Skip to content

Commit

Permalink
Merge pull request #71 from rackspace-infrastructure-automation/v0.11…
Browse files Browse the repository at this point in the history
…-root-encrypt

V0.11 root encrypt
  • Loading branch information
John Titus committed Jun 11, 2020
2 parents e765fad + e94a3c3 commit 7aeeedb
Show file tree
Hide file tree
Showing 7 changed files with 129 additions and 79 deletions.
7 changes: 5 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ This module creates one or more autorecovery instances.

```HCL
module "ar" {
source = "git@github.com:rackspace-infrastructure-automation/aws-terraform-ec2_autorecovery//?ref=v0.0.24"
source = "git@github.com:rackspace-infrastructure-automation/aws-terraform-ec2_autorecovery//?ref=v0.0.25"
ec2_os = "amazon"
subnets = ["${module.vpc.private_subnets}"]
Expand Down Expand Up @@ -62,7 +62,10 @@ Using [aws-terraform-cloudwatch\_alarm](https://github.com/rackspace-infrastruct
| eip\_allocation\_id\_list | A list of Allocation IDs of the EIPs you want to associate with the instance(s). This is one per instance. e.g. if you specify 2 for instance\_count then you must supply two allocation ids here. | `list` | `[]` | no |
| enable\_ebs\_optimization | Use EBS Optimized? true or false | `string` | `false` | no |
| enable\_recovery\_alarms | Boolean parameter controlling if auto-recovery alarms should be created. Recovery actions are not supported on all instance types and AMIs, especially those with ephemeral storage. This parameter should be set to false for those cases. | `string` | `true` | no |
| encrypt\_secondary\_ebs\_volume | Encrypt EBS Volume? true or false | `string` | `false` | no |
| encrypt\_primary\_ebs\_volume | Encrypt root EBS Volume? true or false | `string` | `false` | no |
| encrypt\_primary\_ebs\_volume\_kms\_id | If `encrypt_primary_ebs_volume` is `true` you can optionally provide a KMS CMK ARN. | `string` | `""` | no |
| encrypt\_secondary\_ebs\_volume | Encrypt secondary EBS Volume? true or false | `string` | `false` | no |
| encrypt\_secondary\_ebs\_volume\_kms\_id | If `encrypt_secondary_ebs_volume` is `true` you can optionally provide a KMS CMK ARN. | `string` | `""` | no |
| environment | Application environment for which this network is being created. Preferred value are Development, Integration, PreProduction, Production, QA, Staging, or Test | `string` | `"Development"` | no |
| final\_userdata\_commands | Commands to be given at the end of userdata for an instance. This should generally not include bootstrapping or ssm install. | `string` | `""` | no |
| image\_id | The AMI ID to be used to build the EC2 Instance. If not provided, an AMI ID will be queried with an OS specified in variable ec2\_os. | `string` | `""` | no |
Expand Down
2 changes: 1 addition & 1 deletion examples/custom_cw_agent_config.tf
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ module "vpc" {
data "aws_region" "current_region" {}

module "ec2_ar_with_codedeploy" {
source = "git@github.com:rackspace-infrastructure-automation/aws-terraform-ec2_autorecovery?ref=v0.0.24"
source = "git@github.com:rackspace-infrastructure-automation/aws-terraform-ec2_autorecovery?ref=v0.0.25"

ec2_os = "rhel6"
instance_count = "1"
Expand Down
2 changes: 1 addition & 1 deletion examples/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ data "aws_ami" "amazon_centos_7" {
}

module "ec2_ar" {
source = "git@github.com:rackspace-infrastructure-automation/aws-terraform-ec2_autorecovery?ref=v0.0.24"
source = "git@github.com:rackspace-infrastructure-automation/aws-terraform-ec2_autorecovery?ref=v0.0.25"

ec2_os = "centos7"
instance_count = "3"
Expand Down
2 changes: 1 addition & 1 deletion examples/unmanaged.tf
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ module "sns" {
}

module "unmanaged_ar" {
source = "git@github.com:rackspace-infrastructure-automation/aws-terraform-ec2_autorecovery?ref=v0.0.24"
source = "git@github.com:rackspace-infrastructure-automation/aws-terraform-ec2_autorecovery?ref=v0.0.25"

ec2_os = "centos7"
instance_count = "1"
Expand Down
47 changes: 36 additions & 11 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
*
* ```HCL
* module "ar" {
* source = "git@github.com:rackspace-infrastructure-automation/aws-terraform-ec2_autorecovery//?ref=v0.0.24"
* source = "git@github.com:rackspace-infrastructure-automation/aws-terraform-ec2_autorecovery//?ref=v0.0.25"
*
* ec2_os = "amazon"
* subnets = ["${module.vpc.private_subnets}"]
Expand Down Expand Up @@ -246,12 +246,16 @@ data "aws_ami" "ar_ami" {
filter = "${concat(local.standard_filters, local.image_filter[local.ec2_os])}"
}

