fixing issue w/ bastion EIP provisioning. Updated the ASG to provision the first instance properly. (#5)

Author: thathaneydude

README.md

@@ -15,7 +15,7 @@ module "asg_lambda_role" {
   source = "github.com/corelight/terraform-aws-sensor//modules/iam/lambda"
 
   lambda_cloudwatch_log_group_arn = module.sensor.cloudwatch_log_group_arn
-  sensor_autoscaling_group_name   = module.sensor.autoscaling_group_name
+  sensor_autoscaling_group_arn    = module.sensor.autoscaling_group_arn
   security_group_arn              = module.sensor.management_security_group_arn
   subnet_arn                      = data.aws_subnet.management.arn
 }

auto_scale_group.tf

@@ -15,14 +15,20 @@ resource "aws_autoscaling_group" "sensor_asg" {
   health_check_grace_period = 300
   termination_policies      = ["OldestInstance"]
   protect_from_scale_in     = false
-}
+  wait_for_capacity_timeout = 0
 
-resource "aws_autoscaling_lifecycle_hook" "asg_scale_up_hook" {
-  autoscaling_group_name = aws_autoscaling_group.sensor_asg.name
-  lifecycle_transition   = "autoscaling:EC2_INSTANCE_LAUNCHING"
-  name                   = var.asg_lifecycle_hook_name
-  default_result         = "ABANDON"
-  heartbeat_timeout      = 300
+  initial_lifecycle_hook {
+    lifecycle_transition = "autoscaling:EC2_INSTANCE_LAUNCHING"
+    name                 = var.asg_lifecycle_hook_name
+    default_result       = "ABANDON"
+    heartbeat_timeout    = 300
+  }
+
+  depends_on = [
+    aws_lambda_function.auto_scaling_lambda,
+    aws_cloudwatch_event_rule.asg_lifecycle_rule,
+    aws_cloudwatch_log_group.log_group,
+  ]
 }
 
 resource "aws_autoscaling_policy" "sensor_autoscale_policy" {

lambda.tf

@@ -38,8 +38,8 @@ resource "aws_cloudwatch_event_rule" "asg_lifecycle_rule" {
     "source" : ["aws.autoscaling"],
     "detail-type" : ["EC2 Instance-launch Lifecycle Action"],
     "detail" : {
-      "AutoScalingGroupName" : [aws_autoscaling_group.sensor_asg.name],
-      "LifecycleHookName" : [aws_autoscaling_lifecycle_hook.asg_scale_up_hook.name]
+      "AutoScalingGroupName" : [var.sensor_asg_name],
+      "LifecycleHookName" : [var.asg_lifecycle_hook_name]
     }
   })
 

modules/bastion/instance.tf

@@ -29,6 +29,7 @@ resource "aws_network_interface" "bastion_nic" {
 }
 
 resource "aws_eip" "bastion_public_ip" {
+  instance          = aws_instance.bastion.id
   network_interface = aws_network_interface.bastion_nic.id
 
   tags = merge({ Name : "${var.bastion_instance_name}-public-ip" }, var.tags)

modules/iam/lambda/main.tf

@@ -1,7 +1,3 @@
-data "aws_autoscaling_group" "asg" {
-  name = var.sensor_autoscaling_group_name
-}
-
 data "aws_iam_policy_document" "lambda_nic_manager_policy" {
   statement {
     effect = "Allow"
@@ -31,7 +27,7 @@ data "aws_iam_policy_document" "lambda_nic_manager_policy" {
       "autoscaling:CompleteLifecycleAction"
     ]
     resources = [
-      data.aws_autoscaling_group.asg.arn
+      var.sensor_autoscaling_group_arn
     ]
   }
 
@@ -46,7 +42,7 @@ data "aws_iam_policy_document" "lambda_nic_manager_policy" {
     ]
     condition {
       test     = "StringEquals"
-      values   = [data.aws_autoscaling_group.asg.name]
+      values   = [split("/", var.sensor_autoscaling_group_arn)[1]]
       variable = "aws:ResourceTag/aws:autoscaling:groupName"
     }
   }

modules/iam/lambda/variables.tf

@@ -3,7 +3,7 @@ variable "lambda_cloudwatch_log_group_arn" {
   type        = string
 }
 
-variable "sensor_autoscaling_group_name" {
+variable "sensor_autoscaling_group_arn" {
   description = "ARN of the sensor EC2 autoscaling group of Corelight sensors"
   type        = string
 }

outputs.tf

@@ -1,4 +1,4 @@
-output "auto_scale_group_arn" {
+output "autoscaling_group_arn" {
   value = aws_autoscaling_group.sensor_asg.arn
 }