Merge pull request #1 from clouddrove/ops

Ops

Author: Nikita Dugar

README.md

@@ -72,28 +72,31 @@ This module has a few dependencies:
 Here is an example of how you can use this module in your inventory structure:
 ```hcl
     module "ec2" {
-      source                      = "git::https://github.com/clouddrove/terraform-aws-ec2.git?ref=tags/0.12.2"
-      name                        = "ec2-instance"
-      application                 = "clouddrove"
-      environment                 = "test"
-      label_order                 = ["environment", "name", "application"]
-      instance_count              = 2
-      ami                         = "ami-08d658f84a6d84a80"
-      ebs_optimized               = false
-      instance_type               = "t2.nano"
-      key_name                    = module.keypair.name
-      monitoring                  = false
-      associate_public_ip_address = true
-      tenancy                     = "default"
-      disk_size                   = 8
+      source = "git::https://github.com/clouddrove/terraform-aws-ec2.git?ref=tags/0.12.3"
+      name        = "ec2-instance"
+      application = "clouddrove"
+      environment = "test"
+      label_order = ["environment", "application", "name"]        instance_count = 2
+      ami            = "ami-08d658f84a6d84a80"
+      instance_type  = "t2.nano"
+      key_name       = module.keypair.name
+      monitoring     = false
+      tenancy        = "default"
       vpc_security_group_ids_list = [module.ssh.security_group_ids, module.http-https.security_group_ids]
       subnet_ids                  = tolist(module.public_subnets.public_subnet_id)
       assign_eip_address          = true
-      ebs_volume_enabled          = true
-      ebs_volume_type             = "gp2"
-      ebs_volume_size             = 30
-      user_data                   = "./_bin/user_data.sh"
-      instance_tags               = {"snapshot"=true}
+      associate_public_ip_address = true
+      instance_profile_enabled = true
+      iam_instance_profile     = module.iam-role.name
+      disk_size          = 8
+      ebs_optimized      = false
+      ebs_volume_enabled = true
+      ebs_volume_type    = "gp2"
+      ebs_volume_size    = 30
+      user_data     = "./_bin/user_data.sh"
+      instance_tags = { "snapshot" = true }
+      dns_zone_id = "Z1XJD7SSBKXLC1"
+      hostname    = "ec2"
     }
 ```
 
@@ -111,12 +114,14 @@ Here is an example of how you can use this module in your inventory structure:
 | assign_eip_address | Assign an Elastic IP address to the instance. | bool | `false` | no |
 | associate_public_ip_address | Associate a public IP address with the instance. | bool | `true` | no |
 | attributes | Additional attributes (e.g. `1`). | list | `<list>` | no |
-| availability_zone | Availability Zone the instance is launched in. If not set, will be launched in the first AZ of the region. | string | `` | no |
+| availability_zone | Availability Zone the instance is launched in. If not set, will be launched in the first AZ of the region. | list | `<list>` | no |
 | cpu_core_count | Sets the number of CPU cores for an instance. | string | `` | no |
 | cpu_credits | The credit option for CPU usage. Can be `standard` or `unlimited`. T3 instances are launched as unlimited by default. T2 instances are launched as standard by default. | string | `standard` | no |
 | delimiter | Delimiter to be used between `organization`, `environment`, `name` and `attributes`. | string | `-` | no |
 | disable_api_termination | If true, enables EC2 Instance Termination Protection. | bool | `false` | no |
 | disk_size | Size of the root volume in gigabytes. | number | `8` | no |
+| dns_enabled | Flag to control the dns_enable. | bool | `false` | no |
+| dns_zone_id | The Zone ID of Route53. | string | `` | no |
 | ebs_block_device | Additional EBS block devices to attach to the instance. | list | `<list>` | no |
 | ebs_device_name | Name of the EBS device to mount. | list(string) | `<list>` | no |
 | ebs_iops | Amount of provisioned IOPS. This must be set with a volume_type of io1. | number | `0` | no |
@@ -127,10 +132,12 @@ Here is an example of how you can use this module in your inventory structure:
 | environment | Environment (e.g. `prod`, `dev`, `staging`). | string | `` | no |
 | ephemeral_block_device | Customize Ephemeral (also known as Instance Store) volumes on the instance. | list | `<list>` | no |
 | host_id | The Id of a dedicated host that the instance will be assigned to. Use when an instance is to be launched on a specific dedicated host. | string | `` | no |
+| hostname | DNS records to create. | string | `` | no |
 | iam_instance_profile | The IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile. | string | `` | no |
 | instance_count | Number of instances to launch. | number | `1` | no |
 | instance_enabled | Flag to control the instance creation. | bool | `true` | no |
 | instance_initiated_shutdown_behavior | Shutdown behavior for the instance. | string | `` | no |
+| instance_profile_enabled | Flag to control the instance profile creation. | bool | `false` | no |
 | instance_tags | Instance tags. | map | `<map>` | no |
 | instance_type | The type of instance to start. Updates to this field will trigger a stop/start of the EC2 instance. | string | - | yes |
 | ipv6_address_count | Number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet. | number | `0` | no |
@@ -147,6 +154,8 @@ Here is an example of how you can use this module in your inventory structure:
 | subnet_ids | A list of VPC Subnet IDs to launch in. | list(string) | `<list>` | no |
 | tags | Additional tags (e.g. map(`BusinessUnit`,`XYZ`). | map | `<map>` | no |
 | tenancy | The tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. The host tenancy is not supported for the import-instance command. | string | `` | no |
+| ttl | The TTL of the record to add to the DNS zone to complete certificate validation. | string | `300` | no |
+| type | Type of DNS records to create. | string | `CNAME` | no |
 | user_data | The Base64-encoded user data to provide when launching the instances. | string | `` | no |
 | vpc_security_group_ids_list | A list of security group IDs to associate with. | list(string) | `<list>` | no |
 