locals {
user_data_file_path = "${path.module}/text/${lookup(local.user_data_map, local.ec2_os)}"
}

data "template_file" "user_data" {
template = "${file("${path.module}/text/${lookup(local.user_data_map, local.ec2_os)}")}"
template = "${file(local.user_data_file_path)}"

vars {
initial_commands = "${var.initial_userdata_commands != "" ? "${var.initial_userdata_commands}" : "" }"
final_commands = "${var.final_userdata_commands != "" ? "${var.final_userdata_commands}" : "" }"
initial_commands = "${var.initial_userdata_commands != "" ? var.initial_userdata_commands : "" }"
final_commands = "${var.final_userdata_commands != "" ? var.final_userdata_commands : "" }"
}
}

Expand Down Expand Up @@ -413,8 +417,12 @@ resource "aws_iam_instance_profile" "instance_role_instance_profile" {
# SSM Association
#

locals {
ssm_managed_commands_file_path = "${path.module}/text/managed_ssm_steps.json"
}

data "template_file" "ssm_managed_commands" {
template = "\n${file("${path.module}/text/managed_ssm_steps.json")}"
template = "\n${file(local.ssm_managed_commands_file_path)}"

vars {
region = "${data.aws_region.current_region.name}"
Expand All @@ -431,8 +439,12 @@ data "template_file" "additional_ssm_docs" {
}
}

locals {
ssm_bootstrap_template_file_path = "${path.module}/text/ssm_bootstrap_template.json"
}

data "template_file" "ssm_bootstrap_template" {
template = "${file("${path.module}/text/ssm_bootstrap_template.json")}"
template = "${file(local.ssm_bootstrap_template_file_path)}"

vars {
region = "${data.aws_region.current_region.name}"
Expand All @@ -452,13 +464,17 @@ resource "aws_ssm_document" "ssm_bootstrap_doc" {
content = "${data.template_file.ssm_bootstrap_template.rendered}"
}

locals {
cwagent_config_file_path = "${path.module}/text/${local.cwagent_config}"
}

resource "aws_ssm_parameter" "cwagentparam" {
count = "${var.provide_custom_cw_agent_config ? 0 : 1}"

name = "${local.cw_config_parameter_name}"
description = "${var.resource_name} Cloudwatch Agent configuration"
type = "String"
value = "${replace(replace(file("${path.module}/text/${local.cwagent_config}"),"((SYSTEM_LOG_GROUP_NAME))",aws_cloudwatch_log_group.system_logs.name),"((APPLICATION_LOG_GROUP_NAME))",aws_cloudwatch_log_group.application_logs.name)}"
value = "${replace(replace(file(local.cwagent_config_file_path),"((SYSTEM_LOG_GROUP_NAME))",aws_cloudwatch_log_group.system_logs.name),"((APPLICATION_LOG_GROUP_NAME))",aws_cloudwatch_log_group.application_logs.name)}"
}

resource "aws_ssm_association" "ssm_bootstrap_assoc" {
Expand Down Expand Up @@ -598,6 +614,10 @@ module "cpu_alarm_high" {
# Provisioning of Instance(s)
#

locals {
instance_name = "${var.instance_count > 1 ? "%s-%03d" : "%s"}"
}

resource "aws_instance" "mod_ec2_instance_no_secondary_ebs" {
count = "${var.secondary_ebs_volume_size != "" ? 0 : var.instance_count}"

Expand All @@ -624,6 +644,8 @@ resource "aws_instance" "mod_ec2_instance_no_secondary_ebs" {
volume_type = "${var.primary_ebs_volume_type}"
volume_size = "${var.primary_ebs_volume_size}"
iops = "${var.primary_ebs_volume_iops}"
encrypted = "${var.encrypt_primary_ebs_volume}"
kms_key_id = "${var.encrypt_primary_ebs_volume && var.encrypt_primary_ebs_volume_kms_id != "" ? var.encrypt_primary_ebs_volume_kms_id : ""}"
}

volume_tags = "${var.ebs_volume_tags}"
Expand All @@ -633,9 +655,9 @@ resource "aws_instance" "mod_ec2_instance_no_secondary_ebs" {
}

tags = "${merge(
map("Name", "${var.resource_name}${var.instance_count > 1 ? format("-%03d",count.index+1) : ""}"),
map("Name", var.instance_count > 1 ? format(local.instance_name, var.resource_name, count.index) : format(local.instance_name, var.resource_name)),
local.tags,
var.additional_tags
var.additional_tags,
)}"
}

