New function: single-node-asg module supports binding EIP by itself.

Since it is single node, binding an EIP to the instance is possible. And
it eases other things since the public interface is constant.

Add assign_eip variable to single-node-asg. If turns it on, an EIP will
be allocated, and assocated with the instance.

Author: Magicloud

examples/single-node-asg-test/tester.tf

@@ -0,0 +1,65 @@
+variable "region" {
+  description = "The region to put resources in"
+  default     = "us-east-1"
+}
+
+variable "az" {
+  description = "The availability zone to put resources in"
+  default     = "us-east-1c"
+}
+
+variable "key_name" {
+  description = "The keypair used to ssh into the asg intances"
+  default     = "shida-east-1"
+}
+
+provider "aws" {
+  region = var.region
+}
+
+module "vpc" {
+  source              = "../../modules/vpc-scenario-1"
+  azs                 = [var.az]
+  name_prefix         = "eiptest"
+  cidr                = "192.168.0.0/16"
+  public_subnet_cidrs = ["192.168.0.0/16"]
+  region              = var.region
+  map_on_launch       = false
+}
+
+module "snasg" {
+  source             = "../../modules/single-node-asg"
+  name_prefix        = "unit"
+  name_suffix        = "eiptest"
+  ami                = module.ubuntu-ami.id
+  instance_type      = "t2.micro"
+  region             = var.region
+  key_name           = var.key_name
+  subnet_id          = module.vpc.public_subnet_ids[0]
+  security_group_ids = [aws_security_group.eiptest.id]
+  assign_eip         = true
+}
+
+module "ubuntu-ami" {
+  source  = "../../modules/ami-ubuntu"
+  release = "16.04"
+}
+
+resource "aws_security_group" "eiptest" {
+  name   = "eiptest"
+  vpc_id = module.vpc.vpc_id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}

modules/persistent-ebs/data.tf

@@ -22,7 +22,6 @@ data "aws_iam_policy_document" "attach_ebs_policy_doc" {
 }
 
 resource "aws_iam_policy" "attach_ebs_policy" {
-  name = "attach_ebs"
-
+  name   = "attach_ebs"
   policy = data.aws_iam_policy_document.attach_ebs_policy_doc.json
 }

modules/single-node-asg/main.tf

@@ -11,6 +11,10 @@
  *
  */
 
+resource "aws_eip" "eip" {
+  count = var.assign_eip ? 1 : 0
+}
+
 module "service-data" {
   source                         = "../persistent-ebs"
   name_prefix                    = "${var.name_prefix}-${var.name_suffix}-data"
@@ -42,20 +46,21 @@ module "server" {
   ami              = var.ami
   subnet_ids       = [var.subnet_id]
   azs              = [data.aws_subnet.server-subnet.availability_zone]
-  public_ip        = var.public_ip
   key_name         = var.key_name
   elb_names        = var.load_balancers
   max_nodes        = 1
   min_nodes        = 1
   root_volume_type = var.root_volume_type
   root_volume_size = var.root_volume_size
-
-  iam_profile = module.instance_profile.iam_profile_id
+  iam_profile      = module.instance_profile.iam_profile_id
 
   user_data = <<END_INIT
 #!/bin/bash
 ${var.init_prefix}
+apt update
+apt install -y awscli
 ${module.init-attach-ebs.init_snippet}
+${var.assign_eip ? "aws ec2 associate-address --instance-id \"$(ec2metadata --instance-id)\" --region \"${var.region}\" --allocation-id \"${element(aws_eip.eip.*.id,0)}\"" : ""}
 ${var.init_suffix}
 END_INIT
 
@@ -73,3 +78,23 @@ data "aws_subnet" "server-subnet" {
   id = var.subnet_id
 }
 
+resource "aws_iam_role_policy_attachment" "associate_eip" {
+  role       = module.instance_profile.iam_role_name
+  policy_arn = aws_iam_policy.associate_eip_policy.arn
+}
+
+resource "aws_iam_policy" "associate_eip_policy" {
+  name   = "associate_address"
+  policy = data.aws_iam_policy_document.associate_eip_policy_doc.json
+}
+
+data "aws_iam_policy_document" "associate_eip_policy_doc" {
+  statement {
+    sid = ""
+    effect = "Allow"
+    actions = [
+      "ec2:AssociateAddress"
+    ]
+    resources = ["*"]
+  }
+}

modules/single-node-asg/variables.tf

@@ -92,7 +92,7 @@ variable "init_suffix" {
 variable "public_ip" {
   default     = true
   description = "Boolean flag to enable/disable `map_public_ip_on_launch` in the launch configuration"
-  type        = string
+  type        = bool
 }
 
 variable "subnet_id" {
@@ -116,3 +116,8 @@ variable "load_balancers" {
   type        = list(string)
 }
 
+variable "assign_eip" {
+  default = false
+  description = "Whether or not associating an EIP with the node."
+  type = bool
+}

modules/vpc-scenario-1/main.tf

@@ -39,6 +39,7 @@ module "public-subnets" {
   name_prefix = "${var.name_prefix}-public"
   cidr_blocks = var.public_subnet_cidrs
   extra_tags  = var.extra_tags
+  public      = var.map_on_launch
 }
 
 module "public-gateway" {

modules/vpc-scenario-1/variables.tf

@@ -32,13 +32,13 @@ variable "extra_tags" {
 variable "enable_dns_hostnames" {
   default     = true
   description = "boolean, enable/disable VPC attribute, enable_dns_hostnames"
-  type        = string
+  type        = bool
 }
 
 variable "enable_dns_support" {
   default     = true
   description = "boolean, enable/disable VPC attribute, enable_dns_support"
-  type        = string
+  type        = bool
 }
 
 variable "dns_servers" {
@@ -47,3 +47,8 @@ variable "dns_servers" {
   type        = list(string)
 }
 
+variable "map_on_launch" {
+  default     = true
+  description = "Map public subnet addresses to instances."
+  type = bool
+}