NRL-1385 use autoscaling ec2 for flexibility

Author: jackleary

terraform/account-wide-infrastructure/modules/ec2/data.tf

@@ -0,0 +1,53 @@
+# Initial AMI to use
+data "aws_ami" "windows" {
+  most_recent = true
+  filter {
+    name   = "name"
+    values = ["Windows_Server-2022-English-Full-Base-*"]
+  }
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+  owners = ["801119661308"] # Canonical
+}
+
+# AMI to use
+data "aws_ami" "final" {
+  most_recent = true
+  filter {
+    name   = "name"
+    values = ["PowerBI-On-Premise-Gateway"]
+  }
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+  owners = ["self"]
+}
+
+# Subnets
+data "aws_subnets" "subnets" {
+  filter {
+    name   = "tag:Type"
+    values = ["private"]
+  }
+}
+
+# VPC
+data "aws_vpc" "account_vpc" {
+  filter {
+    name   = "tag:Name"
+    values = [var.account_name]
+  }
+}
+
+# Security group of db
+data "aws_security_group" "db_sg" {
+  filter {
+    name   = "group-name"
+    values = [var.db_sg_name]
+  }
+
+  vpc_id = data.aws_vpc.account_vpc.id
+}

terraform/account-wide-infrastructure/modules/ec2/ec2.tf

@@ -95,3 +95,39 @@ module "autoscaling" {
   user_data              = filebase64("./userdata.txt")
   update_default_version = true
 }
+
+############################
+# Add rule to db managed group
+############################
+# module "upgrade_db_sg" {
+#   source  = "registry.terraform.io/terraform-aws-modules/security-group/aws"
+#   version = "4.13.1"
+
+#   create_sg         = false
+#   security_group_id = data.aws_security_group.db_sg.id
+#   ingress_with_source_security_group_id = [
+#     {
+#       description              = "Allow incoming connections from Power BI Gateway"
+#       rule                     = "postgresql-tcp"
+#       source_security_group_id = module.security-group-outbound.security_group_id
+#     },
+#   ]
+# }
+
+############################
+# Key pair for RDP access
+############################
+resource "tls_private_key" "instance_key_pair" {
+  algorithm = "RSA"
+}
+
+resource "aws_key_pair" "ec2_key_pair" {
+  key_name   = "PowerBI-GateWay-Key"
+  public_key = tls_private_key.instance_key_pair.public_key_openssh
+}
+
+# Saving Key Pair for ssh login for Client if needed
+resource "local_file" "ssh_key" {
+  filename = "${aws_key_pair.ec2_key_pair.key_name}.pem"
+  content  = tls_private_key.instance_key_pair.private_key_pem
+}

terraform/account-wide-infrastructure/modules/ec2/userdata.txt

@@ -0,0 +1,4 @@
+<powershell>
+Start-Service AmazonSSMAgent
+</powershell>
+<persist>true</persist>

terraform/account-wide-infrastructure/modules/ec2/vars.tf

@@ -0,0 +1,16 @@
+variable "aws_region" {
+  description = "Default region where to deploy resources"
+  type        = string
+}
+
+## Account
+variable "account_name" {
+  description = "Account where to deploy VPC"
+  type        = string
+}
+
+## Account
+variable "db_sg_name" {
+  description = "Name of edeal security group"
+  type        = string
+}