NRL-1385 create ec2 instance

Author: jackleary

terraform/account-wide-infrastructure/modules/ec2/data.tf

@@ -1,53 +1,8 @@
-# Initial AMI to use
-data "aws_ami" "windows" {
+data "aws_ami" "windows-2019" {
   most_recent = true
+  owners      = ["amazon"]
   filter {
     name   = "name"
-    values = ["Windows_Server-2022-English-Full-Base-*"]
+    values = ["Windows_Server-2019-English-Full-Base*"]
   }
-  filter {
-    name   = "virtualization-type"
-    values = ["hvm"]
-  }
-  owners = ["801119661308"] # Canonical
-}
-
-# AMI to use
-data "aws_ami" "final" {
-  most_recent = true
-  filter {
-    name   = "name"
-    values = ["PowerBI-On-Premise-Gateway"]
-  }
-  filter {
-    name   = "virtualization-type"
-    values = ["hvm"]
-  }
-  owners = ["self"]
-}
-
-# Subnets
-data "aws_subnets" "subnets" {
-  filter {
-    name   = "tag:Type"
-    values = ["private"]
-  }
-}
-
-# VPC
-data "aws_vpc" "account_vpc" {
-  filter {
-    name   = "tag:Name"
-    values = [var.account_name]
-  }
-}
-
-# Security group of db
-data "aws_security_group" "db_sg" {
-  filter {
-    name   = "group-name"
-    values = [var.db_sg_name]
-  }
-
-  vpc_id = data.aws_vpc.account_vpc.id
 }

terraform/account-wide-infrastructure/modules/ec2/ec2.tf

@@ -1,133 +1,11 @@
-module "autoscaling" {
-  source  = "registry.terraform.io/terraform-aws-modules/autoscaling/aws"
-  version = "6.5.2"
+# Create the Linux EC2 Web server
+resource "aws_instance" "web" {
+  ami             = data.aws_ami.windows-2019.id
+  instance_type   = var.instance_type
+  key_name        = var.instance_key
+  subnet_id       = var.subnet_id
+  security_groups = var.security_groups
 
-  name = "PowerBI-On-Premise-Gateway"
+  user_data = file("./modules/web/userdata.tpl")
 
-  min_size         = 0
-  max_size         = 1
-  desired_capacity = 1
-
-  # Autoscaling Schedule
-  schedules = {
-    morning_start = {
-      min_size         = -1
-      max_size         = -1
-      desired_capacity = 1
-      recurrence       = "50 5 * * 0-6"
-      time_zone        = "Europe/Paris"
-    }
-
-    morning_stop = {
-      min_size         = -1
-      max_size         = -1
-      desired_capacity = 0
-      recurrence       = "30 6 * * 0-6"
-      time_zone        = "Europe/Paris"
-    }
-
-    noon_start = {
-      min_size         = -1
-      max_size         = -1
-      desired_capacity = 1
-      recurrence       = "50 11 * * 0-6"
-      time_zone        = "Europe/Paris"
-    }
-
-    noon_stop = {
-      min_size         = -1
-      max_size         = -1
-      desired_capacity = 0
-      recurrence       = "30 12 * * 0-6"
-      time_zone        = "Europe/Paris"
-    }
-
-    evening_start = {
-      min_size         = -1
-      max_size         = -1
-      desired_capacity = 1
-      recurrence       = "50 17 * * 0-6"
-      time_zone        = "Europe/Paris"
-    }
-
-    evening_stop = {
-      min_size         = -1
-      max_size         = -1
-      desired_capacity = 0
-      recurrence       = "30 18 * * 0-6"
-      time_zone        = "Europe/Paris"
-    }
-  }
-
-  wait_for_capacity_timeout = 0
-  health_check_type         = "EC2"
-  health_check_grace_period = 300
-  enable_monitoring         = false
-
-  #image_id                = data.aws_ami.windows.id  // Phase 2 : we let the Auto Scaling Group use the AMI we've juste created.
-  image_id                = data.aws_ami.final.id
-  launch_template_version = "$Latest"
-  instance_type           = "m5a.large"
-
-  instance_market_options = {
-    market_type = "spot"
-  }
-
-  # Refresh instances when redeploying
-  instance_refresh = {
-    strategy = "Rolling"
-    triggers = ["tag"]
-  }
-
-  # Assign a role to the instance
-  create_iam_instance_profile = true
-  iam_role_name               = "powerbi-gateway-role"
-  iam_role_description        = "Allow the Power BI Gateway to be managed by"
-  iam_role_policies = {
-    AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
-  }
-  key_name = aws_key_pair.ec2_key_pair.key_name
-
-  vpc_zone_identifier = data.aws_subnets.subnets.ids
-
-  security_groups = [module.security-group-outbound.security_group_id]
-
-  user_data              = filebase64("./userdata.txt")
-  update_default_version = true
-}
-
-############################
-# Add rule to db managed group
-############################
-# module "upgrade_db_sg" {
-#   source  = "registry.terraform.io/terraform-aws-modules/security-group/aws"
-#   version = "4.13.1"
-
-#   create_sg         = false
-#   security_group_id = data.aws_security_group.db_sg.id
-#   ingress_with_source_security_group_id = [
-#     {
-#       description              = "Allow incoming connections from Power BI Gateway"
-#       rule                     = "postgresql-tcp"
-#       source_security_group_id = module.security-group-outbound.security_group_id
-#     },
-#   ]
-# }
-
-############################
-# Key pair for RDP access
-############################
-resource "tls_private_key" "instance_key_pair" {
-  algorithm = "RSA"
-}
-
-resource "aws_key_pair" "ec2_key_pair" {
-  key_name   = "PowerBI-GateWay-Key"
-  public_key = tls_private_key.instance_key_pair.public_key_openssh
-}
-
-# Saving Key Pair for ssh login for Client if needed
-resource "local_file" "ssh_key" {
-  filename = "${aws_key_pair.ec2_key_pair.key_name}.pem"
-  content  = tls_private_key.instance_key_pair.private_key_pem
 }

