github.com/tetrafolium/tflint@v0.8.0/tflint/test-fixtures/v0.11.0_module/.terraform/modules/ede63babd02a55137928f566176f7463/main.tf (about)

     1  # ---------------------------------------------------------------------------------------------------------------------
     2  # THESE TEMPLATES REQUIRE TERRAFORM VERSION 0.8 AND ABOVE
     3  # ---------------------------------------------------------------------------------------------------------------------
     4  
     5  terraform {
     6    required_version = ">= 0.9.3"
     7  }
     8  
     9  # ---------------------------------------------------------------------------------------------------------------------
    10  # CREATE AN AUTO SCALING GROUP (ASG) TO RUN CONSUL
    11  # ---------------------------------------------------------------------------------------------------------------------
    12  
    13  resource "aws_autoscaling_group" "autoscaling_group" {
    14    launch_configuration = "${aws_launch_configuration.launch_configuration.name}"
    15  
    16    availability_zones  = ["${var.availability_zones}"]
    17    vpc_zone_identifier = ["${var.subnet_ids}"]
    18  
    19    # Run a fixed number of instances in the ASG
    20    min_size             = "${var.cluster_size}"
    21    max_size             = "${var.cluster_size}"
    22    desired_capacity     = "${var.cluster_size}"
    23    termination_policies = ["${var.termination_policies}"]
    24  
    25    target_group_arns         = ["${var.target_group_arns}"]
    26    load_balancers            = ["${var.load_balancers}"]
    27    health_check_type         = "${var.health_check_type}"
    28    health_check_grace_period = "${var.health_check_grace_period}"
    29    wait_for_capacity_timeout = "${var.wait_for_capacity_timeout}"
    30  
    31    tag {
    32      key                 = "Name"
    33      value               = "${var.cluster_name}"
    34      propagate_at_launch = true
    35    }
    36  
    37    tag {
    38      key                 = "${var.cluster_tag_key}"
    39      value               = "${var.cluster_tag_value}"
    40      propagate_at_launch = true
    41    }
    42  }
    43  
    44  # ---------------------------------------------------------------------------------------------------------------------
    45  # CREATE LAUCNH CONFIGURATION TO DEFINE WHAT RUNS ON EACH INSTANCE IN THE ASG
    46  # ---------------------------------------------------------------------------------------------------------------------
    47  
    48  resource "aws_launch_configuration" "launch_configuration" {
    49    name_prefix   = "${var.cluster_name}-"
    50    image_id      = "${var.ami_id}"
    51    instance_type = "${var.instance_type}"
    52    user_data     = "${var.user_data}"
    53  
    54    iam_instance_profile        = "${aws_iam_instance_profile.instance_profile.name}"
    55    key_name                    = "${var.ssh_key_name}"
    56    security_groups             = ["${aws_security_group.lc_security_group.id}"]
    57    placement_tenancy           = "${var.tenancy}"
    58    associate_public_ip_address = "${var.associate_public_ip_address}"
    59  
    60    ebs_optimized = "${var.root_volume_ebs_optimized}"
    61  
    62    root_block_device {
    63      volume_type           = "${var.root_volume_type}"
    64      volume_size           = "${var.root_volume_size}"
    65      delete_on_termination = "${var.root_volume_delete_on_termination}"
    66    }
    67  
    68    # Important note: whenever using a launch configuration with an auto scaling group, you must set
    69    # create_before_destroy = true. However, as soon as you set create_before_destroy = true in one resource, you must
    70    # also set it in every resource that it depends on, or you'll get an error about cyclic dependencies (especially when
    71    # removing resources). For more info, see:
    72    #
    73    # https://www.terraform.io/docs/providers/aws/r/launch_configuration.html
    74    # https://terraform.io/docs/configuration/resources.html
    75    lifecycle {
    76      create_before_destroy = true
    77    }
    78  }
    79  
    80  # ---------------------------------------------------------------------------------------------------------------------
    81  # CREATE A SECURITY GROUP TO CONTROL WHAT REQUESTS CAN GO IN AND OUT OF EACH EC2 INSTANCE
    82  # ---------------------------------------------------------------------------------------------------------------------
    83  
    84  resource "aws_security_group" "lc_security_group" {
    85    name_prefix = "${var.cluster_name}"
    86    description = "Security group for the ${var.cluster_name} launch configuration"
    87    vpc_id      = "${var.vpc_id}"
    88  
    89    # aws_launch_configuration.launch_configuration in this module sets create_before_destroy to true, which means
    90    # everything it depends on, including this resource, must set it as well, or you'll get cyclic dependency errors
    91    # when you try to do a terraform destroy.
