jwieringa · March 2, 2017 19:58
diff --git a/main.tf b/main.tf
 resource "aws_vpc" "main" {
  cidr_block = "10.0.0.0/16"
 }

 resource "aws_subnet" "main" {
  vpc_id     = "${aws_vpc.main.id}"
  cidr_block = "10.0.1.0/24"
 }

 resource "aws_security_group" "allow_all" {
  name        = "allow_all"
  description = "Allow all inbound traffic"
  vpc_id      = "${aws_vpc.main.id}"

  ingress {
    from_port   = 0
    to_port     = 0
    protocol    = "udp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "udp"
    cidr_blocks = ["0.0.0.0/0"]
  }
 }

 resource "aws_iam_role" "opsworks_service" {
  name = "opsworks-service"

  assume_role_policy = <<EOF
 {
  "Version": "2008-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": "opsworks.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
 }
 EOF
 }

 resource "aws_iam_policy" "opsworks_service" {
  name        = "opsworks-service"
  description = "AWS tools for OpsWorks Stack"

  policy = <<EOF
 {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1412626646000",
      "Action": [
        "ec2:*",
        "iam:PassRole",
        "cloudwatch:GetMetricStatistics",
        "cloudwatch:DescribeAlarms",
        "elasticloadbalancing:*",
        "rds:*"
      ],
      "Effect": "Allow",
      "Resource": [
        "*"
      ]
    }
  ]
 }
 EOF
 }

 resource "aws_iam_policy_attachment" "opsworks_service" {
  name       = "opsworks-service"
  roles      = ["${aws_iam_role.opsworks_service.name}"]
  policy_arn = "${aws_iam_policy.opsworks_service.arn}"
 }

 resource "aws_iam_role" "ec2" {
  name = "ec2"

  assume_role_policy = <<EOF
 {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      }
    }
  ]
 }
 EOF
 }

 resource "aws_opsworks_stack" "default" {
  configuration_manager_name    = "Chef"
  configuration_manager_version = "11.10"
  agent_version                 = "3442-20161201055821"
  use_opsworks_security_groups  = false
  default_root_device_type      = "instance-store"
  service_role_arn              = "${aws_iam_role.opsworks_service.arn}"
  default_instance_profile_arn  = "${aws_iam_role.ec2.arn}"
  name                          = "default"
  region                        = "us-east-1"
  default_os                    = "Ubuntu 14.04 LTS"
  default_subnet_id             = "${aws_subnet.main.id}"
  vpc_id                        = "${aws_vpc.main.id}"
  hostname_theme                = "Layer_Dependent"
  manage_berkshelf              = false
  use_custom_cookbooks          = false
 }

 resource "aws_opsworks_custom_layer" "app" {
  name                      = "app"
  short_name                = "app"
  stack_id                  = "${aws_opsworks_stack.default.id}"
  custom_security_group_ids = ["${aws_security_group.allow_all.id}"]

  ebs_volume = {
    mount_point = "/mnt/data"

    // Issue: The value `size` is not updated when changed
    size            = 100
    number_of_disks = 1
    raid_level      = "None"
    type            = "gp2"
  }

  # network
  auto_assign_elastic_ips = false
  auto_assign_public_ips  = false
  drain_elb_on_shutdown   = true

  # chef
  custom_setup_recipes     = []
  custom_configure_recipes = []
  custom_deploy_recipes    = []
  custom_undeploy_recipes  = []
  custom_shutdown_recipes  = []
 }
	resource "aws_vpc" "main" {
	cidr_block = "10.0.0.0/16"
	}

	resource "aws_subnet" "main" {
	vpc_id = "${aws_vpc.main.id}"
	cidr_block = "10.0.1.0/24"
	}

	resource "aws_security_group" "allow_all" {
	name = "allow_all"
	description = "Allow all inbound traffic"
	vpc_id = "${aws_vpc.main.id}"

	ingress {
	from_port = 0
	to_port = 0
	protocol = "udp"
	cidr_blocks = ["0.0.0.0/0"]
	}

	egress {
	from_port = 0
	to_port = 0
	protocol = "udp"
	cidr_blocks = ["0.0.0.0/0"]
	}
	}

	resource "aws_iam_role" "opsworks_service" {
	name = "opsworks-service"

	assume_role_policy = <<EOF
	{
	"Version": "2008-10-17",
	"Statement": [
	{
	"Sid": "",
	"Effect": "Allow",
	"Principal": {
	"Service": "opsworks.amazonaws.com"
	},
	"Action": "sts:AssumeRole"
	}
	]
	}
	EOF
	}

	resource "aws_iam_policy" "opsworks_service" {
	name = "opsworks-service"
	description = "AWS tools for OpsWorks Stack"

	policy = <<EOF
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "Stmt1412626646000",
	"Action": [
	"ec2:*",
	"iam:PassRole",
	"cloudwatch:GetMetricStatistics",
	"cloudwatch:DescribeAlarms",
	"elasticloadbalancing:*",
	"rds:*"
	],
	"Effect": "Allow",
	"Resource": [
	"*"
	]
	}
	]
	}
	EOF
	}

	resource "aws_iam_policy_attachment" "opsworks_service" {
	name = "opsworks-service"
	roles = ["${aws_iam_role.opsworks_service.name}"]
	policy_arn = "${aws_iam_policy.opsworks_service.arn}"
	}

	resource "aws_iam_role" "ec2" {
	name = "ec2"

	assume_role_policy = <<EOF
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "",
	"Effect": "Allow",
	"Action": "sts:AssumeRole",
	"Principal": {
	"Service": "ec2.amazonaws.com"
	}
	}
	]
	}
	EOF
	}

	resource "aws_opsworks_stack" "default" {
	configuration_manager_name = "Chef"
	configuration_manager_version = "11.10"
	agent_version = "3442-20161201055821"
	use_opsworks_security_groups = false
	default_root_device_type = "instance-store"
	service_role_arn = "${aws_iam_role.opsworks_service.arn}"
	default_instance_profile_arn = "${aws_iam_role.ec2.arn}"
	name = "default"
	region = "us-east-1"
	default_os = "Ubuntu 14.04 LTS"
	default_subnet_id = "${aws_subnet.main.id}"
	vpc_id = "${aws_vpc.main.id}"
	hostname_theme = "Layer_Dependent"
	manage_berkshelf = false
	use_custom_cookbooks = false
	}

	resource "aws_opsworks_custom_layer" "app" {
	name = "app"
	short_name = "app"
	stack_id = "${aws_opsworks_stack.default.id}"
	custom_security_group_ids = ["${aws_security_group.allow_all.id}"]

	ebs_volume = {
	mount_point = "/mnt/data"

	// Issue: The value `size` is not updated when changed
	size = 100
	number_of_disks = 1
	raid_level = "None"
	type = "gp2"
	}

	# network
	auto_assign_elastic_ips = false
	auto_assign_public_ips = false
	drain_elb_on_shutdown = true

	# chef
	custom_setup_recipes = []
	custom_configure_recipes = []
	custom_deploy_recipes = []
	custom_undeploy_recipes = []
	custom_shutdown_recipes = []
	}