skip: fix ec2 auto-test

epam · Jul 4, 2024 · 9248881 · 9248881
1 parent 91a090b
commit 9248881
Show file tree

Hide file tree

Showing 15 changed files with 107 additions and 76 deletions.
diff --git a/auto_policy_testing/green/ec2/ec2.tf b/auto_policy_testing/green/ec2/ec2.tf
@@ -1,15 +1,14 @@
-resource "aws_instance" "this" {
-  ami                  = data.aws_ami.this.id
-  instance_type        = "t2.micro"
-  disable_api_termination = true
-  iam_instance_profile = aws_iam_instance_profile.this.name
-  monitoring           = true
-  subnet_id     = data.terraform_remote_state.common.outputs.vpc_subnet_private_1_id
-  associate_public_ip_address = false
-
+resource "aws_instance" "this1" {
+  ami                         = data.aws_ami.this.id
+  instance_type               = "t2.micro"
+  disable_api_termination     = true
+  iam_instance_profile        = aws_iam_instance_profile.this.name
+  monitoring                  = true
+  subnet_id                   = data.terraform_remote_state.common.outputs.vpc_subnet_1_id
+
   metadata_options {
-    http_endpoint = "enabled"
-    http_tokens   = "required"
+    http_endpoint               = "enabled"
+    http_tokens                 = "required"
     http_put_response_hop_limit = 1
   }
 
@@ -24,16 +23,23 @@ resource "aws_instance" "this" {
   }
 }
 
+resource "aws_instance" "this2" {
+  ami                         = data.aws_ami.this.id
+  instance_type               = "t2.micro"
+  iam_instance_profile        = aws_iam_instance_profile.this.name
+  subnet_id                   = data.terraform_remote_state.common.outputs.vpc_subnet_private_1_id
+  associate_public_ip_address = false
+}
 
 resource "null_resource" "this1" {
   triggers = {
-    instance = aws_instance.this.id
+    instance = aws_instance.this1.id
   }
 
   provisioner "local-exec" {
     when    = destroy
     command = "aws ec2 modify-instance-attribute --instance-id  ${self.triggers.instance} --no-disable-api-termination"
   }
 
-  depends_on = [aws_instance.this]
+  depends_on = [aws_instance.this1]
 }
diff --git a/auto_policy_testing/green/ec2/iam.tf b/auto_policy_testing/green/ec2/iam.tf
@@ -1,5 +1,5 @@
 resource "aws_iam_role" "this" {
-  name = "${module.naming.resource_prefix.iam_role}"
+  name = module.naming.resource_prefix.iam_role
 
   assume_role_policy = <<EOF
 {
@@ -18,7 +18,7 @@ EOF
 }
 
 resource "aws_iam_instance_profile" "this" {
-  name = "${module.naming.resource_prefix.ec2}"
+  name = module.naming.resource_prefix.ec2
   role = aws_iam_role.this.name
 }
 

diff --git a/auto_policy_testing/green/ec2/main.tf b/auto_policy_testing/green/ec2/main.tf
@@ -9,7 +9,7 @@ data "terraform_remote_state" "common" {
 
   config = {
     bucket = var.remote_state_bucket
-    key = var.remote_state_key
+    key    = var.remote_state_key
     region = var.remote_state_region
   }
 }
diff --git a/auto_policy_testing/green/ec2/outputs.tf b/auto_policy_testing/green/ec2/outputs.tf
@@ -1,5 +1,6 @@
 output "ec2" {
   value = {
-    ec2 = aws_instance.this.id
+    ec2 = aws_instance.this1.id
+    ecc-aws-186-ec2_instance_no_public_ip = aws_instance.this2.id
   }
 }
diff --git a/auto_policy_testing/green/ec2/provider.tf b/auto_policy_testing/green/ec2/provider.tf
@@ -6,7 +6,7 @@ terraform {
     }
   }
 