    92    lifecycle {
    93      create_before_destroy = true
    94    }
    95  }
    96  
    97  resource "aws_security_group_rule" "allow_ssh_inbound" {
    98    count       = "${length(var.allowed_ssh_cidr_blocks) >= 1 ? 1 : 0}"
    99    type        = "ingress"
   100    from_port   = "${var.ssh_port}"
   101    to_port     = "${var.ssh_port}"
   102    protocol    = "tcp"
   103    cidr_blocks = ["${var.allowed_ssh_cidr_blocks}"]
   104  
   105    security_group_id = "${aws_security_group.lc_security_group.id}"
   106  }
   107  
   108  resource "aws_security_group_rule" "allow_ssh_inbound_from_security_group_ids" {
   109    count                    = "${length(var.allowed_ssh_security_group_ids)}"
   110    type                     = "ingress"
   111    from_port                = "${var.ssh_port}"
   112    to_port                  = "${var.ssh_port}"
   113    protocol                 = "tcp"
   114    source_security_group_id = "${element(var.allowed_ssh_security_group_ids, count.index)}"
   115  
   116    security_group_id = "${aws_security_group.lc_security_group.id}"
   117  }
   118  
   119  resource "aws_security_group_rule" "allow_all_outbound" {
   120    type        = "egress"
   121    from_port   = 0
   122    to_port     = 0
   123    protocol    = "-1"
   124    cidr_blocks = ["0.0.0.0/0"]
   125  
   126    security_group_id = "${aws_security_group.lc_security_group.id}"
   127  }
   128  
   129  
   130  # ---------------------------------------------------------------------------------------------------------------------
   131  # THE CONSUL-SPECIFIC INBOUND/OUTBOUND RULES COME FROM THE CONSUL-SECURITY-GROUP-RULES MODULE
   132  # ---------------------------------------------------------------------------------------------------------------------
   133  
   134  module "security_group_rules" {
   135    source = "../consul-security-group-rules"
   136  
   137    security_group_id                  = "${aws_security_group.lc_security_group.id}"
   138    allowed_inbound_cidr_blocks        = ["${var.allowed_inbound_cidr_blocks}"]
   139    allowed_inbound_security_group_ids = ["${var.allowed_inbound_security_group_ids}"]
   140  
   141    server_rpc_port = "${var.server_rpc_port}"
   142    cli_rpc_port    = "${var.cli_rpc_port}"
   143    serf_lan_port   = "${var.serf_lan_port}"
   144    serf_wan_port   = "${var.serf_wan_port}"
   145    http_api_port   = "${var.http_api_port}"
   146    dns_port        = "${var.dns_port}"
   147  }
   148  
   149  # ---------------------------------------------------------------------------------------------------------------------
   150  # ATTACH AN IAM ROLE TO EACH EC2 INSTANCE
   151  # We can use the IAM role to grant the instance IAM permissions so we can use the AWS CLI without having to figure out
   152  # how to get our secret AWS access keys onto the box.
   153  # ---------------------------------------------------------------------------------------------------------------------
   154  
   155  resource "aws_iam_instance_profile" "instance_profile" {
   156    name_prefix = "${var.cluster_name}"
   157    path        = "${var.instance_profile_path}"
   158    role        = "${aws_iam_role.instance_role.name}"
   159  
   160    # aws_launch_configuration.launch_configuration in this module sets create_before_destroy to true, which means
   161    # everything it depends on, including this resource, must set it as well, or you'll get cyclic dependency errors
   162    # when you try to do a terraform destroy.
   163    lifecycle {
   164      create_before_destroy = true
   165    }
   166  }
   167  
   168  resource "aws_iam_role" "instance_role" {
   169    name_prefix        = "${var.cluster_name}"
   170    assume_role_policy = "${data.aws_iam_policy_document.instance_role.json}"
   171  
   172    # aws_iam_instance_profile.instance_profile in this module sets create_before_destroy to true, which means
   173    # everything it depends on, including this resource, must set it as well, or you'll get cyclic dependency errors
   174    # when you try to do a terraform destroy.
   175    lifecycle {
   176      create_before_destroy = true
   177    }
   178  }
   179  
   180  data "aws_iam_policy_document" "instance_role" {
   181    statement {
   182      effect  = "Allow"
   183      actions = ["sts:AssumeRole"]
   184  
   185      principals {
   186        type        = "Service"
   187        identifiers = ["ec2.amazonaws.com"]
   188      }
   189    }
   190  }
   191  
   192  
   193  # ---------------------------------------------------------------------------------------------------------------------
   194  # THE IAM POLICIES COME FROM THE CONSUL-IAM-POLICIES MODULE
   195  # ---------------------------------------------------------------------------------------------------------------------
   196  
   197  module "iam_policies" {
   198    source = "../consul-iam-policies"
   199  
   200    iam_role_id = "${aws_iam_role.instance_role.id}"
   201  }