|
|
@@ -36,9 +36,13 @@ resource "aws_instance" "instance" {
|
|
|
instance_type = var.instance_type
|
|
|
key_name = "msoc-build"
|
|
|
monitoring = false
|
|
|
+ iam_instance_profile = "msoc-default-instance-profile"
|
|
|
|
|
|
ami = local.ami_map["minion"]
|
|
|
- lifecycle { ignore_changes = [ ami, key_name, user_data ] }
|
|
|
+ # We need to ignore ebs_block_device changes, because if the AMI changes, so does the snapshot_id.
|
|
|
+ # If they add a feature to block more specific changes (eg `ebs_block_devices[*].snapshot_id`), then
|
|
|
+ # that could be removed.
|
|
|
+ lifecycle { ignore_changes = [ ami, key_name, user_data, ebs_block_device ] }
|
|
|
|
|
|
# These device definitions are optional, but added for clarity.
|
|
|
root_block_device {
|
|
|
@@ -48,13 +52,20 @@ resource "aws_instance" "instance" {
|
|
|
encrypted = true
|
|
|
kms_key_id = data.aws_kms_key.ebs-key.arn
|
|
|
}
|
|
|
+
|
|
|
ebs_block_device {
|
|
|
# swap
|
|
|
device_name = "/dev/xvdm"
|
|
|
- # volume_size = xx
|
|
|
+ volume_size = 48
|
|
|
delete_on_termination = true
|
|
|
encrypted = true
|
|
|
kms_key_id = data.aws_kms_key.ebs-key.arn
|
|
|
+ # Snapshot IDs need to be grabbed from the ami, or it will replace every time. It's ugly.
|
|
|
+ # This may prompt replacement when the AMI is updated.
|
|
|
+ # See:
|
|
|
+ # https://github.com/hashicorp/terraform/issues/19958
|
|
|
+ # https://github.com/terraform-providers/terraform-provider-aws/issues/13118
|
|
|
+ snapshot_id = local.block_device_mappings["minion"]["/dev/xvdm"].ebs.snapshot_id
|
|
|
}
|
|
|
ebs_block_device {
|
|
|
# /home
|
|
|
@@ -63,6 +74,8 @@ resource "aws_instance" "instance" {
|
|
|
delete_on_termination = true
|
|
|
encrypted = true
|
|
|
kms_key_id = data.aws_kms_key.ebs-key.arn
|
|
|
+ snapshot_id = local.block_device_mappings["minion"]["/dev/xvdn"].ebs.snapshot_id
|
|
|
+
|
|
|
}
|
|
|
ebs_block_device {
|
|
|
# /var
|
|
|
@@ -71,6 +84,7 @@ resource "aws_instance" "instance" {
|
|
|
delete_on_termination = true
|
|
|
encrypted = true
|
|
|
kms_key_id = data.aws_kms_key.ebs-key.arn
|
|
|
+ snapshot_id = local.block_device_mappings["minion"]["/dev/xvdo"].ebs.snapshot_id
|
|
|
}
|
|
|
ebs_block_device {
|
|
|
# /var/tmp
|
|
|
@@ -79,6 +93,7 @@ resource "aws_instance" "instance" {
|
|
|
delete_on_termination = true
|
|
|
encrypted = true
|
|
|
kms_key_id = data.aws_kms_key.ebs-key.arn
|
|
|
+ snapshot_id = local.block_device_mappings["minion"]["/dev/xvdp"].ebs.snapshot_id
|
|
|
}
|
|
|
ebs_block_device {
|
|
|
# /var/log
|
|
|
@@ -87,6 +102,7 @@ resource "aws_instance" "instance" {
|
|
|
delete_on_termination = true
|
|
|
encrypted = true
|
|
|
kms_key_id = data.aws_kms_key.ebs-key.arn
|
|
|
+ snapshot_id = local.block_device_mappings["minion"]["/dev/xvdq"].ebs.snapshot_id
|
|
|
}
|
|
|
ebs_block_device {
|
|
|
# /var/log/audit
|
|
|
@@ -95,6 +111,7 @@ resource "aws_instance" "instance" {
|
|
|
delete_on_termination = true
|
|
|
encrypted = true
|
|
|
kms_key_id = data.aws_kms_key.ebs-key.arn
|
|
|
+ snapshot_id = local.block_device_mappings["minion"]["/dev/xvdr"].ebs.snapshot_id
|
|
|
}
|
|
|
ebs_block_device {
|
|
|
# /tmp
|
|
|
@@ -103,6 +120,7 @@ resource "aws_instance" "instance" {
|
|
|
delete_on_termination = true
|
|
|
encrypted = true
|
|
|
kms_key_id = data.aws_kms_key.ebs-key.arn
|
|
|
+ snapshot_id = local.block_device_mappings["minion"]["/dev/xvds"].ebs.snapshot_id
|
|
|
}
|
|
|
|
|
|
network_interface {
|
Fred Damstra