Last active
May 5, 2022 16:27
-
-
Save churnd/70d1d1dcdb630b34486dd4f91b8da0c3 to your computer and use it in GitHub Desktop.
Terraform Demo SSM Install Ubuntu
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| sudo mkdir /tmp/ssm | |
| cd /tmp/ssm | |
| wget https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/debian_amd64/amazon-ssm-agent.deb | |
| sudo dpkg -i amazon-ssm-agent.deb | |
| sudo systemctl enable amazon-ssm-agent | |
| rm amazon-ssm-agent.deb |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // terraform config | |
| terraform { | |
| required_providers { | |
| aws = { | |
| source = "hashicorp/aws" | |
| version = "4.2.0" | |
| } | |
| } | |
| } | |
| // aws provider | |
| provider "aws" { | |
| region = "us-east-2" | |
| } | |
| // aws security group | |
| resource "aws_security_group" "outbound_only" { | |
| egress { | |
| from_port = 0 | |
| to_port = 0 | |
| protocol = "-1" | |
| cidr_blocks = ["0.0.0.0/0"] | |
| } | |
| lifecycle { | |
| create_before_destroy = true | |
| } | |
| } | |
| resource "aws_instance" "ec2" { | |
| ami = "ami-0eea504f45ef7a8f7" | |
| instance_type = "t2.nano" | |
| subnet_id = "subnet-34ec644e" | |
| vpc_security_group_ids = [aws_security_group.outbound_only.id] | |
| iam_instance_profile = aws_iam_instance_profile.demo-ssm-iam-profile.name | |
| #key_name = aws_key_pair.key.name | |
| root_block_device { | |
| delete_on_termination = true | |
| volume_type = "gp2" | |
| volume_size = 20 | |
| } | |
| tags = { | |
| Name = "ssm-ec2-demo" | |
| } | |
| user_data = templatefile("${path.module}/ssm-agent-install.sh", { | |
| } | |
| ) | |
| } | |
| resource "aws_iam_instance_profile" "demo-ssm-iam-profile" { | |
| name = "ec2_profile" | |
| role = aws_iam_role.demo-ssm-iam-role.name | |
| } | |
| resource "aws_iam_role" "demo-ssm-iam-role" { | |
| name = "demo-ssm-role" | |
| description = "The role for the SSM EC2 demo" | |
| assume_role_policy = <<EOF | |
| { | |
| "Version": "2012-10-17", | |
| "Statement": { | |
| "Effect": "Allow", | |
| "Principal": {"Service": "ec2.amazonaws.com"}, | |
| "Action": "sts:AssumeRole" | |
| } | |
| } | |
| EOF | |
| } | |
| resource "aws_iam_role_policy_attachment" "demo-ssm-ssm-policy" { | |
| role = aws_iam_role.demo-ssm-iam-role.name | |
| policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" | |
| } |
Author
churnd
commented
May 5, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment