Inherit aws_instance inputs and outputs (#15)

Author: s2504s

README.md

@@ -0,0 +1,30 @@
+# Restart dead or hung instance
+
+resource "null_resource" "check_alarm_action" {
+  count = "${local.instance_count}"
+
+  triggers = {
+    action = "arn:aws:swf:${local.region}:${data.aws_caller_identity.default.account_id}:${var.default_alarm_action}"
+  }
+}
+
+resource "aws_cloudwatch_metric_alarm" "default" {
+  count               = "${local.instance_count}"
+  alarm_name          = "${module.label.id}"
+  comparison_operator = "${var.comparison_operator}"
+  evaluation_periods  = "${var.evaluation_periods}"
+  metric_name         = "${var.metric_name}"
+  namespace           = "${var.metric_namespace}"
+  period              = "${var.applying_period}"
+  statistic           = "${var.statistic_level}"
+  threshold           = "${var.metric_threshold}"
+  depends_on          = ["null_resource.check_alarm_action"]
+
+  dimensions {
+    InstanceId = "${aws_instance.default.id}"
+  }
+
+  alarm_actions = [
+    "${null_resource.check_alarm_action.triggers.action}",
+  ]
+}

cloud_watch_alarm.tf

@@ -1,5 +1,5 @@
 locals {
-  additional_ips_count = "${var.associate_public_ip_address && var.instance_enabled && var.additional_ips_count != "0" ? var.additional_ips_count : 0}"
+  additional_ips_count = "${var.associate_public_ip_address && var.instance_enabled && var.additional_ips_count > 0 ? var.additional_ips_count : 0}"
 }
 
 resource "aws_network_interface" "additional" {
@@ -10,11 +10,7 @@ resource "aws_network_interface" "additional" {
     "${compact(concat(list(var.create_default_security_group ? join("", aws_security_group.default.*.id) : ""), var.security_groups))}",
   ]
 
-  tags {
-    Name      = "${module.label.id}"
-    Namespace = "${var.namespace}"
-    Stage     = "${var.stage}"
-  }
+  tags = "${module.label.tags}"
 }
 
 resource "aws_network_interface_attachment" "additional" {

eni.tf

@@ -1,3 +1,24 @@
+locals {
+  instance_count       = "${var.instance_enabled ? 1 : 0}"
+  security_group_count = "${var.create_default_security_group ? 1 : 0}"
+  region               = "${var.region != "" ? var.region : data.aws_region.default.name}"
+  root_iops            = "${var.root_volume_type == "io1" ? var.root_iops : "0"}"
+  ebs_iops             = "${var.ebs_volume_type == "io1" ? var.ebs_iops : "0"}"
+  availability_zone    = "${var.availability_zone != "" ? var.availability_zone : data.aws_subnet.default.availability_zone}"
+  ami                  = "${var.ami != "" ? var.ami : data.aws_ami.default.image_id}"
+  root_volume_type     = "${var.root_volume_type != "" ? var.root_volume_type : data.aws_ami.info.root_device_type}"
+}
+
+data "aws_caller_identity" "default" {}
+
+data "aws_region" "default" {
+  current = "true"
+}
+
+data "aws_subnet" "default" {
+  id = "${var.subnet}"
+}
+
 data "aws_iam_policy_document" "default" {
   statement {
     sid = ""
@@ -15,6 +36,29 @@ data "aws_iam_policy_document" "default" {
   }
 }
 
+data "aws_ami" "default" {
+  most_recent = "true"
+
+  filter {
+    name   = "name"
+    values = ["ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-*"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+
+  owners = ["099720109477"]
+}
+
+data "aws_ami" "info" {
+  filter {
+    name   = "image-id"
+    values = ["${local.ami}"]
+  }
+}
+
 # Apply the tf_label module for this resource
 module "label" {
   source     = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.3.1"
@@ -23,12 +67,8 @@ module "label" {
   name       = "${var.name}"
   attributes = "${var.attributes}"
   delimiter  = "${var.delimiter}"
-  tags       = "${var.tags}"
-}
-
-locals {
-  instance_count       = "${var.instance_enabled ? 1 : 0}"
-  security_group_count = "${var.create_default_security_group ? 1 : 0}"
+  tags       = "${merge(map("AZ", "${local.availability_zone}"), var.tags)}"
+  enabled    = "${local.instance_count ? "true" : "false"}"
 }
 
 resource "aws_iam_instance_profile" "default" {
@@ -38,40 +78,12 @@ resource "aws_iam_instance_profile" "default" {
 }
 
 resource "aws_iam_role" "default" {
-  count = "${local.instance_count}"
-  name  = "${module.label.id}"
-  path  = "/"
-
+  count              = "${local.instance_count}"
+  name               = "${module.label.id}"
+  path               = "/"
   assume_role_policy = "${data.aws_iam_policy_document.default.json}"
 }
 
-resource "aws_security_group" "default" {
-  count       = "${local.security_group_count}"
-  name        = "${module.label.id}"
-  vpc_id      = "${var.vpc_id}"
-  description = "Instance default security group (only egress access is allowed)"
-
-  tags {
-    Name      = "${module.label.id}"
-    Namespace = "${var.namespace}"
-    Stage     = "${var.stage}"
-  }
-
-  egress {
-    protocol  = "-1"
-    from_port = 0
-    to_port   = 0
-
-    cidr_blocks = [
-      "0.0.0.0/0",
-    ]
-  }
-
-  lifecycle {
-    create_before_destroy = true
-  }
-}
-
 # Apply the tf_github_authorized_keys module for this resource
 module "github_authorized_keys" {
   source              = "git::https://github.com/cloudposse/terraform-template-user-data-github-authorized-keys.git?ref=tags/0.1.2"
@@ -80,39 +92,36 @@ module "github_authorized_keys" {
   github_team         = "${var.github_team}"
 }
 
-data "template_file" "user_data" {
-  template = "${file("${path.module}/user_data.sh")}"
-
-  vars {
-    user_data       = "${join("\n", compact(concat(var.user_data, list(module.github_authorized_keys.user_data))))}"
-    welcome_message = "${var.welcome_message}"
-    ssh_user        = "${var.ssh_user}"
-  }
-}
-
 resource "aws_instance" "default" {
-  count         = "${local.instance_count}"
-  ami           = "${var.ec2_ami}"
-  instance_type = "${var.instance_type}"
-
-  user_data = "${data.template_file.user_data.rendered}"
+  count                       = "${local.instance_count}"
+  ami                         = "${local.ami}"
+  availability_zone           = "${local.availability_zone}"
+  instance_type               = "${var.instance_type}"
+  ebs_optimized               = "${var.ebs_optimized}"
+  disable_api_termination     = "${var.disable_api_termination}"
+  user_data                   = "${data.template_file.user_data.rendered}"
+  iam_instance_profile        = "${aws_iam_instance_profile.default.name}"
+  associate_public_ip_address = "${var.associate_public_ip_address}"
+  key_name                    = "${var.ssh_key_pair}"
+  subnet_id                   = "${var.subnet}"
+  monitoring                  = "${var.monitoring}"
+  private_ip                  = "${var.private_ip}"
+  source_dest_check           = "${var.source_dest_check}"
+  ipv6_address_count          = "${var.ipv6_address_count}"
+  ipv6_addresses              = "${var.ipv6_addresses}"
 
   vpc_security_group_ids = [
     "${compact(concat(list(var.create_default_security_group ? join("", aws_security_group.default.*.id) : ""), var.security_groups))}",
   ]
 
-  iam_instance_profile        = "${aws_iam_instance_profile.default.name}"
-  associate_public_ip_address = "${var.associate_public_ip_address}"
-
-  key_name = "${var.ssh_key_pair}"
-
-  subnet_id = "${var.subnet}"
-
-  tags {
-    Name      = "${module.label.id}"
-    Namespace = "${var.namespace}"
-    Stage     = "${var.stage}"
+  root_block_device {
+    volume_type           = "${local.root_volume_type}"
+    volume_size           = "${var.root_volume_size}"
+    iops                  = "${local.root_iops}"
+    delete_on_termination = "${var.delete_on_termination}"
   }
+
+  tags = "${module.label.tags}"
 }
 
 resource "aws_eip" "default" {
@@ -121,46 +130,26 @@ resource "aws_eip" "default" {
   vpc               = "true"
 }
 
-# Restart dead or hung instance
-data "aws_region" "default" {
-  current = true
-}
-
-data "aws_caller_identity" "default" {}
-
-resource "null_resource" "check_alarm_action" {
-  count = "${local.instance_count}"
+resource "null_resource" "eip" {
+  count = "${var.associate_public_ip_address && var.instance_enabled ? 1 : 0}"
 
-  triggers = {
-    action = "arn:aws:swf:${data.aws_region.default.name}:${data.aws_caller_identity.default.account_id}:${var.default_alarm_action}"
+  triggers {
+    public_dns = "ec2-${replace(aws_eip.default.public_ip, ".", "-")}.${local.region == "us-east-1" ? "compute-1" : "${local.region}.compute"}.amazonaws.com"
   }
 }
 
-resource "aws_cloudwatch_metric_alarm" "default" {
-  count               = "${local.instance_count}"
-  alarm_name          = "${module.label.id}"
-  comparison_operator = "${var.comparison_operator}"
-  evaluation_periods  = "${var.evaluation_periods}"
-  metric_name         = "${var.metric_name}"
-  namespace           = "${var.metric_namespace}"
-  period              = "${var.applying_period}"
-  statistic           = "${var.statistic_level}"
-  threshold           = "${var.metric_threshold}"
-  depends_on          = ["null_resource.check_alarm_action"]
-
-  dimensions {
-    InstanceId = "${aws_instance.default.id}"
-  }
-
-  alarm_actions = [
-    "${null_resource.check_alarm_action.triggers.action}",
-  ]
+resource "aws_ebs_volume" "default" {
+  count             = "${var.ebs_volume_count}"
+  availability_zone = "${local.availability_zone}"
+  size              = "${var.ebs_volume_size}"
+  iops              = "${local.ebs_iops}"
+  type              = "${var.ebs_volume_type}"
+  tags              = "${module.label.tags}"
 }
 
