chore!: remove launch configuration (#384)

# Description The `aws_launch_configuration` is deprecated and replaced by `aws_launch_template`. This PR replaces the deprecated resources and combines the on-demand and spot settings into one launch template. Fixes #383 # Migrations required Depending on the AMI used, you have to set the `var.instance.root_device_name`. We use `/dev/xvda` as default, which should work for Linux instances.
Hapag-Lloyd · Jan 31, 2025 · 9af4751 · 9af4751
1 parent 29e7e8d
commit 9af4751
Show file tree

Hide file tree

Showing 9 changed files with 36 additions and 88 deletions.
diff --git a/.config/cspell.json b/.config/cspell.json
@@ -10,12 +10,14 @@
     "javadocs",
     "jsonencode",
     "oidc",
+    "rebalance",
     "Repology",
     "sonatype",
     "tflint",
     "tfsec"
   ],
   "ignoreWords": [
+    "AWSX",
     "Buildx",
     "DOCKERHUB",
     "amannn",
@@ -53,6 +55,7 @@
     "signoff",
     "temurin",
     "tfstate",
-    "vuln"
+    "vuln",
+    "xvda"
   ]
 }
diff --git a/autoscaling.tf b/autoscaling.tf
@@ -1,41 +1,4 @@
-resource "aws_autoscaling_group" "on_demand" {
-  count = var.instance.enable_spot ? 0 : 1
-
-  name_prefix = "${var.resource_names["prefix"]}${var.resource_names["separator"]}"
-
-  vpc_zone_identifier = var.subnet_ids
-
-  min_size         = 1
-  desired_capacity = var.instance.desired_capacity
-  max_size         = var.instance.desired_capacity
-  force_delete     = false
-
-  health_check_type         = "EC2"
-  health_check_grace_period = 120
-
-  termination_policies = ["OldestInstance"]
-  launch_configuration = aws_launch_configuration.this.id
-
-  dynamic "tag" {
-    for_each = local.bastion_runtime_tags
-
-    content {
-      key                 = tag.key
-      value               = tag.value
-      propagate_at_launch = true
-    }
-  }
-
-  lifecycle {
-    create_before_destroy = true
-  }
-
-  depends_on = [aws_launch_configuration.this]
-}
-
-resource "aws_autoscaling_group" "on_spot" {
-  count = var.instance.enable_spot ? 1 : 0
-
+resource "aws_autoscaling_group" "this" {
   name = var.resource_names["prefix"]
 
   vpc_zone_identifier = var.subnet_ids
@@ -54,14 +17,14 @@ resource "aws_autoscaling_group" "on_spot" {
 
   mixed_instances_policy {
     instances_distribution {
-      on_demand_percentage_above_base_capacity = var.instances_distribution.on_demand_percentage_above_base_capacity
-      on_demand_base_capacity                  = var.instances_distribution.on_demand_base_capacity
-      spot_allocation_strategy                 = var.instances_distribution.spot_allocation_strategy
+      on_demand_percentage_above_base_capacity = var.instance.enable_spot ? var.instances_distribution.on_demand_percentage_above_base_capacity : 100
+      on_demand_base_capacity                  = var.instance.enable_spot ? var.instances_distribution.on_demand_base_capacity : var.instance.desired_capacity
+      spot_allocation_strategy                 = var.instance.enable_spot ? var.instances_distribution.spot_allocation_strategy : "lowest-price"
     }
 
     launch_template {
       launch_template_specification {
-        launch_template_id = aws_launch_template.manual_start.id
+        launch_template_id = aws_launch_template.this.id
         version            = "$Latest"
       }
     }
@@ -92,7 +55,7 @@ resource "aws_autoscaling_schedule" "up" {
   min_size               = 1
   max_size               = var.instance.desired_capacity
   desired_capacity       = var.instance.desired_capacity
-  autoscaling_group_name = local.auto_scaling_group.name
+  autoscaling_group_name = aws_autoscaling_group.this.name
 }
 
 resource "aws_autoscaling_schedule" "down" {
@@ -105,5 +68,5 @@ resource "aws_autoscaling_schedule" "down" {
   min_size               = 0
   max_size               = 0
   desired_capacity       = 0
-  autoscaling_group_name = local.auto_scaling_group.name
+  autoscaling_group_name = aws_autoscaling_group.this.name
 }
diff --git a/examples/cost/main.tf b/examples/cost/main.tf
@@ -45,6 +45,7 @@ module "bastion_host" {
   instance = {
     type              = "t3.nano"
     desired_capacity  = 2
+    root_device_name  = "/dev/xvda"
     root_volume_size  = 8
     enable_monitoring = false
     enable_spot       = true

diff --git a/examples/full/main.tf b/examples/full/main.tf
@@ -49,6 +49,7 @@ module "bastion_host" {
   instance = {
     type              = "t3.nano"
     desired_capacity  = 2
+    root_device_name  = "/dev/xvda"
     root_volume_size  = 8
     enable_monitoring = false
     enable_spot       = false

diff --git a/locals.tf b/locals.tf
@@ -23,8 +23,6 @@ locals {
   panic_button_switch_on_lambda_source           = "${path.module}/lambda/${local.panic_button_switch_on_lambda_source_file_name}"
   panic_button_switch_on_lambda_name             = "${var.resource_names.prefix}${var.resource_names.separator}panic-button-on"
 
