From 4c9a299c6a999e5ebb4cb1dd3e36333e4673688a Mon Sep 17 00:00:00 2001 From: Igor Rodionov Date: Fri, 13 Oct 2017 12:07:07 +0600 Subject: [PATCH] Init (#1) * Added s3 stored user data * Support s3 stored user_data * Support s3 stored user_data * Support s3 stored user_data * Address comments * Address PR comments * Address PR comments * Update main.tf --- LICENSE | 2 +- main.tf | 61 +++++++++++++++++++++++++++++++++++++++++++++ outputs.tf | 7 ++++++ templates/ubuntu.sh | 12 +++++++++ variables.tf | 29 +++++++++++++++++++++ 5 files changed, 110 insertions(+), 1 deletion(-) create mode 100644 main.tf create mode 100644 outputs.tf create mode 100644 templates/ubuntu.sh create mode 100644 variables.tf diff --git a/LICENSE b/LICENSE index 8dada3e..b476c77 100644 --- a/LICENSE +++ b/LICENSE @@ -186,7 +186,7 @@ same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright {yyyy} {name of copyright owner} + Copyright 2017 Cloud Posse LLC Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..3e57257 --- /dev/null +++ b/main.tf @@ -0,0 +1,61 @@ +# Define composite variables for resources +module "label" { + source = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.2.1" + namespace = "${var.namespace}" + name = "${var.name}" + stage = "${var.stage}" + attributes = ["s3", "backend"] +} + +locals { + aggregated_user_data = "${join("\n", var.user_data)}" + template_path = "${path.module}/templates/${var.os}.sh" +} + +data "template_file" "default" { + template = "${file(local.template_path)}" + + vars { + s3_user_data_uri = "s3://${aws_s3_bucket_object.default.bucket}${aws_s3_bucket_object.default.key}" + } +} + +resource "aws_s3_bucket_object" "default" { + bucket = "${var.bucket}" + key = "${var.path}/user_data.sh" + content = "${local.aggregated_user_data}" + etag = "${md5(local.aggregated_user_data)}" +} + +## IAM Role Policy that allows access to S3 +resource "aws_iam_policy" "default" { + name = "${module.label.id}" + + lifecycle { + create_before_destroy = true + } + + policy = "${data.aws_iam_policy_document.default.json}" +} + +data "aws_iam_policy_document" "default" { + statement { + actions = ["s3:ListBucket"] + + effect = "Allow" + + resources = [ + "${format("arn:aws:s3:::%v", aws_s3_bucket_object.default.bucket)}", + ] + } + + statement { + actions = ["s3:GetObject"] + + effect = "Allow" + + resources = [ + "${format("arn:aws:s3:::%v%v", aws_s3_bucket_object.default.bucket, aws_s3_bucket_object.default.key)}", + ] + } +} diff --git a/outputs.tf b/outputs.tf new file mode 100644 index 0000000..02951cb --- /dev/null +++ b/outputs.tf @@ -0,0 +1,7 @@ +output "user_data" { + value = "${data.template_file.default.rendered}" +} + +output "policy_arn" { + value = "${aws_iam_policy.default.arn}" +} diff --git a/templates/ubuntu.sh b/templates/ubuntu.sh new file mode 100644 index 0000000..24eeb88 --- /dev/null +++ b/templates/ubuntu.sh @@ -0,0 +1,12 @@ +# Install deps + +apt-get -y install python-pip + +# Install AWS Client +pip install --upgrade awscli + +aws s3 cp ${s3_user_data_uri} /tmp/user_data.sh + +eval "$(cat /tmp/user_data.sh)" + +rm -rf /tmp/user_data.sh \ No newline at end of file diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..7a9fd1b --- /dev/null +++ b/variables.tf @@ -0,0 +1,29 @@ +variable "namespace" { + default = "global" +} + +variable "stage" { + default = "default" +} + +variable "name" {} + +variable "bucket" { + default = "Bucket name to store user data script" +} + +variable "path" { + default = "/" + description = "Path to store user data script in bucket" +} + +variable "os" { + default = "ubuntu" + description = "Server OS that will execute user data script" +} + +variable "user_data" { + type = "list" + default = [] + description = "User data scripts content" +}