update examples

examples/ec2-vpc-region-vpcN/apps/README.md

@@ -0,0 +1,23 @@
+## Requirements
+
+No requirements.
+
+## Providers
+
+No providers.
+
+## Modules
+
+No modules.
+
+## Resources
+
+No resources.
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.

examples/ec2-vpc-region-vpcN/apps/test-instances/README.md

@@ -31,7 +31,9 @@ No requirements.
 
 ## Inputs
 
-No inputs.
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_enable_instances"></a> [enable\_instances](#input\_enable\_instances) | Flag to enable or disable creation of EC2 key and instances | `bool` | `true` | no |
 
 ## Outputs
 

examples/ec2-vpc-region-vpcN/apps/test-instances/ec2-keypair.tf

@@ -17,6 +17,11 @@ locals {
 #   git commit -m'add ec2-keypair: *-ec2-keypair' *-ec2-keypair.{pub,secret} .gitignore
 
 resource "null_resource" "generate_keypair" {
+  triggers = {
+    keypair_name = local.keypair_name
+  }
+
+  count = var.enable_instances ? 1 : 0
   provisioner "local-exec" {
     command = "test -d setup || mkdir setup"
   }
@@ -25,15 +30,21 @@ resource "null_resource" "generate_keypair" {
     #    command = "ssh-keygen -f ${local.keypair_name} -N '' -t dsa -b 1024 -C '${local.keypair_name}@${var.vpc_domain_name}'"
     command = "ssh-keygen -f ${local.keypair_name} -N '' -t rsa -b 2048 -C '${local.keypair_name}@${var.vpc_domain_name}'"
   }
+  #  provisioner "local-exec" {
+  #    when        = destroy
+  #    working_dir = "./setup"
+  #    command     = format("rm %v %v.pub",self.triggers.keypair_name,self.triggers.keypair_name)
+  #  }
 }
 
 resource "aws_key_pair" "keypair" {
+  count      = var.enable_instances ? 1 : 0
   key_name   = local.keypair_name
   public_key = file("setup/${local.keypair_name}.pub")
   depends_on = [null_resource.generate_keypair]
 }
 
 output "keypair" {
   description = "EC2 keypair for test instances"
-  value       = aws_key_pair.keypair.key_name
+  value       = var.enable_instances ? aws_key_pair.keypair[0].key_name : ""
 }

examples/ec2-vpc-region-vpcN/apps/test-instances/ec2-role.tf

@@ -2,6 +2,7 @@ module "role" {
   source = "git@github.e.it.census.gov:terraform-modules/aws-iam-role.git"
 
   role_name               = local.ec2_role_name
+  create                  = var.enable_instances
   attached_policies       = [data.terraform_remote_state.common.outputs.managed_policies["ReadOnlyAccess"]]
   enable_instance_profile = true
   assume_policy_document  = data.terraform_remote_state.common.outputs.custom_policy_documents["ec2_assume"].policy

examples/ec2-vpc-region-vpcN/apps/test-instances/ec2.tf

@@ -1,5 +1,5 @@
 resource "aws_instance" "test" {
-  for_each = local.private_subnets_id_map
+  for_each = var.enable_instances ? local.private_subnets_id_map : {}
 
   ami                    = local.ami
   instance_type          = local.my_instance_type

examples/ec2-vpc-region-vpcN/apps/test-instances/show-tunnel-status.sh

@@ -22,4 +22,21 @@ fi
 
 echo "* using profile $PROFILE region $REGION for VPC filter $VPC"
 
-aws --profile $PROFILE --region $REGION ec2 describe-vpn-connections --filters Name=tag:Name,Values="$VPC" --output text|grep -iE "VGW|TAG.*Name|customer.*cgw-"
+if [ -z "$FULL" ]
+then
+  echo "## VPN"
+  aws --profile $PROFILE --region $REGION ec2 describe-vpn-connections --filters Name=tag:Name,Values="$VPC" --output text|grep -iE "VGW|TAG.*Name|customer.*cgw-"
+  echo "## Routes"
+  aws --profile $PROFILE --region $REGION ec2 describe-route-tables --filters Name=tag:Name,Values="${VPC}private*" --output text|grep -iE "^TAGS.*Name|vgw"
+elif [ "$FULL" == "json" ]
+then
+  echo "## VPN.json"
+  aws --profile $PROFILE --region $REGION ec2 describe-vpn-connections --filters Name=tag:Name,Values="$VPC" --output json
+  echo "## Routes.json"
+  aws --profile $PROFILE --region $REGION ec2 describe-route-tables --filters Name=tag:Name,Values="${VPC}private*" --output json
+else
+  echo "## VPN.full"
+  aws --profile $PROFILE --region $REGION ec2 describe-vpn-connections --filters Name=tag:Name,Values="$VPC" --output text
+  echo "## Routes.full"
+  aws --profile $PROFILE --region $REGION ec2 describe-route-tables --filters Name=tag:Name,Values="${VPC}private*" --output text
+fi

examples/ec2-vpc-region-vpcN/apps/test-instances/templates/test-ips.txt.tpl

@@ -1,3 +1,3 @@
 %{ for k,v in instances ~}
-v.private_ip
+${v.private_ip}
 %{ endfor ~}

examples/ec2-vpc-region-vpcN/apps/test-instances/test-ips.txt.tpl

@@ -0,0 +1,3 @@
+%{ for k,v in instances ~}
+${v.private_ip}
+%{ endfor ~}

examples/ec2-vpc-region-vpcN/apps/test-instances/test-ssh.sh

@@ -15,14 +15,20 @@ KEYPAIR=$(ls setup/*-keypair)
 echo "* running ssh timeout=$TIMEOUT with keypair=$KEYPAIR at $(date) start=$start"
 
 count=1
+ecount=0
 for f in $(cat test-ips.txt)
 do
   echo "  * $count host $f"
-  SSH_AUTH_SOCK="" timeout $TIMEOUT ssh -o StrictHostKeyChecking=false -o IdentityFile=$KEYPAIR  ec2-user@$f "hostname -f; date +%s"
+  SSH_AUTH_SOCK="" timeout $TIMEOUT ssh $SSH_OPTIONS -o StrictHostKeyChecking=false -o IdentityFile=$KEYPAIR  ec2-user@$f "hostname -f; date +%s"
+  status=$?
+  if [ $status != 0 ]
+  then
+    ecount=$(( $ecount + 1 ))
+  fi
   count=$(( $count + 1 ))
 done
 
 end=$(date +%s)
 elapsed=$(( $end - $start ))
 
-echo "* done running ssh at $(date) count=$count start=$start end=$end elapsed=$elapsed"
+echo "* done running ssh at $(date) count=$count error_count=$ecount start=$start end=$end elapsed=$elapsed"

examples/ec2-vpc-region-vpcN/apps/test-instances/variables.tf

@@ -0,0 +1,6 @@
+variable "enable_instances" {
+  description = "Flag to enable or disable creation of EC2 key and instances"
+  type        = bool
+  default     = true
+}
+