consolidate ssm stuff

Author: jbartus

nbc.tf

@@ -16,34 +16,14 @@ resource "aws_vpc_security_group_ingress_rule" "nbc_allow_https_in" {
   ip_protocol       = "tcp"
 }
 
-resource "aws_iam_role" "nbc_instance_role" {
-  assume_role_policy = jsonencode({
-    Version = "2012-10-17"
-    Statement = [{
-      Action    = "sts:AssumeRole"
-      Principal = { Service = "ec2.amazonaws.com" }
-      Effect    = "Allow"
-    }]
-  })
-}
-
-resource "aws_iam_role_policy_attachment" "nbc_ssm_policy_attachment" {
-  role       = aws_iam_role.nbc_instance_role.name
-  policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
-}
-
-resource "aws_iam_instance_profile" "nbc_instance_profile" {
-  role = aws_iam_role.nbc_instance_role.name
-}
-
 resource "aws_instance" "nbc_instance" {
   ami                         = data.aws_ssm_parameter.al2023_ami_arm64.value
   instance_type               = "t4g.xlarge"
   subnet_id                   = module.vpc.public_subnets[0]
   vpc_security_group_ids      = [aws_security_group.nbc.id]
   user_data                   = file("${path.module}/nbc.sh")
   associate_public_ip_address = true
-  iam_instance_profile        = aws_iam_instance_profile.nbc_instance_profile.name
+  iam_instance_profile        = aws_iam_instance_profile.ssm_instance_profile.name
 }
 
 output "nbc_ssm_command" {

nbe.tf

@@ -32,26 +32,6 @@ resource "aws_vpc_security_group_ingress_rule" "nbe_allow_30k_in" {
   ip_protocol       = "tcp"
 }
 
-resource "aws_iam_role" "nbe_instance_role" {
-  assume_role_policy = jsonencode({
-    Version = "2012-10-17"
-    Statement = [{
-      Action    = "sts:AssumeRole"
-      Principal = { Service = "ec2.amazonaws.com" }
-      Effect    = "Allow"
-    }]
-  })
-}
-
-resource "aws_iam_role_policy_attachment" "nbe_ssm_policy_attachment" {
-  role       = aws_iam_role.nbe_instance_role.name
-  policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
-}
-
-resource "aws_iam_instance_profile" "nbe_instance_profile" {
-  role = aws_iam_role.nbe_instance_role.name
-}
-
 resource "aws_instance" "nbe_instance" {
   ami                    = data.aws_ssm_parameter.al2023_ami_x86-64.value
   instance_type          = "m7i.2xlarge"
@@ -65,7 +45,7 @@ resource "aws_instance" "nbe_instance" {
     })
   })
   associate_public_ip_address = true
-  iam_instance_profile        = aws_iam_instance_profile.nbe_instance_profile.name
+  iam_instance_profile        = aws_iam_instance_profile.ssm_instance_profile.name
 
   root_block_device {
     volume_size = 100

orb.tf

@@ -8,26 +8,6 @@ resource "aws_vpc_security_group_egress_rule" "orb_allow_all_out" {
   ip_protocol       = "-1"
 }
 
-resource "aws_iam_role" "orb_instance_role" {
-  assume_role_policy = jsonencode({
-    Version = "2012-10-17"
-    Statement = [{
-      Action    = "sts:AssumeRole"
-      Principal = { Service = "ec2.amazonaws.com" }
-      Effect    = "Allow"
-    }]
-  })
-}
-
-resource "aws_iam_role_policy_attachment" "orb_ssm_policy_attachment" {
-  role       = aws_iam_role.orb_instance_role.name
-  policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
-}
-
-resource "aws_iam_instance_profile" "orb_instance_profile" {
-  role = aws_iam_role.orb_instance_role.name
-}
-
 resource "aws_instance" "orb_instance" {
   ami                    = data.aws_ssm_parameter.al2023_ami_arm64.value
   instance_type          = "t4g.large"
@@ -40,7 +20,7 @@ resource "aws_instance" "orb_instance" {
     })
   })
   associate_public_ip_address = true
-  iam_instance_profile        = aws_iam_instance_profile.orb_instance_profile.name
+  iam_instance_profile        = aws_iam_instance_profile.ssm_instance_profile.name
 }
 
 output "orb_ssm_command" {

ssm.tf

@@ -0,0 +1,19 @@
+resource "aws_iam_role" "ssm_instance_role" {
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [{
+      Action    = "sts:AssumeRole"
+      Principal = { Service = "ec2.amazonaws.com" }
+      Effect    = "Allow"
+    }]
+  })
+}
+
+resource "aws_iam_role_policy_attachment" "ssm_policy_attachment" {
+  role       = aws_iam_role.ssm_instance_role.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+}
+
+resource "aws_iam_instance_profile" "ssm_instance_profile" {
+  role = aws_iam_role.ssm_instance_role.name
+}