diff --git a/aws/auto-scaling.tf b/aws/auto-scaling.tf index d80de76..0fecacd 100644 --- a/aws/auto-scaling.tf +++ b/aws/auto-scaling.tf @@ -2,11 +2,11 @@ # replacing an unhealthy EC2 instance or recovering from an # availability zone failure. resource "aws_autoscaling_group" "bastion" { - # The Launch Configuration ID is part of the Auto Scaling Group name, - # to force the ASG and its EC2 to be recreated. - name = "asg-${aws_launch_configuration.bastion.id}" - - launch_configuration = aws_launch_configuration.bastion.name + name = "asg-${aws_launch_template.bastion.id}" + launch_template { + name = aws_launch_template.bastion.name + version = aws_launch_template.bastion.latest_version + } min_size = 1 max_size = 1 @@ -29,7 +29,7 @@ resource "aws_autoscaling_group" "bastion" { } - # THis needs to match the Launch Configuration. + # This needs to match the LaunchTemplate. lifecycle { create_before_destroy = true diff --git a/aws/bastion-userdata.tmpl b/aws/bastion-userdata.tmpl index ede0fd3..5084579 100644 --- a/aws/bastion-userdata.tmpl +++ b/aws/bastion-userdata.tmpl @@ -28,7 +28,7 @@ info Triggering a job using at, to sleep then run apt-get upgrade... echo "sleep 120 ; apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" upgrade" |at now info Installing packages needed on the bastion... -apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install awscli python unattended-upgrades +apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install awscli unattended-upgrades info The infra bucket is: ${infrastructure_bucket} and the S3 key is ${infrastructure_bucket_bastion_key} diff --git a/aws/inputs.tf b/aws/inputs.tf index 53f3f04..5717b88 100644 --- a/aws/inputs.tf +++ b/aws/inputs.tf @@ -99,7 +99,7 @@ variable "ami_owner_id_govcloud" { variable "ami_filter_value" { description = "The filter path for the AMI." - default = "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*" + default = "ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*" } variable "arn_prefix" { diff --git a/aws/launchconfig.tf b/aws/launchtemplate.tf similarity index 68% rename from aws/launchconfig.tf rename to aws/launchtemplate.tf index 381503f..237dde5 100644 --- a/aws/launchconfig.tf +++ b/aws/launchtemplate.tf @@ -21,32 +21,37 @@ data "template_file" "bastion_user_data" { } } -resource "aws_launch_configuration" "bastion" { - # Generate a unique name for the Launch Configuration, - # so the Auto Scaling Group can be updated without conflict before destroying the previous Launch Configuration. - # Also see the related lifecycle block below. +resource "aws_launch_template" "bastion" { name_prefix = "${var.bastion_name}-" image_id = data.aws_ami.ubuntu.id instance_type = var.instance_type - iam_instance_profile = aws_iam_instance_profile.bastion.name - security_groups = [aws_security_group.bastion_ssh.id] - associate_public_ip_address = "true" + iam_instance_profile { + name = aws_iam_instance_profile.bastion.name + } + + network_interfaces { + associate_public_ip_address = true + security_groups = [aws_security_group.bastion_ssh.id] + } - user_data_base64 = base64gzip(data.template_file.bastion_user_data.rendered) + user_data = base64gzip(data.template_file.bastion_user_data.rendered) key_name = length(aws_key_pair.bastion) > 0 ? aws_key_pair.bastion[0].id : null - root_block_device { - encrypted = var.encrypt_root_volume - volume_type = var.root_volume_type + block_device_mappings { + device_name = "/dev/sda1" + ebs { + encrypted = var.encrypt_root_volume + volume_type = var.root_volume_type + } } lifecycle { create_before_destroy = true - # DO not recreate the Launch Configuration if a newer AMI becomes available. - # `terrform taint` the Launch Configuration resource to force it to be recreated. + # DO not recreate the Launch Template if a newer AMI becomes available. + # `terrform taint` the Launch Template resource to force it to be recreated. # In the future we may want to also include user-data in this list. ignore_changes = [image_id] }