terraform/account-wide-infrastructure/modules/ec2/outputs.tf

@@ -0,0 +1,7 @@
+output "instance_id" {
+  value = aws_instance.web.id
+}
+
+output "public_ip" {
+  value = aws_instance.web.public_ip
+}

terraform/account-wide-infrastructure/modules/ec2/scripts/gateway_install.ps1

@@ -0,0 +1,49 @@
+# Requires Module -Name DataGateway
+
+# Check if the required module is installed
+try {
+    Import-Module DataGateway
+}
+catch {
+    Write-Warning "The DataGateway module is not installed. Please install it first using Install-Module -Name DataGateway."
+    return
+}
+
+# Replace with your desired values
+$GatewayName = "MyGatewayCluster"
+$GatewayMemberName = "MyGatewayMember"
+$GatewayAdminUser = "[email protected]" # Optional, replace with user's email
+
+# 1. Add a new gateway cluster
+Write-Host "Adding a new gateway cluster..."
+try {
+    Add-DataGatewayCluster -Name $GatewayName -OverwriteExistingGateway
+}
+catch {
+    Write-Error "Error adding gateway cluster: $($_.Exception.Message)"
+    return
+}
+
+# 2. Add a member to the gateway cluster
+Write-Host "Adding a gateway member to the cluster..."
+try {
+    Add-DataGatewayClusterMember -ClusterId $GatewayName -Name $GatewayMemberName -OverwriteExistingGateway
+}
+catch {
+    Write-Error "Error adding gateway member: $($_.Exception.Message)"
+    return
+}
+
+# 3. (Optional) Add users as gateway administrators
+if ($GatewayAdminUser) {
+    Write-Host "Adding user as a gateway administrator..."
+    try {
+        Add-DataGatewayClusterUser -ClusterId $GatewayName -UserEmail $GatewayAdminUser -Permission "Admin"
+    }
+    catch {
+        Write-Error "Error adding gateway admin: $($_.Exception.Message)"
+        return
+    }
+}
+
+Write-Host "Gateway cluster and member added successfully."

terraform/account-wide-infrastructure/modules/ec2/scripts/user_data.tpl

@@ -0,0 +1,25 @@
+
+
+<powershell>
+Install-WindowsFeature -name Web-Server -IncludeManagementTools
+
+$instanceId   = (Invoke-WebRequest -Uri  http://169.254.169.254/latest/meta-data/instance-id -UseBasicParsing).content
+$instanceAZ   = (Invoke-WebRequest -Uri  http://169.254.169.254/latest/meta-data/placement/availability-zone -UseBasicParsing).content
+$pubHostName  = (Invoke-WebRequest -Uri  http://169.254.169.254/latest/meta-data/public-hostname -UseBasicParsing).content
+$pubIPv4      = (Invoke-WebRequest -Uri  http://169.254.169.254/latest/meta-data/public-ipv4 -UseBasicParsing).content
+$privHostName = (Invoke-WebRequest -Uri  http://169.254.169.254/latest/meta-data/local-hostname -UseBasicParsing).content
+$privIPv4     = (Invoke-WebRequest -Uri  http://169.254.169.254/latest/meta-data/local-ipv4 -UseBasicParsing).content
+
+New-Item -Path C:\inetpub\wwwroot\index.html -ItemType File -Force
+Add-Content -Path C:\inetpub\wwwroot\index.html "<font face = "Verdana" size = "5">"
+Add-Content -Path C:\inetpub\wwwroot\index.html "<center><h1>AWS Windows VM Deployed with Terraform</h1></center>"
+Add-Content -Path C:\inetpub\wwwroot\index.html "<center> <b>EC2 Instance Metadata</b> </center>"
+Add-Content -Path C:\inetpub\wwwroot\index.html "<center> <b>Instance ID:</b> $instanceId </center>"
+Add-Content -Path C:\inetpub\wwwroot\index.html "<center> <b>AWS Availablity Zone:</b> $instanceAZ </center>"
+Add-Content -Path C:\inetpub\wwwroot\index.html "<center> <b>Public Hostname:</b> $pubHostName </center>"
+Add-Content -Path C:\inetpub\wwwroot\index.html "<center> <b>Public IPv4:</b> $pubIPv4 </center>"
+Add-Content -Path C:\inetpub\wwwroot\index.html "<center> <b>Private Hostname:</b> $privHostName </center>"
+Add-Content -Path C:\inetpub\wwwroot\index.html "<center> <b>Private IPv4:</b> $privIPv4 </center>"
+Add-Content -Path C:\inetpub\wwwroot\index.html "</font>"
+
+</powershell>

terraform/account-wide-infrastructure/modules/ec2/userdata.txt

@@ -1,16 +1,9 @@
-variable "aws_region" {
-  description = "Default region where to deploy resources"
-  type        = string
-}
-
-## Account
-variable "account_name" {
-  description = "Account where to deploy VPC"
-  type        = string
-}
-
-## Account
-variable "db_sg_name" {
-  description = "Name of edeal security group"
+variable "name_prefix" {
   type        = string
+  description = "The prefix to apply to all resources in the module."
 }
+variable "common_tags" {}
+variable "instance_type" {}
+variable "instance_key" {}
+variable "security_groups" {}
+variable "subnet_id" {}