flowingis · simoferr98 · Aug 4, 2022 · Jul 20, 2022 · Aug 1, 2022 · Aug 1, 2022
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,32 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
+# .tfvars files are managed as part of configuration and so should be included in
+# version control.
+#
+# example.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Terraform Provider lock file
+.terraform.lock.hcl
diff --git a/README.md b/README.md
diff --git a/examples/complete/README.md b/examples/complete/README.md
@@ -0,0 +1,80 @@
+# EC2-Image-Builder
+
+This example will manage the creation of EC2 Image builder with the creation of an iam role and Bucket S3 for logs.
+
+## Usage
+
+To run this example, you need to execute the following commands:
+
+```shell
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+:memo: **Note:** You will need a Terraform Cloud/Enterprise API token for authentication.
+You'll be prompted to insert it to provide a value for "tfc_token" variable.
+See [here](https://www.terraform.io/cloud-docs/users-teams-organizations/api-tokens)
+for further information.
+
+:memo: **Note:** This root modules defines other several sensitive variables.
+You'll be prompted to insert the required values by default on every "plan" and "apply" action
+Choose the appropriate method to automatically specify these values, like described [here](https://www.terraform.io/language/values/variables#assigning-values-to-root-module-variables)
+
+:warning: **Warning:** This example may create resources that cost money. Execute the command
+`terraform destroy` when the resources are no longer needed.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name                                                                      | Version  |
+|---------------------------------------------------------------------------|----------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.1.0 |
+| <a name="requirement_tfe"></a> [aws](#requirement\aws)                    | >= 4.20  |
+
+## Providers
+
+| Name                                              | Version |
+|---------------------------------------------------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.20 |
+
+## Modules
+
+| Name                                                                                  | Source | Version |
+|---------------------------------------------------------------------------------------|--------|---------|
+| <a name="module_advanced_workspace"></a> [imagebuilder](#module\_advanced\_workspace) | ../../ | n/a     |
+
+## Resources
+
+| Name                                                                                                                                                       | Type     |
+|------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|
+| [aws_iam_role.iam_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role)                                              | resource |
+| [aws_iam_instance_profile.istance_profile](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_account_alias)                  | resource |
+| [aws_iam_role_policy_attachment.policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile)       | resource |
+| [aws_s3_bucket.bucket_logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket)                                         | resource |
+| [aws_s3_bucket_public_access_block.bucket_logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource |
+| [aws_s3_bucket_acl.bucket_logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl)                                 | resource |
+
+## Inputs
+
+| Name                                                                                     | Description                                              | Type     | Default | Required |
+|------------------------------------------------------------------------------------------|----------------------------------------------------------|----------|---------|:--------:|
+| <a name="input_region"></a> [region](#input\_region)                                     | Region where resources are created                       | `string` | `n/a`   |   yes    |
+| <a name="input_name"></a> [name](#input\_name)                                           | Generic resource name                                    | `string` | `n/a`   |   yes    |
+| <a name="input_account_id"></a> [account\_id](#account\_id)                              | The account ID used in the launch template configuration | `string` | `n/a`   |   yes    |
+| <a name="launch_template_id_1"></a> [launch\_template\_id\_1](#ilaunch\_template\_id\_1) | The ID of the Amazon EC2 launch template one             | `string` | `n/a`   |   yes    |
+| <a name="launch_template_id_2"></a> [launch\_template\_id\_2](#ilaunch\_template\_id\_2) | The ID of the Amazon EC2 launch template two             | `string` | `n/a`   |   yes    |
+| <a name="input_tfc_token"></a> [user\_ids](#iuser\_ids)                                  | Set of AWS Account user in the launch_permission         | `string` | `n/a`   |   yes    |
+
+## Outputs
+
+| Name                                                                                                                                     | Description                                     |
+|------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------|
+| <a name="output_component"></a> [component](#output\_component)                                                                          | Map of Component                                |
+| <a name="output_component_name"></a> [component\_name](#output\_component\_name)                                                         | List of Name of the component                   |
+| <a name="output_component_arn"></a> [component\_arn](#output\_component\_arn)                                                            | List of Arn of the component                    |
+| <a name="output_image_recipe_arn"></a> [image\_recipe\_arn](#output\_image\_recipe\_arn)                                                 | Amazon Resource Name (ARN) of the image recipe  |
+| <a name="output_infrastructure_configuration_arn"></a> [infrastructure\_configuration\_arn](#output\_infrastructure\_configuration\_arn) | arn of the infrastructure configuration         |
+| <a name="output_distribution_configuration_name"></a> [distribution\_configuration\_name](#output\_distribution\_configuration\_name)    | Name of the distribution configuration          |
