pgporada · January 25, 2017 21:21
diff --git a/init.sh user_data script b/init.sh user_data script
 #!/bin/bash
 set -x

 # Ensure dependencies are installed
 yum install -y epel-release
 yum update -y epel-release
 yum install -y python-pip python-devel git openssl-devel libffi-devel
 pip install --upgrade pip
 pip install --upgrade setuptools
 yum install -y awscli python-six ansible

 # If you don't unset these, then the aws cli commands will fail with a 'partial credentials have been found' error
 unset AWS_ACCESS_KEY_ID
 unset AWS_SECRET_KEY

 # Get the MACHINE USER key
 # FETCH YOUR MACHINE USER KEY HERE
 chmod 0600 /root/.ssh/YOURMACHINEUSERNAME
 ssh-keyscan -t rsa bitbucket.org >> ~/.ssh/known_hosts

 # Allow Ansible to SSH in from Jenkins
 mkdir -p /home/${TERRAFORM_user}/.ssh
 chmod 0700 /home/${TERRAFORM_user}/.ssh
 chown ${TERRAFORM_user}:${TERRAFORM_user} /home/${TERRAFORM_user}/.ssh
 # FETCH YOUR CI KEY(S) HERE
 # SET UP YOUR AUTHORIZED KEY(S) HERE

 # Get the ansible playbook from our repo
 ssh-agent bash -c "ssh-add ~/.ssh/MYKEY ; cd /root ; git clone [email protected]:MYCOMPANY/ansible-playbook-bastion.git"

 # Install Ansible playbook dependencies
 ssh-agent bash -c "ssh-add ~/.ssh/MYKEY ; cd /root/ansible-playbook-bastion ; make install-python-requirements"
 ssh-agent bash -c "ssh-add ~/.ssh/MYKEY ; cd /root/ansible-playbook-bastion ; make install-ansible-modules"
 ssh-agent bash -c "ssh-add ~/.ssh/MYKEY ; cd /root/ansible-playbook-bastion ; ENVIRONMENT=${TERRAFORM_env} TIER=${TERRAFORM_tier} make install-s3-secrets"
 ssh-agent bash -c "ssh-add ~/.ssh/MYKEY ; cd /root/ansible-playbook-bastion ; cd ansible ;  ansible-playbook playbooks/deploy-aws-${TERRAFORM_role}.yml -i environments/aws -e cli_myhosts='localhost' -e cli_role=${TERRAFORM_role} -e cli_tier=${TERRAFORM_tier} -e cli_env=${TERRAFORM_env} --connection=local"

 # Cleanup
 rm -rf /root/ansible-playbook-bastion
 rm -f /root/.ssh/MACHINEUSERKEY
diff --git a/partial bastion.tf module file b/partial bastion.tf module file
 data "template_file" "bastion" {
    template = "${file("${path.module}/init.sh")}"
    vars {
        TERRAFORM_env   = "${var.env}"
        TERRAFORM_tier  = "${var.tier}"
        TERRAFORM_role  = "bastion"
        TERRAFORM_user  = "${var.shell_username}"
        TERRAFORM_hosts = "localhost"
    }
 }

 resource "aws_instance" "bastion" {
    ami                       = "${data.aws_ami.bastion.id}"
    instance_type             = "${var.instance_type}"
    key_name                  = "${var.bastion_key_name}"
    subnet_id                 = "${element(split(",", var.subnet_ids), count.index)}"
    vpc_security_group_ids    = ["${aws_security_group.bastion.id}"]
    user_data                 = "${data.template_file.bastion.rendered}"
    iam_instance_profile      = "${aws_iam_instance_profile.bastion.name}"

    tags {
        Name      = "${var.env}_${var.tier}_${replace(var.region,"-","")}_bastion"
        TYPE      = "bastion"
        ROLES     = "bastion"
        ENV       = "${var.env}"
        TERRAFORM = "true"
        TIER      = "${var.tier}"
    }
 }
	#!/bin/bash
	set -x

	# Ensure dependencies are installed
	yum install -y epel-release
	yum update -y epel-release
	yum install -y python-pip python-devel git openssl-devel libffi-devel
	pip install --upgrade pip
	pip install --upgrade setuptools
	yum install -y awscli python-six ansible

	# If you don't unset these, then the aws cli commands will fail with a 'partial credentials have been found' error
	unset AWS_ACCESS_KEY_ID
	unset AWS_SECRET_KEY

	# Get the MACHINE USER key
	# FETCH YOUR MACHINE USER KEY HERE
	chmod 0600 /root/.ssh/YOURMACHINEUSERNAME
	ssh-keyscan -t rsa bitbucket.org >> ~/.ssh/known_hosts

	# Allow Ansible to SSH in from Jenkins
	mkdir -p /home/${TERRAFORM_user}/.ssh
	chmod 0700 /home/${TERRAFORM_user}/.ssh
	chown ${TERRAFORM_user}:${TERRAFORM_user} /home/${TERRAFORM_user}/.ssh
	# FETCH YOUR CI KEY(S) HERE
	# SET UP YOUR AUTHORIZED KEY(S) HERE

	# Get the ansible playbook from our repo
	ssh-agent bash -c "ssh-add ~/.ssh/MYKEY ; cd /root ; git clone [email protected]:MYCOMPANY/ansible-playbook-bastion.git"

	# Install Ansible playbook dependencies
	ssh-agent bash -c "ssh-add ~/.ssh/MYKEY ; cd /root/ansible-playbook-bastion ; make install-python-requirements"
	ssh-agent bash -c "ssh-add ~/.ssh/MYKEY ; cd /root/ansible-playbook-bastion ; make install-ansible-modules"
	ssh-agent bash -c "ssh-add ~/.ssh/MYKEY ; cd /root/ansible-playbook-bastion ; ENVIRONMENT=${TERRAFORM_env} TIER=${TERRAFORM_tier} make install-s3-secrets"
	ssh-agent bash -c "ssh-add ~/.ssh/MYKEY ; cd /root/ansible-playbook-bastion ; cd ansible ; ansible-playbook playbooks/deploy-aws-${TERRAFORM_role}.yml -i environments/aws -e cli_myhosts='localhost' -e cli_role=${TERRAFORM_role} -e cli_tier=${TERRAFORM_tier} -e cli_env=${TERRAFORM_env} --connection=local"

	# Cleanup
	rm -rf /root/ansible-playbook-bastion
	rm -f /root/.ssh/MACHINEUSERKEY
	data "template_file" "bastion" {
	template = "${file("${path.module}/init.sh")}"
	vars {
	TERRAFORM_env = "${var.env}"
	TERRAFORM_tier = "${var.tier}"
	TERRAFORM_role = "bastion"
	TERRAFORM_user = "${var.shell_username}"
	TERRAFORM_hosts = "localhost"
	}
	}

	resource "aws_instance" "bastion" {
	ami = "${data.aws_ami.bastion.id}"
	instance_type = "${var.instance_type}"
	key_name = "${var.bastion_key_name}"
	subnet_id = "${element(split(",", var.subnet_ids), count.index)}"
	vpc_security_group_ids = ["${aws_security_group.bastion.id}"]
	user_data = "${data.template_file.bastion.rendered}"
	iam_instance_profile = "${aws_iam_instance_profile.bastion.name}"

	tags {
	Name = "${var.env}_${var.tier}_${replace(var.region,"-","")}_bastion"
	TYPE = "bastion"
	ROLES = "bastion"
	ENV = "${var.env}"
	TERRAFORM = "true"
	TIER = "${var.tier}"
	}
	}