Expand Down Expand Up @@ -665,6 +687,8 @@ resource "aws_instance" "mod_ec2_instance_with_secondary_ebs" {
volume_type = "${var.primary_ebs_volume_type}"
volume_size = "${var.primary_ebs_volume_size}"
iops = "${var.primary_ebs_volume_iops}"
encrypted = "${var.encrypt_primary_ebs_volume}"
kms_key_id = "${var.encrypt_primary_ebs_volume && var.encrypt_primary_ebs_volume_kms_id != "" ? var.encrypt_primary_ebs_volume_kms_id : ""}"
}

volume_tags = "${var.ebs_volume_tags}"
Expand All @@ -675,6 +699,7 @@ resource "aws_instance" "mod_ec2_instance_with_secondary_ebs" {
volume_size = "${var.secondary_ebs_volume_size}"
iops = "${var.secondary_ebs_volume_iops}"
encrypted = "${var.secondary_ebs_volume_existing_id == "" ? var.encrypt_secondary_ebs_volume: false}"
kms_key_id = "${var.encrypt_secondary_ebs_volume && var.encrypt_secondary_ebs_volume_kms_id != "" ? var.encrypt_secondary_ebs_volume_kms_id : ""}"
snapshot_id = "${var.secondary_ebs_volume_existing_id}"
}

Expand All @@ -683,9 +708,9 @@ resource "aws_instance" "mod_ec2_instance_with_secondary_ebs" {
}

tags = "${merge(
map("Name", "${var.resource_name}${var.instance_count > 1 ? format("-%03d",count.index+1) : ""}"),
map("Name", var.instance_count > 1 ? format(local.instance_name, var.resource_name, count.index) : format(local.instance_name, var.resource_name)),
local.tags,
var.additional_tags
var.additional_tags,
)}"
}

Expand Down
128 changes: 66 additions & 62 deletions tests/test1/main.tf
Original file line number Diff line number Diff line change
@@ -1,8 +1,17 @@
provider "aws" {
version = "~> 1.2"
version = "~> 2.2, != 2.65"
region = "us-west-2"
}

locals {
tags = {
Environment = "Test"
Purpose = "Testing aws-terraform-ec2_autorecovery"
ServiceProvider = "Rackspace"
Terraform = "true"
}
}

resource "random_string" "res_name" {
length = 8
upper = false
Expand All @@ -22,9 +31,10 @@ data "aws_region" "current_region" {}
resource "aws_eip" "test_eip_1" {
vpc = true

tags = {
Name = "Circle-CI-Test1-1-${random_string.res_name.result}"
}
tags = "${merge(
local.tags,
map("Name", format("Circle-CI-Test1-1-%s", random_string.res_name.result)),
)}"
}

module "ec2_ar_centos7_with_codedeploy" {
Expand Down Expand Up @@ -99,19 +109,16 @@ EOF
},
]

additional_tags = {
MyTag1 = "MyValue1"
MyTag2 = "MyValue2"
MyTag3 = "MyValue3"
}
additional_tags = "${local.tags}"
}

resource "aws_eip" "test_eip_2" {
vpc = true

tags = {
Name = "Circle-CI-Test1-2-${random_string.res_name.result}"
}
tags = "${merge(
local.tags,
map("Name", format("Circle-CI-Test1-2-%s", random_string.res_name.result)),
)}"
}

module "ec2_ar_centos7_no_codedeploy" {
Expand All @@ -138,11 +145,7 @@ module "ec2_ar_centos7_no_codedeploy" {
secondary_ebs_volume_type = "gp2"
encrypt_secondary_ebs_volume = "False"

ebs_volume_tags = {
MyTag1 = "MyValue1"
MyTag2 = "MyValue2"
MyTag3 = "MyValue3"
}
ebs_volume_tags = "${local.tags}"

