initial commit

2026-02-13 15:44:24 +08:00
parent 66be8224f4
commit 09ce4c881a
570 changed files with 61807 additions and 0 deletions
@@ -0,0 +1,80 @@
+# SSM run command
+#resource "aws_ssm_document" "this" {
+#  name          = replace(title(var.description), " ", "")
+#  document_type = "Command"
+#  target_type   = "/AWS::EC2::Instance"
+#  content = jsonencode(
+#    {
+#      "schemaVersion" : "2.2",
+#      "description" : "Run script for ${var.description}",
+#      "parameters" : {
+#      },
+#      "mainSteps" : [
+#        {
+#          "action" : "aws:runShellScript",
+#          "name" : "RunShellScript",
+#          "inputs" : {
+#            "runCommand" : var.shell-script-path
+#          }
+#        }
+#      ]
+#    }
+#  )
+#}
+
+resource "aws_ssm_maintenance_window" "this" {
+  name        = replace(title(var.description), " ", "")
+  description = var.description
+  schedule    = var.cron-expression
+  duration    = var.maintenance-window-duration
+  cutoff      = 1
+}
+
+resource "aws_ssm_maintenance_window_target" "this" {
+  window_id     = aws_ssm_maintenance_window.this.id
+  name          = replace(title(var.description), " ", "")
+  description   = var.description
+  resource_type = "INSTANCE"
+
+  targets {
+    key    = "InstanceIds"
+    values = [var.instance-id]
+  }
+}
+
+resource "aws_ssm_maintenance_window_task" "this" {
+  name            = replace(title(var.description), " ", "")
+  max_concurrency = 1
+  max_errors      = 1
+  priority        = 1
+  task_arn        = "AWS-RunShellScript"
+  task_type       = "RUN_COMMAND"
+  window_id       = aws_ssm_maintenance_window.this.id
+
+  targets {
+    key    = "InstanceIds"
+    values = [var.instance-id]
+  }
+
+  task_invocation_parameters {
+    run_command_parameters {
+      timeout_seconds = 60 # If this time is reached and the command has not already started executing, it doesn't run.
+
+      cloudwatch_config {
+        cloudwatch_log_group_name = aws_cloudwatch_log_group.this.name
+        cloudwatch_output_enabled = true
+      }
+
+      parameter {
+        name   = "commands"
+        values = [var.shell-script-path]
+      }
+    }
+  }
+}
+
+resource "aws_cloudwatch_log_group" "this" {
+  name              = "/aws/ssm-maintenance/${replace(title(var.description), " ", "")}"
+  retention_in_days = var.cloudwatch-log-retention-days
+  log_group_class   = "STANDARD" # infrequent access logs can only be viewed via insight
+}