From 9868689b6b215f403aa6a5fb622efb9984a7bbab Mon Sep 17 00:00:00 2001 From: badra001 Date: Mon, 31 Oct 2022 07:45:01 -0400 Subject: [PATCH] update, not done yet --- ec2-test-instance/README.md | 17 +---- ec2-test-instance/bin/install-ssm.sh | 27 ++++--- ec2-test-instance/bin/show-tunnel-status.sh | 27 ++++++- ec2-test-instance/ec2-role.tf | 9 ++- ec2-test-instance/ec2.tf | 62 ++++++++++++++-- .../etc/sysctl.d/10-iperf3-sysctl.conf | 4 ++ .../{ => etc}/systemd/iperf3.service | 0 .../{ => etc}/systemd/iperf3@.service | 0 ec2-test-instance/locals.tf | 3 +- ec2-test-instance/region.tf | 1 - ec2-test-instance/settings.tf | 1 + ec2-test-instance/sg.tf | 18 +++++ .../templates/ip-addresses-full.json.tpl | 17 +++++ .../templates/ip-addresses-full.txt.tpl | 3 + ec2-test-instance/tf-run.data | 5 +- .../variables.common.availability_zones.tf | 1 - .../variables.common.subnet_ids.tf | 1 - ec2-test-instance/variables.common.tf | 1 - ec2-test-instance/variables.common.vpc.tf | 1 - ec2-test-instance/variables.common.vpc_id.tf | 1 - ec2-test-instance/variables.tf | 6 -- ec2-test-instance/write-bucket.tf.off | 71 +++++++++++++++++++ 22 files changed, 229 insertions(+), 47 deletions(-) mode change 100755 => 100644 ec2-test-instance/bin/install-ssm.sh create mode 100644 ec2-test-instance/etc/sysctl.d/10-iperf3-sysctl.conf rename ec2-test-instance/{ => etc}/systemd/iperf3.service (100%) rename ec2-test-instance/{ => etc}/systemd/iperf3@.service (100%) create mode 100644 ec2-test-instance/sg.tf create mode 100644 ec2-test-instance/templates/ip-addresses-full.json.tpl create mode 100644 ec2-test-instance/templates/ip-addresses-full.txt.tpl delete mode 120000 ec2-test-instance/variables.common.availability_zones.tf delete mode 120000 ec2-test-instance/variables.common.subnet_ids.tf delete mode 120000 ec2-test-instance/variables.common.tf delete mode 120000 ec2-test-instance/variables.common.vpc.tf delete mode 120000 ec2-test-instance/variables.common.vpc_id.tf create mode 100644 ec2-test-instance/write-bucket.tf.off diff --git a/ec2-test-instance/README.md b/ec2-test-instance/README.md index 1876f18..16f72b6 100644 --- a/ec2-test-instance/README.md +++ b/ec2-test-instance/README.md @@ -20,6 +20,7 @@ | Name | Source | Version | |------|--------|---------| | [role](#module\_role) | git@github.e.it.census.gov:terraform-modules/aws-iam-role.git | tf-upgrade | +| [sg](#module\_sg) | git@github.e.it.census.gov:terraform-modules/aws-common-security-groups.git//custom | tf-upgrade | ## Resources @@ -27,6 +28,8 @@ |------|------| | [aws_instance.test](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource | | [aws_key_pair.keypair](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/key_pair) | resource | +| [local_file.ip_addresses_full](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource | +| [local_file.ip_addresses_full_json](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource | | [local_file.test_addresses](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource | | [null_resource.generate_keypair](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | | [aws_ami.test_arm](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source | @@ -38,23 +41,9 @@ | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [account\_alias](#input\_account\_alias) | AWS Account Alias (default: will pull from current account\_alias) | `string` | `""` | no | -| [account\_id](#input\_account\_id) | AWS Account ID (default: will pull from current user) | `string` | `""` | no | -| [availability\_zones](#input\_availability\_zones) | AWS Availability Zones to use (by default will use all available) | `list(string)` | `[]` | no | -| [bootstrap\_commands](#input\_bootstrap\_commands) | List of commands to pass to the instance over SSH | `list(string)` | `[]` | no | | [enable\_bootstrap](#input\_enable\_bootstrap) | Flag to enable or disable bootstrap (yum and awscli setup) | `bool` | `true` | no | | [enable\_instances](#input\_enable\_instances) | Flag to enable or disable creation of EC2 key and instances | `bool` | `true` | no | | [instance\_count](#input\_instance\_count) | Number to indicate how many instances (up to subnet-count x az-count) | `number` | `null` | no | -| [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no | -| [private\_subnets\_ids](#input\_private\_subnets\_ids) | List of private subnet objects including: subnet, label, availability\_zone, id | 
list(object({
    subnet            = string
    label             = string
    availability_zone = string
    id                = string
  }))
| `[]` | no | -| [public\_subnets\_ids](#input\_public\_subnets\_ids) | List of public subnet objects including: subnet, label, availability\_zone, id | 
list(object({
    subnet            = string
    label             = string
    availability_zone = string
    id                = string
  }))
| `[]` | no | -| [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS). Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no | -| [vpc\_environment](#input\_vpc\_environment) | VPC environment purpose (infrastructure, common, shared, dev, stage, ite, prod) | `string` | `null` | no | -| [vpc\_full\_name](#input\_vpc\_full\_name) | VPC full name component (vpc{index}-{vpc\_name}) | `string` | `null` | no | -| [vpc\_id](#input\_vpc\_id) | VPC ID | `string` | n/a | yes | -| [vpc\_index](#input\_vpc\_index) | VPC index number (integer starting at 1) | `number` | `null` | no | -| [vpc\_name](#input\_vpc\_name) | VPC name component used through the VPC descrbing its purpose (ex: dice-dev) | `string` | `null` | no | -| [vpc\_short\_name](#input\_vpc\_short\_name) | VPC short name component (vpc{index}) | `string` | `null` | no | ## Outputs diff --git a/ec2-test-instance/bin/install-ssm.sh b/ec2-test-instance/bin/install-ssm.sh old mode 100755 new mode 100644 index 3717088..89d244a --- a/ec2-test-instance/bin/install-ssm.sh +++ b/ec2-test-instance/bin/install-ssm.sh @@ -1,6 +1,6 @@ #!/bin/bash -x -VERSION="1.3.0" +VERSION="1.3.2" echo "# starring install-ssm.sh v$VERSION at $(date)" @@ -8,7 +8,7 @@ echo "# disabling root password" passwd -d root echo "# installing packages" -sudo yum install -y iperf3 bind-utils curl nc awscli jq lsof policycoreutils-python +sudo yum install -y --skip-broken iperf3 bind-utils curl nc awscli jq lsof policycoreutils-python echo "# configuring AWS CLI" REGION=$(curl --silent http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .region) @@ -24,7 +24,17 @@ sudo systemctl enable amazon-ssm-agent sudo systemctl start amazon-ssm-agent sudo systemctl status amazon-ssm-agent -echo "# setp iperf3 service" +echo "# setup sysctl" +cat > /etc/sysctl.d/10-iperf3-sysctl.conf < /tmp/iperf3.service < tgw-route-table $rt" + aws --profile $PROFILE --region $REGION ec2 search-transit-gateway-routes --transit-gateway-route-table-id $rt --filters Name=type,Values=propagated --output text|grep ^ROUTE + done elif [ "$FULL" == "json" ] then echo "## VPN.json" aws --profile $PROFILE --region $REGION ec2 describe-vpn-connections --filters Name=tag:Name,Values="$VPC" --output json echo "## Routes.json" - aws --profile $PROFILE --region $REGION ec2 describe-route-tables --filters Name=tag:Name,Values="${VPC}private*" --output json + aws --profile $PROFILE --region $REGION ec2 describe-route-tables --filters Name=tag:Name,Values="${VPC}*private*" --output json + echo "## TGW Routes.json" +# aws --profile $PROFILE --region $REGION ec2 describe-transit-gateway-route-tables --filters Name=tag:Name,Values="*vpn*${VPC}*" --output json + for rt in $(aws --profile $PROFILE --region $REGION ec2 describe-transit-gateway-route-tables --filters