Merge pull request #149 from wellcomecollection/rk/update-amis

Allow the base AMI for the container host to vary, and specify by data block

terraform/critical_staging/main.tf

@@ -9,8 +9,7 @@ module "critical" {
   }
 
   network_private_subnets = data.terraform_remote_state.workflow.outputs.private_subnets
-
-  vpc_id = data.terraform_remote_state.workflow.outputs.vpc_id
+  vpc_id                  = data.terraform_remote_state.workflow.outputs.vpc_id
 
   rds_username = local.rds_username
   rds_password = local.rds_password

terraform/modules/stack/cluster.tf

@@ -22,4 +22,7 @@ module "cluster" {
   #
   # See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#AvailableIpPerENI
   instance_type = "c5.4xlarge"
+
+  container_host_ami = var.container_host_ami
+  bastion_host_ami   = var.bastion_host_ami
 }

terraform/modules/stack/cluster/bastion_host/main.tf

@@ -15,7 +15,7 @@ resource "aws_launch_configuration" "launch_config" {
   security_groups = module.security_groups.instance_security_groups
 
   key_name                    = var.key_name
-  image_id                    = var.image_id
+  image_id                    = var.bastion_host_ami
   instance_type               = var.instance_type
   iam_instance_profile        = module.instance_profile.name
   user_data                   = var.user_data

terraform/modules/stack/cluster/bastion_host/variables.tf

@@ -30,11 +30,9 @@ variable "instance_type" {
   description = "AWS instance type"
 }
 
-variable "image_id" {
-  description = "ID of the AMI to use on the instances"
-
-  # Amazon Linux AMI
-  default = "ami-9cbe9be5"
+variable "bastion_host_ami" {
+  description = "The AMI to use for the bastion host"
+  type        = string
 }
 
 variable "user_data" {

terraform/modules/stack/cluster/container_host/main.tf

@@ -5,7 +5,7 @@ resource "aws_volume_attachment" "ebs" {
 }
 
 resource "aws_instance" "container_host" {
-  ami = "ami-0851c53aff84212c3"
+  ami = var.container_host_ami
 
   instance_type = var.instance_type
 

terraform/modules/stack/cluster/container_host/variables.tf

@@ -23,3 +23,8 @@ variable "ssh_ingress_security_groups" {
 }
 
 variable "region" {}
+
+variable "container_host_ami" {
+  description = "The AMI to use for the container host"
+  type        = string
+}

terraform/modules/stack/cluster/ec2.tf

@@ -13,7 +13,8 @@ module "container_host" {
 
   instance_type = var.instance_type
 
-  ebs_volume_id = var.ebs_volume_id
+  ebs_volume_id      = var.ebs_volume_id
+  container_host_ami = var.container_host_ami
 }
 
 module "bastion_host" {
@@ -25,6 +26,8 @@ module "bastion_host" {
 
   controlled_access_cidr_ingress = var.controlled_access_cidr_ingress
 
-  key_name    = var.key_name
-  subnet_list = var.public_subnets
+  key_name         = var.key_name
+  subnet_list      = var.public_subnets
+  bastion_host_ami = var.bastion_host_ami
+
 }

terraform/modules/stack/cluster/variables.tf

@@ -17,3 +17,13 @@ variable "private_subnets" {
 }
 
 variable "cluster_name" {}
+
+variable "container_host_ami" {
+  description = "The AMI to use for the container host"
+  type        = string
+}
+
+variable "bastion_host_ami" {
+  description = "The AMI to use for the bastion host"
+  type        = string
+}

terraform/modules/stack/variables.tf

@@ -74,3 +74,13 @@ variable "turn_off_outside_office_hours" {
   default = true
   type    = bool
 }
+
+variable "container_host_ami" {
+  description = "The AMI to use for the container host"
+  type        = string
+}
+
+variable "bastion_host_ami" {
+  description = "The AMI to use for the bastion host"
+  type        = string
+}

terraform/stack_prod/main.tf

@@ -1,3 +1,21 @@
+data "aws_ami" "container_host_ami" {
+  most_recent = true
+  owners      = ["self"]
+  filter {
+    name   = "name"
+    values = ["weco-amzn2-ecs-optimised-hvm-x86_64*"]
+  }
+}
+
+data "aws_ami" "bastion_host_ami" {
+  most_recent = true
+  owners      = ["self"]
+  filter {
+    name   = "name"
+    values = ["weco-amzn2-hvm-x86_64*"]
+  }
+}
+
 module "stack" {
   source = "../modules/stack"
 
@@ -46,6 +64,9 @@ module "stack" {
   service_egress_security_group_id = data.terraform_remote_state.workflow.outputs.service_egress_security_group_id
   service_lb_security_group_id     = data.terraform_remote_state.workflow.outputs.service_lb_security_group_id
 
+  container_host_ami = data.aws_ami.container_host_ami.image_id
+  bastion_host_ami   = data.aws_ami.bastion_host_ami.image_id
+
   admin_cidr_ingress = local.admin_cidr_ingress
 
   lambda_error_alarm_arn = local.lambda_error_alarm_arn

terraform/stack_staging/main.tf

@@ -1,3 +1,22 @@
+data "aws_ami" "container_host_ami" {
+  most_recent = true
+  owners      = ["self"]
+  filter {
+    name   = "name"
+    values = ["weco-amzn2-ecs-optimised-hvm-x86_64*"]
+  }
+}
+
+data "aws_ami" "bastion_host_ami" {
+  most_recent = true
+  owners      = ["self"]
+  filter {
+    name   = "name"
+    values = ["weco-amzn2-hvm-x86_64*"]
+  }
+}
+
+
 module "stack" {
   source = "../modules/stack"
 
@@ -51,6 +70,9 @@ module "stack" {
   service_egress_security_group_id = data.terraform_remote_state.workflow.outputs.service_egress_security_group_id
   service_lb_security_group_id     = data.terraform_remote_state.workflow.outputs.service_lb_security_group_id
 
+  container_host_ami = data.aws_ami.container_host_ami.image_id
+  bastion_host_ami   = data.aws_ami.bastion_host_ami.image_id
+
   admin_cidr_ingress = local.admin_cidr_ingress
 
   lambda_error_alarm_arn = local.lambda_error_alarm_arn