Merge pull request #9 from byu-oit/latest-ami

Ensure bastion is always using the latest ami
byu-oit · Apr 21, 2020 · b6601bd · b6601bd
2 parents d8600c5 + 9ce83b4
commit b6601bd
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -3,6 +3,10 @@
 # terraform-aws-bastion
 Create a temporary bastion in an AWS Account
 
+**Note** 
+
+> This module automatically looks up the latest AMI each time `terraform apply` is run. This could result in your bastion EC2 instance being replaced. This shouldn't be a problem. The bastion is intended to be short lived. If this is an issue for you, you probably aren't using the bastion the way it is intended to be used.
+
 ## Usage
 
 ### Command Line Example
@@ -37,7 +41,7 @@ provider "aws" {
 }
 
 module "bastion" {
-  source            = "github.com/byu-oit/terraform-aws-bastion.git?ref=v1.2.0"
+  source            = "github.com/byu-oit/terraform-aws-bastion.git?ref=v1.2.1"
   env               = "prd"
   vpc_vpn_to_campus = true
   netid             = "mynetid"

diff --git a/examples/module/example.tf b/examples/module/example.tf
@@ -4,16 +4,16 @@ provider "aws" {
 }
 
 module "bastion" {
-  source            = "github.com/byu-oit/terraform-aws-bastion.git?ref=v1.2.0"
   #source            = "../../"
+  source            = "github.com/byu-oit/terraform-aws-bastion.git?ref=v1.2.1"
   env               = "dev"
   vpc_vpn_to_campus = false
   netid             = "jgubler"
   public_key        = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwWVPlHpRiXGBmB/VG6PUeJ/Ev+Y39n5PBI4DW3ZMDT1g32nEUjzKtxK6KwVzYFQBhReMO2ry4uSTiNIzuOtHk/OCfcdPc8wbW3RlHBgbqs6p7DfYRJAXJCnWEjovijaVY0lyL4+7/YuprZwBaA2NfUIRN8UwVxZck3ULMnCK6BKog0UAE9NQZ9Z0vAtgLYPo9eVJEuGrxEszN29X+4Fl6u3T8x0XQ9EoMWU4YNwKfzBIof3th9Cbv4+FlEKpOFYuCc5vB2NPotalN8phEUqnvtsDkmCLAop6+MrUlnNNYIzmh2RLeqDF+M/ZnX8xb+V/mT9vARVcdcYCxKYeyXLvT example"
-	#ingress_cidrs     = ["128.187.112.21/32"] # optional (defaults to BYU Campus)
-	#subnet_type       = "private" # optional (defaults to public) (if anything other than "public", you'll need to use another bastion, vpn, etc. to ssh in.)
+  #ingress_cidrs     = ["128.187.112.21/32"] # optional (defaults to BYU Campus)
+  #subnet_type       = "private" # optional (defaults to public) (if anything other than "public", you'll need to use another bastion, vpn, etc. to ssh in.)
 }
 
 output "connect" {
-	value = module.bastion.connect
+  value = module.bastion.connect
 }
diff --git a/main.tf b/main.tf
@@ -19,20 +19,24 @@ locals {
   }
 }
 
+data "aws_ssm_parameter" "ami" {
+  name = "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2"
+}
+
 resource "aws_instance" "bastion" {
-  ami                    = "ami-0c5204531f799e0c6"
+  ami                    = data.aws_ssm_parameter.ami.value
   instance_type          = "t2.micro"
   key_name               = aws_key_pair.key.key_name
   subnet_id              = module.acs["${var.subnet_type}_subnet_ids"][0]
   vpc_security_group_ids = [aws_security_group.sg.id]
-  tags = local.tags
+  tags                   = local.tags
 }
 
 resource "aws_security_group" "sg" {
   name        = "${var.netid}-bastion"
   description = "${var.netid}-bastion"
   vpc_id      = module.acs.vpc.id
-  tags = local.tags
+  tags        = local.tags
 
   ingress {
     from_port   = 22