Created
May 23, 2020 01:20
-
-
Save anneakin/1a4870a0ee9250167157c88eb1900b60 to your computer and use it in GitHub Desktop.
Terraform resources for sandbox
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
provider "aws" { | |
profile = "default" | |
region = "us-east-1" | |
} | |
resource "aws_s3_bucket" "user_s3_bucket" { | |
bucket = "${var.username}-s3-bucket" | |
} | |
resource "aws_iam_role" "ec2_iam_role" { | |
name = "${var.username}-ec2-iam-role" | |
assume_role_policy = <<EOF | |
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Action": "sts:AssumeRole", | |
"Principal": { | |
"Service": "ec2.amazonaws.com" | |
}, | |
"Effect": "Allow" | |
} | |
] | |
} | |
EOF | |
} | |
resource "aws_iam_policy" "ec2_iam_policy" { | |
name = "${var.username}-ec2-iam-policy" | |
policy = <<EOF | |
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Action": [ | |
"s3:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
] | |
} | |
EOF | |
} | |
resource "aws_iam_role_policy_attachment" "ec2_iam_attach" { | |
role = "${aws_iam_role.ec2_iam_role.name}" | |
policy_arn = "${aws_iam_policy.ec2_iam_policy.arn}" | |
} | |
resource "aws_iam_instance_profile" "ec2_iam_instance_profile" { | |
name = "${var.username}-ec2-iam-profile" | |
role = "${aws_iam_role.ec2_iam_role.name}" | |
} | |
resource "aws_instance" "user_ec2_instance" { | |
ami = "ami-0a887e401f7654935" | |
instance_type = "t2.micro" | |
iam_instance_profile = "${aws_iam_instance_profile.ec2_iam_instance_profile.name}" | |
tags = { | |
Name = "${var.username}-ec2-instance" | |
} | |
key_name = "${var.user_key}" | |
subnet_id = "${var.subnet_id}" | |
user_data = <<EOF | |
#!/bin/bash | |
yum update -y | |
amazon-linux-extras install epel -y | |
yum install s3fs-fuse -y | |
chmod 777 /etc/fuse.conf | |
echo "user_allow_other" >> /etc/fuse.conf | |
mkdir /home/ec2-user/s3-mount | |
chmod 777 /home/ec2-user/s3-mount | |
chown -R $USER /home/ec2-user/s3-mount | |
cd / | |
s3fs ${aws_s3_bucket.user_s3_bucket.bucket} /home/ec2-user/s3-mount -o allow_other -o iam_role=${aws_iam_role.ec2_iam_role.name} -o nonempty | |
chown -R ec2-user:ec2-user /tmp | |
chown -R ec2-user:ec2-user /home/ec2-user/s3-mount | |
EOF | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment