github.com/swisspost/terratest@v0.0.0-20230214120104-7ec6de2e1ae0/examples/terraform-aws-ssm-example/main.tf

github.com/swisspost/terratest@v0.0.0-20230214120104-7ec6de2e1ae0/examples/terraform-aws-ssm-example/main.tf (about)

     1  # ---------------------------------------------------------------------------------------------------------------------
     2  # PIN TERRAFORM VERSION TO >= 0.12
     3  # The examples have been upgraded to 0.12 syntax
     4  # ---------------------------------------------------------------------------------------------------------------------
     5  
     6  terraform {
     7    # This module is now only being tested with Terraform 0.13.x. However, to make upgrading easier, we are setting
     8    # 0.12.26 as the minimum version, as that version added support for required_providers with source URLs, making it
     9    # forwards compatible with 0.13.x code.
    10    required_version = ">= 0.12.26"
    11  }
    12  
    13  provider "aws" {
    14    region = var.region
    15  }
    16  
    17  # ---------------------------------------------------------------------------------------------------------------------
    18  # DEPLOY AN INSTANCE WITH SSM SUPPORT
    19  # ---------------------------------------------------------------------------------------------------------------------
    20  
    21  data "aws_iam_policy_document" "example" {
    22    version = "2012-10-17"
    23  
    24    statement {
    25      sid = "1"
    26  
    27      actions = [
    28        "sts:AssumeRole",
    29      ]
    30  
    31      principals {
    32        type        = "Service"
    33        identifiers = ["ec2.amazonaws.com"]
    34      }
    35    }
    36  }
    37  
    38  resource "aws_iam_role" "example" {
    39    name_prefix        = "example"
    40    assume_role_policy = data.aws_iam_policy_document.example.json
    41  }
    42  
    43  resource "aws_iam_role_policy_attachment" "example_ssm" {
    44    role       = aws_iam_role.example.name
    45    policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM"
    46  }
    47  
    48  resource "aws_iam_instance_profile" "example" {
    49    name_prefix = "example"
    50    role        = aws_iam_role.example.name
    51  }
    52  
    53  data "aws_ami" "amazon_linux_2" {
    54    most_recent = true
    55    owners      = ["amazon"]
    56  
    57    filter {
    58      name   = "name"
    59      values = ["amzn2-ami-hvm*"]
    60    }
    61  }
    62  
    63  # ---------------------------------------------------------------------------------------------------------------------
    64  # The instance must have a public ip to be able to contact AWS SSM
    65  # ---------------------------------------------------------------------------------------------------------------------
    66  
    67  resource "aws_instance" "example" {
    68    ami                         = data.aws_ami.amazon_linux_2.id
    69    instance_type               = var.instance_type
    70    associate_public_ip_address = true
    71    iam_instance_profile        = aws_iam_instance_profile.example.name
    72  }