Herve hervekhg

## cloudwatch_event_target_lambda.tf
resource "aws_cloudwatch_event_target" "target_lambda" {
  rule      = aws_cloudwatch_event_rule.daily.name
  target_id = "enforce_bucket_kms_encryption"
  arn       = aws_lambda_function.force_bucket_encryption.arn
}

## cloudwatch_event_rule.tf
resource "aws_cloudwatch_event_rule" "daily" {
  name        = "daily_enforce_bucket_kms_encryption"
  description = "run everyday"

  #schedule_expression = "${var.cron_schedule_enforce_bucket_encryption} "
  event_pattern = <<PATTERN
  {
    "source": [
      "aws.s3"
    ],

## lambda.tf
resource "aws_lambda_layer_version" "dep" {
  layer_name = "force_bucket_encryption"
  s3_bucket  = var.lambda_s3_bucket
  s3_key     = "force_bucket_encryption/lib.zip"

  compatible_runtimes = ["python3.6"]
}

resource "aws_lambda_function" "force_bucket_encryption" {
  s3_bucket     = var.lambda_s3_bucket

## iam_policies.tf
resource "aws_iam_policy" "lambda_policy" {
  name   = aws_iam_role.force_bucket_encryption.name
  path   = "/"
  policy = data.aws_iam_policy_document.lambda_policy_doc.json
}

resource "aws_iam_role_policy_attachment" "ec2_tags_enforced" {
  role       = aws_iam_role.force_bucket_encryption.name
  policy_arn = aws_iam_policy.lambda_policy.arn
}

## policy_doc.tf
data "aws_iam_policy_document" "lambda_policy_doc" {
  statement {
    effect = "Allow"

    actions = [
      "logs:CreateLogGroup",
      "logs:CreateLogStream",
      "logs:PutLogEvents",
      "config:PutEvaluations",
    ]

## var.tf
variable "lambda_s3_bucket" {
  type    = string
  default = "BUCKET-THAT-CONTAIN-LAMBDAZIPCODE"
}

variable "kms_key_id" {
  type = string
  default = "KMSKEY-ARN3"
}

## cloudwatch-event-rules.tf
resource "aws_cloudwatch_event_rule" "daily" {
  name        = "daily_enforce_bucket_kms_encryption"
  description = "run everyday"

  #schedule_expression = "${var.cron_schedule_enforce_bucket_encryption} "
  event_pattern = <<PATTERN
  {
    "source": [
      "aws.s3"
    ],

## vpc.tf
# --------------------------------------------------------------
####  Step 1: Create VPC
# --------------------------------------------------------------
resource "aws_vpc" "hg_vpc" {
  cidr_block = "10.20.0.0/16"
  enable_dns_hostnames = true
  enable_dns_support =  true

  tags = {
    BillingBusinessApp = "hg-devops"

## user_data.sh.tpl
# Install ansible
easy_install pip

# Instance name and ID
AWS_REGION="${region}"
INSTANCE_ID="$( curl http://169.254.169.254/1.0/meta-data/instance-id )"

#Download Ansible scripts
if [ ! -d "/home/ec2-user/${project_name}" ]; then
    su - ec2-user -c "mkdir /home/ec2-user/${project_name}"

## autoscalinggroup_with_launchtemplate.tf
# ---------------------------------------------------------------------
# Auto Scaling Group Edeal
# ---------------------------------------------------------------------
resource "aws_autoscaling_group" "ec2-edeal" {

  #launch_configuration = "${aws_launch_template.ec2_launch.id}"
  name = "${data.consul_keys.ck.var.project_name}-${var.install_name}-${var.env}-edeal"
  max_size = "${data.consul_keys.ck.var.asg_max_size}"
  min_size = "${data.consul_keys.ck.var.asg_min_size}"
  desired_capacity = "${data.consul_keys.ck.var.asg_desired_capacity}"
	resource "aws_cloudwatch_event_target" "target_lambda" {
	rule = aws_cloudwatch_event_rule.daily.name
	target_id = "enforce_bucket_kms_encryption"
	arn = aws_lambda_function.force_bucket_encryption.arn
	}
	resource "aws_cloudwatch_event_rule" "daily" {
	name = "daily_enforce_bucket_kms_encryption"
	description = "run everyday"

	#schedule_expression = "${var.cron_schedule_enforce_bucket_encryption} "
	event_pattern = <<PATTERN
	{
	"source": [
	"aws.s3"
	],
	resource "aws_lambda_layer_version" "dep" {
	layer_name = "force_bucket_encryption"
	s3_bucket = var.lambda_s3_bucket
	s3_key = "force_bucket_encryption/lib.zip"

	compatible_runtimes = ["python3.6"]
	}

	resource "aws_lambda_function" "force_bucket_encryption" {
	s3_bucket = var.lambda_s3_bucket
	resource "aws_iam_policy" "lambda_policy" {
	name = aws_iam_role.force_bucket_encryption.name
	path = "/"
	policy = data.aws_iam_policy_document.lambda_policy_doc.json
	}

	resource "aws_iam_role_policy_attachment" "ec2_tags_enforced" {
	role = aws_iam_role.force_bucket_encryption.name
	policy_arn = aws_iam_policy.lambda_policy.arn
	}
	data "aws_iam_policy_document" "lambda_policy_doc" {
	statement {
	effect = "Allow"

	actions = [
	"logs:CreateLogGroup",
	"logs:CreateLogStream",
	"logs:PutLogEvents",
	"config:PutEvaluations",
	]
	variable "lambda_s3_bucket" {
	type = string
	default = "BUCKET-THAT-CONTAIN-LAMBDAZIPCODE"
	}

	variable "kms_key_id" {
	type = string
	default = "KMSKEY-ARN3"
	}
	# --------------------------------------------------------------
	#### Step 1: Create VPC
	# --------------------------------------------------------------
	resource "aws_vpc" "hg_vpc" {
	cidr_block = "10.20.0.0/16"
	enable_dns_hostnames = true
	enable_dns_support = true

	tags = {
	BillingBusinessApp = "hg-devops"
	# Install ansible
	easy_install pip

	# Instance name and ID
	AWS_REGION="${region}"
	INSTANCE_ID="$( curl http://169.254.169.254/1.0/meta-data/instance-id )"

	#Download Ansible scripts
	if [ ! -d "/home/ec2-user/${project_name}" ]; then
	su - ec2-user -c "mkdir /home/ec2-user/${project_name}"
	# ---------------------------------------------------------------------
	# Auto Scaling Group Edeal
	# ---------------------------------------------------------------------
	resource "aws_autoscaling_group" "ec2-edeal" {

	#launch_configuration = "${aws_launch_template.ec2_launch.id}"
	name = "${data.consul_keys.ck.var.project_name}-${var.install_name}-${var.env}-edeal"
	max_size = "${data.consul_keys.ck.var.asg_max_size}"
	min_size = "${data.consul_keys.ck.var.asg_min_size}"
	desired_capacity = "${data.consul_keys.ck.var.asg_desired_capacity}"