feat: Add support for IAM role and isntance profile creation (#194)

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.71.0
+    rev: v1.72.1
     hooks:
       - id: terraform_fmt
       - id: terraform_validate

README.md

@@ -10,6 +10,7 @@ Terraform module which creates Auto Scaling resources on AWS.
 - Autoscaling group utilizing mixed instances policy
 - Ability to configure autoscaling groups to set instance refresh configuration and add lifecycle hooks
 - Ability to create an autoscaling group that respects `desired_capacity` or one that ignores to allow for scaling without conflicting Terraform diffs
+- IAM role and instance profile creation
 
 ## Usage
 
@@ -65,6 +66,18 @@ module "asg" {
   ebs_optimized     = true
   enable_monitoring = true
 
+  # IAM role & instand profile
+  create_iam_instance_profile = true
+  iam_role_name               = "example-asg"
+  iam_role_path               = "/ec2/"
+  iam_role_description        = "IAM role example"
+  iam_role_tags = {
+    CustomIamRole = "Yes"
+  }
+  iam_role_policies = {
+    AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+  }
+
   block_device_mappings = [
     {
       # Root volume
@@ -234,8 +247,13 @@ No modules.
 | [aws_autoscaling_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group) | resource |
 | [aws_autoscaling_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_policy) | resource |
 | [aws_autoscaling_schedule.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_schedule) | resource |
+| [aws_iam_instance_profile.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource |
+| [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [aws_iam_role_policy_attachment.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_launch_template.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) | resource |
 | [aws_default_tags.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/default_tags) | data source |
+| [aws_iam_policy_document.assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
 
