Run the AWS CLI, with the ability to run under an assumed role, to access resources and properties missing from the Terraform AWS Provider.
This module requires a couple of additional resources to operate successfully.
-
Amazon Web Service Command Line Interface (awscli) : This is available in several forms here.
-
JSON processor (jq) : This is available here.
If you are using a blue/green style deployment, you would want to create the same number of EC2 instances as you are replacing.
module "current_desired_capacity" {
source = "digitickets/cli/aws"
role_session_name = "GettingDesiredCapacityFor${var.environment}"
aws_cli_commands = ["autoscaling", "describe-auto-scaling-groups"]
aws_cli_query = "AutoScalingGroups[?Tags[?Key==`Name`]|[?Value==`digitickets-${var.environment}-asg-app`]]|[0].DesiredCapacity"
}
You can now set the desired capacity of an aws_autoscaling_group:
desired_capacity = module.current_desired_capacity.result
Extending the first example above, assuming a role is as simple as adding an assume_role_arn to the module:
module "current_desired_capacity" {
source = "digitickets/cli/aws"
assume_role_arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/OrganizationAccountAccessRole"
role_session_name = "GettingDesiredCapacityFor${var.environment}"
aws_cli_commands = ["autoscaling", "describe-auto-scaling-groups"]
aws_cli_query = "AutoScalingGroups[?Tags[?Key==`Name`]|[?Value==`digitickets-${var.environment}-asg-app`]]|[0].DesiredCapacity"
}
| Name | Version |
|---|---|
| terraform | >= 0.15 |
| external | ~> 2.0 |
| local | ~> 2.0 |
| Name | Version |
|---|---|
| external | 2.2.3 |
| local | 2.2.3 |
No modules.
| Name | Type |
|---|---|
| external_external.awscli_program | data source |
| local_file.awscli_results_file | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| assume_role_arn | The ARN of the role being assumed (optional) | string |
"" |
no |
| aws_cli_commands | The AWS CLI command and subcommands | list(string) |
n/a | yes |
| aws_cli_query | The --query value | string |
"" |
no |
| debug_log_filename | Generate a debug log if a debug_log_filename is supplied |
string |
"" |
no |
| role_session_name | The role session name | string |
"" |
no |
| Name | Description |
|---|---|
| result | The output of the AWS CLI command |
To help with getting this running in a pipeline that uses Docker, the image digiticketsgroup/terraforming has Terraform, AWSCLI, and jq all ready to go.
If you want to build or adapt your own image, then the Dockerfile below is how that image has been built.
# Based upon https://github.com/aws/aws-cli/blob/2.0.10/docker/Dockerfile
FROM amazonlinux:2 as installer
ARG TERRAFORM_VERSION
RUN yum update -y \
&& yum install -y unzip \
&& curl https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o awscli-exe-linux-x86_64.zip \
&& unzip awscli-exe-linux-x86_64.zip \
# The --bin-dir is specified so that we can copy the
# entire bin directory from the installer stage into
# into /usr/local/bin of the final stage without
# accidentally copying over any other executables that
# may be present in /usr/local/bin of the installer stage.
&& ./aws/install --bin-dir /aws-cli-bin/ \
&& curl "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip" -o terraform.zip \
&& unzip terraform.zip
FROM amazonlinux:2
COPY --from=installer /usr/local/aws-cli/ /usr/local/aws-cli/
COPY --from=installer /aws-cli-bin/ /usr/local/bin/
COPY --from=installer terraform /usr/bin/
RUN yum update -y \
&& yum install -y less groff jq \
&& yum clean all
ENTRYPOINT ["/bin/sh"]