update examples

examples/ec2-add-dns/ec2-dns.tf

@@ -0,0 +1,94 @@
+locals {
+  ec2_instances_map = { for f in var.ec2_instance_names : f => length(regexall("\\.", f)) > 0 ? f : format("%v.*", f) }
+  ip_to_name        = { for k, v in data.aws_instance.ec2 : v.private_ip => { "name" = split(".", v.tags.Name)[0], "ip_address" = v.private_ip, "instance_id" = v.id } }
+}
+
+data "aws_instances" "ec2" {
+  filter {
+    name   = "tag:Name"
+    values = values(local.ec2_instances_map)
+  }
+  instance_state_names = ["running", "stopped"]
+}
+
+data "aws_instance" "ec2" {
+  for_each    = toset(data.aws_instances.ec2.ids)
+  instance_id = each.key
+}
+
+# this takes a list of IPs, and returns results_ipv4[each-ip] {} structure
+# each value in the structure should be a single value vs a comma separated list as we are looking up only one
+# IP and asking for the A or AAAA record
+module "ec2_addresses" {
+  source          = "git@github.e.it.census.gov:terraform-modules/dns-lookup.git"
+  hosts           = keys(local.ip_to_name)
+  use_cidr_format = true
+}
+
+data "aws_route53_zone" "ec2_forward" {
+  name         = var.vpc_domain_name
+  private_zone = true
+}
+
+resource "time_static" "create_date" {
+  for_each = local.ip_to_name
+}
+
+resource "aws_route53_record" "ec2_forward" {
+  for_each = local.ip_to_name
+  zone_id  = data.aws_route53_zone.ec2_forward.zone_id
+
+  name    = format("%v.%v.", each.value.name, var.vpc_domain_name)
+  type    = "A"
+  ttl     = "900"
+  records = [each.value.ip_address]
+}
+
+resource "aws_route53_record" "ec2_forward_txt" {
+  for_each = local.ip_to_name
+  zone_id  = data.aws_route53_zone.ec2_forward.zone_id
+
+  name = format("%v.%v.", each.value.name, var.vpc_domain_name)
+  type = "TXT"
+  ttl  = "900"
+  #  records = [format("instance-id=%v create-date=%v", each.value.instance_id, time_static.create_date[each.key].rfc3339)]
+  records = [format("heritage=terraform,terraform/account_id=%v,terraform/region=%v,terraform/instance_id=%v,terraform/create_time=%d",
+  data.aws_caller_identity.current.account_id, local.region, each.value.instance_id, time_static.create_date[each.key].unix)]
+}
+
+data "aws_route53_zone" "ec2_reverse" {
+  for_each     = local.ip_to_name
+  name         = module.ec2_addresses.results_ipv4[each.key].network_ptr_sorted
+  private_zone = true
+}
+
+resource "aws_route53_record" "ec2_reverse" {
+  for_each = local.ip_to_name
+  zone_id  = data.aws_route53_zone.ec2_reverse[each.key].zone_id
+
+  name    = format("%v.", module.ec2_addresses.results_ipv4[each.key].ptr_sorted)
+  type    = "PTR"
+  ttl     = "900"
+  records = [format("%v.%v.", each.value.name, var.vpc_domain_name)]
+}
+
+resource "aws_route53_record" "ec2_reverse_txt" {
+  for_each = local.ip_to_name
+  zone_id  = data.aws_route53_zone.ec2_reverse[each.key].zone_id
+
+  name = format("%v.", module.ec2_addresses.results_ipv4[each.key].ptr_sorted)
+  type = "TXT"
+  ttl  = "900"
+  #  records = [format("instance-id=%v create-date=%v", each.value.instance_id, time_static.create_date[each.key].rfc3339)]
+  records = [format("heritage=terraform,terraform/account_id=%v,terraform/region=%v,terraform/instance_id=%v,terraform/create_time=%d",
+  data.aws_caller_identity.current.account_id, local.region, each.value.instance_id, time_static.create_date[each.key].unix)]
+}
+
+## results_ipv4 = {
+##   "{host}" = {
+##     "ip_addresses_sorted" = "{host-ip}
+##     "ip_addresses_version" = "{host-ip-version}"
+##     "network_ptr_sorted" = "{host-ptr-format-for-network}"
+##     "ptr_sorted" = "{host-ptr-format}"
+##   }
+## }

examples/ec2-add-dns/tf-run.data

@@ -0,0 +1,9 @@
+VERSION 1.0.1
+REMOTE-STATE
+COMMAND tf-directory-setup.py -l none -f
+COMMAND setup-new-directory.sh
+COMMAND tf-init -upgrade
+COMMAND ln -sf ../variables.vpc.tf .
+COMMAND ln -sf ../variables.vpc.auto.tfvars .
+ALL
+COMMAND tf-directory-setup.py -l s3

