M infra/ec2.tf => infra/ec2.tf +6 -1
@@ 19,7 19,7 @@ data "aws_ami" "amz2" {
resource "aws_instance" "gemif" {
ami = data.aws_ami.amz2.id
- instance_type = "t4g.nano"
+ instance_type = var.instance_type
user_data_base64 = data.template_cloudinit_config.config.rendered
iam_instance_profile = aws_iam_instance_profile.gemif.name
@@ 29,6 29,10 @@ resource "aws_instance" "gemif" {
Name = "GemIF Server"
}
+ volume_tags = {
+ "Name" = "GemIF Server"
+ }
+
lifecycle {
create_before_destroy = true
}
@@ 47,6 51,7 @@ resource "aws_security_group" "allow_gem" {
}
egress {
+ description = "Open egress to Internet"
from_port = 0
to_port = 0
protocol = "-1"
M infra/iam.tf => infra/iam.tf +12 -14
@@ 7,21 7,19 @@ resource "aws_iam_role" "gemif" {
name = "gemif-role"
path = "/"
- assume_role_policy = <<EOF
-{
- "Version": "2012-10-17",
- "Statement": [
- {
- "Action": "sts:AssumeRole",
- "Principal": {
- "Service": "ec2.amazonaws.com"
- },
- "Effect": "Allow",
- "Sid": ""
- }
- ]
+ assume_role_policy = data.aws_iam_policy_document.ec2_assume.json
}
-EOF
+
+data "aws_iam_policy_document" "ec2_assume" {
+ version = "2012-10-17"
+ statement {
+ actions = ["sts:AssumeRole"]
+ principals {
+ type = "Service"
+ identifiers = ["ec2.amazonaws.com"]
+ }
+ effect = "Allow"
+ }
}
resource "aws_iam_role_policy_attachment" "gemif_ssm" {
M infra/variables.tf => infra/variables.tf +4 -0
@@ 1,3 1,7 @@
variable "gemif_version" {
description = "The version of GemIF to deploy"
+}
+
+variable "instance_type" {
+ default = "t4g.nano"
}=
\ No newline at end of file