5.5 KiB
terraform-aws-cli
Run the AWS CLI, with the ability to run under an assumed role, to access resources and properties missing from the Terraform AWS Provider.
Requirements
This module requires a couple of additional resources to operate successfully.
-
- Amazon Web Service Command Line Interface (awscli)
- This is available in several forms here.
-
- JSON processor (jq)
- This is available here.
Examples
1. Get the desired capacity of an autoscaling group.
If you are using a blue/green style deployment, you would want to create the same number of EC2 instances as you are replacing.
module "current_desired_capacity" {
source = "digitickets/cli/aws"
role_session_name = "GettingDesiredCapacityFor${var.environment}"
aws_cli_commands = ["autoscaling", "describe-auto-scaling-groups"]
aws_cli_query = "AutoScalingGroups[?Tags[?Key==`Name`]|[?Value==`digitickets-${var.environment}-asg-app`]]|[0].DesiredCapacity"
}
You can now set the desired capacity of an aws_autoscaling_group:
desired_capacity = module.current_desired_capacity.result
2. Assuming a role.
Extending the first example above, assuming a role is as simple as adding an assume_role_arn
to the module:
module "current_desired_capacity" {
source = "digitickets/cli/aws"
assume_role_arn = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/OrganizationAccountAccessRole"
role_session_name = "GettingDesiredCapacityFor${var.environment}"
aws_cli_commands = ["autoscaling", "describe-auto-scaling-groups"]
aws_cli_query = "AutoScalingGroups[?Tags[?Key==`Name`]|[?Value==`digitickets-${var.environment}-asg-app`]]|[0].DesiredCapacity"
}
Requirements
Name | Version |
---|---|
terraform | >= 0.15 |
external | ~> 2.0 |
local | ~> 2.0 |
Providers
Name | Version |
---|---|
external | 2.3.1 |
local | 2.4.0 |
Modules
No modules.
Resources
Name | Type |
---|---|
external_external.awscli_program | data source |
local_file.awscli_results_file | data source |
Inputs
Name | Description | Type | Default | Required |
---|---|---|---|---|
assume_role_arn | The ARN of the role being assumed (optional) | string |
"" |
no |
aws_cli_commands | The AWS CLI command and subcommands | list(string) |
n/a | yes |
aws_cli_query | The --query value | string |
"" |
no |
debug_log_filename | Generate a debug log if a debug_log_filename is supplied |
string |
"" |
no |
role_session_name | The role session name | string |
"" |
no |
Outputs
Name | Description |
---|---|
result | The output of the AWS CLI command |
Docker
To help with getting this running in a pipeline that uses Docker, the image digiticketsgroup/terraforming has Terraform, AWSCLI, and jq all ready to go.
If you want to build or adapt your own image, then the Dockerfile below is how that image has been built.
# Based upon https://github.com/aws/aws-cli/blob/2.0.10/docker/Dockerfile
FROM amazonlinux:2 as installer
ARG TERRAFORM_VERSION
RUN yum update -y \
&& yum install -y unzip \
&& curl https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o awscli-exe-linux-x86_64.zip \
&& unzip awscli-exe-linux-x86_64.zip \
# The --bin-dir is specified so that we can copy the
# entire bin directory from the installer stage into
# into /usr/local/bin of the final stage without
# accidentally copying over any other executables that
# may be present in /usr/local/bin of the installer stage.
&& ./aws/install --bin-dir /aws-cli-bin/ \
&& curl "https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip" -o terraform.zip \
&& unzip terraform.zip
FROM amazonlinux:2
COPY --from=installer /usr/local/aws-cli/ /usr/local/aws-cli/
COPY --from=installer /aws-cli-bin/ /usr/local/bin/
COPY --from=installer terraform /usr/bin/
RUN yum update -y \
&& yum install -y less groff jq \
&& yum clean all
ENTRYPOINT ["/bin/sh"]