Skip to content

Commit

Permalink
fixing issue w/ bastion EIP provisioning. Updated the ASG to provisio…
Browse files Browse the repository at this point in the history
…n the first instance properly. (#5)
  • Loading branch information
thathaneydude authored Jul 22, 2024
1 parent 53a8b45 commit d67865f
Show file tree
Hide file tree
Showing 7 changed files with 21 additions and 18 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ module "asg_lambda_role" {
source = "github.com/corelight/terraform-aws-sensor//modules/iam/lambda"
lambda_cloudwatch_log_group_arn = module.sensor.cloudwatch_log_group_arn
sensor_autoscaling_group_name = module.sensor.autoscaling_group_name
sensor_autoscaling_group_arn = module.sensor.autoscaling_group_arn
security_group_arn = module.sensor.management_security_group_arn
subnet_arn = data.aws_subnet.management.arn
}
Expand Down
20 changes: 13 additions & 7 deletions auto_scale_group.tf
Original file line number Diff line number Diff line change
Expand Up @@ -15,14 +15,20 @@ resource "aws_autoscaling_group" "sensor_asg" {
health_check_grace_period = 300
termination_policies = ["OldestInstance"]
protect_from_scale_in = false
}
wait_for_capacity_timeout = 0

resource "aws_autoscaling_lifecycle_hook" "asg_scale_up_hook" {
autoscaling_group_name = aws_autoscaling_group.sensor_asg.name
lifecycle_transition = "autoscaling:EC2_INSTANCE_LAUNCHING"
name = var.asg_lifecycle_hook_name
default_result = "ABANDON"
heartbeat_timeout = 300
initial_lifecycle_hook {
lifecycle_transition = "autoscaling:EC2_INSTANCE_LAUNCHING"
name = var.asg_lifecycle_hook_name
default_result = "ABANDON"
heartbeat_timeout = 300
}

depends_on = [
aws_lambda_function.auto_scaling_lambda,
aws_cloudwatch_event_rule.asg_lifecycle_rule,
aws_cloudwatch_log_group.log_group,
]
}

resource "aws_autoscaling_policy" "sensor_autoscale_policy" {
Expand Down
4 changes: 2 additions & 2 deletions lambda.tf
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,8 @@ resource "aws_cloudwatch_event_rule" "asg_lifecycle_rule" {
"source" : ["aws.autoscaling"],
"detail-type" : ["EC2 Instance-launch Lifecycle Action"],
"detail" : {
"AutoScalingGroupName" : [aws_autoscaling_group.sensor_asg.name],
"LifecycleHookName" : [aws_autoscaling_lifecycle_hook.asg_scale_up_hook.name]
"AutoScalingGroupName" : [var.sensor_asg_name],
"LifecycleHookName" : [var.asg_lifecycle_hook_name]
}
})

Expand Down
1 change: 1 addition & 0 deletions modules/bastion/instance.tf
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ resource "aws_network_interface" "bastion_nic" {
}

resource "aws_eip" "bastion_public_ip" {
instance = aws_instance.bastion.id
network_interface = aws_network_interface.bastion_nic.id

tags = merge({ Name : "${var.bastion_instance_name}-public-ip" }, var.tags)
Expand Down
8 changes: 2 additions & 6 deletions modules/iam/lambda/main.tf
Original file line number Diff line number Diff line change
@@ -1,7 +1,3 @@
data "aws_autoscaling_group" "asg" {
name = var.sensor_autoscaling_group_name
}

data "aws_iam_policy_document" "lambda_nic_manager_policy" {
statement {
effect = "Allow"
Expand Down Expand Up @@ -31,7 +27,7 @@ data "aws_iam_policy_document" "lambda_nic_manager_policy" {
"autoscaling:CompleteLifecycleAction"
]
resources = [
data.aws_autoscaling_group.asg.arn
var.sensor_autoscaling_group_arn
]
}

Expand All @@ -46,7 +42,7 @@ data "aws_iam_policy_document" "lambda_nic_manager_policy" {
]
condition {
test = "StringEquals"
values = [data.aws_autoscaling_group.asg.name]
values = [split("/", var.sensor_autoscaling_group_arn)[1]]
variable = "aws:ResourceTag/aws:autoscaling:groupName"
}
}
Expand Down
2 changes: 1 addition & 1 deletion modules/iam/lambda/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ variable "lambda_cloudwatch_log_group_arn" {
type = string
}

variable "sensor_autoscaling_group_name" {
variable "sensor_autoscaling_group_arn" {
description = "ARN of the sensor EC2 autoscaling group of Corelight sensors"
type = string
}
Expand Down
2 changes: 1 addition & 1 deletion outputs.tf
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
output "auto_scale_group_arn" {
output "autoscaling_group_arn" {
value = aws_autoscaling_group.sensor_asg.arn
}

Expand Down

0 comments on commit d67865f

Please sign in to comment.