Update against single instance module (#9)

rsrchboy · actions-bot · osterman · web-flow · commit 43495fde20f7 · 2020-07-14T22:17:21.000-07:00
* Use 0.16.0 of null-label module

* Be kind when launching on auto-assign ipv6 subnets

* Bump key-pair module to latest (0.9.0)

* Add a `name` output

* Allow for a permissions boundry to be set

* Hark, a README!

* Updated README.md

Co-authored-by: actions-bot &lt;58130806+actions-bot@users.noreply.github.com&gt;
Co-authored-by: Erik Osterman &lt;erik@cloudposse.com&gt;
diff --git a/README.md b/README.md
@@ -217,6 +217,7 @@ Available targets:
 | ebs\_volume\_count | Count of EBS volumes that will be attached to the instance | `number` | `0` | no |
 | ebs\_volume\_size | Size of the EBS volume in gigabytes | `number` | `10` | no |
 | ebs\_volume\_type | The type of EBS volume. Can be standard, gp2 or io1 | `string` | `"gp2"` | no |
+| environment | Environment, e.g. 'prod', 'staging', 'dev', 'pre-prod', 'UAT' | `string` | `""` | no |
 | evaluation\_periods | The number of periods over which data is compared to the specified threshold | `number` | `5` | no |
 | generate\_ssh\_key\_pair | If true, create a new key pair and save the pem for it to the current working directory | `bool` | `false` | no |
 | instance\_count | Count of ec2 instances to create | `number` | `1` | no |
@@ -230,6 +231,7 @@ Available targets:
 | monitoring | Launched EC2 instance will have detailed monitoring enabled | `bool` | `true` | no |
 | name | Name of the application | `string` | n/a | yes |
 | namespace | Namespace (e.g. `eg` or `cp`) | `string` | `""` | no |
+| permissions\_boundary\_arn | Policy ARN to attach to instance role as a permissions boundary | `string` | `""` | no |
 | private\_ips | Private IP address to associate with the instances in the VPC | `list(string)` | `[]` | no |
 | region | AWS Region the instance is launched in | `string` | n/a | yes |
 | root\_iops | Amount of provisioned IOPS. This must be set if root\_volume\_type is set to `io1` | `number` | `0` | no |
@@ -258,6 +260,7 @@ Available targets:
 | eni\_to\_eip\_map | Map of ENI with EIP |
 | ids | Disambiguated IDs list |
 | instance\_count | Total number of instances created |
+| name | Instance(s) name |
 | network\_interface\_ids | IDs of the network interface that was created with the instance |
 | new\_ssh\_keypair\_generated | Was a new ssh\_key\_pair generated |
 | primary\_network\_interface\_ids | IDs of the instance's primary network interface |
@@ -423,8 +426,8 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply
 
 ### Contributors
 
-|  [![Erik Osterman][osterman_avatar]][osterman_homepage]<br/>[Erik Osterman][osterman_homepage] | [![Jamie Nelson][Jamie-BitFlight_avatar]][Jamie-BitFlight_homepage]<br/>[Jamie Nelson][Jamie-BitFlight_homepage] | [![Vladimir][SweetOps_avatar]][SweetOps_homepage]<br/>[Vladimir][SweetOps_homepage] | [![Andriy Knysh][aknysh_avatar]][aknysh_homepage]<br/>[Andriy Knysh][aknysh_homepage] |
-|---|---|---|---|
+|  [![Erik Osterman][osterman_avatar]][osterman_homepage]<br/>[Erik Osterman][osterman_homepage] | [![Jamie Nelson][Jamie-BitFlight_avatar]][Jamie-BitFlight_homepage]<br/>[Jamie Nelson][Jamie-BitFlight_homepage] | [![Vladimir][SweetOps_avatar]][SweetOps_homepage]<br/>[Vladimir][SweetOps_homepage] | [![Andriy Knysh][aknysh_avatar]][aknysh_homepage]<br/>[Andriy Knysh][aknysh_homepage] | [![Chris Weyl][rsrchboy_avatar]][rsrchboy_homepage]<br/>[Chris Weyl][rsrchboy_homepage] |
+|---|---|---|---|---|
 
   [osterman_homepage]: https://github.com/osterman
   [osterman_avatar]: https://img.cloudposse.com/150x150/https://github.com/osterman.png
@@ -434,6 +437,8 @@ Check out [our other projects][github], [follow us on twitter][twitter], [apply
   [SweetOps_avatar]: https://img.cloudposse.com/150x150/https://github.com/SweetOps.png
   [aknysh_homepage]: https://github.com/aknysh
   [aknysh_avatar]: https://img.cloudposse.com/150x150/https://github.com/aknysh.png
+  [rsrchboy_homepage]: https://github.com/rsrchboy
+  [rsrchboy_avatar]: https://img.cloudposse.com/150x150/https://github.com/rsrchboy.png
 
