gravcat/basic_ec2_w_docker.tf

## basic_ec2_w_docker.tf
#############################
# ec2 instance
#############################
resource "aws_instance" "nt-test-ec2" {
  count = 1

  ami                         = "${lookup(var.ami, var.region)}"
  instance_type               = "t2.medium"
  key_name                    = "${var.key_pair_name}"
  #ebs_optimized               = true
  #monitoring                  = true
  vpc_security_group_ids      = ["${module.sg_allow_ssh_in.this_security_group_id}", "${module.sg_allow_all_out.this_security_group_id}", "${module.sg_allow_web_in.this_security_group_id}"]
  associate_public_ip_address = true
  subnet_id                   = "${module.vpc.public_subnets[0]}"
  iam_instance_profile         = "${aws_iam_instance_profile.nt_test_ec2_cloudwatch_metrics.name}"

  # os disk
  root_block_device {
    # will present to system as /dev/nvme0n1
    volume_size               = "50"
    volume_type               = "gp2"
  }

  # tags (to provide name)
  tags = {
    Name                      = "nt-test-ec2${count.index}"
  }
}

resource "null_resource" "cm_nt_test_ec2" {
  depends_on                  = ["aws_instance.nt-test-ec2"]

  provisioner "remote-exec" {
    inline = [
      "sudo apt-get update -y -o Dpkg::Options::=--force-confnew",
      "sudo apt install python2.7 -y",
      "sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1",
      "curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -",
      "sudo add-apt-repository \"deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\"",
      "sudo apt-get update && sudo apt-get install docker-ce -y && sudo curl -L https://github.com/docker/compose/releases/download/1.18.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose",
      "sudo chmod +x /usr/local/bin/docker-compose",
      "sudo usermod -aG docker ubuntu"
    ]

    connection {
      host                    = "${aws_instance.nt-test-ec2.*.public_ip}"
      type                    = "ssh"
      private_key             = "${file("~/.ssh/${var.key_pair_name}.pem")}"
      user                    = "ubuntu"
      timeout                 = "10m"
    }
  }
}

output "nt_test_ec2_ip" {
  value       = "${aws_instance.nt-test-ec2.*.public_ip}"
}

#############################
# iam resource to support shipping logs to cloudwatch
#############################
resource "aws_iam_instance_profile" "nt_test_ec2_cloudwatch_metrics" {
  name = "nt_test_ec2_cloudwatch_metrics"
  role = "${aws_iam_role.nt_test_ec2_cloudwatch_metrics.name}"
}

resource "aws_iam_role" "nt_test_ec2_cloudwatch_metrics" {
  name = "nt_test_ec2_cloudwatch_metrics"
  path = "/"

  # https://www.terraform.io/docs/providers/aws/r/iam_instance_profile.html
  assume_role_policy = <<EOF
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": "sts:AssumeRole",
            "Effect": "Allow",
            "Principal": {
                "Service": "ec2.amazonaws.com"
            }
        }
    ]
}
EOF
}

# Policy document for CloudWatch logs
data "aws_iam_policy_document" "nt_test_ec2_cloudwatch_metrics" {
  statement {
    effect = "Allow"

    actions = [
      "cloudwatch:PutMetricData"
    ]

    resources = [
      "*",
    ]
  }
}

# Policy for Cloudwatch Logs
resource "aws_iam_policy" "nt_test_ec2_cloudwatch_metrics_iam_policy" {
  name        = "nt-test-ec2-cloudwatch-metrics-iam-policy"
  description = "Magnifier btc dev eden CloudWatch Logs access from EC2"
  policy      = "${data.aws_iam_policy_document.nt_test_ec2_cloudwatch_metrics.json}"
}

