forked from buildo/terraform-aws-dockercomposehost
-
Notifications
You must be signed in to change notification settings - Fork 1
/
main.tf
98 lines (85 loc) · 2.65 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
data "aws_ami" "ami" {
most_recent = true
owners = ["099720109477"]
filter {
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
}
filter {
name = "virtualization-type"
values = ["hvm"]
}
}
resource "aws_instance" "instance" {
ami = "ami-08ca3fed11864d6bb"
instance_type = var.instance_type
key_name = var.ssh_key_name
security_groups = [aws_security_group.sg.name]
associate_public_ip_address = true
iam_instance_profile = aws_iam_instance_profile.instance.name
user_data_base64 = data.template_cloudinit_config.config.rendered
tags = {
Name = var.project_name
}
root_block_device {
volume_size = var.volume_size
}
}
resource "aws_route53_record" "dns" {
count = length(var.zone_id) > 0 && length(var.host_name) > 0 ? 1 : 0
zone_id = var.zone_id
name = var.host_name
type = "A"
ttl = "300"
records = [aws_instance.instance.public_ip]
}
resource "aws_iam_role_policy_attachment" "instance" {
for_each = toset(concat(
["arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy"],
var.instance_profile_policy_arns,
))
policy_arn = each.key
role = aws_iam_role.instance.id
}
data "aws_iam_policy_document" "assume_policy" {
statement {
actions = [
"sts:AssumeRole"
]
effect = "Allow"
principals {
type = "Service"
identifiers = ["ec2.amazonaws.com"]
}
}
}
resource "aws_iam_role" "instance" {
name = "${var.project_name}-instance-profile"
force_detach_policies = true
assume_role_policy = data.aws_iam_policy_document.assume_policy.json
}
resource "aws_iam_instance_profile" "instance" {
name = var.project_name
role = aws_iam_role.instance.name
}
resource "aws_cloudwatch_metric_alarm" "disk_full" {
count = var.disk_utilization_alarm_enabled == true ? 1 : 0
alarm_name = "${var.project_name}-${aws_instance.instance.id}-disk-full"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = "3"
metric_name = "disk_used_percent"
namespace = "System/Linux"
period = "60"
statistic = "Average"
threshold = var.disk_utilization_alarm_threshold
alarm_description = "This metric monitors disk utilization"
alarm_actions = var.disk_utilization_alarm_actions
ok_actions = var.disk_utilization_alarm_actions
treat_missing_data = "breaching"
dimensions = {
InstanceId = aws_instance.instance.id
path = "/"
device = "overlay"
fstype = "overlay"
}
}