 ## Inputs
 
@@ -248,6 +266,7 @@ No modules.
 | <a name="input_capacity_reservation_specification"></a> [capacity\_reservation\_specification](#input\_capacity\_reservation\_specification) | Targeting for EC2 capacity reservations | `any` | `{}` | no |
 | <a name="input_cpu_options"></a> [cpu\_options](#input\_cpu\_options) | The CPU options for the instance | `map(string)` | `{}` | no |
 | <a name="input_create"></a> [create](#input\_create) | Determines whether to create autoscaling group or not | `bool` | `true` | no |
+| <a name="input_create_iam_instance_profile"></a> [create\_iam\_instance\_profile](#input\_create\_iam\_instance\_profile) | Determines whether an IAM instance profile is created or to use an existing IAM instance profile | `bool` | `false` | no |
 | <a name="input_create_launch_template"></a> [create\_launch\_template](#input\_create\_launch\_template) | Determines whether to create launch template or not | `bool` | `true` | no |
 | <a name="input_create_scaling_policy"></a> [create\_scaling\_policy](#input\_create\_scaling\_policy) | Determines whether to create target scaling policy schedule or not | `bool` | `true` | no |
 | <a name="input_create_schedule"></a> [create\_schedule](#input\_create\_schedule) | Determines whether to create autoscaling group schedule or not | `bool` | `true` | no |
@@ -267,8 +286,15 @@ No modules.
 | <a name="input_health_check_grace_period"></a> [health\_check\_grace\_period](#input\_health\_check\_grace\_period) | Time (in seconds) after instance comes into service before checking health | `number` | `null` | no |
 | <a name="input_health_check_type"></a> [health\_check\_type](#input\_health\_check\_type) | `EC2` or `ELB`. Controls how health checking is done | `string` | `null` | no |
 | <a name="input_hibernation_options"></a> [hibernation\_options](#input\_hibernation\_options) | The hibernation options for the instance | `map(string)` | `{}` | no |
-| <a name="input_iam_instance_profile_arn"></a> [iam\_instance\_profile\_arn](#input\_iam\_instance\_profile\_arn) | The IAM Instance Profile ARN to launch the instance with | `string` | `null` | no |
-| <a name="input_iam_instance_profile_name"></a> [iam\_instance\_profile\_name](#input\_iam\_instance\_profile\_name) | The name attribute of the IAM instance profile to associate with launched instances | `string` | `null` | no |
+| <a name="input_iam_instance_profile_arn"></a> [iam\_instance\_profile\_arn](#input\_iam\_instance\_profile\_arn) | Amazon Resource Name (ARN) of an existing IAM instance profile. Used when `create_iam_instance_profile` = `false` | `string` | `null` | no |
+| <a name="input_iam_instance_profile_name"></a> [iam\_instance\_profile\_name](#input\_iam\_instance\_profile\_name) | The name of the IAM instance profile to be created (`create_iam_instance_profile` = `true`) or existing (`create_iam_instance_profile` = `false`) | `string` | `null` | no |
+| <a name="input_iam_role_description"></a> [iam\_role\_description](#input\_iam\_role\_description) | Description of the role | `string` | `null` | no |
+| <a name="input_iam_role_name"></a> [iam\_role\_name](#input\_iam\_role\_name) | Name to use on IAM role created | `string` | `null` | no |
+| <a name="input_iam_role_path"></a> [iam\_role\_path](#input\_iam\_role\_path) | IAM role path | `string` | `null` | no |
+| <a name="input_iam_role_permissions_boundary"></a> [iam\_role\_permissions\_boundary](#input\_iam\_role\_permissions\_boundary) | ARN of the policy that is used to set the permissions boundary for the IAM role | `string` | `null` | no |
