github.com/tetrafolium/tflint@v0.8.0/tflint/test-fixtures/v0.11.0_module/.terraform/modules/bc6c4d9a36f214ac3fefd950422c4c24/main.tf (about) 1 # --------------------------------------------------------------------------------------------------------------------- 2 # THESE TEMPLATES REQUIRE TERRAFORM VERSION 0.8 AND ABOVE 3 # --------------------------------------------------------------------------------------------------------------------- 4 5 terraform { 6 required_version = ">= 0.9.3" 7 } 8 9 # --------------------------------------------------------------------------------------------------------------------- 10 # CREATE AN AUTO SCALING GROUP (ASG) TO RUN CONSUL 11 # --------------------------------------------------------------------------------------------------------------------- 12 13 resource "aws_autoscaling_group" "autoscaling_group" { 14 launch_configuration = "${aws_launch_configuration.launch_configuration.name}" 15 16 availability_zones = ["${var.availability_zones}"] 17 vpc_zone_identifier = ["${var.subnet_ids}"] 18 19 # Run a fixed number of instances in the ASG 20 min_size = "${var.cluster_size}" 21 max_size = "${var.cluster_size}" 22 desired_capacity = "${var.cluster_size}" 23 termination_policies = ["${var.termination_policies}"] 24 25 target_group_arns = ["${var.target_group_arns}"] 26 load_balancers = ["${var.load_balancers}"] 27 health_check_type = "${var.health_check_type}" 28 health_check_grace_period = "${var.health_check_grace_period}" 29 wait_for_capacity_timeout = "${var.wait_for_capacity_timeout}" 30 31 tag { 32 key = "Name" 33 value = "${var.cluster_name}" 34 propagate_at_launch = true 35 } 36 37 tag { 38 key = "${var.cluster_tag_key}" 39 value = "${var.cluster_tag_value}" 40 propagate_at_launch = true 41 } 42 } 43 44 # --------------------------------------------------------------------------------------------------------------------- 45 # CREATE LAUCNH CONFIGURATION TO DEFINE WHAT RUNS ON EACH INSTANCE IN THE ASG 46 # --------------------------------------------------------------------------------------------------------------------- 47 48 resource "aws_launch_configuration" "launch_configuration" { 49 name_prefix = "${var.cluster_name}-" 50 image_id = "${var.ami_id}" 51 instance_type = "${var.instance_type}" 52 user_data = "${var.user_data}" 53 54 iam_instance_profile = "${aws_iam_instance_profile.instance_profile.name}" 55 key_name = "${var.ssh_key_name}" 56 security_groups = ["${aws_security_group.lc_security_group.id}"] 57 placement_tenancy = "${var.tenancy}" 58 associate_public_ip_address = "${var.associate_public_ip_address}" 59 60 ebs_optimized = "${var.root_volume_ebs_optimized}" 61 62 root_block_device { 63 volume_type = "${var.root_volume_type}" 64 volume_size = "${var.root_volume_size}" 65 delete_on_termination = "${var.root_volume_delete_on_termination}" 66 } 67 68 # Important note: whenever using a launch configuration with an auto scaling group, you must set 69 # create_before_destroy = true. However, as soon as you set create_before_destroy = true in one resource, you must 70 # also set it in every resource that it depends on, or you'll get an error about cyclic dependencies (especially when 71 # removing resources). For more info, see: 72 # 73 # https://www.terraform.io/docs/providers/aws/r/launch_configuration.html 74 # https://terraform.io/docs/configuration/resources.html 75 lifecycle { 76 create_before_destroy = true 77 } 78 } 79 80 # --------------------------------------------------------------------------------------------------------------------- 81 # CREATE A SECURITY GROUP TO CONTROL WHAT REQUESTS CAN GO IN AND OUT OF EACH EC2 INSTANCE 82 # --------------------------------------------------------------------------------------------------------------------- 83 84 resource "aws_security_group" "lc_security_group" { 85 name_prefix = "${var.cluster_name}" 86 description = "Security group for the ${var.cluster_name} launch configuration" 87 vpc_id = "${var.vpc_id}" 88 89 # aws_launch_configuration.launch_configuration in this module sets create_before_destroy to true, which means 90 # everything it depends on, including this resource, must set it as well, or you'll get cyclic dependency errors 91 # when you try to do a terraform destroy. 