-resource "null_resource" "eip" {
-  count = "${var.associate_public_ip_address && var.instance_enabled ? 1 : 0}"
-
-  triggers {
-    public_dns = "ec2-${replace(aws_eip.default.public_ip, ".", "-")}.${data.aws_region.default.name == "us-east-1" ? "compute-1" : "${data.aws_region.default.name}.compute"}.amazonaws.com"
-  }
+resource "aws_volume_attachment" "default" {
+  count       = "${var.ebs_volume_count}"
+  device_name = "${element(var.ebs_device_name, count.index)}"
+  volume_id   = "${element(aws_ebs_volume.default.*.id, count.index)}"
+  instance_id = "${aws_instance.default.id}"
 }

main.tf

@@ -1,39 +1,64 @@
 output "public_ip" {
-  value = "${coalesce(join("", aws_eip.default.*.public_ip), aws_instance.default.public_ip)}"
+  description = "Public IP of instance (or EIP )"
+  value       = "${coalesce(join("", aws_eip.default.*.public_ip), aws_instance.default.public_ip)}"
 }
 
 output "private_ip" {
-  value = "${join("", aws_instance.default.*.private_ip)}"
+  description = "Private IP of instance"
+  value       = "${join("", aws_instance.default.*.private_ip)}"
 }
 
 output "private_dns" {
-  value = "${join("", aws_instance.default.*.private_dns)}"
+  description = "Private DNS of instance"
+  value       = "${join("", aws_instance.default.*.private_dns)}"
 }
 
 output "public_dns" {
-  value = "${coalesce(join("", null_resource.eip.*.triggers.public_dns), aws_instance.default.public_dns)}"
+  description = "Public DNS of instance (or DNS of EIP)"
+  value       = "${coalesce(join("", null_resource.eip.*.triggers.public_dns), aws_instance.default.public_dns)}"
 }
 
 output "id" {
-  value = "${join("", aws_instance.default.*.id)}"
+  description = "Disambiguated ID"
+  value       = "${join("", aws_instance.default.*.id)}"
 }
 
 output "ssh_key_pair" {
-  value = "${var.ssh_key_pair}"
+  description = "Name of used AWS SSH key"
+  value       = "${var.ssh_key_pair}"
 }
 
 output "security_group_ids" {
-  value = "${compact(concat(list(var.create_default_security_group ? join("", aws_security_group.default.*.id) : ""), var.security_groups))}"
+  description = "ID on the new AWS Security Group associated with creating instance"
+  value       = "${compact(concat(list(var.create_default_security_group ? join("", aws_security_group.default.*.id) : ""), var.security_groups))}"
 }
 
 output "role" {
-  value = "${join("", aws_iam_role.default.*.name)}"
+  description = "Name of AWS IAM Role associated with creating instance"
+  value       = "${join("", aws_iam_role.default.*.name)}"
 }
 
 output "alarm" {
-  value = "${join("", aws_cloudwatch_metric_alarm.default.*.id)}"
+  description = "CloudWatch Alarm ID"
+  value       = "${join("", aws_cloudwatch_metric_alarm.default.*.id)}"
 }
 
 output "additional_eni_ids" {
-  value = "${zipmap(aws_network_interface.additional.*.id, aws_eip.additional.*.public_ip)}"
+  description = "Map of ENI with EIP"
+  value       = "${zipmap(aws_network_interface.additional.*.id, aws_eip.additional.*.public_ip)}"
+}
+
+output "ebs_ids" {
+  description = "ID of EBSs"
+  value       = "${aws_ebs_volume.default.*.id}"
+}
+
+output "primary_network_interface_id" {
+  description = "ID of the instance's primary network interface"
+  value       = "${aws_instance.default.primary_network_interface_id}"
+}
+
+output "network_interface_id" {
+  description = "ID of the network interface that was created with the instance"
+  value       = "${aws_instance.default.network_interface_id}"
 }

outputs.tf

@@ -0,0 +1,30 @@
+resource "aws_security_group" "default" {
+  count       = "${local.security_group_count}"
+  name        = "${module.label.id}"
+  vpc_id      = "${var.vpc_id}"
+  description = "Instance default security group (only egress access is allowed)"
+  tags        = "${module.label.tags}"
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_security_group_rule" "egress" {
+  type              = "egress"
+  from_port         = 0
+  to_port           = 65535
+  protocol          = "-1"
+  cidr_blocks       = ["0.0.0.0/0"]
+  security_group_id = "${aws_security_group.default.id}"
+}
+
+resource "aws_security_group_rule" "ingress" {
+  count             = "${length(compact(var.allowed_ports))}"
+  type              = "ingress"
+  from_port         = "${element(var.allowed_ports, count.index)}"
+  to_port           = "${element(var.allowed_ports, count.index)}"
+  protocol          = "tcp"
+  cidr_blocks       = ["0.0.0.0/0"]
+  security_group_id = "${aws_security_group.default.id}"
+}