+| <a name="input_iam_role_policies"></a> [iam\_role\_policies](#input\_iam\_role\_policies) | IAM policies to attach to the IAM role | `map(string)` | `{}` | no |
+| <a name="input_iam_role_tags"></a> [iam\_role\_tags](#input\_iam\_role\_tags) | A map of additional tags to add to the IAM role created | `map(string)` | `{}` | no |
+| <a name="input_iam_role_use_name_prefix"></a> [iam\_role\_use\_name\_prefix](#input\_iam\_role\_use\_name\_prefix) | Determines whether the IAM role name (`iam_role_name`) is used as a prefix | `bool` | `true` | no |
 | <a name="input_ignore_desired_capacity_changes"></a> [ignore\_desired\_capacity\_changes](#input\_ignore\_desired\_capacity\_changes) | Determines whether the `desired_capacity` value is ignored after initial apply. See README note for more details | `bool` | `false` | no |
 | <a name="input_image_id"></a> [image\_id](#input\_image\_id) | The AMI from which to launch the instance | `string` | `""` | no |
 | <a name="input_initial_lifecycle_hooks"></a> [initial\_lifecycle\_hooks](#input\_initial\_lifecycle\_hooks) | One or more Lifecycle Hooks to attach to the Auto Scaling Group before instances are launched. The syntax is exactly the same as the separate `aws_autoscaling_lifecycle_hook` resource, without the `autoscaling_group_name` attribute. Please note that this will only work when creating a new Auto Scaling Group. For all other use-cases, please use `aws_autoscaling_lifecycle_hook` resource | `list(map(string))` | `[]` | no |
@@ -341,6 +367,12 @@ No modules.
 | <a name="output_autoscaling_group_vpc_zone_identifier"></a> [autoscaling\_group\_vpc\_zone\_identifier](#output\_autoscaling\_group\_vpc\_zone\_identifier) | The VPC zone identifier |
 | <a name="output_autoscaling_policy_arns"></a> [autoscaling\_policy\_arns](#output\_autoscaling\_policy\_arns) | ARNs of autoscaling policies |
 | <a name="output_autoscaling_schedule_arns"></a> [autoscaling\_schedule\_arns](#output\_autoscaling\_schedule\_arns) | ARNs of autoscaling group schedules |
+| <a name="output_iam_instance_profile_arn"></a> [iam\_instance\_profile\_arn](#output\_iam\_instance\_profile\_arn) | ARN assigned by AWS to the instance profile |
+| <a name="output_iam_instance_profile_id"></a> [iam\_instance\_profile\_id](#output\_iam\_instance\_profile\_id) | Instance profile's ID |
+| <a name="output_iam_instance_profile_unique"></a> [iam\_instance\_profile\_unique](#output\_iam\_instance\_profile\_unique) | Stable and unique string identifying the IAM instance profile |
+| <a name="output_iam_role_arn"></a> [iam\_role\_arn](#output\_iam\_role\_arn) | The Amazon Resource Name (ARN) specifying the IAM role |
+| <a name="output_iam_role_name"></a> [iam\_role\_name](#output\_iam\_role\_name) | The name of the IAM role |
+| <a name="output_iam_role_unique_id"></a> [iam\_role\_unique\_id](#output\_iam\_role\_unique\_id) | Stable and unique string identifying the IAM role |
 | <a name="output_launch_template_arn"></a> [launch\_template\_arn](#output\_launch\_template\_arn) | The ARN of the launch template |
 | <a name="output_launch_template_default_version"></a> [launch\_template\_default\_version](#output\_launch\_template\_default\_version) | The default version of the launch template |
 | <a name="output_launch_template_id"></a> [launch\_template\_id](#output\_launch\_template\_id) | The ID of the launch template |

