xpk/terraform.examples
SHA256
1
0
Fork 0
Code Pull Requests Activity

feat: new module ec2-instance-scheduler-sfn

Browse Source
This commit is contained in:
xpk
2026-03-20 20:56:22 +08:00
parent 5e8df07654
commit b74aeac165
3 changed files with 282 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/compute/ec2-instance-scheduler-sfn/README.md
+52
View File
@@ -0,0 +1,52 @@
<!-- This readme file is generated with terraform-docs -->
# ec2-instance-scheduler-sfn
This module start or stop ec2 instances using step function.
Schedules are made with Event Scheduler
## Requirements
No requirements.
## Providers
| Name | Version |
|------|---------|
| aws | n/a |
| random | n/a |
## Modules
| Name | Source | Version |
|------|--------|---------|
| EventSchedulerRole | ../../../whk1-bea-sys-ss-dev-codecommit-sharedmodules/SecurityIdentityCompliance/iam-role-v2 | n/a |
| StepFunctionRole | ../../../whk1-bea-sys-ss-dev-codecommit-sharedmodules/SecurityIdentityCompliance/iam-role-v2 | n/a |
## Resources
| Name | Type |
|------|------|
| [aws_cloudwatch_log_group.Ec2Scheduler](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
| [aws_scheduler_schedule.StartInstances](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/scheduler_schedule) | resource |
| [aws_scheduler_schedule.StopInstances](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/scheduler_schedule) | resource |
| [aws_sfn_state_machine.Ec2Scheduler](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sfn_state_machine) | resource |
| [random_id.rid](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| cloudwatchlog-retention | Cloudwatch log retention days | `number` | `30` | no |
| instance-ids | Instances to be automatically started/stopped on schedule | `list(string)` | n/a | yes |
| instance-start-cron-expression | Cron expression for instance start schedule | `string` | n/a | yes |
| instance-stop-cron-expression | Cron expression for instance stop schedule | `string` | n/a | yes |
| kms-key-id | CMK id for cloudwatchlog encryption | `string` | n/a | yes |
| scheduler-timezone | Timezone of event scheduler | `string` | `"Asia/Hong_Kong"` | no |
## Outputs
No outputs.
---
## Authorship
This module was developed by xpk.
modules/compute/ec2-instance-scheduler-sfn/main.tf
+194
View File
@@ -0,0 +1,194 @@
/**
* # ec2-instance-scheduler-sfn
*
* This module start or stop ec2 instances using step function.
* Schedules are made with Event Scheduler
*/
resource "random_id" "rid" {
byte_length = 3
}
module "StepFunctionRole" {
source = "../../../whk1-bea-sys-ss-dev-codecommit-sharedmodules/SecurityIdentityCompliance/iam-role-v2"
role-name = "InstanceStartStopScheduler-StepFunction-${random_id.rid.dec}"
description = "Step function role for starting or stopping ec2 instances"
trusted-entity = "states.amazonaws.com"
policies = {
"InstanceStartStop0-${random_id.rid.dec}" = {
description = "Allow starting or stopping of ec2 instances and logging"
policy = jsonencode(
{
Version = "2012-10-17"
Statement = [
{
Effect = "Allow"
Action = [
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:DescribeInstances"
]
Resource = "arn:aws:ec2:*:*:instance/*"
},
{
Effect = "Allow",
Action = [
"logs:CreateLogDelivery",
"logs:CreateLogStream",
"logs:GetLogDelivery",
"logs:UpdateLogDelivery",
"logs:ListLogDeliveries",
"logs:PutLogEvents",
"logs:PutResourcePolicy",
"logs:DescribeResourcePolicies",
"logs:DescribeLogGroups"
]
"Resource" : "*"
}
]
}
)
}
}
}
module "EventSchedulerRole" {
source = "../../../whk1-bea-sys-ss-dev-codecommit-sharedmodules/SecurityIdentityCompliance/iam-role-v2"
