ImageBuilder and Terraform - Handy Hints

-

This is for my benefit as much as anybody else, because it took me a while to figure things out:

Most of the time when you write for AWS ImageBuilder, the docs tell you to create separate YAML files containing your components.  That's fine, but what if you want to do dynamic substitutions on path and file names?  In that case you probably want to do the definition in the HCL language.  That is, within the actual Terraform code itself.

Using S3

One of the more fiddly bits is pulling things from S3 to install on your new instance.  You need to do two things:

  • Have an IAM policy which allows access; and
  • Write the component to do the job

Writing the IAM

Create a policy resource that looks something like this:

resource "aws_iam_policy" "s3_policy" {
    name = "s3-policy"
    policy = jsonencode(
      {
          Version = "2012-10-17"
          Statement = [
            {
              Effect = "Allow"
              Action = [
                "s3:ListBucket",
                "s3:GetObject",
                "s3:GetObjectAttributes"
              ]
              Resource = [
                "arn:aws:s3:::${var.code_bucket}"
              ]
            }
          ]
      }
    )
}
This is of course, the bare minimum but it gets the job done.  Now reference this from your role:

resource "aws_iam_role_policy_attachment" "attach" {
    role = aws_iam_role.role.name
    policy_arn = aws_iam_policy.s3_policy.arn
}

And pull stuff from S3

This is a little more complex example, but you're probably going to want to unpack the file, make it executable, etc:

resource "aws_imagebuilder_component" "load_code" {
  data = yamlencode(
    {
        phases = [
            {
                name = "build"
                steps = [
                    {
                        action = "S3Download"
                        inputs = [{
                            source = "s3://${var.code_bucket}/${var.code_file}"
                            destination = "/tmp/${var.code_file}"
                        }]
                        maxAttempts = 3
                        name      = "Copy_Code"
                        onFailure = "Abort"
                    },
                    {
                        action = "ExecuteBash"
                        inputs = {
                            commands = [
                                "cd /opt",
                                "sudo mkdir -p /opt/app",
                                "sudo tar -xvf /tmp/${var.code_file} -C /opt/app"
                                ]
                        }
                        name      = "Install_App"
                        onFailure = "Abort"
                    },
                    {
                        action = "ExecuteBash"
                        inputs = {
                            commands = [
                                "cd /opt/app",
                                "chmod +x ./run.sh"
                                ]
                        }
                        name      = "Configure_App"
                        onFailure = "Continue"
                    }

                ]
            }
        ]
        schemaVersion = 1.0
    }
    )
    name     = "App-Deploy"
    platform = "Linux"
    version  = "1.0.0"
}

Enjoy!



Comments

Post a Comment

Popular posts from this blog

The QYT KT-7900D

-
Image
But is it any good? As you might have noticed, I am now a freshly licensed radio amateur .  As such I do need a transceiver or two in order to get on the air.  This is the story of one of my new radios. I have a limited discretionary budget to use for my new hobby, and I have to say from the outset that my lovely wife has been very supportive.  As such, I want to try and get the best value for our money.  One evening I stumbled upon this little item on Banggood for a little over $A150 including shipping.  Covering both 2m and 70cm bands with a claimed 20W output it seemed almost too good to be true.  I bought one. About ten days later a tiny package arrived for me.  At just 98mm x 43mm x 126mm the photos don't convey quite how small it actually is.  The entire case serves as a heatsink so it is heavier than it looks, but certainly not bulky. The standard power cable comes with a cigarette lighter plug.  As I intended to run it from home usin...
Read more

Recording weather with Arduino, Elasticsearch and Kibana

-
What do half a Bunnings weather station, an Arduino, a NodeMCU (or 3), Elasticsearch, a fishtank and swimming pool have to do with each other? Nothing unless you like to monitor and measure pretty much everything around the house.  I do, and ever since I learned to fly, I have had a fascination with the weather (I am told boaties suffer from a related affliction). I could just buy a weather station, but where's the fun in that when for the same amount of money (OK, maybe a little more) I can make my own and bore people senseless when I go on and on about it? Actually, there is a practical purpose to this as well.  I wanted to teach myself about Elastic and Kibana.  Now you can wade through dry tutorials, but nothing in my opinion beats working with real live data.  Especially if the data is of interest to you. The design What do you want to measure? This is actually pretty important (not to mention obvious), but before embarking too far; take a...
Read more

Exploring Solar Power - Let there be smoke!

-
Image
Last time I introduced my new solar power project.  By the end of that post we were monitoring the power flow from the solar panel to the battery in a simple test environment.  This time we're going to dive in and start trying to control the charge power. What's MPPT? Maximum Power Point Tracking (or Transfer , depending on whom you ask) is a condition where we can transfer the highest power from the solar panel into the battery.  The key here is power, rather than voltage or current on their own.  Remember that power is the product of voltage and current, so it is possible that you will find that perhaps higher current and lower voltage (or vice versa) is the most efficient. What makes this a little problematic is that the peak power point varies constantly depending on the battery state of charge and temperature, so it is not a set and forget operation. This is why the first thing we did was to build a power monitor.  Now we can determine at any point of time...
Read more