~nromdotcom/gemif

82bb8de4168fc18f3c6ebab80136c6ed5d7a7363 — Norm MacLennan a year ago 1cf152a
Clean up the Terraform a bit
3 files changed, 22 insertions(+), 15 deletions(-)

M infra/ec2.tf
M infra/iam.tf
M infra/variables.tf
M infra/ec2.tf => infra/ec2.tf +6 -1
@@ 19,7 19,7 @@ data "aws_ami" "amz2" {

resource "aws_instance" "gemif" {
  ami              = data.aws_ami.amz2.id
  instance_type    = "t4g.nano"
  instance_type    = var.instance_type
  user_data_base64 = data.template_cloudinit_config.config.rendered

  iam_instance_profile   = aws_iam_instance_profile.gemif.name


@@ 29,6 29,10 @@ resource "aws_instance" "gemif" {
    Name = "GemIF Server"
  }

  volume_tags = {
    "Name" = "GemIF Server"
  }

  lifecycle {
    create_before_destroy = true
  }


@@ 47,6 51,7 @@ resource "aws_security_group" "allow_gem" {
  }

  egress {
    description = "Open egress to Internet"
    from_port   = 0
    to_port     = 0
    protocol    = "-1"

M infra/iam.tf => infra/iam.tf +12 -14
@@ 7,21 7,19 @@ resource "aws_iam_role" "gemif" {
  name = "gemif-role"
  path = "/"

  assume_role_policy = <<EOF
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": "sts:AssumeRole",
            "Principal": {
               "Service": "ec2.amazonaws.com"
            },
            "Effect": "Allow",
            "Sid": ""
        }
    ]
  assume_role_policy = data.aws_iam_policy_document.ec2_assume.json
}
EOF

data "aws_iam_policy_document" "ec2_assume" {
  version = "2012-10-17"
  statement {
    actions = ["sts:AssumeRole"]
    principals {
      type = "Service"
      identifiers = ["ec2.amazonaws.com"]
    }
    effect = "Allow"
  }
}

resource "aws_iam_role_policy_attachment" "gemif_ssm" {

M infra/variables.tf => infra/variables.tf +4 -0
@@ 1,3 1,7 @@
variable "gemif_version" {
  description = "The version of GemIF to deploy"
}

variable "instance_type" {
  default = "t4g.nano"
}
\ No newline at end of file