README.yaml

@@ -36,27 +36,30 @@ usage : |-
   Here is an example of how you can use this module in your inventory structure:
   ```hcl
       module "ec2" {
-        source                      = "git::https://github.com/clouddrove/terraform-aws-ec2.git?ref=tags/0.12.2"
-        name                        = "ec2-instance"
-        application                 = "clouddrove"
-        environment                 = "test"
-        label_order                 = ["environment", "name", "application"]
-        instance_count              = 2
-        ami                         = "ami-08d658f84a6d84a80"
-        ebs_optimized               = false
-        instance_type               = "t2.nano"
-        key_name                    = module.keypair.name
-        monitoring                  = false
-        associate_public_ip_address = true
-        tenancy                     = "default"
-        disk_size                   = 8
+        source = "git::https://github.com/clouddrove/terraform-aws-ec2.git?ref=tags/0.12.3"
+        name        = "ec2-instance"
+        application = "clouddrove"
+        environment = "test"
+        label_order = ["environment", "application", "name"]        instance_count = 2
+        ami            = "ami-08d658f84a6d84a80"
+        instance_type  = "t2.nano"
+        key_name       = module.keypair.name
+        monitoring     = false
+        tenancy        = "default"
         vpc_security_group_ids_list = [module.ssh.security_group_ids, module.http-https.security_group_ids]
         subnet_ids                  = tolist(module.public_subnets.public_subnet_id)
         assign_eip_address          = true
-        ebs_volume_enabled          = true
-        ebs_volume_type             = "gp2"
-        ebs_volume_size             = 30
-        user_data                   = "./_bin/user_data.sh"
-        instance_tags               = {"snapshot"=true}
+        associate_public_ip_address = true
+        instance_profile_enabled = true
+        iam_instance_profile     = module.iam-role.name
+        disk_size          = 8
+        ebs_optimized      = false
+        ebs_volume_enabled = true
+        ebs_volume_type    = "gp2"
+        ebs_volume_size    = 30
+        user_data     = "./_bin/user_data.sh"
+        instance_tags = { "snapshot" = true }
+        dns_zone_id = "Z1XJD7SSBKXLC1"
+        hostname    = "ec2"
       }
   ```