examples/ec2-add-dns/variables.ec2-dns.tf

@@ -0,0 +1,5 @@
+variable "ec2_instance_names" {
+  description = "Short name or FQDN from the Name tag for the instance, in this particular VPC"
+  type        = list(string)
+  default     = []
+}

examples/ec2-vpc-region-vpcN-new/apps/test-instances/.gitignore

@@ -0,0 +1 @@
+setup/*-keypair

examples/ec2-vpc-region-vpcN-new/apps/test-instances/.terraform-docs.yml

@@ -0,0 +1,44 @@
+formatter: markdown table
+
+header-from: main.tf
+footer-from: ""
+
+sections:
+##  hide: []
+  show: 
+    - data-sources
+    - header
+    - footer
+    - inputs
+    - modules
+    - outputs
+    - providers
+    - requirements
+    - resources
+
+output:
+  file: README.md
+  mode: inject
+  template: |-
+    <!-- BEGIN_TF_DOCS -->
+    {{ .Content }}
+    <!-- END_TF_DOCS -->
+
+## output-values:
+##   enabled: false
+##   from: ""
+## 
+## sort:
+##   enabled: true
+##   by: name
+## 
+## settings:
+##   anchor: true
+##   color: true
+##   default: true
+##   description: false
+##   escape: true
+##   indent: 2
+##   required: true
+##   sensitive: true
+##   type: true

examples/ec2-vpc-region-vpcN-new/apps/test-instances/README.md

@@ -0,0 +1,5 @@
+<!-- BEGIN_TF_DOCS -->
+enable_bootstrap = true
+enable_instances = true
+instance_count   = ""
+<!-- END_TF_DOCS -->

examples/ec2-vpc-region-vpcN-new/apps/test-instances/data.tf

@@ -0,0 +1,55 @@
+data "aws_ami" "test_x86" {
+  most_recent = true
+  owners      = ["self", "amazon", "aws-marketplace"]
+
+  filter {
+    name   = "description"
+    values = ["Amazon Linux 2*"]
+  }
+  filter {
+    name   = "root-device-type"
+    values = ["ebs"]
+  }
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+  filter {
+    name   = "architecture"
+    values = ["x86_64"]
+  }
+}
+
+data "aws_ami" "test_arm" {
+  most_recent = true
+  owners      = ["self", "amazon", "aws-marketplace"]
+
+  filter {
+    name   = "description"
+    values = ["Amazon Linux 2*"]
+  }
+  filter {
+    name   = "root-device-type"
+    values = ["ebs"]
+  }
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+  filter {
+    name   = "architecture"
+    values = ["arm64"]
+  }
+}
+
+data "aws_security_groups" "test" {
+  filter {
+    name   = "vpc-id"
+    values = [local.vpc_id]
+  }
+  filter {
+    name   = "group-name"
+    values = ["*linux*"]
+  }
+}
+

examples/ec2-vpc-region-vpcN-new/apps/test-instances/ec2-keypair.tf

@@ -0,0 +1,50 @@
+#---
+# ec2 keypairs
+#---
+locals {
+  keypair_name = format("%v-test-ec2-keypair", local.vpc_short_name)
+}
+
+# two-step process to create
+#   terraform apply -target=null_resource.generate_keypair
+#   terraform apply
+# when done, add to git
+#   cd setup
+#   echo *-keypair >> .gitignore
+#   git-secret add *-ec2-keypair
+#   git-secret hide
+#   git add *-ec2-keypair.{pub,secret}
+#   git commit -m'add ec2-keypair: *-ec2-keypair' *-ec2-keypair.{pub,secret} .gitignore
+
+resource "null_resource" "generate_keypair" {
+  triggers = {
+    keypair_name = local.keypair_name
+  }
+
+  count = var.enable_instances ? 1 : 0
+  provisioner "local-exec" {
+    command = "test -d setup || mkdir setup"
+  }
+  provisioner "local-exec" {
+    working_dir = "./setup"
+    #    command = "ssh-keygen -f ${local.keypair_name} -N '' -t dsa -b 1024 -C '${local.keypair_name}@${var.vpc_domain_name}'"
+    command = "ssh-keygen -f ${local.keypair_name} -N '' -t rsa -b 2048 -C '${local.keypair_name}@${var.vpc_domain_name}'"
+  }
+  #  provisioner "local-exec" {
+  #    when        = destroy
+  #    working_dir = "./setup"
+  #    command     = format("rm %v %v.pub",self.triggers.keypair_name,self.triggers.keypair_name)
+  #  }
+}
+
+resource "aws_key_pair" "keypair" {
+  count      = var.enable_instances ? 1 : 0
+  key_name   = local.keypair_name
+  public_key = file("setup/${local.keypair_name}.pub")
+  depends_on = [null_resource.generate_keypair]
+}
+
+output "keypair" {
+  description = "EC2 keypair for test instances"
+  value       = var.enable_instances ? aws_key_pair.keypair[0].key_name : ""
+}