92 lifecycle { 93 create_before_destroy = true 94 } 95 } 96 97 resource "aws_security_group_rule" "allow_ssh_inbound" { 98 count = "${length(var.allowed_ssh_cidr_blocks) >= 1 ? 1 : 0}" 99 type = "ingress" 100 from_port = "${var.ssh_port}" 101 to_port = "${var.ssh_port}" 102 protocol = "tcp" 103 cidr_blocks = ["${var.allowed_ssh_cidr_blocks}"] 104 105 security_group_id = "${aws_security_group.lc_security_group.id}" 106 } 107 108 resource "aws_security_group_rule" "allow_ssh_inbound_from_security_group_ids" { 109 count = "${length(var.allowed_ssh_security_group_ids)}" 110 type = "ingress" 111 from_port = "${var.ssh_port}" 112 to_port = "${var.ssh_port}" 113 protocol = "tcp" 114 source_security_group_id = "${element(var.allowed_ssh_security_group_ids, count.index)}" 115 116 security_group_id = "${aws_security_group.lc_security_group.id}" 117 } 118 119 resource "aws_security_group_rule" "allow_all_outbound" { 120 type = "egress" 121 from_port = 0 122 to_port = 0 123 protocol = "-1" 124 cidr_blocks = ["0.0.0.0/0"] 125 126 security_group_id = "${aws_security_group.lc_security_group.id}" 127 } 128 129 130 # --------------------------------------------------------------------------------------------------------------------- 131 # THE CONSUL-SPECIFIC INBOUND/OUTBOUND RULES COME FROM THE CONSUL-SECURITY-GROUP-RULES MODULE 132 # --------------------------------------------------------------------------------------------------------------------- 133 134 module "security_group_rules" { 135 source = "../consul-security-group-rules" 136 137 security_group_id = "${aws_security_group.lc_security_group.id}" 138 allowed_inbound_cidr_blocks = ["${var.allowed_inbound_cidr_blocks}"] 139 allowed_inbound_security_group_ids = ["${var.allowed_inbound_security_group_ids}"] 140 141 server_rpc_port = "${var.server_rpc_port}" 142 cli_rpc_port = "${var.cli_rpc_port}" 143 serf_lan_port = "${var.serf_lan_port}" 144 serf_wan_port = "${var.serf_wan_port}" 145 http_api_port = "${var.http_api_port}" 146 dns_port = "${var.dns_port}" 147 } 148 149 # --------------------------------------------------------------------------------------------------------------------- 150 # ATTACH AN IAM ROLE TO EACH EC2 INSTANCE 151 # We can use the IAM role to grant the instance IAM permissions so we can use the AWS CLI without having to figure out 152 # how to get our secret AWS access keys onto the box. 153 # --------------------------------------------------------------------------------------------------------------------- 154 155 resource "aws_iam_instance_profile" "instance_profile" { 156 name_prefix = "${var.cluster_name}" 157 path = "${var.instance_profile_path}" 158 role = "${aws_iam_role.instance_role.name}" 159 160 # aws_launch_configuration.launch_configuration in this module sets create_before_destroy to true, which means 161 # everything it depends on, including this resource, must set it as well, or you'll get cyclic dependency errors 162 # when you try to do a terraform destroy. 163 lifecycle { 164 create_before_destroy = true 165 } 166 } 167 168 resource "aws_iam_role" "instance_role" { 169 name_prefix = "${var.cluster_name}" 170 assume_role_policy = "${data.aws_iam_policy_document.instance_role.json}" 171 172 # aws_iam_instance_profile.instance_profile in this module sets create_before_destroy to true, which means 173 # everything it depends on, including this resource, must set it as well, or you'll get cyclic dependency errors 174 # when you try to do a terraform destroy. 175 lifecycle { 176 create_before_destroy = true 177 } 178 } 179 180 data "aws_iam_policy_document" "instance_role" { 181 statement { 182 effect = "Allow" 183 actions = ["sts:AssumeRole"] 184 185 principals { 186 type = "Service" 187 identifiers = ["ec2.amazonaws.com"] 188 } 189 } 190 } 191 192 193 # --------------------------------------------------------------------------------------------------------------------- 194 # THE IAM POLICIES COME FROM THE CONSUL-IAM-POLICIES MODULE 195 # --------------------------------------------------------------------------------------------------------------------- 196 197 module "iam_policies" { 198 source = "../consul-iam-policies" 199 200 iam_role_id = "${aws_iam_role.instance_role.id}" 201 }