From 269149c7c1dd027b2b56bc0716e671deb32f5aad Mon Sep 17 00:00:00 2001 From: Magicloud <1886157+Magicloud@users.noreply.github.com> Date: Tue, 10 Dec 2019 19:03:41 +0800 Subject: [PATCH] New function: single-node-asg module supports binding EIP by itself. Since it is single node, binding an EIP to the instance is possible. And it eases other things since the public interface is constant. Add assign_eip variable to single-node-asg. If turns it on, an EIP will be allocated, and assocated with the instance. --- CHANGELOG.md | 2 +- modules/single-node-asg/main.tf | 68 ++++++++++++++++++++-------- modules/single-node-asg/outputs.tf | 4 ++ modules/single-node-asg/variables.tf | 9 +++- 4 files changed, 61 insertions(+), 22 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7c8cf6c6..06210e4d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ ### Modules - +* `single-node-asg`: New function: support associating EIP. ### Examples diff --git a/modules/single-node-asg/main.tf b/modules/single-node-asg/main.tf index 89909201..62ccc342 100644 --- a/modules/single-node-asg/main.tf +++ b/modules/single-node-asg/main.tf @@ -52,27 +52,46 @@ module "service-data" { iam_instance_profile_role_name = module.instance_profile.iam_role_name } +resource "aws_eip" "eip" { + count = var.assign_eip ? 1 : 0 +} + +resource "aws_iam_role_policy_attachment" "associate_eip" { + role = module.instance_profile.iam_role_name + policy_arn = aws_iam_policy.associate_eip_policy.arn +} + +resource "aws_iam_policy" "associate_eip_policy" { + name = "associate_address" + policy = data.aws_iam_policy_document.associate_eip_policy_doc.json +} + +data "aws_iam_policy_document" "associate_eip_policy_doc" { + statement { + sid = "" + effect = "Allow" + actions = [ + "ec2:AssociateAddress" + ] + resources = ["*"] + } +} + # Create an ASG with just 1 EC2 instance module "server" { source = "../asg" - ami = var.ami - azs = [local.az] - elb_names = var.load_balancers - key_name = var.key_name - # The IAM Instance Profile w/ attach_ebs role - iam_profile = module.instance_profile.iam_profile_id - instance_type = var.instance_type - # 1 EC2 instance <> 1 EBS volume - max_nodes = 1 - min_nodes = 1 - placement_group = var.placement_group - public_ip = var.public_ip - # the prefix and suffix names are combined in - # the `asg` module to create the full name - name_prefix = var.name_prefix - name_suffix = "${var.name_suffix}-${local.az}" - + ami = var.ami + elb_names = var.load_balancers + key_name = var.key_name + iam_profile = module.instance_profile.iam_profile_id + instance_type = var.instance_type + max_nodes = 1 + min_nodes = 1 + placement_group = var.placement_group + public_ip = var.public_ip + name_prefix = var.name_prefix + name_suffix = "${var.name_suffix}-${local.az}" root_volume_type = var.root_volume_type root_volume_size = var.root_volume_size security_group_ids = var.security_group_ids @@ -80,7 +99,12 @@ module "server" { user_data = <