-   backend "s3" {
+  backend "s3" {
     bucket = ""
     key    = ""
     region = ""

diff --git a/auto_policy_testing/green/ec2/ssm.tf b/auto_policy_testing/green/ec2/ssm.tf
@@ -43,29 +43,29 @@ resource "aws_ssm_patch_baseline" "this" {
 
 resource "aws_ssm_patch_group" "this" {
   baseline_id = aws_ssm_patch_baseline.this.id
-  patch_group = "${module.naming.resource_prefix.ec2}"
+  patch_group = "${module.naming.resource_prefix.ec2}-patch-group"
 }
 
 resource "aws_ssm_maintenance_window" "this" {
-  name     = "${module.naming.resource_prefix.ec2}"
+  name     = module.naming.resource_prefix.ec2
   schedule = "rate(5 minutes)"
   duration = 3
   cutoff   = 1
 }
 
 resource "aws_ssm_maintenance_window_target" "this" {
   window_id     = aws_ssm_maintenance_window.this.id
-  name          = "${module.naming.resource_prefix.ec2}"
+  name          = module.naming.resource_prefix.ec2
   resource_type = "INSTANCE"
 
   targets {
     key    = "InstanceIds"
-    values = [aws_instance.this.id]
+    values = [aws_instance.this1.id]
   }
 }
 
 resource "aws_ssm_maintenance_window_task" "this" {
-  name             = "${module.naming.resource_prefix.ec2}"
+  name             = module.naming.resource_prefix.ec2
   max_concurrency  = 2
   max_errors       = 1
   priority         = 1
@@ -76,7 +76,7 @@ resource "aws_ssm_maintenance_window_task" "this" {
 
   targets {
     key    = "InstanceIds"
-    values = [aws_instance.this.id]
+    values = [aws_instance.this1.id]
   }
 
   task_invocation_parameters {
@@ -91,15 +91,15 @@ resource "aws_ssm_maintenance_window_task" "this" {
 
 resource "aws_ssm_association" "this" {
   name                = "AWS-UpdateSSMAgent"
-  association_name    = "${module.naming.resource_prefix.ec2}"
+  association_name    = module.naming.resource_prefix.ec2
   compliance_severity = "MEDIUM"
   schedule_expression = "rate(30 minutes)"
 
   targets {
     key    = "InstanceIds"
-    values = [aws_instance.this.id]
+    values = [aws_instance.this1.id]
   }
 
-  depends_on = [aws_instance.this]
+  depends_on = [aws_instance.this1]
 }
 
diff --git a/auto_policy_testing/green/ec2/variables.tf b/auto_policy_testing/green/ec2/variables.tf
@@ -11,9 +11,9 @@ variable "remote_state_region" {
 }
 
 variable "remote_state_bucket" {
-  type        = string
+  type = string
 }
 
 variable "remote_state_key" {
-  type        = string
+  type = string
 }
diff --git a/auto_policy_testing/green/ec2/vpc.tf b/auto_policy_testing/green/ec2/vpc.tf
@@ -1,11 +1,11 @@
 resource "aws_security_group" "this" {
-  name   = "${module.naming.resource_prefix.security_group}"
+  name   = module.naming.resource_prefix.security_group
   vpc_id = data.terraform_remote_state.common.outputs.vpc_id
   ingress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    self = true
+    from_port = 0
+    to_port   = 0
+    protocol  = "-1"
+    self      = true
   }
   egress {
     from_port   = 0

diff --git a/auto_policy_testing/red/ec2/ec2.tf b/auto_policy_testing/red/ec2/ec2.tf
@@ -11,8 +11,8 @@ resource "aws_instance" "this1" {
 
   metadata_options {
     http_endpoint               = "enabled"
-    http_tokens = "optional"
-    http_put_response_hop_limit = 5 
+    http_tokens                 = "optional"
+    http_put_response_hop_limit = 5
   }
 
   root_block_device {
@@ -22,7 +22,7 @@ resource "aws_instance" "this1" {
 }
 
 resource "aws_network_interface" "this" {
-  subnet_id   = data.terraform_remote_state.common.outputs.vpc_subnet_1_id
+  subnet_id = data.terraform_remote_state.common.outputs.vpc_subnet_1_id
 
   attachment {
     instance     = aws_instance.this1.id
@@ -31,13 +31,14 @@ resource "aws_network_interface" "this" {
 }
 
 resource "aws_instance" "this2" {
-  ami           = data.aws_ami.this.id
-  instance_type = "t3.nano"
-  tenancy       = "dedicated"
+  ami                  = data.aws_ami.this.id
+  instance_type        = "t3.micro"
+  tenancy              = "dedicated"
   iam_instance_profile = aws_iam_instance_profile.this.name
 
   tags = {
     Name          = "${module.naming.resource_prefix.ec2}-2"
     "Patch Group" = "${module.naming.resource_prefix.ec2}-patch-group"
   }
 }
+
diff --git a/auto_policy_testing/red/ec2/iam.tf b/auto_policy_testing/red/ec2/iam.tf
@@ -1,5 +1,5 @@
 resource "aws_iam_role" "this" {
-  name = "${module.naming.resource_prefix.iam_role}"
+  name = module.naming.resource_prefix.iam_role
 
