From 8e9e53e907b5b283e9b90184007dd727bd6a3d55 Mon Sep 17 00:00:00 2001
From: Magicloud <1886157+Magicloud@users.noreply.github.com>
Date: Tue, 10 Dec 2019 19:03:41 +0800
Subject: [PATCH] New function: single-node-asg module supports binding EIP by
 itself.

Since it is single node, binding an EIP to the instance is possible. And
it eases other things since the public interface is constant.

Add assign_eip variable to single-node-asg. If turns it on, an EIP will
be allocated, and assocated with the instance.

Scope VPC is specified in case the account does not have a default VPC.
---
 modules/single-node-asg/main.tf      | 42 +++++++++++++++++++++++++---
 modules/single-node-asg/outputs.tf   |  4 +++
 modules/single-node-asg/variables.tf | 10 +++++--
 3 files changed, 50 insertions(+), 6 deletions(-)

diff --git a/modules/single-node-asg/main.tf b/modules/single-node-asg/main.tf
index d99b37ae..b7d7f6f4 100644
--- a/modules/single-node-asg/main.tf
+++ b/modules/single-node-asg/main.tf
@@ -52,6 +52,32 @@ module "service-data" {
   iam_instance_profile_role_name = module.instance_profile.iam_role_name
 }
 
+resource "aws_eip" "eip" {
+  count = var.assign_eip ? 1 : 0
+  vpc   = true
+}
+
+resource "aws_iam_role_policy_attachment" "associate_eip" {
+  role       = module.instance_profile.iam_role_name
+  policy_arn = aws_iam_policy.associate_eip_policy.arn
+}
+
+resource "aws_iam_policy" "associate_eip_policy" {
+  name   = "associate_address"
+  policy = data.aws_iam_policy_document.associate_eip_policy_doc.json
+}
+
+data "aws_iam_policy_document" "associate_eip_policy_doc" {
+  statement {
+    sid    = ""
+    effect = "Allow"
+    actions = [
+      "ec2:AssociateAddress"
+    ]
+    resources = ["*"]
+  }
+}
+
 # Create an ASG with just 1 EC2 instance
 module "server" {
   source = "../asg"
@@ -66,12 +92,11 @@ module "server" {
   max_nodes       = 1
   min_nodes       = 1
   placement_group = var.placement_group
-  public_ip       = var.public_ip
+  public_ip       = var.assign_eip ? false : var.public_ip
   # the prefix and suffix names are combined in
   # the `asg` module to create the full name
-  name_prefix = var.name_prefix
-  name_suffix = "${var.name_suffix}-${local.az}"
-
+  name_prefix        = var.name_prefix
+  name_suffix        = "${var.name_suffix}-${local.az}"
   root_volume_type   = var.root_volume_type
   root_volume_size   = var.root_volume_size
   security_group_ids = var.security_group_ids
@@ -84,7 +109,12 @@ module "server" {
 # exec > /tmp/init.log
 # exec 2> /tmp/init-err.log
 # set -x
+apt update
 ${var.init_prefix}
+${module.init-install-awscli.init_snippet}
+while ! ${var.assign_eip ? "aws ec2 associate-address --instance-id \"$(ec2metadata --instance-id)\" --region \"${var.region}\" --allocation-id \"${element(aws_eip.eip.*.id, 0)}\"" : "true"}; do
+  sleep 1
+done
 ${module.init-attach-ebs.init_snippet}
 ${var.init_suffix}
 END_INIT
@@ -97,3 +127,7 @@ module "init-attach-ebs" {
   region    = var.region
   volume_id = module.service-data.volume_id
 }
+
+module "init-install-awscli" {
+  source = "../init-snippet-install-awscli"
+}
diff --git a/modules/single-node-asg/outputs.tf b/modules/single-node-asg/outputs.tf
index d2bbbbdc..79106a09 100644
--- a/modules/single-node-asg/outputs.tf
+++ b/modules/single-node-asg/outputs.tf
@@ -12,3 +12,7 @@ output "data_volume_name_tag" {
   value       = "${local.data_volume_name_prefix}-${local.az}"
   description = "Name tag value for attached data volume"
 }
+
+output "eip_address" {
+  value = var.assign_eip ? aws_eip.eip.*[0].public_ip : ""
+}
diff --git a/modules/single-node-asg/variables.tf b/modules/single-node-asg/variables.tf
index 97de3191..b06b9093 100644
--- a/modules/single-node-asg/variables.tf
+++ b/modules/single-node-asg/variables.tf
@@ -62,7 +62,7 @@ variable "data_volume_size" {
 variable "data_volume_encrypted" {
   default     = true
   description = "Boolean, whether or not to encrypt the EBS block device"
-  type        = string
+  type        = bool
 }
 
 variable "data_volume_kms_key_id" {
@@ -98,7 +98,7 @@ variable "init_suffix" {
 variable "public_ip" {
   default     = true
   description = "Boolean flag to enable/disable `map_public_ip_on_launch` in the launch configuration"
-  type        = string
+  type        = bool
 }
 
 variable "subnet_id" {
@@ -121,3 +121,9 @@ variable "load_balancers" {
   description = "The list of load balancers names to pass to the ASG module"
   type        = list(string)
 }
+
+variable "assign_eip" {
+  default     = false
+  description = "Whether or not associating an EIP with the node."
+  type        = bool
+}