Update terraform to use instance profile
All checks were successful
Gitea Actions Demo / Explore-Gitea-Actions (push) Successful in 52s
All checks were successful
Gitea Actions Demo / Explore-Gitea-Actions (push) Successful in 52s
This commit is contained in:
@ -177,6 +177,7 @@ resource "aws_instance" "my_second_linux" {
|
||||
instance_type = "t2.micro"
|
||||
ami = aws_ami_from_instance.ami_snapshot.arn
|
||||
security_groups = ["ssh-access-witch"]
|
||||
iam_instance_profile = aws_iam_instance_profile.daphodell_profile.name
|
||||
|
||||
tags = {
|
||||
Name = "labs"
|
||||
|
||||
@ -1,135 +0,0 @@
|
||||
resource "aws_instance" "my_first_linux" {
|
||||
instance_type = "t2.micro"
|
||||
ami = "ami-06971c49acd687c30"
|
||||
|
||||
security_groups = ["ssh-access-witch"]
|
||||
|
||||
tags = {
|
||||
Name = "labs"
|
||||
}
|
||||
}
|
||||
|
||||
resource "aws_s3_bucket" "resume-bucket" {
|
||||
tags = {
|
||||
Name = "labs"
|
||||
}
|
||||
}
|
||||
|
||||
resource "aws_s3_bucket" "lab-bucket" {
|
||||
tags = {
|
||||
Name = "labs"
|
||||
}
|
||||
}
|
||||
|
||||
## Security Group
|
||||
resource "aws_security_group" "ec2_security_group" {
|
||||
description = "Restrict SSH to my IP"
|
||||
}
|
||||
|
||||
resource "aws_security_group" "default" {
|
||||
description = "default VPC security group"
|
||||
}
|
||||
|
||||
|
||||
## Roles
|
||||
resource "aws_iam_role" "daphodell_role" {
|
||||
assume_role_policy = jsonencode({
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Principal": {
|
||||
"Service": "ec2.amazonaws.com"
|
||||
},
|
||||
"Action": "sts:AssumeRole"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Principal": {
|
||||
"AWS": var.ACCOUNT_ROOT_ARN
|
||||
},
|
||||
"Action": "sts:AssumeRole",
|
||||
"Condition": {
|
||||
"BoolIfExists": {
|
||||
"aws:MultiFactorAuthPresent": "true"
|
||||
}
|
||||
}
|
||||
}
|
||||
]})
|
||||
tags = {
|
||||
Name = "labs"
|
||||
}
|
||||
}
|
||||
|
||||
## Policies
|
||||
## Allow user CLI -> S3 read/write
|
||||
resource "aws_iam_policy" "assume_role_s3_policy" {
|
||||
policy = jsonencode({
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": "sts:AssumeRole",
|
||||
"Resource": aws_iam_role.daphodell_role.arn
|
||||
}
|
||||
]
|
||||
})
|
||||
tags = {
|
||||
Name = "labs"
|
||||
}
|
||||
}
|
||||
|
||||
## Allow ec2 -> s3 read/write
|
||||
resource "aws_iam_policy" "ec2_s3_policy" {
|
||||
policy = jsonencode({
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": "s3:ListBucket",
|
||||
"Resource": "arn:aws:s3:::witch-lab-3"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": "s3:GetObject",
|
||||
"Resource": "arn:aws:s3:::witch-lab-3/*"
|
||||
}
|
||||
]
|
||||
})
|
||||
tags = {
|
||||
Name = "labs"
|
||||
}
|
||||
}
|
||||
|
||||
# # Create AMI
|
||||
# resource "aws_ami_from_instance" "ami_snapshot" {
|
||||
# name = "ami-snapshot-2025-06-17"
|
||||
# source_instance_id = aws_instance.my_first_linux.id
|
||||
# snapshot_without_reboot = true
|
||||
#
|
||||
# tags = {
|
||||
# Name = "labs"
|
||||
# }
|
||||
# }
|
||||
#
|
||||
# # Launch new instance from AMI
|
||||
# resource "aws_instance" "my_second_linux" {
|
||||
# instance_type = "t2.micro"
|
||||
# ami = aws_ami_from_instance.ami_snapshot.id
|
||||
# security_groups = ["ssh-access-witch"]
|
||||
#
|
||||
# tags = {
|
||||
# Name = "labs"
|
||||
# }
|
||||
# }
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
@ -1,20 +0,0 @@
|
||||
provider "aws" {
|
||||
region = "us-east-2"
|
||||
}
|
||||
|
||||
variable "EC2_INSTANCE_ID" {
|
||||
description = "ID of the EC2 instance"
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "ASSUME_ROLE_POLICY" {
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "EC2_POLICY" {
|
||||
type = string
|
||||
}
|
||||
|
||||
variable "ACCOUNT_ROOT_ARN" {
|
||||
type = string
|
||||
}
|
||||
Reference in New Issue
Block a user