ReadMe.md

Motivation

This GitHub repository contains multiple use cases of working with Terraform to provision Amazon EC2 instances. Specific Git branches separate these use cases. To read more about that, click here.

I came across two use cases where I required an Amazon EC2 to assume an IAM role.
Before I explored it, the concept was -assign a set of permissions to an EC2 instance to carry out a specific set of activities. Hence I created an AWS IAM policy file with a set of permissions/rules and assigned it to an AWS IAM role, which was then associated with an IAM instance profile that was then assumed by an EC2 instance. The EC2 instance was then able to perform a set of actions listed in the AWS IAM policy file.

Generally, attaching an AWS IAM role to an EC2 instance is part of a more extensive use case.

I have supporting documentation on my note at: Attach IAM role to Amazon EC2 instance using Terraform

Prerequisites

I installed terraform before I worked on this repository. Installation information is available in the install guide.
I used the access_key and the secret_key of an IAM user that had permission to create all the resources managed via this terraform code.
I created a terraform.tfvars file to store them.
I created an Amazon EC2 key pair (format: pem) for Windows Instance by following the guidance at -create ec2-key-pair.

Usage

Ensure that the IAM user whose credentials are being used in this configuration has permission to create and manage all the resources that are included in this repository.
Review the code, especially the iamrole.tf and ec2.tf file to understand all the concepts associated with creating an AWS policy file, creating an IAM role, attaching the role to the policy, creating an IAM instance profile with the IAM role and finally attaching the IAM instance profile to the Amazon EC2 instance.

Next, run terraform init
Then run terraform plan
And finally run terraform apply

Other use-cases in this repository

There are eleven other branches in this repository discussing other use-cases:

No.	Use-Case	Branch
1.	Add an Amazon EC2 instance	https://github.com/kunduso/ec2-userdata-terraform/blob/add-amazon-ec2/ReadMe.md
2.	Add a user_data script to an Amazon EC2 instance	https://github.com/kunduso/ec2-userdata-terraform/blob/add-userdata/ReadMe.md
3.	Install AWS.Tools module for PowerShell on Amazon EC2 instance running Windows Server using user_data script	https://github.com/kunduso/ec2-userdata-terraform/blob/add-aws.tools-powershell-to-userdata/ReadMe.md
4.	Install AWS CLI on an Amazon EC2 instance running Windows Server using user_data script	https://github.com/kunduso/ec2-userdata-terraform/blob/add-awscli-to-userdata/ReadMe.md
5.	Create an Amazon EC2 instance with Session Manager access	https://github.com/kunduso/ec2-userdata-terraform/blob/add-iam-role-for-session-manager/ReadMe.md
6.	Download Amazon S3 bucket contents to Amazon EC2 instance	https://github.com/kunduso/ec2-userdata-terraform/blob/add-s3-access/ReadMe.md
7.	Manage sensitive variables in Amazon EC2 with AWS Systems Manager Parameter Store	https://github.com/kunduso/ec2-userdata-terraform/blob/add-ssm-parameter/ReadMe.md
8.	Access AWS Secrets Manager secret from Amazon EC2 instance	https://github.com/kunduso/ec2-userdata-terraform/blob/access-secrets-python/ReadMe.md
9.	Create an Amazon EC2 instance using Terraform with Session Manager access using VPC Endpoint	https://github.com/kunduso/ec2-userdata-terraform/blob/add-vpc-endpoint/ReadMe.md
10.	Install and configure CloudWatch Logs agent on Amazon EC2 instance for Windows using user data	https://github.com/kunduso/ec2-userdata-terraform/blob/add-cloudwatch-agent/ReadMe.md
11.	Secure RDP Access to Amazon EC2 for Windows: Leveraging Fleet Manager and Session Manager	https://github.com/kunduso/ec2-userdata-terraform/blob/enable-rdp-session-manager/ReadMe.md

License

This code is released under the Unlincse License. See LICENSE.