role-name = "InstanceStartStopScheduler-EventScheduler-${random_id.rid.dec}"
description = "Event scheduler role for invoking step function"
trusted-entity = "scheduler.amazonaws.com"
policies = {
ExecuteStepFunction = {
description = "Allow execution of step function"
policy = jsonencode(
{
Version = "2012-10-17"
Statement = [{
Action = "states:StartExecution"
Effect = "Allow"
Resource = aws_sfn_state_machine.Ec2Scheduler.arn
}]
}
)
}
}
}
resource "aws_cloudwatch_log_group" "Ec2Scheduler" {
name = "/aws/sfn/Ec2InstanceScheduler-${random_id.rid.dec}"
retention_in_days = var.cloudwatchlog-retention
kms_key_id = var.kms-key-id
}
resource "aws_sfn_state_machine" "Ec2Scheduler" {
name = "Ec2InstanceScheduler-${random_id.rid.dec}"
role_arn = module.StepFunctionRole.role-arn
type = "STANDARD"
logging_configuration {
log_destination = "${aws_cloudwatch_log_group.Ec2Scheduler.arn}:*"
include_execution_data = true
level = "ALL"
}
definition = jsonencode({
"StartAt" : "DetermineAction",
"States" : {
"DetermineAction" : {
"Type" : "Choice",
"Choices" : [
{
"Variable" : "$.action",
"StringEquals" : "START",
"Next" : "StartEC2Instances"
},
{
"Variable" : "$.action",
"StringEquals" : "STOP",
"Next" : "StopEC2Instances"
}
],
"Default" : "InvalidAction"
},
"StartEC2Instances" : {
"Type" : "Task",
"Resource" : "arn:aws:states:::aws-sdk:ec2:startInstances",
"Parameters" : {
"InstanceIds.$" : "$.instanceIds"
},
"End" : true
},
"StopEC2Instances" : {
"Type" : "Task",
"Resource" : "arn:aws:states:::aws-sdk:ec2:stopInstances",
"Parameters" : {
"InstanceIds.$" : "$.instanceIds"
},
"End" : true
},
"InvalidAction" : {
"Type" : "Fail",
"Error" : "ActionError",
"Cause" : "The action provided must be either START or STOP."
}
}
})
}
resource "aws_scheduler_schedule" "StartInstances" {
name = "start-ec2-${random_id.rid.dec}"
group_name = "default"
description = "Start ec2 instances"
flexible_time_window {
mode = "OFF"
}
schedule_expression = var.instance-start-cron-expression
schedule_expression_timezone = var.scheduler-timezone
target {
arn = aws_sfn_state_machine.Ec2Scheduler.arn
role_arn = module.EventSchedulerRole.role-arn
input = jsonencode({
action = "START"
instanceIds = var.instance-ids
})
retry_policy {
maximum_retry_attempts = 0
}
}
}
resource "aws_scheduler_schedule" "StopInstances" {
name = "stop-ec2-${random_id.rid.dec}"
group_name = "default"
description = "Stop ec2 instances"
flexible_time_window {
mode = "OFF"
}
schedule_expression = var.instance-stop-cron-expression
schedule_expression_timezone = var.scheduler-timezone
target {
arn = aws_sfn_state_machine.Ec2Scheduler.arn
role_arn = module.EventSchedulerRole.role-arn
input = jsonencode({
action = "STOP"
instanceIds = var.instance-ids
})
retry_policy {
maximum_retry_attempts = 0
}
}
}
modules/compute/ec2-instance-scheduler-sfn/variables.tf
+36
View File
@@ -0,0 +1,36 @@
variable "instance-start-cron-expression" {
type = string
description = "Cron expression for instance start schedule"
}
variable "instance-stop-cron-expression" {
type = string
description = "Cron expression for instance stop schedule"
}
variable "instance-ids" {
type = list(string)
description = "Instances to be automatically started/stopped on schedule"
}
# variable "description" {
# type = string
# description = "A description of instances to be started/stopped on schedule"
# }
variable "cloudwatchlog-retention" {
type = number
description = "Cloudwatch log retention days"
default = 30
}
variable "kms-key-id" {
type = string
description = "CMK id for cloudwatchlog encryption"
}
variable "scheduler-timezone" {
type = string
default = "Asia/Hong_Kong"
description = "Timezone of event scheduler"
}