Created
July 20, 2018 21:08
-
-
Save gravcat/2375d514e84298cdda5e94681311c21a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
############################# | |
# ec2 instance | |
############################# | |
resource "aws_instance" "nt-test-ec2" { | |
count = 1 | |
ami = "${lookup(var.ami, var.region)}" | |
instance_type = "t2.medium" | |
key_name = "${var.key_pair_name}" | |
#ebs_optimized = true | |
#monitoring = true | |
vpc_security_group_ids = ["${module.sg_allow_ssh_in.this_security_group_id}", "${module.sg_allow_all_out.this_security_group_id}", "${module.sg_allow_web_in.this_security_group_id}"] | |
associate_public_ip_address = true | |
subnet_id = "${module.vpc.public_subnets[0]}" | |
iam_instance_profile = "${aws_iam_instance_profile.nt_test_ec2_cloudwatch_metrics.name}" | |
# os disk | |
root_block_device { | |
# will present to system as /dev/nvme0n1 | |
volume_size = "50" | |
volume_type = "gp2" | |
} | |
# tags (to provide name) | |
tags = { | |
Name = "nt-test-ec2${count.index}" | |
} | |
} | |
resource "null_resource" "cm_nt_test_ec2" { | |
depends_on = ["aws_instance.nt-test-ec2"] | |
provisioner "remote-exec" { | |
inline = [ | |
"sudo apt-get update -y -o Dpkg::Options::=--force-confnew", | |
"sudo apt install python2.7 -y", | |
"sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1", | |
"curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -", | |
"sudo add-apt-repository \"deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\"", | |
"sudo apt-get update && sudo apt-get install docker-ce -y && sudo curl -L https://github.com/docker/compose/releases/download/1.18.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose", | |
"sudo chmod +x /usr/local/bin/docker-compose", | |
"sudo usermod -aG docker ubuntu" | |
] | |
connection { | |
host = "${aws_instance.nt-test-ec2.*.public_ip}" | |
type = "ssh" | |
private_key = "${file("~/.ssh/${var.key_pair_name}.pem")}" | |
user = "ubuntu" | |
timeout = "10m" | |
} | |
} | |
} | |
output "nt_test_ec2_ip" { | |
value = "${aws_instance.nt-test-ec2.*.public_ip}" | |
} | |
############################# | |
# iam resource to support shipping logs to cloudwatch | |
############################# | |
resource "aws_iam_instance_profile" "nt_test_ec2_cloudwatch_metrics" { | |
name = "nt_test_ec2_cloudwatch_metrics" | |
role = "${aws_iam_role.nt_test_ec2_cloudwatch_metrics.name}" | |
} | |
resource "aws_iam_role" "nt_test_ec2_cloudwatch_metrics" { | |
name = "nt_test_ec2_cloudwatch_metrics" | |
path = "/" | |
# https://www.terraform.io/docs/providers/aws/r/iam_instance_profile.html | |
assume_role_policy = <<EOF | |
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Action": "sts:AssumeRole", | |
"Effect": "Allow", | |
"Principal": { | |
"Service": "ec2.amazonaws.com" | |
} | |
} | |
] | |
} | |
EOF | |
} | |
# Policy document for CloudWatch logs | |
data "aws_iam_policy_document" "nt_test_ec2_cloudwatch_metrics" { | |
statement { | |
effect = "Allow" | |
actions = [ | |
"cloudwatch:PutMetricData" | |
] | |
resources = [ | |
"*", | |
] | |
} | |
} | |
# Policy for Cloudwatch Logs | |
resource "aws_iam_policy" "nt_test_ec2_cloudwatch_metrics_iam_policy" { | |
name = "nt-test-ec2-cloudwatch-metrics-iam-policy" | |
description = "Magnifier btc dev eden CloudWatch Logs access from EC2" | |
policy = "${data.aws_iam_policy_document.nt_test_ec2_cloudwatch_metrics.json}" | |
} | |
# Attach Role to Policy | |
resource "aws_iam_role_policy_attachment" "nt_test_ec2_cloudwatch_metrics_ec2_role" { | |
role = "${aws_iam_role.nt_test_ec2_cloudwatch_metrics.name}" | |
policy_arn = "${aws_iam_policy.nt_test_ec2_cloudwatch_metrics_iam_policy.arn}" | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment