-
-
Notifications
You must be signed in to change notification settings - Fork 24
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(aws): add a common instance profile for SSM
- Loading branch information
1 parent
7d62654
commit 08c4839
Showing
6 changed files
with
108 additions
and
0 deletions.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
terraform { | ||
backend "remote" { | ||
hostname = "app.terraform.io" | ||
organization = "freecodecamp" | ||
|
||
workspaces { | ||
name = "tfws-ops-aws-instance-profile" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
variable "stack_tags" { | ||
type = map(string) | ||
description = "Tags to apply to all resources in this stack" | ||
default = { | ||
Environment = "ops" | ||
Stack = "common" | ||
} | ||
} | ||
|
||
resource "aws_iam_role" "stg_mw_instance_profile_role" { | ||
name = "fCCSSMInstanceProfileRole" | ||
assume_role_policy = <<EOF | ||
{ | ||
"Version": "2012-10-17", | ||
"Statement": [ | ||
{ | ||
"Action": "sts:AssumeRole", | ||
"Principal": { | ||
"Service": "ec2.amazonaws.com" | ||
}, | ||
"Effect": "Allow", | ||
"Sid": "" | ||
} | ||
] | ||
} | ||
EOF | ||
|
||
description = "Allows EC2 instances to call AWS services like CloudWatch and Systems Manager on your behalf." | ||
max_session_duration = 3600 | ||
|
||
tags = var.stack_tags | ||
} | ||
|
||
resource "aws_iam_role_policy_attachment" "stg_mw_instance_profile_role_attachment" { | ||
role = aws_iam_role.stg_mw_instance_profile_role.name | ||
policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" | ||
} | ||
|
||
resource "aws_iam_instance_profile" "stg_mw_instance_profile" { | ||
name = aws_iam_role.stg_mw_instance_profile_role.name | ||
role = aws_iam_role.stg_mw_instance_profile_role.name | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
provider "aws" { | ||
region = var.region | ||
access_key = var.aws_access_key_id | ||
secret_key = var.aws_secret_access_key | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
variable "aws_access_key_id" { | ||
description = "The value of the AWS Access Key ID." | ||
type = string | ||
sensitive = true | ||
} | ||
|
||
variable "aws_secret_access_key" { | ||
description = "The value of the AWS Secret Access Key." | ||
type = string | ||
sensitive = true | ||
} | ||
|
||
variable "region" { | ||
description = "The name of the region in which to deploy instances." | ||
default = "us-east-1" | ||
type = string | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
terraform { | ||
required_providers { | ||
aws = { | ||
source = "hashicorp/aws" | ||
version = "5.43.0" | ||
} | ||
} | ||
required_version = ">= 1" | ||
} |