](https://aws.amazon.com/ec2/instance-types/) for reference. |
 | `aws_ec2_instance_root_vol_size` | Integer | Define the volume size (in GiB) for the root volume on the AWS Instance. Defaults to `8`. | 
 | `aws_ec2_instance_root_vol_preserve` | Boolean | Set this to true to avoid deletion of root volume on termination. Defaults to `false`. | 
 | `aws_ec2_security_group_name` | String | The name of the EC2 security group. Defaults to `SG for ${aws_resource_identifier} - EC2`. |
+| `aws_ec2_iam_instance_profile` | String | The AWS IAM instance profile to use for the EC2 instance. Will create one if none provided with the name`${GITHUB_ORG_NAME}-${GITHUB_REPO_NAME}-${GITHUB_BRANCH_NAME}`. |
 | `aws_ec2_create_keypair_sm` | Boolean | Generates and manage a secret manager entry that contains the public and private keys created for the ec2 instance. |
 | `aws_ec2_instance_public_ip` | Boolean | Add a public IP to the instance or not. (Not an Elastic IP). |
 | `aws_ec2_port_list` | String | Comma separated list of ports to be enabled in the EC2 instance security group. (NOT THE ELB) In a `xx,yy` format. |

operations/_scripts/generate/generate_vars_terraform.sh

@@ -44,14 +44,6 @@ aws_resource_identifier="aws_resource_identifier = \"${GITHUB_IDENTIFIER}\""
 aws_resource_identifier_supershort="aws_resource_identifier_supershort = \"${GITHUB_IDENTIFIER_SS}\""
 
 # Special cases - Values that need fallback values or special calculation
-
-aws_ec2_iam_instance_profile=
-if [ -n "${AWS_EC2_IAM_INSTANCE_PROFILE}" ]; then
-  aws_ec2_iam_instance_profile="aws_ec2_iam_instance_profile =\"${AWS_EC2_IAM_INSTANCE_PROFILE}\""
-else
-  aws_ec2_iam_instance_profile="aws_ec2_iam_instance_profile =\"${GITHUB_IDENTIFIER}\""
-fi
-
 aws_r53_sub_domain_name=
 if [ -n "${AWS_R53_SUB_DOMAIN_NAME}" ]; then
   aws_r53_sub_domain_name="aws_r53_sub_domain_name = \"${AWS_R53_SUB_DOMAIN_NAME}\""
@@ -94,7 +86,7 @@ if [[ $(alpha_only "$AWS_EC2_INSTANCE_CREATE") == true ]]; then
   aws_ec2_ami_owner=$(generate_var aws_ec2_ami_owner $AWS_EC2_AMI_OWNER)
   aws_ec2_ami_id=$(generate_var aws_ec2_ami_id $AWS_EC2_AMI_ID)
   aws_ec2_ami_update=$(generate_var aws_ec2_ami_update $AWS_EC2_AMI_UPDATE)
-  # aws_ec2_iam_instance_profile=$(generate_var aws_ec2_iam_instance_profile AWS_EC2_IAM_INSTANCE_PROFILE - Special case
+  aws_ec2_iam_instance_profile=$(generate_var aws_ec2_iam_instance_profile $AWS_EC2_IAM_INSTANCE_PROFILE)
   aws_ec2_instance_type=$(generate_var aws_ec2_instance_type $AWS_EC2_INSTANCE_TYPE)
   aws_ec2_instance_root_vol_size=$(generate_var aws_ec2_instance_root_vol_size $AWS_EC2_INSTANCE_ROOT_VOL_SIZE)
   aws_ec2_instance_root_vol_preserve=$(generate_var aws_ec2_instance_root_vol_preserve $AWS_EC2_INSTANCE_ROOT_VOL_PRESERVE)

operations/deployment/terraform/aws/bitovi_main.tf

@@ -13,6 +13,7 @@ module "ec2" {
   aws_ec2_instance_root_vol_preserve  = var.aws_ec2_instance_root_vol_preserve
   aws_ec2_create_keypair_sm           = var.aws_ec2_create_keypair_sm 
   aws_ec2_security_group_name         = var.aws_ec2_security_group_name
+  aws_ec2_iam_instance_profile        = var.aws_ec2_iam_instance_profile
   aws_ec2_port_list                   = var.aws_ec2_port_list
   # Data inputs
   aws_ec2_selected_vpc_id             = module.vpc.aws_selected_vpc_id

