diff --git a/examples/ec2-vpc-region-vpcN/apps/README.md b/examples/ec2-vpc-region-vpcN/apps/README.md new file mode 100644 index 0000000..5ca9045 --- /dev/null +++ b/examples/ec2-vpc-region-vpcN/apps/README.md @@ -0,0 +1,23 @@ +## Requirements + +No requirements. + +## Providers + +No providers. + +## Modules + +No modules. + +## Resources + +No resources. + +## Inputs + +No inputs. + +## Outputs + +No outputs. diff --git a/examples/ec2-vpc-region-vpcN/apps/test-instances/README.md b/examples/ec2-vpc-region-vpcN/apps/test-instances/README.md index 0639b0c..3bb6789 100644 --- a/examples/ec2-vpc-region-vpcN/apps/test-instances/README.md +++ b/examples/ec2-vpc-region-vpcN/apps/test-instances/README.md @@ -31,7 +31,9 @@ No requirements. ## Inputs -No inputs. +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [enable\_instances](#input\_enable\_instances) | Flag to enable or disable creation of EC2 key and instances | `bool` | `true` | no | ## Outputs diff --git a/examples/ec2-vpc-region-vpcN/apps/test-instances/ec2-keypair.tf b/examples/ec2-vpc-region-vpcN/apps/test-instances/ec2-keypair.tf index ea9d6e4..1bf1bf2 100644 --- a/examples/ec2-vpc-region-vpcN/apps/test-instances/ec2-keypair.tf +++ b/examples/ec2-vpc-region-vpcN/apps/test-instances/ec2-keypair.tf @@ -17,6 +17,11 @@ locals { # git commit -m'add ec2-keypair: *-ec2-keypair' *-ec2-keypair.{pub,secret} .gitignore resource "null_resource" "generate_keypair" { + triggers = { + keypair_name = local.keypair_name + } + + count = var.enable_instances ? 1 : 0 provisioner "local-exec" { command = "test -d setup || mkdir setup" } @@ -25,9 +30,15 @@ resource "null_resource" "generate_keypair" { # command = "ssh-keygen -f ${local.keypair_name} -N '' -t dsa -b 1024 -C '${local.keypair_name}@${var.vpc_domain_name}'" command = "ssh-keygen -f ${local.keypair_name} -N '' -t rsa -b 2048 -C '${local.keypair_name}@${var.vpc_domain_name}'" } + # provisioner "local-exec" { + # when = destroy + # working_dir = "./setup" + # command = format("rm %v %v.pub",self.triggers.keypair_name,self.triggers.keypair_name) + # } } resource "aws_key_pair" "keypair" { + count = var.enable_instances ? 1 : 0 key_name = local.keypair_name public_key = file("setup/${local.keypair_name}.pub") depends_on = [null_resource.generate_keypair] @@ -35,5 +46,5 @@ resource "aws_key_pair" "keypair" { output "keypair" { description = "EC2 keypair for test instances" - value = aws_key_pair.keypair.key_name + value = var.enable_instances ? aws_key_pair.keypair[0].key_name : "" } diff --git a/examples/ec2-vpc-region-vpcN/apps/test-instances/ec2-role.tf b/examples/ec2-vpc-region-vpcN/apps/test-instances/ec2-role.tf index f572dc5..5f52ea7 100644 --- a/examples/ec2-vpc-region-vpcN/apps/test-instances/ec2-role.tf +++ b/examples/ec2-vpc-region-vpcN/apps/test-instances/ec2-role.tf @@ -2,6 +2,7 @@ module "role" { source = "git@github.e.it.census.gov:terraform-modules/aws-iam-role.git" role_name = local.ec2_role_name + create = var.enable_instances attached_policies = [data.terraform_remote_state.common.outputs.managed_policies["ReadOnlyAccess"]] enable_instance_profile = true assume_policy_document = data.terraform_remote_state.common.outputs.custom_policy_documents["ec2_assume"].policy diff --git a/examples/ec2-vpc-region-vpcN/apps/test-instances/ec2.tf b/examples/ec2-vpc-region-vpcN/apps/test-instances/ec2.tf index 0fac107..57ea481 100644 --- a/examples/ec2-vpc-region-vpcN/apps/test-instances/ec2.tf +++ b/examples/ec2-vpc-region-vpcN/apps/test-instances/ec2.tf @@ -1,5 +1,5 @@ resource "aws_instance" "test" { - for_each = local.private_subnets_id_map + for_each = var.enable_instances ? local.private_subnets_id_map : {} ami = local.ami instance_type = local.my_instance_type diff --git a/examples/ec2-vpc-region-vpcN/apps/test-instances/show-tunnel-status.sh b/examples/ec2-vpc-region-vpcN/apps/test-instances/show-tunnel-status.sh index 7185f31..f67e02d 100755 --- a/examples/ec2-vpc-region-vpcN/apps/test-instances/show-tunnel-status.sh +++ b/examples/ec2-vpc-region-vpcN/apps/test-instances/show-tunnel-status.sh @@ -22,4 +22,21 @@ fi echo "* using profile $PROFILE region $REGION for VPC filter $VPC" -aws --profile $PROFILE --region $REGION ec2 describe-vpn-connections --filters Name=tag:Name,Values="$VPC" --output text|grep -iE "VGW|TAG.