environment = "Development"
instance_role_managed_policy_arns = ["arn:aws:iam::aws:policy/AmazonEC2FullAccess", "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetRole", "arn:aws:iam::aws:policy/CloudWatchActionsEC2Access"]
Expand Down Expand Up @@ -196,11 +199,7 @@ EOF
},
]

additional_tags = {
MyTag1 = "MyValue1"
MyTag2 = "MyValue2"
MyTag3 = "MyValue3"
}
additional_tags = "${local.tags}"
}

module "ec2_ar_centos7_no_scaleft" {
Expand Down Expand Up @@ -228,11 +227,7 @@ module "ec2_ar_centos7_no_scaleft" {
secondary_ebs_volume_type = "gp2"
encrypt_secondary_ebs_volume = "False"

ebs_volume_tags = {
MyTag1 = "MyValue1"
MyTag2 = "MyValue2"
MyTag3 = "MyValue3"
}
ebs_volume_tags = "${local.tags}"

environment = "Development"
instance_role_managed_policy_arns = ["arn:aws:iam::aws:policy/AmazonEC2FullAccess", "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetRole", "arn:aws:iam::aws:policy/CloudWatchActionsEC2Access"]
Expand Down Expand Up @@ -286,11 +281,7 @@ EOF
},
]

additional_tags = {
MyTag1 = "MyValue1"
MyTag2 = "MyValue2"
MyTag3 = "MyValue3"
}
additional_tags = "${local.tags}"
}

module "ec2_ar_windows_with_codedeploy" {
Expand Down Expand Up @@ -363,11 +354,7 @@ EOF
},
]

additional_tags = {
MyTag1 = "MyValue1"
MyTag2 = "MyValue2"
MyTag3 = "MyValue3"
}
additional_tags = "${local.tags}"
}

module "ec2_ar_windows_no_codedeploy" {
Expand Down Expand Up @@ -450,11 +437,7 @@ EOF
},
]

additional_tags = {
MyTag1 = "MyValue1"
MyTag2 = "MyValue2"
MyTag3 = "MyValue3"
}
additional_tags = "${local.tags}"
}

module "ec2_ar_windows_no_scaleft" {
Expand Down Expand Up @@ -538,11 +521,7 @@ EOF
},
]

additional_tags = {
MyTag1 = "MyValue1"
MyTag2 = "MyValue2"
MyTag3 = "MyValue3"
}
additional_tags = "${local.tags}"
}

module "sns" {
Expand Down Expand Up @@ -577,20 +556,45 @@ module "zero_count_ar" {
rackspace_managed = false
}

resource "aws_ebs_volume" "nfs" {
availability_zone = "us-west-2a"
size = 60
encrypted = true

tags = "${merge(
local.tags,
map("Name", format("%s-ar-nfs", random_string.res_name.result)),
)}"
}

resource "aws_ebs_snapshot" "encrypted_nfs" {
volume_id = "${aws_ebs_volume.nfs.id}"

tags = "${merge(
local.tags,
map("Name", format("%s-ar-nfs", random_string.res_name.result)),
)}"
}

module "ec2_nfs" {
source = "../../module"
ec2_os = "amazon2"
instance_count = "1"
subnets = "${module.vpc.private_subnets}"
security_group_list = ["${module.vpc.default_sg}"]
key_pair = "CircleCI"
instance_type = "t2.micro"
resource_name = "ar-nfs-${random_string.res_name.result}"
install_nfs = true
primary_ebs_volume_size = "60"
primary_ebs_volume_iops = "0"
primary_ebs_volume_type = "gp2"
secondary_ebs_volume_size = "60"
secondary_ebs_volume_iops = "0"
secondary_ebs_volume_type = "gp2"
source = "../../module"

ec2_os = "amazon2"
instance_count = 1
subnets = "${module.vpc.private_subnets}"
security_group_list = ["${module.vpc.default_sg}"]
key_pair = "CircleCI"
instance_type = "t2.micro"
resource_name = "ar-nfs-${random_string.res_name.result}"
install_nfs = true
primary_ebs_volume_size = 60
primary_ebs_volume_iops = 0
primary_ebs_volume_type = "gp2"
encrypt_primary_ebs_volume = true
secondary_ebs_volume_size = 60
secondary_ebs_volume_iops = 0
secondary_ebs_volume_type = "gp2"
secondary_ebs_volume_existing_id = "${aws_ebs_snapshot.encrypted_nfs.id}"

additional_tags = "${local.tags}"
}
Loading

0 comments on commit 7aeeedb

Please sign in to comment.