 [![README Footer][readme_footer_img]][readme_footer_link]
 [![Beacon][beacon]][website]
diff --git a/README.yaml b/README.yaml
@@ -127,3 +127,5 @@ contributors:
     github: "SweetOps"
   - name: "Andriy Knysh"
     github: "aknysh"
+  - name: "Chris Weyl"
+    github: "rsrchboy"
diff --git a/docs/terraform.md b/docs/terraform.md
@@ -38,6 +38,7 @@
 | ebs\_volume\_count | Count of EBS volumes that will be attached to the instance | `number` | `0` | no |
 | ebs\_volume\_size | Size of the EBS volume in gigabytes | `number` | `10` | no |
 | ebs\_volume\_type | The type of EBS volume. Can be standard, gp2 or io1 | `string` | `"gp2"` | no |
+| environment | Environment, e.g. 'prod', 'staging', 'dev', 'pre-prod', 'UAT' | `string` | `""` | no |
 | evaluation\_periods | The number of periods over which data is compared to the specified threshold | `number` | `5` | no |
 | generate\_ssh\_key\_pair | If true, create a new key pair and save the pem for it to the current working directory | `bool` | `false` | no |
 | instance\_count | Count of ec2 instances to create | `number` | `1` | no |
@@ -51,6 +52,7 @@
 | monitoring | Launched EC2 instance will have detailed monitoring enabled | `bool` | `true` | no |
 | name | Name of the application | `string` | n/a | yes |
 | namespace | Namespace (e.g. `eg` or `cp`) | `string` | `""` | no |
+| permissions\_boundary\_arn | Policy ARN to attach to instance role as a permissions boundary | `string` | `""` | no |
 | private\_ips | Private IP address to associate with the instances in the VPC | `list(string)` | `[]` | no |
 | region | AWS Region the instance is launched in | `string` | n/a | yes |
 | root\_iops | Amount of provisioned IOPS. This must be set if root\_volume\_type is set to `io1` | `number` | `0` | no |
@@ -79,6 +81,7 @@
 | eni\_to\_eip\_map | Map of ENI with EIP |
 | ids | Disambiguated IDs list |
 | instance\_count | Total number of instances created |
+| name | Instance(s) name |
 | network\_interface\_ids | IDs of the network interface that was created with the instance |
 | new\_ssh\_keypair\_generated | Was a new ssh\_key\_pair generated |
 | primary\_network\_interface\_ids | IDs of the instance's primary network interface |
diff --git a/main.tf b/main.tf
@@ -59,12 +59,13 @@ data "aws_ami" "info" {
 }
 
 module "label" {
-  source     = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.14.1"
-  namespace  = var.namespace
-  stage      = var.stage
-  name       = var.name
-  attributes = var.attributes
-  delimiter  = var.delimiter
+  source      = "git::https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.16.0"
+  namespace   = var.namespace
+  stage       = var.stage
+  environment = var.environment
+  name        = var.name
+  attributes  = var.attributes
+  delimiter   = var.delimiter
   tags = merge(
     {
       AZ = local.availability_zone
@@ -81,10 +82,11 @@ resource "aws_iam_instance_profile" "default" {
 }
 
 resource "aws_iam_role" "default" {
-  count              = signum(local.instance_count)
-  name               = module.label.id
-  path               = "/"
-  assume_role_policy = data.aws_iam_policy_document.default.json
+  count                = signum(local.instance_count)
+  name                 = module.label.id
+  path                 = "/"
+  assume_role_policy   = data.aws_iam_policy_document.default.json
+  permissions_boundary = length(var.permissions_boundary_arn) > 0 ? var.permissions_boundary_arn : null
 }
 
 resource "aws_instance" "default" {
@@ -102,8 +104,8 @@ resource "aws_instance" "default" {
   monitoring                  = var.monitoring
   private_ip                  = concat(var.private_ips, [""])[min(length(var.private_ips), count.index)]
   source_dest_check           = var.source_dest_check
-  ipv6_address_count          = var.ipv6_address_count
-  ipv6_addresses              = var.ipv6_addresses
+  ipv6_address_count          = var.ipv6_address_count < 0 ? null : var.ipv6_address_count
+  ipv6_addresses              = length(var.ipv6_addresses) > 0 ? var.ipv6_addresses : null
 
   vpc_security_group_ids = compact(
     concat(
@@ -134,8 +136,9 @@ resource "aws_instance" "default" {
 ##
 
 module "ssh_key_pair" {
-  source                = "git::https://github.com/cloudposse/terraform-aws-key-pair.git?ref=tags/0.4.0"
+  source                = "git::https://github.com/cloudposse/terraform-aws-key-pair.git?ref=tags/0.9.0"
   namespace             = var.namespace
+  environment           = var.environment
   stage                 = var.stage
   name                  = var.name
   ssh_public_key_path   = local.ssh_key_pair_path
diff --git a/outputs.tf b/outputs.tf
@@ -23,6 +23,11 @@ output "ids" {
   value       = aws_instance.default.*.id
 }
 
+output "name" {
+  description = "Instance(s) name"
+  value       = module.label.id
+}
+
 output "aws_key_pair_name" {
   description = "Name of AWS key pair"
   value       = signum(length(var.ssh_key_pair)) == 1 ? var.ssh_key_pair : var.generate_ssh_key_pair ? module.ssh_key_pair.key_name : ""
diff --git a/variables.tf b/variables.tf
@@ -10,6 +10,12 @@ variable "stage" {
   default     = ""
 }
 
+variable "environment" {
+  type        = string
+  description = "Environment, e.g. 'prod', 'staging', 'dev', 'pre-prod', 'UAT'"
+  default     = ""
+}
+
 variable "name" {
   type        = string
   description = "Name of the application"
@@ -291,3 +297,9 @@ variable "instance_count" {
   description = "Count of ec2 instances to create"
   default     = 1
 }
+
+variable "permissions_boundary_arn" {
+  type        = string
+  description = "Policy ARN to attach to instance role as a permissions boundary"
+  default     = ""
+}
