diff --git a/LocalStack/Automation/LabStepFunctions/main.tf b/LocalStack/Automation/LabStepFunctions/main.tf new file mode 100644 index 0000000..9753799 --- /dev/null +++ b/LocalStack/Automation/LabStepFunctions/main.tf @@ -0,0 +1,44 @@ +module "sfn" { + source = "terraform-aws-modules/step-functions/aws" + version = "5.1.0" + + name = "example" + type = "standard" + definition = file("${path.module}/reboot-asg-instances.json") + publish = true + role_arn = module.sfn-role.role-arn + use_existing_role = true +} + +module "sfn-role" { + source = "../../../modules/security_identity_compliance/iam-role-v2" + role-name = "example-sfn-role" + path = "/Sfn/" + description = "Role for example step function" + trusted-entity = "states.amazonaws.com" + policies = { + example-sfn-policy = { + description = "XrayAccess" + policy = jsonencode( + { + "Version" : "2012-10-17", + "Statement" : [ + { + "Effect" : "Allow", + "Action" : [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + "xray:GetSamplingRules", + "xray:GetSamplingTargets" + ], + "Resource" : [ + "*" + ] + } + ] + } + ) + } + } +} + diff --git a/LocalStack/Automation/LabStepFunctions/provider.tf b/LocalStack/Automation/LabStepFunctions/provider.tf new file mode 100644 index 0000000..bebb056 --- /dev/null +++ b/LocalStack/Automation/LabStepFunctions/provider.tf @@ -0,0 +1,60 @@ +provider "aws" { + region = var.aws-region + + # localstack config + access_key = "test" + secret_key = "test" + skip_credentials_validation = true + skip_metadata_api_check = true + skip_requesting_account_id = true + + # localstack endpoints https://docs.localstack.cloud/aws/integrations/infrastructure-as-code/terraform/#:~:text=tflocal%20is%20a%20small%20wrapper,unmodified%20Terraform%20scripts%20against%20LocalStack. + endpoints { + apigateway = "http://192.168.86.96:4566" + apigatewayv2 = "http://192.168.86.96:4566" + cloudformation = "http://192.168.86.96:4566" + cloudwatch = "http://192.168.86.96:4566" + dynamodb = "http://192.168.86.96:4566" + ec2 = "http://192.168.86.96:4566" + es = "http://192.168.86.96:4566" + elasticache = "http://192.168.86.96:4566" + firehose = "http://192.168.86.96:4566" + iam = "http://192.168.86.96:4566" + kinesis = "http://192.168.86.96:4566" + kms = "http://192.168.86.96:4566" + lambda = "http://192.168.86.96:4566" + rds = "http://192.168.86.96:4566" + redshift = "http://192.168.86.96:4566" + route53 = "http://192.168.86.96:4566" + s3 = "http://192.168.86.96:4566" + secretsmanager = "http://192.168.86.96:4566" + ses = "http://192.168.86.96:4566" + sns = "http://192.168.86.96:4566" + sqs = "http://192.168.86.96:4566" + ssm = "http://192.168.86.96:4566" + stepfunctions = "http://192.168.86.96:4566" + sts = "http://192.168.86.96:4566" + } + + default_tags { + tags = { + Environment = var.environment + Project = var.project + Application = var.application + LocalStack = true + TerraformDir = join("/", reverse(slice(reverse(split("/", path.cwd)), 0, 2))) + } + } +} + +terraform { + required_version = ">= 1.11.0" + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 6.0" + } + } +} + +# data aws_caller_identity current {} \ No newline at end of file diff --git a/LocalStack/Automation/LabStepFunctions/reboot-asg-instances.json b/LocalStack/Automation/LabStepFunctions/reboot-asg-instances.json new file mode 100644 index 0000000..22020d0 --- /dev/null +++ b/LocalStack/Automation/LabStepFunctions/reboot-asg-instances.json @@ -0,0 +1,50 @@ +{ + "Comment": "Suspend ASG and reboot instances in the group", + "StartAt": "SetVariables", + "States": { + "SetVariables": { + "Type": "Pass", + "Result": { + "asgName": "acme-dev-web-asg" + }, + "ResultPath": "$.vars", + "Next": "SuspendProcesses" + }, + "SuspendProcesses": { + "Type": "Task", + "Parameters": { + "AutoScalingGroupName.$": "$.vars.asgName" + }, + "Resource": "arn:aws:states:::aws-sdk:autoscaling:suspendProcesses", + "ResultPath": "$.suspendResult", + "Next": "DescribeAutoScalingGroups" + }, + "DescribeAutoScalingGroups": { + "Type": "Task", + "Parameters": { + "AutoScalingGroupNames.$": "States.Array($.vars.asgName)", + "MaxRecords": 1 + }, + "Resource": "arn:aws:states:::aws-sdk:autoscaling:describeAutoScalingGroups", + "Next": "RebootInstances", + "ResultPath": "$.asgData" + }, + "RebootInstances": { + "Type": "Task", + "Parameters": { + "InstanceIds.$": "$.asgData.AutoScalingGroups[0].Instances[*].InstanceId" + }, + "Resource": "arn:aws:states:::aws-sdk:ec2:rebootInstances", + "ResultPath": "$.rebootResult", + "Next": "ResumeProcesses" + }, + "ResumeProcesses": { + "Type": "Task", + "Parameters": { + "AutoScalingGroupName.$": "$.vars.asgName" + }, + "Resource": "arn:aws:states:::aws-sdk:autoscaling:resumeProcesses", + "End": true + } + } +} diff --git a/LocalStack/Automation/LabStepFunctions/terraform.tfvars b/LocalStack/Automation/LabStepFunctions/terraform.tfvars new file mode 100644 index 0000000..1446415 --- /dev/null +++ b/LocalStack/Automation/LabStepFunctions/terraform.tfvars @@ -0,0 +1,4 @@ +application = "localstack" +environment = "locallab" +project = "iac" +aws-region = "us-east-1" \ No newline at end of file diff --git a/LocalStack/Automation/LabStepFunctions/variables.tf b/LocalStack/Automation/LabStepFunctions/variables.tf new file mode 100644 index 0000000..ddf3dac --- /dev/null +++ b/LocalStack/Automation/LabStepFunctions/variables.tf @@ -0,0 +1,4 @@ +variable "aws-region" {} +variable "environment" {} +variable "project" {} +variable "application" {} \ No newline at end of file diff --git a/LocalStack/README.md b/LocalStack/README.md index c8cfa23..baee416 100644 --- a/LocalStack/README.md +++ b/LocalStack/README.md @@ -15,7 +15,7 @@ or use community edition while it is still available docker run \ -e AWS_ACCESS_KEY_ID=test \ -e AWS_SECRET_ACCESS_KEY=test \ --e SERVICES="s3,iam,lambda,dynamodb,cloudwatch,rds,ec2,secretsmanager" \ +-e SERVICES="s3,iam,lambda,dynamodb,cloudwatch,rds,ec2,secretsmanager,stepfunctions" \ -e DEBUG=0 \ -d --rm --name localstack --network macvlan localstack/localstack localstack ```