added iam creation to acess S3 buckets when ASG is created

ha_instance/alb.tf

@@ -1,39 +1,40 @@
 /***************************************************
 #   APPLICATION LOAD BALANCER
 ***************************************************/
-resource "aws_alb_target_group" "nuxeo" {
-  name     = "${var.stack_name}-nuxeo-alb-tg" ## required input
+resource "aws_alb_target_group" "main" {
+  name     = "${var.stack_name}-${var.instance_role}" ## required input
   port     = 8080
   protocol = "HTTP"
   vpc_id   = "${var.vpc_id}" ## required input
 }
 
-resource "aws_alb" "nuxeo" {
-  name            = "${var.stack_name}-nuxeo-alb"
+resource "aws_alb" "main" {
+  name            = "${var.stack_name}-${var.instance_role}"
   subnets         = ["${var.app_subnets}"]
   security_groups = ["${var.alb_secgroups}"] ## required input
 }
 
-resource "aws_alb_listener" "nuxeo_http" {
-  load_balancer_arn = "${aws_alb.nuxeo.id}"
+resource "aws_alb_listener" "http" {
+  load_balancer_arn = "${aws_alb.main.id}"
   port              = "80"
   protocol          = "HTTP"
 
   default_action {
-    target_group_arn = "${aws_alb_target_group.nuxeo.id}"
+    target_group_arn = "${aws_alb_target_group.main.id}"
     type             = "forward"
   }
 }
 
-resource "aws_alb_listener" "nuxeo_https" {
-   load_balancer_arn = "${aws_alb.nuxeo.arn}"
+resource "aws_alb_listener" "https" {
+   load_balancer_arn = "${aws_alb.main.arn}"
    port = "443"
    protocol = "HTTPS"
    ssl_policy = "ELBSecurityPolicy-2015-05"
    certificate_arn = "arn:aws:iam::820410587685:server-certificate/nuxeocloud2016"
 
    default_action {
-     target_group_arn = "${aws_alb_target_group.nuxeo.arn}"
+     target_group_arn = "${aws_alb_target_group.main.arn}"
      type = "forward"
    }
 }
+

ha_instance/asg.tf

@@ -2,11 +2,11 @@
 * AUTO SCALING GROUP FOR NUXEO INSTANCE
 ****************************************************/
 
-resource "aws_launch_configuration" "asg_launch_nuxeo" {
-    name                        = "asg_launch_nuxeo"
-    image_id                    = "ami-2b10bc4b"
-    instance_type               = "t2.micro"
-    key_name                    = "packer_5832e178-3196-2110-e869-232a71aa6853"
+resource "aws_launch_configuration" "main" {
+    name                        = "${var.stack_name}-${var.instance_role}"
+    image_id                    = "${var.ami}"
+    instance_type               = "${var.ami_type}"
+    key_name                    = "${var.keyname}"
     security_groups             = ["${var.alb_secgroups}"]
     enable_monitoring           = false
     ebs_optimized               = false
@@ -23,24 +23,78 @@ resource "aws_launch_configuration" "asg_launch_nuxeo" {
 
 }
 
-resource "aws_autoscaling_group" "asg_nuxeo" {
-    name                      = "asg_nuxeo"
+resource "aws_autoscaling_group" "main" {
+    name                      = "${var.stack_name}-${var.instance_role}"
 
     health_check_grace_period = 60
     health_check_type         = "EC2"
-    launch_configuration      = "${aws_launch_configuration.asg_launch_nuxeo.name}"
+    launch_configuration      = "${aws_launch_configuration.main}"
 
     max_size                  = "${var.asg_max}"
     min_size                  = "${var.asg_min}"
     desired_capacity          = "${var.asg_desired}"
 
     vpc_zone_identifier       = ["${var.app_subnets}"]
-    target_group_arns = ["${aws_alb_target_group.nuxeo.arn}"]
+    target_group_arns = ["${aws_alb_target_group.main.arn}"]
 
     tag {
         key   = "role"
-        value = "nuxeo"
+        value = "${var.instance_role}"
         propagate_at_launch = true
     }
 
 }
+
+# Create an IAM role for the Servers.
+resource "aws_iam_role" "main" {
+    name = "${var.stack_name}-${var.instance_role}"
+    assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_instance_profile" "main" {
+    name = "${var.stack_name}"
+    roles = ["${var.stack_name}-${var.instance_role}"]
+}
+
+resource "aws_iam_role_policy" "main" {
+  name = "${var.stack_name}-${var.instance_role}"
+  role = "${aws_iam_role.main.id}"
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": ["s3:ListBucket"],
+      "Resource": ["arn:aws:s3:::bucket-name"]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:PutObject",
+        "s3:GetObject",
+        "s3:DeleteObject"
+      ],
+      "Resource": [
+          "arn:aws:s3:::nuxeo-${sha1("${var.stack_name}")}/*",
+          "arn:aws:s3:::nuxeo-backup-${sha1("${var.stack_name}")}/*"    
+      ]
+    }
+  ]
+}
+EOF
+}

ha_instance/iam.tf

@@ -1,65 +0,0 @@
-# Create an IAM role for the Web Servers.
-resource "aws_iam_role" "nuxeo_iam_role" {
-    name = "${var.stack_name}"
-    assume_role_policy = <<EOF
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Action": "sts:AssumeRole",
-      "Principal": {
-        "Service": "ec2.amazonaws.com"
-      },
-      "Effect": "Allow",
-      "Sid": ""
-    }
-  ]
-}
-EOF
-}
-
-resource "aws_iam_instance_profile" "nuxeo_instance_profile" {
-    name = "${var.stack_name}"
-    roles = ["nuxeo_iam_role"]
-}
-
-resource "aws_iam_role_policy" "nuxeo_iam_role_policy" {
-  name = "${var.stack_name}"
-  role = "${aws_iam_role.nuxeo_iam_role.id}"
-  policy = <<EOF
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Effect": "Allow",
-      "Action": ["s3:ListBucket"],
-      "Resource": ["arn:aws:s3:::bucket-name"]
-    },
-    {
-      "Effect": "Allow",
-      "Action": [
-        "s3:PutObject",
-        "s3:GetObject",
-        "s3:DeleteObject"
-      ],
-      "Resource": [
-          "arn:aws:s3:::nuxeo-${sha1("${var.stack_name}")}/*",
-          "arn:aws:s3:::nuxeo-backup-${sha1("${var.stack_name}")}/*"    <
-      ]
-    }
-  ]
-}
-EOF
-}
-
-resource "aws_s3_bucket" "apps_bucket" {
-    bucket = "bucket-name"
-    acl = "private"
-    versioning {
-            enabled = true
-    }
-    tags {
-        Name = "bucket-name"
-    }
-}
-

ha_instance/inputs.tf

@@ -2,10 +2,27 @@ variable "stack_name" {
     default = ""
 }
 
+variable "instance_role" {
+    default = "ec2"
+}
+
+
 variable "vpc_id" {
     default = ""
 }
 
+variable "ami" { 
+    default = "ami-2b10bc4b"
+}
+
+variable "ami_type" {
+    default = "t2.micro"
+ }
+
+variable "keyname" { 
+    default = "packer_5832e178-3196-2110-e869-232a71aa6853"
+}
+
 variable "alb_secgroups" {
     default = []
 }