mirror of
https://github.com/nmasur/dotfiles
synced 2024-11-22 09:55:37 +00:00
register instance profile for ssm and allow ping
This commit is contained in:
parent
de106298d6
commit
c06cb27bcc
@ -1,5 +1,6 @@
|
|||||||
resource "aws_instance" "instance" {
|
resource "aws_instance" "instance" {
|
||||||
ami = aws_ami.image.id
|
ami = aws_ami.image.id
|
||||||
|
iam_instance_profile = aws_iam_instance_profile.instance.name
|
||||||
instance_type = var.ec2_size
|
instance_type = var.ec2_size
|
||||||
vpc_security_group_ids = [aws_security_group.instance.id]
|
vpc_security_group_ids = [aws_security_group.instance.id]
|
||||||
|
|
||||||
@ -21,6 +22,14 @@ resource "aws_security_group" "instance" {
|
|||||||
description = "Allow SSH and HTTPS"
|
description = "Allow SSH and HTTPS"
|
||||||
vpc_id = data.aws_vpc.vpc.id
|
vpc_id = data.aws_vpc.vpc.id
|
||||||
|
|
||||||
|
ingress {
|
||||||
|
description = "Ping"
|
||||||
|
from_port = -1
|
||||||
|
to_port = -1
|
||||||
|
protocol = "icmp"
|
||||||
|
cidr_blocks = ["0.0.0.0/0"]
|
||||||
|
}
|
||||||
|
|
||||||
ingress {
|
ingress {
|
||||||
description = "SSH"
|
description = "SSH"
|
||||||
from_port = 22
|
from_port = 22
|
||||||
@ -45,3 +54,40 @@ resource "aws_security_group" "instance" {
|
|||||||
ipv6_cidr_blocks = ["::/0"]
|
ipv6_cidr_blocks = ["::/0"]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Setup IAM for the instance to use SSM
|
||||||
|
data "aws_iam_policy_document" "instance_profile" {
|
||||||
|
statement {
|
||||||
|
actions = ["sts:AssumeRole"]
|
||||||
|
principals {
|
||||||
|
type = "Service"
|
||||||
|
identifiers = ["ec2.amazonaws.com"]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
data "aws_iam_policy_document" "instance_profile" {
|
||||||
|
statement {
|
||||||
|
actions = [
|
||||||
|
"s3:ListAllMyBuckets",
|
||||||
|
]
|
||||||
|
resources = ["*"]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_iam_role" "instance_profile" {
|
||||||
|
name = "nixos"
|
||||||
|
assume_role_policy = data.aws_iam_policy_document.instance_profile.json
|
||||||
|
inline_policy {
|
||||||
|
name = "instance-profile"
|
||||||
|
policy = data.aws_iam_policy_document.instance_profile.json
|
||||||
|
}
|
||||||
|
}
|
||||||
|
resource "aws_iam_role_policy_attachment" "instance_ssm" {
|
||||||
|
role = aws_iam_role.instance_profile.name
|
||||||
|
policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
|
||||||
|
}
|
||||||
|
resource "aws_iam_instance_profile" "instance" {
|
||||||
|
name = "nixos"
|
||||||
|
role = aws_iam_role.instance_profile.name
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user