Name=tag:Name,Values="*vpn*${VPC}*" --output text|grep ^TRA|awk '{print $7}') + do + echo "> tgw-route-table $rt" + aws --profile $PROFILE --region $REGION ec2 search-transit-gateway-routes --transit-gateway-route-table-id $rt --filters Name=type,Values=propagated --output json + done else echo "## VPN.full" aws --profile $PROFILE --region $REGION ec2 describe-vpn-connections --filters Name=tag:Name,Values="$VPC" --output text echo "## Routes.full" - aws --profile $PROFILE --region $REGION ec2 describe-route-tables --filters Name=tag:Name,Values="${VPC}private*" --output text + aws --profile $PROFILE --region $REGION ec2 describe-route-tables --filters Name=tag:Name,Values="${VPC}*private*" --output text + echo "## TGW Routes.full" +# aws --profile $PROFILE --region $REGION ec2 describe-transit-gateway-route-tables --filters Name=tag:Name,Values="*vpn*${VPC}*" --output text + for rt in $(aws --profile $PROFILE --region $REGION ec2 describe-transit-gateway-route-tables --filters Name=tag:Name,Values="*vpn*${VPC}*" --output text|grep ^TRA|awk '{print $7}') + do + echo "> tgw-route-table $rt" + aws --profile $PROFILE --region $REGION ec2 search-transit-gateway-routes --transit-gateway-route-table-id $rt --filters Name=type,Values=propagated --output text + done fi diff --git a/ec2-test-instance/ec2-role.tf b/ec2-test-instance/ec2-role.tf index f51d483..020b1da 100644 --- a/ec2-test-instance/ec2-role.tf +++ b/ec2-test-instance/ec2-role.tf @@ -10,11 +10,16 @@ data "aws_iam_policy" "ssm_policies" { name = each.key } +#data "aws_iam_policy" "bucket" { +# name = "p-tgw-testing" +#} + module "role" { source = "git@github.e.it.census.gov:terraform-modules/aws-iam-role.git?ref=tf-upgrade" - role_name = local.ec2_role_name - create = var.enable_instances + role_name = local.ec2_role_name + create = var.enable_instances + # attached_policies = concat([for k, v in data.aws_iam_policy.ssm_policies : v.arn],[data.aws_iam_policy.bucket.arn]) attached_policies = [for k, v in data.aws_iam_policy.ssm_policies : v.arn] enable_instance_profile = true assume_policy_document = data.terraform_remote_state.common.outputs.custom_policy_documents["ec2_assume"].policy diff --git a/ec2-test-instance/ec2.tf b/ec2-test-instance/ec2.tf index 780d5c0..5789090 100644 --- a/ec2-test-instance/ec2.tf +++ b/ec2-test-instance/ec2.tf @@ -1,5 +1,18 @@ # https://cloudanddevopstech.com/2020/11/01/terraform-aws-ec2-with-ssm-agent-installed/ +locals { + bootstrap_commands = [ + # "sudo bash /tmp/bootstrap.sh /tmp/${var.git_deploy_path} ${local.bootstrap_args} |& tee /tmp/bootstrap.log", + "sleep 60", + "sudo yum install -y iperf3 bind-utils curl nc awscli", + # set region in default profile + "aws configure --profile default set region ${local.region}", + "aws configure --profile default set output json", + "sudo aws configure --profile default set region ${local.region}", + "sudo aws configure --profile default set output json", + ] +} + resource "aws_instance" "test" { for_each = var.enable_instances ? { for k, v in local.private_subnets_id_list : k => local.private_subnets_id_map[v.label] } : {} @@ -8,7 +21,7 @@ resource "aws_instance" "test" { availability_zone = each.value.availability_zone key_name = local.key_name subnet_id = each.value.id - vpc_security_group_ids = local.security_groups + vpc_security_group_ids = concat(local.security_groups, [module.sg.this_security_group_id]) iam_instance_profile = module.role.instance_profile_name root_block_device { @@ -19,7 +32,7 @@ resource "aws_instance" "test" { } provisioner "remote-exec" { - inline = var.enable_bootstrap && length(var.bootstrap_commands) > 0 ? var.bootstrap_commands : [] + inline = var.enable_bootstrap ? local.bootstrap_commands : [] on_failure = continue connection { @@ -28,11 +41,11 @@ resource "aws_instance" "test" { host = self.private_ip agent = false private_key = file("${path.root}/setup/${local.key_name}") - timeout = var.enable_bootstrap && length(var.bootstrap_commands) > 0 ? "5m" : "5s" + timeout = var.enable_bootstrap && length(local.bootstrap_commands) > 0 ? "5m" : "5s" } } - user_data = file("${path.module}/bin/install-ssm.sh") + user_data = file("${path.root}/install-ssm.sh") volume_tags = merge( local.common_tags, @@ -43,6 +56,10 @@ resource "aws_instance" "test" { local.common_tags, tomap({ "Name" = format("%v-test-%v.