diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 6984327..ae4cd68 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -5,6 +5,15 @@ updates: directory: / schedule: interval: daily + - package-ecosystem: terraform + directory: /modules/aws/acme_certificate + schedule: + interval: daily + ignore: + - dependency-name: "*" + update-types: + - "version-update:semver-patch" + - "version-update:semver-minor" - package-ecosystem: terraform directory: /modules/aws/ec2 schedule: diff --git a/modules/aws/ec2/README.md b/modules/aws/ec2/README.md index 1fba6ac..75de1b2 100644 --- a/modules/aws/ec2/README.md +++ b/modules/aws/ec2/README.md @@ -22,13 +22,13 @@ This Terraform module will produce an EC2 instance which can be accessed via ssh | Name | Type | |------|------| -| [aws_eip.public_elastic_ip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource | -| [aws_iam_instance_profile.instance_profile](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource | -| [aws_iam_role.instance_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | -| [aws_iam_role_policy_attachment.instance_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | -| [aws_instance.ec2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource | -| [aws_key_pair.key_pair](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/key_pair) | resource | -| [tls_private_key.private_key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource | +| [aws_eip.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource | +| [aws_iam_instance_profile.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource | +| [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy_attachment.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | +| [aws_instance.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource | +| [aws_key_pair.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/key_pair) | resource | +| [tls_private_key.this](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource | ## Inputs diff --git a/modules/aws/ec2/main.tf b/modules/aws/ec2/main.tf index a2f40fa..8bb6aaa 100644 --- a/modules/aws/ec2/main.tf +++ b/modules/aws/ec2/main.tf @@ -13,12 +13,12 @@ terraform { } } -resource "aws_iam_instance_profile" "instance_profile" { +resource "aws_iam_instance_profile" "this" { name = "${var.project_name}-ec2-monitoring-and-setup" - role = aws_iam_role.instance_role.name + role = aws_iam_role.this.name } -resource "aws_iam_role" "instance_role" { +resource "aws_iam_role" "this" { name = "${var.project_name}-ec2-monitoring-and-setup" assume_role_policy = <<-EOF { @@ -36,30 +36,30 @@ resource "aws_iam_role" "instance_role" { EOF } -resource "aws_iam_role_policy_attachment" "instance_role" { +resource "aws_iam_role_policy_attachment" "this" { for_each = toset([ "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM", "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy" ]) - role = aws_iam_role.instance_role.name + role = aws_iam_role.this.name policy_arn = each.value } -resource "tls_private_key" "private_key" { +resource "tls_private_key" "this" { count = var.custom_key_name == "" ? 1 : 0 algorithm = "RSA" rsa_bits = 4096 } -resource "aws_key_pair" "key_pair" { +resource "aws_key_pair" "this" { count = var.custom_key_name == "" ? 1 : 0 key_name = "${var.project_name}-key-pair" - public_key = tls_private_key.private_key[0].public_key_openssh + public_key = tls_private_key.this[0].public_key_openssh } -resource "aws_instance" "ec2" { +resource "aws_instance" "this" { instance_type = var.ec2_instance_type - key_name = var.custom_key_name == "" ? aws_key_pair.key_pair[0].key_name : var.custom_key_name + key_name = var.custom_key_name == "" ? aws_key_pair.this[0].key_name : var.custom_key_name ami = var.ami_id metadata_options { http_endpoint = "enabled" @@ -74,7 +74,7 @@ resource "aws_instance" "ec2" { vpc_security_group_ids = var.vpc_security_group_ids associate_public_ip_address = var.associate_public_ip_address - iam_instance_profile = aws_iam_instance_profile.instance_profile.name + iam_instance_profile = aws_iam_instance_profile.this.name user_data = var.user_data user_data_replace_on_change = var.user_data_replace_on_change @@ -85,10 +85,10 @@ resource "aws_instance" "ec2" { } } -resource "aws_eip" "public_elastic_ip" { +resource "aws_eip" "this" { count = var.needs_elastic_ip == true ? 1 : 0 - instance = aws_instance.ec2.id + instance = aws_instance.this.id domain = "vpc" tags = { diff --git a/modules/aws/ec2/output.tf b/modules/aws/ec2/output.tf index 3bfb531..0ea02f6 100644 --- a/modules/aws/ec2/output.tf +++ b/modules/aws/ec2/output.tf @@ -1,15 +1,15 @@ output "instance_public_ip_address" { - value = aws_eip.public_elastic_ip[0].public_ip + value = aws_eip.this[0].public_ip description = "This outputs the public IP associated with the EC2 instance. Note that this output will be the same as the elastic IP if `needs_elastic_ip` is set to `true`. This output is of type `string`." } output "instance_id" { - value = aws_instance.ec2.id + value = aws_instance.this.id description = "This outputs the unique ID of the EC2 instance." } output "private_key" { - value = tls_private_key.private_key[0].private_key_pem + value = tls_private_key.this[0].private_key_pem description = "This outputs the self-generated private key - This will not be populated if you provide your own key" sensitive = true } diff --git a/modules/aws/vpc/README.md b/modules/aws/vpc/README.md index 982bb6a..869bf6a 100644 --- a/modules/aws/vpc/README.md +++ b/modules/aws/vpc/README.md @@ -43,6 +43,7 @@ traffic, this is good from an auditing perspective, however you will be charged | [aws_vpc.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc) | resource | | [random_uuid.log_group_guid_identifier](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/uuid) | resource | | [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | ## Inputs diff --git a/modules/aws/vpc/data.tf b/modules/aws/vpc/data.tf index 87d8f48..2ce02a4 100644 --- a/modules/aws/vpc/data.tf +++ b/modules/aws/vpc/data.tf @@ -1,3 +1,5 @@ data "aws_availability_zones" "available" { state = "available" } + +data "aws_region" "current" {} diff --git a/modules/aws/vpc/locals.tf b/modules/aws/vpc/locals.tf index d9168df..8ef2d29 100644 --- a/modules/aws/vpc/locals.tf +++ b/modules/aws/vpc/locals.tf @@ -2,9 +2,9 @@ locals { num_az_zones = length(var.azs) == 0 ? length(data.aws_availability_zones.available.names) : length(var.azs) az_zones = length(var.azs) == 0 ? data.aws_availability_zones.available.names : var.azs -} -locals { + aws_region_short = replace(replace(replace(replace(replace(replace(replace(data.aws_region.current.name, "north", "n"), "south", "s"), "east", "e"), "west", "w"), "central", "c"), "gov", "g"), "-", "") + public_subnet_cidrs = var.num_public_subnets == -1 ? [for i in range(1, local.num_az_zones + 1) : "10.0.${i}.0/24"] : [for i in range(1, var.num_public_subnets + 1) : "10.0.${i}.0/24"] private_subnet_cidrs = var.num_private_subnets == -1 ? [for i in range(1, local.num_az_zones + 1) : "10.0.10${i}.0/24"] : [for i in range(1, var.num_private_subnets + 1) : "10.0.10${i}.0/24"]