X EC2 (or 1 ASG X:X); X external volumes; X network interfaces; KMS key for volumes; Key pair
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

124 lines
4.3KB

  1. locals {
  2. should_update_root_device = var.root_block_device_volume_type != null || var.root_block_device_volume_size != null || var.root_block_device_encrypted == true || var.root_block_device_iops != null
  3. use_incremental_names = var.use_num_suffix && var.num_suffix_digits > 0
  4. num_suffix_starting_index = var.num_suffix_offset + 1
  5. use_default_subnets = var.use_autoscaling_group ? var.autoscaling_group_subnet_ids_count == 0 : var.ec2_use_default_subnet
  6. subnet_ids = var.use_autoscaling_group ? (local.use_default_subnets ? flatten(data.aws_subnet_ids.default.*.ids) : var.autoscaling_group_subnet_ids) : (local.use_default_subnets ? [flatten(data.aws_subnet_ids.default.*.ids)[0]] : [var.ec2_subnet_id])
  7. availability_zones = data.aws_subnet.current.*.availability_zone
  8. security_group_ids = local.should_fetch_default_security_group ? data.aws_security_group.default.*.id : var.vpc_security_group_ids
  9. ami = local.should_fetch_default_ami ? concat(data.aws_ssm_parameter.default_ami.*.value, [""])[0] : var.ami
  10. tags = {
  11. managed-by = "Terraform"
  12. }
  13. }
  14. ####
  15. # Instance Profile
  16. ####
  17. locals {
  18. should_create_instance_profile = var.iam_instance_profile_create == true
  19. iam_instance_profile_name = local.should_create_instance_profile ? aws_iam_instance_profile.this.*.name[0] : var.iam_instance_profile_name
  20. }
  21. resource "aws_iam_instance_profile" "this" {
  22. count = local.should_create_instance_profile ? 1 : 0
  23. name = var.iam_instance_profile_name != null ? format("%s%s", var.prefix, var.iam_instance_profile_name) : null
  24. path = var.iam_instance_profile_path
  25. role = aws_iam_role.this_instance_profile.*.id[0]
  26. }
  27. resource "aws_iam_role" "this_instance_profile" {
  28. count = local.should_create_instance_profile ? 1 : 0
  29. name = var.iam_instance_profile_iam_role_name != null ? format("%s%s", var.prefix, var.iam_instance_profile_iam_role_name) : null
  30. description = var.iam_instance_profile_iam_role_description
  31. path = var.iam_instance_profile_path
  32. assume_role_policy = data.aws_iam_policy_document.sts_instance.*.json[0]
  33. tags = merge(
  34. var.tags,
  35. var.iam_instance_profile_iam_role_tags,
  36. local.tags,
  37. )
  38. }
  39. resource "aws_iam_role_policy_attachment" "this_instance_profile" {
  40. count = local.should_create_instance_profile ? var.iam_instance_profile_iam_role_policy_count : 0
  41. role = aws_iam_role.this_instance_profile.*.id[0]
  42. policy_arn = element(var.iam_instance_profile_iam_role_policy_arns, count.index)
  43. }
  44. ####
  45. # Elastic IP
  46. ####
  47. locals {
  48. should_create_primary_eip = var.associate_public_ip_address == true && var.use_autoscaling_group == false
  49. should_create_eip_for_extra_network_interfaces = var.extra_network_interface_eips_count > 0 && var.use_autoscaling_group == false
  50. network_interface_with_eip_ids = local.should_create_eip_for_extra_network_interfaces ? [
  51. for i, network_interface in aws_network_interface.this_extra :
  52. network_interface.id
  53. if element(var.extra_network_interface_eips_enabled, i % var.extra_network_interface_count) == true
  54. ] : []
  55. }
  56. resource "aws_eip" "this_primary" {
  57. count = local.should_create_primary_eip ? 1 : 0
  58. vpc = true
  59. }
  60. resource "aws_eip_association" "this_primary" {
  61. count = local.should_create_primary_eip ? 1 : 0
  62. network_interface_id = aws_network_interface.this_primary.*.id[0]
  63. allocation_id = aws_eip.this_primary.*.id[0]
  64. }
  65. resource "aws_eip" "this_extra" {
  66. count = local.should_create_eip_for_extra_network_interfaces ? var.extra_network_interface_eips_count : 0
  67. vpc = true
  68. }
  69. resource "aws_eip_association" "this_extra" {
  70. count = local.should_create_eip_for_extra_network_interfaces ? var.extra_network_interface_eips_count : 0
  71. network_interface_id = element(local.network_interface_with_eip_ids, count.index)
  72. allocation_id = element(aws_eip.this_extra.*.id, count.index)
  73. }
  74. ####
  75. # Key Pair
  76. ####
  77. locals {
  78. should_create_key_pair = var.key_pair_create
  79. key_pair_name = local.should_create_key_pair ? aws_key_pair.this.*.key_name[0] : var.key_pair_name
  80. }
  81. resource "aws_key_pair" "this" {
  82. count = local.should_create_key_pair ? 1 : 0
  83. key_name = format("%s%s", var.prefix, var.key_pair_name)
  84. public_key = var.key_pair_public_key
  85. tags = merge(
  86. var.tags,
  87. var.key_pair_tags,
  88. local.tags,
  89. )
  90. }