# Attach Role to Policy
resource "aws_iam_role_policy_attachment" "nt_test_ec2_cloudwatch_metrics_ec2_role" {
  role       = "${aws_iam_role.nt_test_ec2_cloudwatch_metrics.name}"
  policy_arn = "${aws_iam_policy.nt_test_ec2_cloudwatch_metrics_iam_policy.arn}"
}
	#############################
	# ec2 instance
	#############################
	resource "aws_instance" "nt-test-ec2" {
	count = 1

	ami = "${lookup(var.ami, var.region)}"
	instance_type = "t2.medium"
	key_name = "${var.key_pair_name}"
	#ebs_optimized = true
	#monitoring = true
	vpc_security_group_ids = ["${module.sg_allow_ssh_in.this_security_group_id}", "${module.sg_allow_all_out.this_security_group_id}", "${module.sg_allow_web_in.this_security_group_id}"]
	associate_public_ip_address = true
	subnet_id = "${module.vpc.public_subnets[0]}"
	iam_instance_profile = "${aws_iam_instance_profile.nt_test_ec2_cloudwatch_metrics.name}"

	# os disk
	root_block_device {
	# will present to system as /dev/nvme0n1
	volume_size = "50"
	volume_type = "gp2"
	}

	# tags (to provide name)
	tags = {
	Name = "nt-test-ec2${count.index}"
	}
	}

	resource "null_resource" "cm_nt_test_ec2" {
	depends_on = ["aws_instance.nt-test-ec2"]

	provisioner "remote-exec" {
	inline = [
	"sudo apt-get update -y -o Dpkg::Options::=--force-confnew",
	"sudo apt install python2.7 -y",
	"sudo update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1",
	"curl -fsSL https://download.docker.com/linux/ubuntu/gpg \| sudo apt-key add -",
	"sudo add-apt-repository \"deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\"",
	"sudo apt-get update && sudo apt-get install docker-ce -y && sudo curl -L https://github.com/docker/compose/releases/download/1.18.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose",
	"sudo chmod +x /usr/local/bin/docker-compose",
	"sudo usermod -aG docker ubuntu"
	]

	connection {
	host = "${aws_instance.nt-test-ec2.*.public_ip}"
	type = "ssh"
	private_key = "${file("~/.ssh/${var.key_pair_name}.pem")}"
	user = "ubuntu"
	timeout = "10m"
	}
	}
	}

	output "nt_test_ec2_ip" {
	value = "${aws_instance.nt-test-ec2.*.public_ip}"
	}

	#############################
	# iam resource to support shipping logs to cloudwatch
	#############################
	resource "aws_iam_instance_profile" "nt_test_ec2_cloudwatch_metrics" {
	name = "nt_test_ec2_cloudwatch_metrics"
	role = "${aws_iam_role.nt_test_ec2_cloudwatch_metrics.name}"
	}

	resource "aws_iam_role" "nt_test_ec2_cloudwatch_metrics" {
	name = "nt_test_ec2_cloudwatch_metrics"
	path = "/"

	# https://www.terraform.io/docs/providers/aws/r/iam_instance_profile.html
	assume_role_policy = <<EOF
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Action": "sts:AssumeRole",
	"Effect": "Allow",
	"Principal": {
	"Service": "ec2.amazonaws.com"
	}
	}
	]
	}
	EOF
	}

	# Policy document for CloudWatch logs
	data "aws_iam_policy_document" "nt_test_ec2_cloudwatch_metrics" {
	statement {
	effect = "Allow"

	actions = [
	"cloudwatch:PutMetricData"
	]

	resources = [
	"*",
	]
	}
	}

	# Policy for Cloudwatch Logs
	resource "aws_iam_policy" "nt_test_ec2_cloudwatch_metrics_iam_policy" {
	name = "nt-test-ec2-cloudwatch-metrics-iam-policy"
	description = "Magnifier btc dev eden CloudWatch Logs access from EC2"
	policy = "${data.aws_iam_policy_document.nt_test_ec2_cloudwatch_metrics.json}"
	}

	# Attach Role to Policy
	resource "aws_iam_role_policy_attachment" "nt_test_ec2_cloudwatch_metrics_ec2_role" {
	role = "${aws_iam_role.nt_test_ec2_cloudwatch_metrics.name}"
	policy_arn = "${aws_iam_policy.nt_test_ec2_cloudwatch_metrics_iam_policy.arn}"
	}