Skip to content

Commit

Permalink
feat(aws): add a common instance profile for SSM
Browse files Browse the repository at this point in the history
  • Loading branch information
raisedadead committed Apr 5, 2024
1 parent 7d62654 commit 08c4839
Show file tree
Hide file tree
Showing 6 changed files with 108 additions and 0 deletions.
25 changes: 25 additions & 0 deletions terraform/ops-aws-instance-profile/.terraform.lock.hcl

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 10 additions & 0 deletions terraform/ops-aws-instance-profile/backend.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
terraform {
backend "remote" {
hostname = "app.terraform.io"
organization = "freecodecamp"

workspaces {
name = "tfws-ops-aws-instance-profile"
}
}
}
42 changes: 42 additions & 0 deletions terraform/ops-aws-instance-profile/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
variable "stack_tags" {
type = map(string)
description = "Tags to apply to all resources in this stack"
default = {
Environment = "ops"
Stack = "common"
}
}

resource "aws_iam_role" "stg_mw_instance_profile_role" {
name = "fCCSSMInstanceProfileRole"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF

description = "Allows EC2 instances to call AWS services like CloudWatch and Systems Manager on your behalf."
max_session_duration = 3600

tags = var.stack_tags
}

resource "aws_iam_role_policy_attachment" "stg_mw_instance_profile_role_attachment" {
role = aws_iam_role.stg_mw_instance_profile_role.name
policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
}

resource "aws_iam_instance_profile" "stg_mw_instance_profile" {
name = aws_iam_role.stg_mw_instance_profile_role.name
role = aws_iam_role.stg_mw_instance_profile_role.name
}
5 changes: 5 additions & 0 deletions terraform/ops-aws-instance-profile/providers.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
provider "aws" {
region = var.region
access_key = var.aws_access_key_id
secret_key = var.aws_secret_access_key
}
17 changes: 17 additions & 0 deletions terraform/ops-aws-instance-profile/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
variable "aws_access_key_id" {
description = "The value of the AWS Access Key ID."
type = string
sensitive = true
}

variable "aws_secret_access_key" {
description = "The value of the AWS Secret Access Key."
type = string
sensitive = true
}

variable "region" {
description = "The name of the region in which to deploy instances."
default = "us-east-1"
type = string
}
9 changes: 9 additions & 0 deletions terraform/ops-aws-instance-profile/versions.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "5.43.0"
}
}
required_version = ">= 1"
}

0 comments on commit 08c4839

Please sign in to comment.