%v", local.vpc_short_name, each.key, var.vpc_domain_name) }), ) + + lifecycle { + ignore_changes = [ami] + } } output "test_instances" { @@ -56,6 +73,39 @@ output "test_instances" { } resource "local_file" "test_addresses" { - content = templatefile("${path.root}/templates/test-ips.txt.tpl", { instances = aws_instance.test }) - filename = "${path.root}/test-ips.txt" + content = templatefile("${path.root}/templates/test-ips.txt.tpl", { + instances = aws_instance.test + account_id = var.account_id + account_alias = var.account_alias + region = local.region + vpc_name = local.vpc_short_name + }) + filename = "${path.root}/test-ips.txt" + file_permission = "0644" +} + +resource "local_file" "ip_addresses_full" { + content = templatefile("${path.root}/templates/ip-addresses-full.txt.tpl", { + instances = aws_instance.test + account_id = var.account_id + account_alias = var.account_alias + region = local.region + vpc_name = local.vpc_short_name + name_prefix = "test" + }) + filename = "${path.root}/ip-addresses-full.txt" + file_permission = "0644" +} + +resource "local_file" "ip_addresses_full_json" { + content = templatefile("${path.root}/templates/ip-addresses-full.json.tpl", { + instances = aws_instance.test + account_id = var.account_id + account_alias = var.account_alias + region = local.region + vpc_name = local.vpc_short_name + name_prefix = "test" + }) + filename = "${path.root}/ip-addresses-full.json" + file_permission = "0644" } diff --git a/ec2-test-instance/etc/sysctl.d/10-iperf3-sysctl.conf b/ec2-test-instance/etc/sysctl.d/10-iperf3-sysctl.conf new file mode 100644 index 0000000..f4b4a5e --- /dev/null +++ b/ec2-test-instance/etc/sysctl.d/10-iperf3-sysctl.conf @@ -0,0 +1,4 @@ +net.core.wmem_max = 4194304 +net.core.rmem_max = 12582912 +net.ipv4.tcp_rmem = 4096 87380 4194304 +net.ipv4.tcp_wmem = 4096 87380 4194304 diff --git a/ec2-test-instance/systemd/iperf3.service b/ec2-test-instance/etc/systemd/iperf3.service similarity index 100% rename from ec2-test-instance/systemd/iperf3.service rename to ec2-test-instance/etc/systemd/iperf3.service diff --git a/ec2-test-instance/systemd/iperf3@.service b/ec2-test-instance/etc/systemd/iperf3@.service similarity index 100% rename from ec2-test-instance/systemd/iperf3@.service rename to ec2-test-instance/etc/systemd/iperf3@.service diff --git a/ec2-test-instance/locals.tf b/ec2-test-instance/locals.tf index 0ef3672..7341179 100644 --- a/ec2-test-instance/locals.tf +++ b/ec2-test-instance/locals.tf @@ -1,3 +1,4 @@ locals { - vpc_outputs = data.terraform_remote_state.vpc_west_vpc1.outputs + vpc_outputs = data.terraform_remote_state.vpc_east_vpc1.outputs + account_id = data.aws_caller_identity.current.account_id } diff --git a/ec2-test-instance/region.tf b/ec2-test-instance/region.tf index b7b1696..f617506 100644 --- a/ec2-test-instance/region.tf +++ b/ec2-test-instance/region.tf @@ -1,4 +1,3 @@ locals { region = var.region } - diff --git a/ec2-test-instance/settings.tf b/ec2-test-instance/settings.tf index d18313e..e8ce594 100644 --- a/ec2-test-instance/settings.tf +++ b/ec2-test-instance/settings.tf @@ -1,4 +1,5 @@ locals { + vpc_outputs = data.terraform_remote_state.vpc_east_vpc1.outputs vpc_short_name = local.vpc_outputs.vpc_info["vpc_short_name"] private_subnets_ids = local.vpc_outputs.private_subnets_ids diff --git a/ec2-test-instance/sg.tf b/ec2-test-instance/sg.tf new file mode 100644 index 0000000..cbd9626 --- /dev/null +++ b/ec2-test-instance/sg.tf @@ -0,0 +1,18 @@ +module "sg" { + source = "git@github.e.it.census.gov:terraform-modules/aws-common-security-groups.git//custom?ref=tf-upgrade" + + vpc_id = local.vpc_id + name = format("%v-test", local.vpc_short_name) + description = format("Security group for %v-test", local.vpc_short_name) + short_description = "testing" + ingress_port_list = [ + [5201, 5210, "tcp", "iperf3", ["0.0.0.0/0"]], + [5201, 5210, "udp", "iperf3", ["0.0.0.0/0"]], + [8080, 8080, "tcp", "http", ["0.0.0.0/0"]], + [8443, 8443, "tcp", "https", ["0.0.0.0/0"]], + ] + tags = merge( + local.common_tags, + tomap({ "Name" = format("%v-test", local.vpc_short_name) }), + ) +} diff --git a/ec2-test-instance/templates/ip-addresses-full.json.tpl b/ec2-test-instance/templates/ip-addresses-full.json.tpl new file mode 100644 index 0000000..04daf7d --- /dev/null +++ b/ec2-test-instance/templates/ip-addresses-full.json.tpl @@ -0,0 +1,17 @@ +[ +%{ for k,v in instances ~} + { + "label": "${k}", + "hostname": "${vpc_name}-${name_prefix}-${k}", + "fqdn": "${v.tags.Name}", + "account_id": "${account_id}", + "account_alias": "${account_alias}", + "region": "${region}", + "vpc_name": "${vpc_name}" + "availability_zone": "${v.availability_zone}", + "ip_address": "${v.private_ip}", + "instance_id": "${v.id}" + } +%{ if length(instances)>1 },%{ endif ~} +%{ endfor ~} +] diff --git a/ec2-test-instance/templates/ip-addresses-full.txt.tpl b/ec2-test-instance/templates/ip-addresses-full.txt.tpl new file mode 100644 index 0000000..abe9ea4 --- /dev/null +++ b/ec2-test-instance/templates/ip-addresses-full.txt.tpl @@ -0,0 +1,3 @@ +%{ for k,v in instances ~} +${account_id} ${account_alias} ${region} ${vpc_name} ${v.availability_zone} ${v.private_ip} ${vpc_name}-${name_prefix}-${k} ${v.id} +%{ endfor ~} diff --git a/ec2-test-instance/tf-run.data b/ec2-test-instance/tf-run.data index 3d26174..c58f6e2 100644 --- a/ec2-test-instance/tf-run.data +++ b/ec2-test-instance/tf-run.data @@ -1,4 +1,4 @@ -VERSION 1.1.3 +VERSION 1.1.7 REMOTE-STATE COMMAND tf-directory-setup.py -l none -f COMMAND setup-new-directory.sh @@ -6,12 +6,15 @@ COMMAND tf-init -upgrade null_resource.generate_keypair COMMAND tf-directory-setup.py -l s3 +COMMAND rm provider.infoblox.* COMMAND ln -sf ../variables.vpc.auto.tfvars . COMMAND ln -sf ../variables.vpc.tf . LINKTOP provider_configs.d/provider.ldap_new.auto.tfvars LINKTOP provider_configs.d/provider.ldap_new.tf LINKTOP provider_configs.d/provider.ldap_new.variables.tf +## LINKTOP vpc/apps/tgw-testing/remote_state.vpc_apps_tgw-testing.tf +module.sg ALL COMMENT echo *-keypair >> .gitignore diff --git a/ec2-test-instance/variables.common.availability_zones.tf b/ec2-test-instance/variables.common.availability_zones.tf deleted file mode 120000 index dca20a3..0000000 --- a/ec2-test-instance/variables.common.availability_zones.tf +++ /dev/null @@ -1 +0,0 @@ -../common/variables.common.availability_zones.tf \ No newline at end of file diff --git a/ec2-test-instance/variables.common.subnet_ids.tf b/ec2-test-instance/variables.common.subnet_ids.tf deleted file mode 120000 index 3d70185..0000000 --- a/ec2-test-instance/variables.common.subnet_ids.tf +++ /dev/null @@ -1 +0,0 @@ -../common/variables.common.subnet_ids.tf \ No newline at end of file diff --git a/ec2-test-instance/variables.common.tf b/ec2-test-instance/variables.common.tf deleted file mode 120000 index 7439ed8..0000000 --- a/ec2-test-instance/variables.common.tf +++ /dev/null @@ -1 +0,0 @@ -../common/variables.common.tf \ No newline at end of file diff --git a/ec2-test-instance/variables.common.vpc.tf b/ec2-test-instance/variables.common.vpc.tf deleted file mode 120000 index 5e77d37..0000000 --- a/ec2-test-instance/variables.common.vpc.tf +++ /dev/null @@ -1 +0,0 @@ -../common/variables.common.vpc.tf \ No newline at end of file diff --git a/ec2-test-instance/variables.common.vpc_id.tf b/ec2-test-instance/variables.common.vpc_id.tf deleted file mode 120000 index bc2e061..0000000 --- a/ec2-test-instance/variables.common.vpc_id.tf +++ /dev/null @@ -1 +0,0 @@ -../common/variables.common.vpc_id.tf \ No newline at end of file diff --git a/ec2-test-instance/variables.tf b/ec2-test-instance/variables.tf index 208ce61..a2c9cda 100644 --- a/ec2-test-instance/variables.tf +++ b/ec2-test-instance/variables.tf @@ -10,12 +10,6 @@ variable "enable_bootstrap" { default = true } -variable "bootstrap_commands" { - description = "List of commands to pass to the instance over SSH" - type = list(string) - default = [] -} - variable "instance_count" { description = "Number to indicate how many instances (up to subnet-count x az-count)" type = number diff --git a/ec2-test-instance/write-bucket.tf.off b/ec2-test-instance/write-bucket.tf.off new file mode 100644 index 0000000..dee7877 --- /dev/null +++ b/ec2-test-instance/write-bucket.tf.off @@ -0,0 +1,71 @@ +locals { + file_prefixes = [ + format("data/%v", local.account_id), + format("data/%v/%v", local.account_id, local.region), + format("data/%v/%v/%v", local.account_id, local.region, var.vpc_full_name), + ] + file_names = { for f in [ + local_file.test_addresses.filename, + local_file.ip_addresses_full.filename, + local_file.ip_addresses_full_json.filename] : format("%v-%v.%v", local.region, var.vpc_short_name, basename(f)) => f + } + all_files = { for p in setproduct(local.file_prefixes, keys(local.file_names)) : format("%v__%v", p[0], p[1]) => { prefix = p[0], file = p[1], source = local.file_names[p[1]] } } +} + +#--- +# write ip address files to both buckets +#--- +resource "aws_s3_object" "bucket_east_files" { + for_each = local.all_files + provider = aws.east + bucket = data.terraform_remote_state.vpc_apps_tgw-testing.outputs.bucket_east.id + key = format("%v/%v", each.value.prefix, each.value.file) + source = each.value.source + etag = fileexists(each.value.source) ? filemd5(each.value.source) : "" + + depends_on = [ local_file.test_addresses,local_file.ip_addresses_full,local_file.ip_addresses_full_json] +} + +resource "aws_s3_object" "bucket_west_files" { + for_each = local.all_files + provider = aws.west + bucket = data.terraform_remote_state.vpc_apps_tgw-testing.outputs.bucket_west.id + key = format("%v/%v", each.value.prefix, each.value.file) + source = each.value.source + etag = fileexists(each.value.source) ? filemd5(each.value.source) : "" + + depends_on = [ local_file.test_addresses,local_file.ip_addresses_full,local_file.ip_addresses_full_json] +} + + +locals { + ssh_keys = { for f in fileset(path.root, format("setup/%v*", try(null_resource.generate_keypair[0].triggers.keypair_name,"not-enabled"))) : basename(f) => + { + prefix = format("data/%v/%v/%v/ssh", local.account_id, local.region, var.vpc_full_name), + file = basename(f), + source = f + } + } +} + +resource "aws_s3_object" "bucket_east_ssh_keys" { + for_each = var.enable_instances ? local.ssh_keys : {} + provider = aws.east + bucket = data.terraform_remote_state.vpc_apps_tgw-testing.outputs.bucket_east.id + key = format("%v/%v", each.value.prefix, each.value.file) + source = each.value.source + etag = filemd5(each.value.source) + + depends_on = [null_resource.generate_keypair] +} + +resource "aws_s3_object" "bucket_west_ssh_keys" { + for_each = var.enable_instances ? local.ssh_keys : {} + provider = aws.west + bucket = data.terraform_remote_state.vpc_apps_tgw-testing.outputs.bucket_west.id + key = format("%v/%v", each.value.prefix, each.value.file) + source = each.value.source + etag = filemd5(each.value.source) + + depends_on = [null_resource.generate_keypair] +}