+| <a name="output_image_pipeline_arn"></a> [image\_pipeline\_arn](#output\_image\_pipeline\_arn)                                           | Name of the distribution configuration          |  
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/examples/complete/data.tf b/examples/complete/data.tf
@@ -0,0 +1 @@
+data "aws_partition" "current" {}
diff --git a/examples/complete/locals.tf b/examples/complete/locals.tf
@@ -0,0 +1,6 @@
+locals {
+  common_tags = {
+    Terraform = true
+    Project   = var.name
+  }
+}
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
@@ -0,0 +1,146 @@
+################################################################################
+# Role IAM for EC2-Image-Builder Module
+################################################################################
+resource "aws_iam_role" "iam_role" {
+  name = var.name
+  path = "/${var.name}/"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2008-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": ["ec2.amazonaws.com"]
+      },
+      "Effect": "Allow"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_instance_profile" "istance_profile" {
+  name = var.name
+  role = aws_iam_role.iam_role.name
+}
+
+resource "aws_iam_role_policy_attachment" "policy_attachment" {
+  role       = aws_iam_role.iam_role.id
+  policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/EC2InstanceProfileForImageBuilder"
+}
+
+################################################################################
+# S3 Bucket for logs
+################################################################################
+resource "aws_s3_bucket" "bucket_logs" {
+  bucket = "${var.account_id}-${var.name}-s3"
+
+}
+
+resource "aws_s3_bucket_public_access_block" "bucket_logs" {
+  bucket = aws_s3_bucket.bucket_logs.id
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+
+  depends_on = [
+    aws_s3_bucket.bucket_logs
+  ]
+}
+
+resource "aws_s3_bucket_acl" "bucket_logs" {
+  bucket = aws_s3_bucket.bucket_logs.id
+  acl    = "private"
+}
+
+################################################################################
+# EC2-Image-Builder Module
+################################################################################
+module "imagebuilder" {
+  source = "../../"
+
+  name = var.name
+
+  components = [
+    {
+      "data" = yamlencode({
+        phases = [
+          {
+            name = "build"
+            steps = [
+              {
+                action = "ExecuteBash"
+                inputs = {
+                  commands = ["echo 'hello world'"]
+                }
+                name      = "helloworld"
+                onFailure = "Continue"
+              }
+            ]
+          }
+        ]
+        schemaVersion = 1.0
+      }),
+      "name"        = "hello world",
+      "description" = "component hello world",
+      "version"     = "1.0.0"
+    }
+  ]
+
+  component_external_arns = ["arn:aws:imagebuilder:${var.region}:aws:component/amazon-cloudwatch-agent-linux/1.0.1/1"]
+
+  image_recipe_parent_image = "arn:${data.aws_partition.current.partition}:imagebuilder:${var.region}:aws:image/ubuntu-server-20-lts-x86/2022.3.8"
+  image_recipe_version      = "1.0.0"
+
+  block_device_mapping = [
+    {
+      device_name           = "/dev/sda"
+      delete_on_termination = true
+      volume_size           = 10
+      volume_type           = "gp3"
+    }
+  ]
+
+  infrastructure_configuration_instance_profile_name = aws_iam_instance_profile.istance_profile.name
+  infrastructure_configuration_instance_types        = ["t3.nano"]
+
+  infrastructure_configuration_s3_logs_enabled = false
+  infrastructure_configuration_s3_bucket_name  = aws_s3_bucket.bucket_logs.bucket
+
+  enable_resource_tags = true
+  resource_tags        = local.common_tags
+
+
+  distribution_configuration_region = var.region
+
+  ami_distribution_configuration = {
+    name = var.name
+
+    ami_tags = {
+      CostCenter = "IT"
+    }
+
+  }
+
+  launch_permission = {
+    user_ids = var.user_ids
+  }
+
+  launch_template_configuration = [
+    {
+      launch_template_id = var.launch_template_id_1
+      account_id         = var.account_id
+    },
+    {
+      launch_template_id = var.launch_template_id_2
+      account_id         = var.account_id
+    }
+  ]
+
+  image_tests_configuration_schedule_enabled    = true
+  image_tests_configuration_schedule_expression = "cron(0 0 * * ? *)"
+}
diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf
@@ -0,0 +1,34 @@
+output "component" {
+  description = "Map of Component"
+  value       = module.imagebuilder.component
+}
+
+output "component_name" {
+  description = "List of Name of the component"
+  value       = module.imagebuilder.component_name
+}
+
+output "component_arn" {
+  description = "List of Arn of the component"
+  value       = module.imagebuilder.component_arn
+}
+
+output "image_recipe_arn" {
+  description = "Amazon Resource Name (ARN) of the image recipe"
+  value       = module.imagebuilder.image_recipe_arn
+}
+
+output "infrastructure_configuration_arn" {
+  description = "arn of the infrastructure configuration"
+  value       = module.imagebuilder.infrastructure_configuration_arn
+}
+
+output "distribution_configuration_name" {
+  description = "Name of the distribution configuration"
+  value       = module.imagebuilder.distribution_configuration_name
+}
+
+output "image_pipeline_arn" {
+  description = "Name of the distribution configuration"
+  value       = module.imagebuilder.image_pipeline_arn
+}
diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
@@ -0,0 +1,33 @@
+variable "region" {
+  description = "Region where resources are created"
+  type        = string
+}
+
+variable "name" {
+  description = "Generic resource name"
+  type        = string
+}
+
+variable "account_id" {
+  description = "The account ID used in the launch template configuration"
+  type        = string
+  sensitive   = true
+}
+
+variable "launch_template_id_1" {
+  description = "The ID of the Amazon EC2 launch template one"
+  type        = string
+  sensitive   = true
+}
+
+variable "launch_template_id_2" {
+  description = "The ID of the Amazon EC2 launch template two"
+  type        = string
+  sensitive   = true
+}
+
+variable "user_ids" {
+  description = "Set of AWS Account user in the launch_permission"
+  type        = list(string)
+  sensitive   = true
+}
diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf
@@ -0,0 +1,18 @@
+terraform {
+  required_version = ">= 1.1.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.24"
+    }
+  }
+}
+
+provider "aws" {
+  region = var.region
+
+  default_tags {
+    tags = local.common_tags
+  }
+}