Init (#1)

* Added s3 stored user data * Support s3 stored user_data * Support s3 stored user_data * Support s3 stored user_data * Address comments * Address PR comments * Address PR comments * Update main.tf
cloudposse-archives · Oct 13, 2017 · 4c9a299 · 4c9a299
1 parent d994a7c
commit 4c9a299
Show file tree

Hide file tree

Showing 5 changed files with 110 additions and 1 deletion.
diff --git a/LICENSE b/LICENSE
@@ -186,7 +186,7 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright {yyyy} {name of copyright owner}
+   Copyright 2017 Cloud Posse LLC
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

diff --git a/main.tf b/main.tf
@@ -0,0 +1,61 @@
+# Define composite variables for resources
+module "label" {
+  source     = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.2.1"
+  namespace  = "${var.namespace}"
+  name       = "${var.name}"
+  stage      = "${var.stage}"
+  attributes = ["s3", "backend"]
+}
+
+locals {
+  aggregated_user_data = "${join("\n", var.user_data)}"
+  template_path        = "${path.module}/templates/${var.os}.sh"
+}
+
+data "template_file" "default" {
+  template = "${file(local.template_path)}"
+
+  vars {
+    s3_user_data_uri = "s3://${aws_s3_bucket_object.default.bucket}${aws_s3_bucket_object.default.key}"
+  }
+}
+
+resource "aws_s3_bucket_object" "default" {
+  bucket  = "${var.bucket}"
+  key     = "${var.path}/user_data.sh"
+  content = "${local.aggregated_user_data}"
+  etag    = "${md5(local.aggregated_user_data)}"
+}
+
+## IAM Role Policy that allows access to S3
+resource "aws_iam_policy" "default" {
+  name = "${module.label.id}"
+
+  lifecycle {
+    create_before_destroy = true
+  }
+
+  policy = "${data.aws_iam_policy_document.default.json}"
+}
+
+data "aws_iam_policy_document" "default" {
+  statement {
+    actions = ["s3:ListBucket"]
+
+    effect = "Allow"
+
+    resources = [
+      "${format("arn:aws:s3:::%v", aws_s3_bucket_object.default.bucket)}",
+    ]
+  }
+
+  statement {
+    actions = ["s3:GetObject"]
+
+    effect = "Allow"
+
+    resources = [
+      "${format("arn:aws:s3:::%v%v", aws_s3_bucket_object.default.bucket, aws_s3_bucket_object.default.key)}",
+    ]
+  }
+}
diff --git a/outputs.tf b/outputs.tf
@@ -0,0 +1,7 @@
+output "user_data" {
+  value = "${data.template_file.default.rendered}"
+}
+
+output "policy_arn" {
+  value = "${aws_iam_policy.default.arn}"
+}
diff --git a/templates/ubuntu.sh b/templates/ubuntu.sh
@@ -0,0 +1,12 @@
+# Install deps
+
+apt-get -y install python-pip
+
+# Install AWS Client
+pip install --upgrade awscli
+
+aws s3 cp ${s3_user_data_uri} /tmp/user_data.sh
+
+eval "$(cat /tmp/user_data.sh)"
+
+rm -rf /tmp/user_data.sh
diff --git a/variables.tf b/variables.tf
@@ -0,0 +1,29 @@
+variable "namespace" {
+  default = "global"
+}
+
+variable "stage" {
+  default = "default"
+}
+
+variable "name" {}
+
+variable "bucket" {
+  default = "Bucket name to store user data script"
+}
+
+variable "path" {
+  default     = "/"
+  description = "Path to store user data script in bucket"
+}
+
+variable "os" {
+  default     = "ubuntu"
+  description = "Server OS that will execute user data script"
+}
+
+variable "user_data" {
+  type        = "list"
+  default     = []
+  description = "User data scripts content"
+}