-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
152 lines (131 loc) · 4.45 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "5.34.0"
}
}
}
provider "aws" {
region = var.aws_region
ignore_tags {
# Ignores dynamic tags added by the Patch Policy
key_prefixes = [
"QSConfigName-"
]
}
}
locals {
workload = "ssm"
public_key = file("./keys/temp_key.pub")
}
### Shared ###
module "vpc" {
source = "./modules/vpc"
aws_region = var.aws_region
workload = local.workload
}
module "iam" {
source = "./modules/iam"
workload = local.workload
ssm_patchmanager_quicksetup_config_id = var.ssm_patchmanager_quicksetup_config_id
}
resource "aws_key_pair" "default" {
key_name = "ssm-key"
public_key = local.public_key
}
module "sg" {
source = "./modules/sg"
workload = local.workload
vpc_id = module.vpc.vpc_id
}
module "ssm" {
source = "./modules/ssm"
}
### Instances ###
module "ubuntu_default" {
count = var.create_default_ubuntu_instances == true ? 1 : 0
source = "./modules/ec2"
workload = local.workload
iam_instance_profile_id = module.iam.instance_profile_id
key_name = aws_key_pair.default.key_name
instance_type = var.ubuntu_instance_type
ami = var.ubuntu_ami
security_group_id = module.sg.sg_id
subnet_id = module.vpc.subnet_id
user_data_file = "ubuntu.sh"
instance_label = "ubuntu"
environment_tag = "Development"
platform_tag = "Linux"
depends_on = [module.ssm]
}
module "debian_default" {
count = var.create_default_debian_instances == true ? 1 : 0
source = "./modules/ec2"
workload = local.workload
iam_instance_profile_id = module.iam.instance_profile_id
key_name = aws_key_pair.default.key_name
instance_type = var.debian_instance_type
ami = var.debian_ami
security_group_id = module.sg.sg_id
subnet_id = module.vpc.subnet_id
user_data_file = "debian12.sh"
instance_label = "debian12"
environment_tag = "Development"
platform_tag = "Linux"
depends_on = [module.ssm]
}
module "windows_default" {
count = var.create_default_windows_instances == true ? 1 : 0
source = "./modules/ec2"
workload = local.workload
iam_instance_profile_id = module.iam.instance_profile_id
key_name = aws_key_pair.default.key_name
instance_type = var.windows_instance_type
ami = var.windows_ami
security_group_id = module.sg.sg_id
subnet_id = module.vpc.subnet_id
user_data_file = "windows-default.txt"
instance_label = "windows-default"
environment_tag = "Development"
platform_tag = "Windows"
depends_on = [module.ssm]
}
### ASG ###
module "asg" {
count = var.create_asg == true ? 1 : 0
source = "./modules/asg"
workload = local.workload
instance_type = var.ubuntu_instance_type
ami = var.ubuntu_ami
vpc_id = module.vpc.vpc_id
key_name = aws_key_pair.default.key_name
subnet_id = module.vpc.subnet_id
}
### Maintenance Window ###
locals {
ssm_wm_create = var.create_ssm_maintenance_window_resources == true ? 1 : 0
}
module "mw_linux" {
count = local.ssm_wm_create
source = "./modules/ec2"
workload = local.workload
iam_instance_profile_id = module.iam.instance_profile_id
key_name = aws_key_pair.default.key_name
instance_type = var.ssm_maintenance_windows_instance_type
ami = var.ubuntu_ami
security_group_id = module.sg.sg_id
subnet_id = module.vpc.subnet_id
user_data_file = "ubuntu-default.sh"
instance_label = "linux-maint-wind"
environment_tag = "MaintenanceWindow"
platform_tag = "Linux"
}
module "maintenance_window" {
count = local.ssm_wm_create
source = "./modules/maintenance-window"
schedule_cron = var.ssm_maintenance_window_schedule_cron
schedule_timezone = var.ssm_maintenance_window_schedule_timezone
instance_id_targets = [module.mw_linux[0].instance_id]
ssm_maintenance_window_schedule_run_command_operation = var.ssm_maintenance_window_schedule_run_command_operation
}