operations/deployment/terraform/modules/aws/ec2/aws_ec2.tf

@@ -1,6 +1,12 @@
 resource "aws_iam_instance_profile" "ec2_profile" {
+  count = var.aws_ec2_iam_instance_profile != "" ? 0 : 1
   name = var.aws_resource_identifier
-  role = aws_iam_role.ec2_role.name
+  role = aws_iam_role.ec2_role[0].name
+}
+
+data "aws_iam_instance_profile" "ec2_profile_provided" {
+  count = var.aws_ec2_iam_instance_profile != "" ? 1 : 0
+  name = var.aws_ec2_iam_instance_profile
 }
 
 data "aws_ami" "image_selected" {
@@ -22,7 +28,7 @@ resource "aws_instance" "server" {
   vpc_security_group_ids      = [aws_security_group.ec2_security_group.id]
   key_name                    = aws_key_pair.aws_key.key_name
   monitoring                  = true
-  iam_instance_profile        = aws_iam_instance_profile.ec2_profile.name
+  iam_instance_profile        = var.aws_ec2_iam_instance_profile != "" ? data.aws_iam_instance_profile.ec2_profile_provided[0].name : aws_iam_instance_profile.ec2_profile[0].name
   user_data_base64            = base64encode(try(file("./aws_ec2_incoming_user_data_script.sh"), ""))
   user_data_replace_on_change = var.aws_ec2_user_data_replace_on_change
   root_block_device {
@@ -51,7 +57,7 @@ resource "aws_instance" "server_ignore_ami" {
   vpc_security_group_ids      = [aws_security_group.ec2_security_group.id]
   key_name                    = aws_key_pair.aws_key.key_name
   monitoring                  = true
-  iam_instance_profile        = aws_iam_instance_profile.ec2_profile.name
+  iam_instance_profile        = var.aws_ec2_iam_instance_profile != "" ? data.aws_iam_instance_profile.ec2_profile_provided[0].name : aws_iam_instance_profile.ec2_profile[0].name
   user_data_base64            = base64encode(try(file("./aws_ec2_incoming_user_data_script.sh"), ""))
   user_data_replace_on_change = var.aws_ec2_user_data_replace_on_change
   root_block_device {

operations/deployment/terraform/modules/aws/ec2/aws_ec2_security.tf

@@ -50,6 +50,7 @@ output "aws_security_group_ec2_sg_id" {
 }
 
 resource "aws_iam_role" "ec2_role" {
+  count = var.aws_ec2_iam_instance_profile != "" ? 0 : 1
   name = var.aws_resource_identifier
   assume_role_policy = jsonencode({
     Version = "2012-10-17"
@@ -68,6 +69,7 @@ resource "aws_iam_role" "ec2_role" {
 
 # attach a policy to allow cloudwatch access
 resource "aws_iam_policy" "cloudwatch" {
+  count = var.aws_ec2_iam_instance_profile != "" ? 0 : 1
   name = var.aws_resource_identifier
 
   policy = <<EOF
@@ -92,6 +94,7 @@ EOF
 }
 
 resource "aws_iam_role_policy_attachment" "cloudwatch_attach" {
-  role       = aws_iam_role.ec2_role.name
-  policy_arn = aws_iam_policy.cloudwatch.arn
+  count      = var.aws_ec2_iam_instance_profile != "" ? 0 : 1
+  role       = aws_iam_role.ec2_role[0].name
+  policy_arn = aws_iam_policy.cloudwatch[0].arn
 }

operations/deployment/terraform/modules/aws/ec2/aws_ec2_vars.tf

@@ -10,6 +10,7 @@ variable "aws_ec2_instance_root_vol_size" {}
 variable "aws_ec2_instance_root_vol_preserve" {}
 variable "aws_ec2_create_keypair_sm" {}
 variable "aws_ec2_security_group_name" {}
+variable "aws_ec2_iam_instance_profile" {}
 variable "aws_ec2_port_list" {}
 # Data inputs
 variable "aws_ec2_selected_vpc_id" {}