-  auto_scaling_group = var.instance.enable_spot ? aws_autoscaling_group.on_spot[0] : aws_autoscaling_group.on_demand[0]
-
   # amiFilter=[{"Name":"owner-id","Values":["137112412989"]},{"Name":"name","Values":["amzn2-ami-hvm-*-x86_64-ebs"]}]
   # currentImageName=unknown
   default_ami_id = "ami-0dffacdad8c0f8540"

diff --git a/main.tf b/main.tf
@@ -67,38 +67,7 @@ module "instance_profile_role" {
   tags = var.tags
 }
 
-resource "aws_launch_configuration" "this" {
-  name_prefix = var.resource_names["prefix"]
-
-  image_id      = aws_ami_copy.latest_amazon_linux.id
-  instance_type = var.instance.type
-
-  iam_instance_profile = local.bastion_instance_profile_name
-  security_groups      = [var.security_group_id]
-
-  root_block_device {
-    volume_size = var.instance.root_volume_size
-    volume_type = "gp3"
-
-    encrypted             = true
-    delete_on_termination = true
-  }
-
-  # use IMDSv2 to avoid warnings in Security Hub
-  metadata_options {
-    http_endpoint               = "enabled"
-    http_tokens                 = "required"
-    http_put_response_hop_limit = 1
-  }
-
-  enable_monitoring = var.instance.enable_monitoring
-
-  lifecycle {
-    create_before_destroy = true
-  }
-}
-
-resource "aws_launch_template" "manual_start" {
+resource "aws_launch_template" "this" {
   name        = var.resource_names.prefix
   description = "Launches a bastion host"
 
@@ -114,8 +83,7 @@ resource "aws_launch_template" "manual_start" {
   }
 
   monitoring {
-    # no monitoring for manual instances
-    enabled = false
+    enabled = var.instance.enable_monitoring
   }
 
   # use IMDSv2 to avoid warnings in Security Hub
@@ -125,6 +93,18 @@ resource "aws_launch_template" "manual_start" {
     http_put_response_hop_limit = 1
   }
 
+  block_device_mappings {
+    device_name = var.instance.root_device_name
+
+    ebs {
+      volume_size = var.instance.root_volume_size
+      volume_type = "gp3"
+      iops        = 3000
+      encrypted   = true
+      kms_key_id  = var.kms_key_arn
+    }
+  }
+
   tag_specifications {
     resource_type = "instance"
 

diff --git a/panic-button-off.tf b/panic-button-off.tf
@@ -50,7 +50,7 @@ data "aws_iam_policy_document" "panic_button_off" {
   statement {
     sid       = "UpdateASG"
     actions   = ["autoscaling:UpdateAutoScalingGroup"]
-    resources = [local.auto_scaling_group.arn]
+    resources = [aws_autoscaling_group.this.arn]
     effect    = "Allow"
   }
 }
@@ -99,7 +99,7 @@ resource "aws_lambda_function" "panic_button_off" {
 
   environment {
     variables = {
-      AUTO_SCALING_GROUP_NAME = local.auto_scaling_group.name
+      AUTO_SCALING_GROUP_NAME = aws_autoscaling_group.this.name
       BASTION_HOST_NAME       = local.bastion_host_name
 
       LOG_LEVEL = "info"

diff --git a/panic-button-on.tf b/panic-button-on.tf
@@ -25,7 +25,7 @@ data "aws_iam_policy_document" "panic_button_on" {
   statement {
     sid       = "UpdateASG"
     actions   = ["autoscaling:UpdateAutoScalingGroup", "autoscaling:BatchDeleteScheduledAction"]
-    resources = [local.auto_scaling_group.arn]
+    resources = [aws_autoscaling_group.this.arn]
     effect    = "Allow"
   }
 
@@ -81,10 +81,10 @@ resource "aws_lambda_function" "panic_button_on" {
 
   environment {
     variables = {
-      AUTO_SCALING_GROUP_NAME             = local.auto_scaling_group.name
-      AUTO_SCALING_GROUP_MIN_SIZE         = local.auto_scaling_group.min_size
-      AUTO_SCALING_GROUP_MAX_SIZE         = local.auto_scaling_group.max_size
-      AUTO_SCALING_GROUP_DESIRED_CAPACITY = local.auto_scaling_group.desired_capacity
+      AUTO_SCALING_GROUP_NAME             = aws_autoscaling_group.this.name
+      AUTO_SCALING_GROUP_MIN_SIZE         = aws_autoscaling_group.this.min_size
+      AUTO_SCALING_GROUP_MAX_SIZE         = aws_autoscaling_group.this.max_size
+      AUTO_SCALING_GROUP_DESIRED_CAPACITY = aws_autoscaling_group.this.desired_capacity
 
       LOG_LEVEL = "info"
     }

diff --git a/variables.tf b/variables.tf
@@ -58,6 +58,7 @@ variable "instance" {
   type = object({
     type              = string # EC2 instance type
     desired_capacity  = number # number of EC2 instances to run
+    root_device_name  = string
     root_volume_size  = number # in GB
     enable_monitoring = bool
     enable_spot       = bool
@@ -69,6 +70,7 @@ variable "instance" {
   default = {
     type              = "t3.nano"
     desired_capacity  = 1
+    root_device_name  = "/dev/xvda"
     root_volume_size  = 8
     enable_monitoring = false
     enable_spot       = false