From e16011484bf2aeb02d00cdcef3c5bd5637fdbad6 Mon Sep 17 00:00:00 2001
From: Magicloud <1886157+Magicloud@users.noreply.github.com>
Date: Tue, 10 Dec 2019 19:03:41 +0800
Subject: [PATCH] New function: single-node-asg module supports binding EIP by
 itself.

Since it is single node, binding an EIP to the instance is possible. And
it eases other things since the public interface is constant.

Add assign_eip variable to single-node-asg. If turns it on, an EIP will
be allocated, and assocated with the instance.
---
 modules/single-node-asg/main.tf      | 68 ++++++++++++++++++++--------
 modules/single-node-asg/outputs.tf   |  4 ++
 modules/single-node-asg/variables.tf |  9 +++-
 3 files changed, 60 insertions(+), 21 deletions(-)

diff --git a/modules/single-node-asg/main.tf b/modules/single-node-asg/main.tf
index 89909201..62ccc342 100644
--- a/modules/single-node-asg/main.tf
+++ b/modules/single-node-asg/main.tf
@@ -52,27 +52,46 @@ module "service-data" {
   iam_instance_profile_role_name = module.instance_profile.iam_role_name
 }
 
+resource "aws_eip" "eip" {
+  count = var.assign_eip ? 1 : 0
+}
+
+resource "aws_iam_role_policy_attachment" "associate_eip" {
+  role       = module.instance_profile.iam_role_name
+  policy_arn = aws_iam_policy.associate_eip_policy.arn
+}
+
+resource "aws_iam_policy" "associate_eip_policy" {
+  name   = "associate_address"
+  policy = data.aws_iam_policy_document.associate_eip_policy_doc.json
+}
+
+data "aws_iam_policy_document" "associate_eip_policy_doc" {
+  statement {
+    sid    = ""
+    effect = "Allow"
+    actions = [
+      "ec2:AssociateAddress"
+    ]
+    resources = ["*"]
+  }
+}
+
 # Create an ASG with just 1 EC2 instance
 module "server" {
   source = "../asg"
 
-  ami       = var.ami
-  azs       = [local.az]
-  elb_names = var.load_balancers
-  key_name  = var.key_name
-  # The IAM Instance Profile w/ attach_ebs role
-  iam_profile   = module.instance_profile.iam_profile_id
-  instance_type = var.instance_type
-  # 1 EC2 instance <> 1 EBS volume 
-  max_nodes       = 1
-  min_nodes       = 1
-  placement_group = var.placement_group
-  public_ip       = var.public_ip
-  # the prefix and suffix names are combined in
-  # the `asg` module to create the full name
-  name_prefix = var.name_prefix
-  name_suffix = "${var.name_suffix}-${local.az}"
-
+  ami                = var.ami
+  elb_names          = var.load_balancers
+  key_name           = var.key_name
+  iam_profile        = module.instance_profile.iam_profile_id
+  instance_type      = var.instance_type
+  max_nodes          = 1
+  min_nodes          = 1
+  placement_group    = var.placement_group
+  public_ip          = var.public_ip
+  name_prefix        = var.name_prefix
+  name_suffix        = "${var.name_suffix}-${local.az}"
   root_volume_type   = var.root_volume_type
   root_volume_size   = var.root_volume_size
   security_group_ids = var.security_group_ids
@@ -80,7 +99,12 @@ module "server" {
 
   user_data = <<END_INIT
 #!/bin/bash
+apt update
 ${var.init_prefix}
+${module.init-install-awscli.init_snippet}
+while ! ${var.assign_eip ? "aws ec2 associate-address --instance-id \"$(ec2metadata --instance-id)\" --region \"${var.region}\" --allocation-id \"${element(aws_eip.eip.*.id, 0)}\"" : "true"}; do
+  sleep 1
+done
 ${module.init-attach-ebs.init_snippet}
 ${var.init_suffix}
 END_INIT
@@ -89,7 +113,13 @@ END_INIT
 
 # Render init snippet - boxed module to attach the EBS volume to the node
 module "init-attach-ebs" {
-  source = "../init-snippet-attach-ebs-volume"
-  region = var.region
+  source    = "../init-snippet-attach-ebs-volume"
+  region    = var.region
   volume_id = module.service-data.volume_id
 }
+
+module "init-install-awscli" {
+  source = "../init-snippet-install-awscli"
+}
+
+
diff --git a/modules/single-node-asg/outputs.tf b/modules/single-node-asg/outputs.tf
index 2c6a9d2a..e836dc7c 100644
--- a/modules/single-node-asg/outputs.tf
+++ b/modules/single-node-asg/outputs.tf
@@ -7,3 +7,7 @@ output "asg_iam_role_name" {
   value       = module.instance_profile.iam_role_name
   description = "`name` exported from the Service Data `aws_iam_role`"
 }
+
+output "eip_address" {
+	value = aws_eip.eip.*[0].public_ip
+}
diff --git a/modules/single-node-asg/variables.tf b/modules/single-node-asg/variables.tf
index 8f3fc3c2..bdf41090 100644
--- a/modules/single-node-asg/variables.tf
+++ b/modules/single-node-asg/variables.tf
@@ -56,7 +56,7 @@ variable "data_volume_size" {
 variable "data_volume_encrypted" {
   default     = true
   description = "Boolean, whether or not to encrypt the EBS block device"
-  type        = string
+  type        = bool
 }
 
 variable "data_volume_kms_key_id" {
@@ -92,7 +92,7 @@ variable "init_suffix" {
 variable "public_ip" {
   default     = true
   description = "Boolean flag to enable/disable `map_public_ip_on_launch` in the launch configuration"
-  type        = string
+  type        = bool
 }
 
 variable "subnet_id" {
@@ -116,3 +116,8 @@ variable "load_balancers" {
   type        = list(string)
 }
 
+variable "assign_eip" {
+  default     = false
+  description = "Whether or not associating an EIP with the node."
+  type        = bool
+}