examples/README.md

@@ -0,0 +1,8 @@
+# Examples
+
+Please note - the examples provided serve two primary means:
+
+1. Show users working examples of the various ways in which the module can be configured and features supported
+2. A means of testing/validating module changes
+
+Please do not mistake the examples provided as "best practices". It is up to users to consult the AWS service documentation for best practices, usage recommendations, etc.

examples/complete/README.md

@@ -92,6 +92,12 @@ No inputs.
 | <a name="output_complete_autoscaling_group_vpc_zone_identifier"></a> [complete\_autoscaling\_group\_vpc\_zone\_identifier](#output\_complete\_autoscaling\_group\_vpc\_zone\_identifier) | The VPC zone identifier |
 | <a name="output_complete_autoscaling_policy_arns"></a> [complete\_autoscaling\_policy\_arns](#output\_complete\_autoscaling\_policy\_arns) | ARNs of autoscaling policies |
 | <a name="output_complete_autoscaling_schedule_arns"></a> [complete\_autoscaling\_schedule\_arns](#output\_complete\_autoscaling\_schedule\_arns) | ARNs of autoscaling group schedules |
+| <a name="output_complete_iam_instance_profile_arn"></a> [complete\_iam\_instance\_profile\_arn](#output\_complete\_iam\_instance\_profile\_arn) | ARN assigned by AWS to the instance profile |
+| <a name="output_complete_iam_instance_profile_id"></a> [complete\_iam\_instance\_profile\_id](#output\_complete\_iam\_instance\_profile\_id) | Instance profile's ID |
+| <a name="output_complete_iam_instance_profile_unique"></a> [complete\_iam\_instance\_profile\_unique](#output\_complete\_iam\_instance\_profile\_unique) | Stable and unique string identifying the IAM instance profile |
+| <a name="output_complete_iam_role_arn"></a> [complete\_iam\_role\_arn](#output\_complete\_iam\_role\_arn) | The Amazon Resource Name (ARN) specifying the IAM role |
+| <a name="output_complete_iam_role_name"></a> [complete\_iam\_role\_name](#output\_complete\_iam\_role\_name) | The name of the IAM role |
+| <a name="output_complete_iam_role_unique_id"></a> [complete\_iam\_role\_unique\_id](#output\_complete\_iam\_role\_unique\_id) | Stable and unique string identifying the IAM role |
 | <a name="output_complete_launch_template_arn"></a> [complete\_launch\_template\_arn](#output\_complete\_launch\_template\_arn) | The ARN of the launch template |
 | <a name="output_complete_launch_template_default_version"></a> [complete\_launch\_template\_default\_version](#output\_complete\_launch\_template\_default\_version) | The default version of the launch template |
 | <a name="output_complete_launch_template_id"></a> [complete\_launch\_template\_id](#output\_complete\_launch\_template\_id) | The ID of the launch template |
@@ -111,6 +117,12 @@ No inputs.
 | <a name="output_default_autoscaling_group_name"></a> [default\_autoscaling\_group\_name](#output\_default\_autoscaling\_group\_name) | The autoscaling group name |
 | <a name="output_default_autoscaling_group_target_group_arns"></a> [default\_autoscaling\_group\_target\_group\_arns](#output\_default\_autoscaling\_group\_target\_group\_arns) | List of Target Group ARNs that apply to this AutoScaling Group |
 | <a name="output_default_autoscaling_group_vpc_zone_identifier"></a> [default\_autoscaling\_group\_vpc\_zone\_identifier](#output\_default\_autoscaling\_group\_vpc\_zone\_identifier) | The VPC zone identifier |
+| <a name="output_default_iam_instance_profile_arn"></a> [default\_iam\_instance\_profile\_arn](#output\_default\_iam\_instance\_profile\_arn) | ARN assigned by AWS to the instance profile |
+| <a name="output_default_iam_instance_profile_id"></a> [default\_iam\_instance\_profile\_id](#output\_default\_iam\_instance\_profile\_id) | Instance profile's ID |
+| <a name="output_default_iam_instance_profile_unique"></a> [default\_iam\_instance\_profile\_unique](#output\_default\_iam\_instance\_profile\_unique) | Stable and unique string identifying the IAM instance profile |
+| <a name="output_default_iam_role_arn"></a> [default\_iam\_role\_arn](#output\_default\_iam\_role\_arn) | The Amazon Resource Name (ARN) specifying the IAM role |
+| <a name="output_default_iam_role_name"></a> [default\_iam\_role\_name](#output\_default\_iam\_role\_name) | The name of the IAM role |
+| <a name="output_default_iam_role_unique_id"></a> [default\_iam\_role\_unique\_id](#output\_default\_iam\_role\_unique\_id) | Stable and unique string identifying the IAM role |
 | <a name="output_default_launch_template_arn"></a> [default\_launch\_template\_arn](#output\_default\_launch\_template\_arn) | The ARN of the launch template |
 | <a name="output_default_launch_template_default_version"></a> [default\_launch\_template\_default\_version](#output\_default\_launch\_template\_default\_version) | The default version of the launch template |
 | <a name="output_default_launch_template_id"></a> [default\_launch\_template\_id](#output\_default\_launch\_template\_id) | The ID of the launch template |