examples/ec2-vpc-region-vpcN-new/apps/test-instances/ec2-role.tf

@@ -0,0 +1,23 @@
+locals {
+  ssm_policies = [
+    "AmazonSSMManagedInstanceCore",
+    "AmazonEC2RoleforSSM",
+  ]
+}
+
+data "aws_iam_policy" "ssm_policies" {
+  for_each = toset(local.ssm_policies)
+  name     = each.key
+}
+
+module "role" {
+  source = "git@github.e.it.census.gov:terraform-modules/aws-iam-role.git"
+
+  role_name = local.ec2_role_name
+  create    = var.enable_instances
+  #  attached_policies       = [data.terraform_remote_state.common.outputs.managed_policies["ReadOnlyAccess"]]
+  attached_policies       = [for k, v in data.aws_iam_policy.ssm_policies : v.arn]
+  enable_instance_profile = true
+  assume_policy_document  = data.terraform_remote_state.common.outputs.custom_policy_documents["ec2_assume"].policy
+}
+

examples/ec2-vpc-region-vpcN-new/apps/test-instances/ec2.tf

@@ -0,0 +1,75 @@
+# https://cloudanddevopstech.com/2020/11/01/terraform-aws-ec2-with-ssm-agent-installed/
+
+locals {
+  bootstrap_commands = [
+    #      "sudo bash /tmp/bootstrap.sh /tmp/${var.git_deploy_path} ${local.bootstrap_args} |& tee /tmp/bootstrap.log",
+    "sleep 60",
+    "sudo yum install -y iperf3 bind-utils curl nc awscli",
+    # set region in default profile
+    "aws configure --profile default set region ${local.region}",
+    "aws configure --profile default set output json",
+    "sudo aws configure --profile default set region ${local.region}",
+    "sudo aws configure --profile default set output json",
+  ]
+}
+
+resource "aws_instance" "test" {
+  #  for_each = var.enable_instances ? local.private_subnets_id_map : {}
+  for_each = var.enable_instances ? { for k in local.private_subnets_id_list : k => local.private_subnets_id_map[k] } : {}
+
+  ami                    = local.ami
+  instance_type          = local.my_instance_type
+  availability_zone      = each.value.availability_zone
+  key_name               = local.key_name
+  subnet_id              = each.value.id
+  vpc_security_group_ids = local.security_groups
+  iam_instance_profile   = module.role.instance_profile_name
+
+  root_block_device {
+    encrypted             = true
+    volume_type           = "gp2"
+    volume_size           = local.root_volume_size > 0 ? local.root_volume_size : 30
+    delete_on_termination = true
+  }
+
+  provisioner "remote-exec" {
+    inline     = var.enable_bootstrap ? local.bootstrap_commands : []
+    on_failure = continue
+
+    connection {
+      type        = "ssh"
+      user        = "ec2-user"
+      host        = self.private_ip
+      agent       = false
+      private_key = file("${path.root}/setup/${local.key_name}")
+      timeout     = var.enable_bootstrap && length(local.bootstrap_commands) > 0 ? "5m" : "5s"
+    }
+  }
+
+  user_data = file("${path.root}/install-ssm.sh")
+
+  volume_tags = merge(
+    local.common_tags,
+    tomap({ "Name" = format("v-ebs-%v-test-%v:%v", local.vpc_short_name, each.value.label, "/") }),
+  )
+
+  tags = merge(
+    local.common_tags,
+    tomap({ "Name" = format("%v-test-%v.%v", local.vpc_short_name, each.value.label, var.vpc_domain_name) }),
+  )
+}
+
+output "test_instances" {
+  description = "Details about test instances"
+  value = { for k, v in aws_instance.test : k => {
+    name       = k
+    id         = v.id
+    ip_address = v.private_ip
+    subnet_id  = v.subnet_id
+  } }
+}
+
+resource "local_file" "test_addresses" {
+  content  = templatefile("${path.root}/templates/test-ips.txt.tpl", { instances = aws_instance.test })
+  filename = "${path.root}/test-ips.txt"
+}