   assume_role_policy = <<EOF
 {
@@ -18,7 +18,7 @@ EOF
 }
 
 resource "aws_iam_instance_profile" "this" {
-  name = "${module.naming.resource_prefix.ec2}"
+  name = module.naming.resource_prefix.ec2
   role = aws_iam_role.this.name
 }
 

diff --git a/auto_policy_testing/red/ec2/outputs.tf b/auto_policy_testing/red/ec2/outputs.tf
@@ -1,7 +1,8 @@
 output "ec2" {
   value = {
-    ec2 = aws_instance.this1.id
-    ecc-aws-091-ec2_managed_ssm_patch_compliance = aws_instance.this2.id
-    ecc-aws-576-ec2_instance_dedicated_tenancy = aws_instance.this2.id
+    ec2                                                                  = aws_instance.this1.id
+    ecc-aws-091-ec2_managed_ssm_patch_compliance                         = aws_instance.this2.id
+    ecc-aws-223-ec2_managed_instance_association_compliance_status_check = aws_instance.this2.id
+    ecc-aws-576-ec2_instance_dedicated_tenancy                           = aws_instance.this2.id
   }
 }
diff --git a/auto_policy_testing/red/ec2/ssm.tf b/auto_policy_testing/red/ec2/ssm.tf
@@ -1,7 +1,6 @@
 
 resource "aws_ssm_patch_baseline" "this" {
-  name                                 = "${module.naming.resource_prefix.ec2}"
-  description                          = "Patch Baseline Description 091 red"
+  name                                 = module.naming.resource_prefix.ec2
   operating_system                     = "AMAZON_LINUX_2"
   approved_patches_enable_non_security = true
   rejected_patches                     = ["amazon-ssm-agent"]
@@ -45,19 +44,19 @@ resource "aws_ssm_patch_baseline" "this" {
 
 resource "aws_ssm_patch_group" "this" {
   baseline_id = aws_ssm_patch_baseline.this.id
-  patch_group = "Patch_Group_091_red"
+  patch_group = "${module.naming.resource_prefix.ec2}-patch-group"
 }
 
 resource "aws_ssm_maintenance_window" "this" {
-  name     = "${module.naming.resource_prefix.ec2}"
+  name     = module.naming.resource_prefix.ec2
   schedule = "rate(5 minutes)"
   duration = 3
   cutoff   = 1
 }
 
 resource "aws_ssm_maintenance_window_target" "this" {
   window_id     = aws_ssm_maintenance_window.this.id
-  name          = "${module.naming.resource_prefix.ec2}"
+  name          = module.naming.resource_prefix.ec2
   resource_type = "INSTANCE"
 
   targets {
@@ -67,7 +66,7 @@ resource "aws_ssm_maintenance_window_target" "this" {
 }
 
 resource "aws_ssm_maintenance_window_task" "this" {
-  name             = "${module.naming.resource_prefix.ec2}"
+  name             = module.naming.resource_prefix.ec2
   max_concurrency  = 2
   max_errors       = 1
   priority         = 1
@@ -97,14 +96,14 @@ resource "aws_ssm_maintenance_window_task" "this" {
 
 resource "aws_ssm_association" "this" {
   name                = "AWS-ConfigureAWSPackage"
-  association_name    = "${module.naming.resource_prefix.ec2}"
+  association_name    = module.naming.resource_prefix.ec2
   compliance_severity = "MEDIUM"
   schedule_expression = "rate(30 minutes)"
 
   parameters = {
-    action = "Install"
+    action           = "Install"
     installationType = "In-place update"
-    name = "AmazonCloudWatchAgent"
+    name             = "AmazonCloudWatchAgent"
   }
 
   targets {

diff --git a/auto_policy_testing/red/ec2/vpc.tf b/auto_policy_testing/red/ec2/vpc.tf
@@ -1,11 +1,11 @@
 resource "aws_security_group" "this" {
-  name   = "${module.naming.resource_prefix.security_group}"
+  name   = module.naming.resource_prefix.security_group
   vpc_id = data.terraform_remote_state.common.outputs.vpc_id
   ingress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    self = true
+    from_port = 0
+    to_port   = 0
+    protocol  = "-1"
+    self      = true
   }
   egress {
     from_port   = 0