@@ -130,6 +142,12 @@ No inputs.
 | <a name="output_external_autoscaling_group_name"></a> [external\_autoscaling\_group\_name](#output\_external\_autoscaling\_group\_name) | The autoscaling group name |
 | <a name="output_external_autoscaling_group_target_group_arns"></a> [external\_autoscaling\_group\_target\_group\_arns](#output\_external\_autoscaling\_group\_target\_group\_arns) | List of Target Group ARNs that apply to this AutoScaling Group |
 | <a name="output_external_autoscaling_group_vpc_zone_identifier"></a> [external\_autoscaling\_group\_vpc\_zone\_identifier](#output\_external\_autoscaling\_group\_vpc\_zone\_identifier) | The VPC zone identifier |
+| <a name="output_external_iam_instance_profile_arn"></a> [external\_iam\_instance\_profile\_arn](#output\_external\_iam\_instance\_profile\_arn) | ARN assigned by AWS to the instance profile |
+| <a name="output_external_iam_instance_profile_id"></a> [external\_iam\_instance\_profile\_id](#output\_external\_iam\_instance\_profile\_id) | Instance profile's ID |
+| <a name="output_external_iam_instance_profile_unique"></a> [external\_iam\_instance\_profile\_unique](#output\_external\_iam\_instance\_profile\_unique) | Stable and unique string identifying the IAM instance profile |
+| <a name="output_external_iam_role_arn"></a> [external\_iam\_role\_arn](#output\_external\_iam\_role\_arn) | The Amazon Resource Name (ARN) specifying the IAM role |
+| <a name="output_external_iam_role_name"></a> [external\_iam\_role\_name](#output\_external\_iam\_role\_name) | The name of the IAM role |
+| <a name="output_external_iam_role_unique_id"></a> [external\_iam\_role\_unique\_id](#output\_external\_iam\_role\_unique\_id) | Stable and unique string identifying the IAM role |
 | <a name="output_external_launch_template_arn"></a> [external\_launch\_template\_arn](#output\_external\_launch\_template\_arn) | The ARN of the launch template |
 | <a name="output_external_launch_template_default_version"></a> [external\_launch\_template\_default\_version](#output\_external\_launch\_template\_default\_version) | The default version of the launch template |
 | <a name="output_external_launch_template_id"></a> [external\_launch\_template\_id](#output\_external\_launch\_template\_id) | The ID of the launch template |
@@ -154,6 +172,12 @@ No inputs.
 | <a name="output_mixed_instance_autoscaling_group_name"></a> [mixed\_instance\_autoscaling\_group\_name](#output\_mixed\_instance\_autoscaling\_group\_name) | The autoscaling group name |
 | <a name="output_mixed_instance_autoscaling_group_target_group_arns"></a> [mixed\_instance\_autoscaling\_group\_target\_group\_arns](#output\_mixed\_instance\_autoscaling\_group\_target\_group\_arns) | List of Target Group ARNs that apply to this AutoScaling Group |
 | <a name="output_mixed_instance_autoscaling_group_vpc_zone_identifier"></a> [mixed\_instance\_autoscaling\_group\_vpc\_zone\_identifier](#output\_mixed\_instance\_autoscaling\_group\_vpc\_zone\_identifier) | The VPC zone identifier |
+| <a name="output_mixed_instance_iam_instance_profile_arn"></a> [mixed\_instance\_iam\_instance\_profile\_arn](#output\_mixed\_instance\_iam\_instance\_profile\_arn) | ARN assigned by AWS to the instance profile |
+| <a name="output_mixed_instance_iam_instance_profile_id"></a> [mixed\_instance\_iam\_instance\_profile\_id](#output\_mixed\_instance\_iam\_instance\_profile\_id) | Instance profile's ID |
+| <a name="output_mixed_instance_iam_instance_profile_unique"></a> [mixed\_instance\_iam\_instance\_profile\_unique](#output\_mixed\_instance\_iam\_instance\_profile\_unique) | Stable and unique string identifying the IAM instance profile |
+| <a name="output_mixed_instance_iam_role_arn"></a> [mixed\_instance\_iam\_role\_arn](#output\_mixed\_instance\_iam\_role\_arn) | The Amazon Resource Name (ARN) specifying the IAM role |
+| <a name="output_mixed_instance_iam_role_name"></a> [mixed\_instance\_iam\_role\_name](#output\_mixed\_instance\_iam\_role\_name) | The name of the IAM role |
+| <a name="output_mixed_instance_iam_role_unique_id"></a> [mixed\_instance\_iam\_role\_unique\_id](#output\_mixed\_instance\_iam\_role\_unique\_id) | Stable and unique string identifying the IAM role |
 | <a name="output_mixed_instance_launch_template_arn"></a> [mixed\_instance\_launch\_template\_arn](#output\_mixed\_instance\_launch\_template\_arn) | The ARN of the launch template |
 | <a name="output_mixed_instance_launch_template_default_version"></a> [mixed\_instance\_launch\_template\_default\_version](#output\_mixed\_instance\_launch\_template\_default\_version) | The default version of the launch template |
 | <a name="output_mixed_instance_launch_template_id"></a> [mixed\_instance\_launch\_template\_id](#output\_mixed\_instance\_launch\_template\_id) | The ID of the launch template |