From a0dda9008a0eb3d6ee2b2224168d7a8ad63026ac Mon Sep 17 00:00:00 2001 From: "waqas.yousaf" Date: Fri, 31 May 2024 15:07:42 +0200 Subject: [PATCH] OPS-5932: Migrate to launch template --- README.md | 2 +- main.tf | 29 ++++++++++++++++------------- outputs.tf | 6 +++--- 3 files changed, 20 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index c4632df..88e4524 100644 --- a/README.md +++ b/README.md @@ -342,7 +342,7 @@ Default: | [bastion\_asg\_name](#output\_bastion\_asg\_name) | Autoscaling group name of the bastion host. (or empty string if bastion host is disabled) | | [bastion\_elb\_fqdn](#output\_bastion\_elb\_fqdn) | The auto-generated FQDN of the bastion ELB. | | [bastion\_elb\_security\_group\_id](#output\_bastion\_elb\_security\_group\_id) | The ID of the SSH security group of the bastion host that can be attached to any other private instance in order to ssh into it. (or empty string if bastion host is disabled) | -| [bastion\_launch\_config\_name](#output\_bastion\_launch\_config\_name) | Launch configuration name of the bastion host. (or empty string if bastion host is disabled) | +| [bastion\_launch\_template\_name](#output\_bastion\_launch\_template\_name) | Launch template name of the bastion host. (or empty string if bastion host is disabled) | | [bastion\_route53\_public\_dns\_name](#output\_bastion\_route53\_public\_dns\_name) | The route53 public dns name of the bastion ELB if set. | | [bastion\_security\_group\_id](#output\_bastion\_security\_group\_id) | The ID of the SSH security group of the bastion host that can be attached to any other private instance in order to ssh into it. (or empty string if bastion host is disabled) | | [cgw\_ids](#output\_cgw\_ids) | List of IDs of Customer Gateway | diff --git a/main.tf b/main.tf index d966d43..d6eb5c4 100644 --- a/main.tf +++ b/main.tf @@ -128,20 +128,19 @@ resource "aws_security_group" "bastion" { ) } -resource "aws_launch_configuration" "bastion" { +resource "aws_launch_template" "bastion" { count = var.vpc_enable_bastion_host ? 1 : 0 - name_prefix = local.bastion_lc_name - image_id = data.aws_ami.bastion[0].image_id - instance_type = var.bastion_instance_type - security_groups = [aws_security_group.bastion[0].id] - enable_monitoring = false - user_data = templatefile("${path.module}/user_data.sh.tftpl", + name_prefix = local.bastion_lc_name + image_id = data.aws_ami.bastion[0].image_id + instance_type = var.bastion_instance_type + vpc_security_group_ids = [aws_security_group.bastion[0].id] + user_data = base64encode(templatefile("${path.module}/user_data.sh.tftpl", { ssh_user = "ec2-user" ssh_keys = join("\n", var.bastion_ssh_keys) } - ) + )) metadata_options { http_tokens = "required" @@ -149,10 +148,11 @@ resource "aws_launch_configuration" "bastion" { http_endpoint = "enabled" } - associate_public_ip_address = false - - root_block_device { - volume_size = "8" + block_device_mappings { + device_name = "/dev/sda1" + ebs { + volume_size = "8" + } } lifecycle { @@ -174,7 +174,10 @@ resource "aws_autoscaling_group" "bastion" { health_check_type = "EC2" force_delete = false wait_for_capacity_timeout = 0 - launch_configuration = aws_launch_configuration.bastion[0].name + launch_template { + id = aws_launch_template.bastion[0].id + version = aws_launch_template.bastion[0].latest_version + } load_balancers = [module.aws_elb.id] diff --git a/outputs.tf b/outputs.tf index 7009e0e..41a607a 100644 --- a/outputs.tf +++ b/outputs.tf @@ -44,9 +44,9 @@ output "bastion_asg_name" { value = join(",", aws_autoscaling_group.bastion.*.name) } -output "bastion_launch_config_name" { - description = "Launch configuration name of the bastion host. (or empty string if bastion host is disabled)" - value = join(",", aws_launch_configuration.bastion.*.name) +output "bastion_launch_template_name" { + description = "Launch template name of the bastion host. (or empty string if bastion host is disabled)" + value = join(",", aws_launch_template.bastion.*.name) } # -------------------------------------------------------------------------------------------------