*Name|customer.*cgw-" +if [ -z "$FULL" ] +then + echo "## VPN" + aws --profile $PROFILE --region $REGION ec2 describe-vpn-connections --filters Name=tag:Name,Values="$VPC" --output text|grep -iE "VGW|TAG.*Name|customer.*cgw-" + echo "## Routes" + aws --profile $PROFILE --region $REGION ec2 describe-route-tables --filters Name=tag:Name,Values="${VPC}private*" --output text|grep -iE "^TAGS.*Name|vgw" +elif [ "$FULL" == "json" ] +then + echo "## VPN.json" + aws --profile $PROFILE --region $REGION ec2 describe-vpn-connections --filters Name=tag:Name,Values="$VPC" --output json + echo "## Routes.json" + aws --profile $PROFILE --region $REGION ec2 describe-route-tables --filters Name=tag:Name,Values="${VPC}private*" --output json +else + echo "## VPN.full" + aws --profile $PROFILE --region $REGION ec2 describe-vpn-connections --filters Name=tag:Name,Values="$VPC" --output text + echo "## Routes.full" + aws --profile $PROFILE --region $REGION ec2 describe-route-tables --filters Name=tag:Name,Values="${VPC}private*" --output text +fi diff --git a/examples/ec2-vpc-region-vpcN/apps/test-instances/templates/test-ips.txt.tpl b/examples/ec2-vpc-region-vpcN/apps/test-instances/templates/test-ips.txt.tpl index 8e33c53..5ca5edb 100644 --- a/examples/ec2-vpc-region-vpcN/apps/test-instances/templates/test-ips.txt.tpl +++ b/examples/ec2-vpc-region-vpcN/apps/test-instances/templates/test-ips.txt.tpl @@ -1,3 +1,3 @@ %{ for k,v in instances ~} -v.private_ip +${v.private_ip} %{ endfor ~} diff --git a/examples/ec2-vpc-region-vpcN/apps/test-instances/test-ips.txt.tpl b/examples/ec2-vpc-region-vpcN/apps/test-instances/test-ips.txt.tpl new file mode 100644 index 0000000..5ca5edb --- /dev/null +++ b/examples/ec2-vpc-region-vpcN/apps/test-instances/test-ips.txt.tpl @@ -0,0 +1,3 @@ +%{ for k,v in instances ~} +${v.private_ip} +%{ endfor ~} diff --git a/examples/ec2-vpc-region-vpcN/apps/test-instances/test-ssh.sh b/examples/ec2-vpc-region-vpcN/apps/test-instances/test-ssh.sh index d44daa5..a8a85e8 100755 --- a/examples/ec2-vpc-region-vpcN/apps/test-instances/test-ssh.sh +++ b/examples/ec2-vpc-region-vpcN/apps/test-instances/test-ssh.sh @@ -15,14 +15,20 @@ KEYPAIR=$(ls setup/*-keypair) echo "* running ssh timeout=$TIMEOUT with keypair=$KEYPAIR at $(date) start=$start" count=1 +ecount=0 for f in $(cat test-ips.txt) do echo " * $count host $f" - SSH_AUTH_SOCK="" timeout $TIMEOUT ssh -o StrictHostKeyChecking=false -o IdentityFile=$KEYPAIR ec2-user@$f "hostname -f; date +%s" + SSH_AUTH_SOCK="" timeout $TIMEOUT ssh $SSH_OPTIONS -o StrictHostKeyChecking=false -o IdentityFile=$KEYPAIR ec2-user@$f "hostname -f; date +%s" + status=$? + if [ $status != 0 ] + then + ecount=$(( $ecount + 1 )) + fi count=$(( $count + 1 )) done end=$(date +%s) elapsed=$(( $end - $start )) -echo "* done running ssh at $(date) count=$count start=$start end=$end elapsed=$elapsed" +echo "* done running ssh at $(date) count=$count error_count=$ecount start=$start end=$end elapsed=$elapsed" diff --git a/examples/ec2-vpc-region-vpcN/apps/test-instances/variables.tf b/examples/ec2-vpc-region-vpcN/apps/test-instances/variables.tf new file mode 100644 index 0000000..dc58f3d --- /dev/null +++ b/examples/ec2-vpc-region-vpcN/apps/test-instances/variables.tf @@ -0,0 +1,6 @@ +variable "enable_instances" { + description = "Flag to enable or disable creation of EC2 key and instances" + type = bool + default = true +} +