_example/.terraform.tfstate.lock.info

@@ -3,31 +3,31 @@ provider "aws" {
 }
 
 module "keypair" {
-  source = "git::https://github.com/clouddrove/terraform-aws-keypair.git?ref=tags/0.12.1"
+  source = "git::https://github.com/clouddrove/terraform-aws-keypair.git?ref=tags/0.12.2"
 
   key_path        = "~/.ssh/id_rsa.pub"
   key_name        = "main-key"
   enable_key_pair = true
 }
 
 module "vpc" {
-  source = "git::https://github.com/clouddrove/terraform-aws-vpc.git?ref=tags/0.12.1"
+  source = "git::https://github.com/clouddrove/terraform-aws-vpc.git?ref=tags/0.12.4"
 
   name        = "vpc"
   application = "clouddrove"
   environment = "test"
-  label_order = ["environment", "name", "application"]
+  label_order = ["environment", "application", "name"]
 
   cidr_block = "172.16.0.0/16"
 }
 
 module "public_subnets" {
-  source = "git::https://github.com/clouddrove/terraform-aws-subnet.git?ref=tags/0.12.1"
+  source = "git::https://github.com/clouddrove/terraform-aws-subnet.git?ref=tags/0.12.3"
 
   name        = "public-subnet"
   application = "clouddrove"
   environment = "test"
-  label_order = ["environment", "name", "application"]
+  label_order = ["environment", "application", "name"]
 
   availability_zones = ["eu-west-1b", "eu-west-1c"]
   vpc_id             = module.vpc.vpc_id
@@ -37,56 +37,101 @@ module "public_subnets" {
 }
 
 module "http-https" {
-  source = "git::https://github.com/clouddrove/terraform-aws-security-group.git?ref=tags/0.12.1"
+  source = "git::https://github.com/clouddrove/terraform-aws-security-group.git?ref=tags/0.12.2"
 
   name        = "http-https"
   application = "clouddrove"
   environment = "test"
-  label_order = ["environment", "name", "application"]
+  label_order = ["environment", "application", "name"]
 
   vpc_id        = module.vpc.vpc_id
   allowed_ip    = ["0.0.0.0/0"]
   allowed_ports = [80, 443]
 }
 
 module "ssh" {
-  source = "git::https://github.com/clouddrove/terraform-aws-security-group.git?ref=tags/0.12.1"
+  source = "git::https://github.com/clouddrove/terraform-aws-security-group.git?ref=tags/0.12.2"
 
   name        = "ssh"
   application = "clouddrove"
   environment = "test"
-  label_order = ["environment", "name", "application"]
+  label_order = ["environment", "application", "name"]
 
   vpc_id        = module.vpc.vpc_id
   allowed_ip    = [module.vpc.vpc_cidr_block]
   allowed_ports = [22]
 }
 
+module "iam-role" {
+  source = "git::https://github.com/clouddrove/terraform-aws-iam-role.git?ref=tags/0.12.0"
+
+  name               = "iam-role"
+  application        = "clouddrove"
+  environment        = "test"
+  label_order        = ["environment", "application", "name"]
+  assume_role_policy = data.aws_iam_policy_document.default.json
+
+  policy_enabled = true
+  policy         = data.aws_iam_policy_document.iam-policy.json
+}
+
+data "aws_iam_policy_document" "default" {
+  statement {
+    effect  = "Allow"
+    actions = ["sts:AssumeRole"]
+    principals {
+      type        = "Service"
+      identifiers = ["ec2.amazonaws.com"]
+    }
+  }
+}
+
+data "aws_iam_policy_document" "iam-policy" {
+  statement {
+    actions = [
+      "ssm:UpdateInstanceInformation",
+      "ssmmessages:CreateControlChannel",
+      "ssmmessages:CreateDataChannel",
+      "ssmmessages:OpenControlChannel",
+    "ssmmessages:OpenDataChannel"]
+    effect    = "Allow"
+    resources = ["*"]
+  }
+}
+
 module "ec2" {
-  source = "git::https://github.com/clouddrove/terraform-aws-ec2.git?ref=tags/0.12.2"
+  source = "git::https://github.com/clouddrove/terraform-aws-ec2.git?ref=tags/0.12.3"
 
   name        = "ec2-instance"
   application = "clouddrove"
   environment = "test"
-  label_order = ["environment", "name", "application"]
-
-  instance_count              = 2
-  ami                         = "ami-08d658f84a6d84a80"
-  ebs_optimized               = false
-  instance_type               = "t2.nano"
-  key_name                    = module.keypair.name
-  monitoring                  = false
-  associate_public_ip_address = true
-  tenancy                     = "default"
-  disk_size                   = 8
+  label_order = ["environment", "application", "name"]
+
+  instance_count = 2
+  ami            = "ami-08d658f84a6d84a80"
+  instance_type  = "t2.nano"
+  key_name       = module.keypair.name
+  monitoring     = false
+  tenancy        = "default"
+
   vpc_security_group_ids_list = [module.ssh.security_group_ids, module.http-https.security_group_ids]
   subnet_ids                  = tolist(module.public_subnets.public_subnet_id)
 
-  assign_eip_address = true
+  assign_eip_address          = true
+  associate_public_ip_address = true
 
+  instance_profile_enabled = true
+  iam_instance_profile     = module.iam-role.name
+
+  disk_size          = 8
+  ebs_optimized      = false
   ebs_volume_enabled = true
   ebs_volume_type    = "gp2"
   ebs_volume_size    = 30
-  user_data          = "./_bin/user_data.sh"
-  instance_tags      = { "snapshot" = true }
+
+  user_data     = "./_bin/user_data.sh"
+  instance_tags = { "snapshot" = true }
+
+  dns_zone_id = "Z1XJD7SSBKXLC1"
+  hostname    = "ec2"
 }

_example/example.tf

@@ -19,7 +19,8 @@ locals {
 
 
 #Module      : EC2
-#Description : Terraform module to create an EC2 resource on AWS with Elastic IP Addresses #              and Elastic Block Store.
+#Description : Terraform module to create an EC2 resource on AWS with Elastic IP Addresses
+#              and Elastic Block Store.
 resource "aws_instance" "default" {
   count = var.instance_enabled == true ? var.instance_count : 0
 
@@ -38,11 +39,10 @@ resource "aws_instance" "default" {
   host_id                              = var.host_id
   cpu_core_count                       = var.cpu_core_count
   user_data                            = var.user_data != "" ? base64encode(file(var.user_data)) : ""
-  iam_instance_profile                 = var.iam_instance_profile
+  iam_instance_profile                 = join("", aws_iam_instance_profile.default.*.name)
   source_dest_check                    = var.source_dest_check
   ipv6_address_count                   = var.ipv6_address_count
   ipv6_addresses                       = var.ipv6_addresses
-
   root_block_device {
     volume_size           = var.disk_size
     delete_on_termination = true
@@ -56,15 +56,15 @@ resource "aws_instance" "default" {
     module.labels.tags,
     {
 
-      "Name" = format("%s%s%s", module.labels.id, var.delimiter, (count.index + 1))
+      "Name" = format("%s%s%s", module.labels.id, var.delimiter, (count.index))
     },
     var.instance_tags
   )
 
   volume_tags = merge(
     module.labels.tags,
     {
-      "Name" = format("%s%s%s", module.labels.id, var.delimiter, (count.index + 1))
+      "Name" = format("%s%s%s", module.labels.id, var.delimiter, (count.index))
     }
   )
 
@@ -91,7 +91,7 @@ resource "aws_eip" "default" {
   tags = merge(
     module.labels.tags,
     {
-      "Name" = format("%s%s%s", module.labels.id, var.delimiter, (count.index + 1))
+      "Name" = format("%s%s%s-eip", module.labels.id, var.delimiter, (count.index))
     }
   )
 }
@@ -109,7 +109,7 @@ resource "aws_ebs_volume" "default" {
   tags = merge(
     module.labels.tags,
     {
-      "Name" = format("%s%s%s", module.labels.id, var.delimiter, (count.index + 1))
+      "Name" = format("%s%s%s", module.labels.id, var.delimiter, (count.index))
     }
   )
 }
@@ -122,4 +122,23 @@ resource "aws_volume_attachment" "default" {
   device_name = element(var.ebs_device_name, count.index)
   volume_id   = element(aws_ebs_volume.default.*.id, count.index)
   instance_id = element(aws_instance.default.*.id, count.index)
+}
+
+#Module      : IAM INSTANCE PROFILE
+#Description : Provides an IAM instance profile.
+resource "aws_iam_instance_profile" "default" {
+  count = var.instance_profile_enabled ? 1 : 0
+  name  = format("%s%sinstance-profile", module.labels.id, var.delimiter)
+  role  = var.iam_instance_profile
+}
+
+#Module      : ROUTE53
+#Description : Provides a Route53 record resource.
+resource "aws_route53_record" "default" {
+  count   = var.dns_enabled ? var.instance_count : 0
+  zone_id = var.dns_zone_id
+  name    = format("%s%s%s", var.hostname, var.delimiter, (count.index))
+  type    = var.type
+  ttl     = var.ttl
+  records = [element(aws_instance.default.*.private_dns, count.index)]
 }