Preparing fopr 1.0.0 Release

Cleanup and resource and tag naming

Author: RussellGilmore

README.md

@@ -7,14 +7,16 @@ A EC2 module module designed to be practical for casual use.
 ## Features
 
 1. Gives to ability for create a EC2 Instance
-2. Optionally Create all network infrastructure needed for public access
-3. Pass custom user data into instance creation
-4. SSM and S3 Access Permissions for access and ease of use
-5. Creates Key for SSH Access
-6. Dynamically Create Ingress Security Rules
-7. Provision a Public DNS record for the Red Instance
+2. EC2 is already setup for SSM Agent to be installed
+3. Creates Key for SSH Access
+4. Dynamically Create Ingress Security Rules
+5. Optionally create all network infrastructure needed for public access
+6. Optionally create public DNS record for the Red Instance
+7. Optionally pass user data into instance creation
+8. Optionally enabled S3 Bucket IAM Role Access
 
-Contains a useful scripts for setting up AWS CLI for both SUSE and Ubuntu Linux.
+> Contains a useful script for setting up AWS CLI and updating OS packages for
+> both SUSE and Ubuntu Linux.
 
 ```bash
 #!/bin/bash
@@ -86,17 +88,17 @@ No modules.
 | [aws_iam_instance_profile.red_instance_profile](https://registry.terraform.io/providers/hashicorp/aws/5.57.0/docs/resources/iam_instance_profile) | resource |
 | [aws_iam_role.red_role](https://registry.terraform.io/providers/hashicorp/aws/5.57.0/docs/resources/iam_role) | resource |
 | [aws_iam_role_policy.s3_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/5.57.0/docs/resources/iam_role_policy) | resource |
-| [aws_iam_role_policy_attachment.ssm_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/5.57.0/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_iam_role_policy_attachment.red_ssm_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/5.57.0/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_instance.red-instance](https://registry.terraform.io/providers/hashicorp/aws/5.57.0/docs/resources/instance) | resource |
-| [aws_internet_gateway.main](https://registry.terraform.io/providers/hashicorp/aws/5.57.0/docs/resources/internet_gateway) | resource |
+| [aws_internet_gateway.igw](https://registry.terraform.io/providers/hashicorp/aws/5.57.0/docs/resources/internet_gateway) | resource |
 | [aws_key_pair.red_key](https://registry.terraform.io/providers/hashicorp/aws/5.57.0/docs/resources/key_pair) | resource |
 | [aws_route53_record.red_instance_dns](https://registry.terraform.io/providers/hashicorp/aws/5.57.0/docs/resources/route53_record) | resource |
 | [aws_route_table.public](https://registry.terraform.io/providers/hashicorp/aws/5.57.0/docs/resources/route_table) | resource |
 | [aws_route_table_association.public](https://registry.terraform.io/providers/hashicorp/aws/5.57.0/docs/resources/route_table_association) | resource |
 | [aws_security_group.allow_ssh](https://registry.terraform.io/providers/hashicorp/aws/5.57.0/docs/resources/security_group) | resource |
 | [aws_subnet.public](https://registry.terraform.io/providers/hashicorp/aws/5.57.0/docs/resources/subnet) | resource |
 | [aws_vpc.main](https://registry.terraform.io/providers/hashicorp/aws/5.57.0/docs/resources/vpc) | resource |
-| [local_file.private_key_pem](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
+| [local_file.red_private_key_file](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
 | [tls_private_key.red_private_key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
 | [aws_ami.red_ami](https://registry.terraform.io/providers/hashicorp/aws/5.57.0/docs/data-sources/ami) | data source |
 | [aws_route53_zone.zone](https://registry.terraform.io/providers/hashicorp/aws/5.57.0/docs/data-sources/route53_zone) | data source |

dev/enabled/script.sh

@@ -2,13 +2,13 @@
 
 # The role has a trust policy that allows EC2 instances to assume the role.
 resource "aws_iam_instance_profile" "red_instance_profile" {
-  name = "${var.project_name}-instance-profile"
+  name = "${lower(var.project_name)}-red-instance-profile"
   role = aws_iam_role.red_role.name
 }
 
 # Create the IAM role for the Red Instance
 resource "aws_iam_role" "red_role" {
-  name               = "${var.project_name}-role"
+  name               = "${lower(var.project_name)}-role"
   assume_role_policy = <<EOF
 {
   "Version": "2012-10-17",
@@ -26,14 +26,14 @@ EOF
 }
 
 # Attach the AmazonSSMManagedInstanceCore policy to the role. All Red Instances will have SSM access.
-resource "aws_iam_role_policy_attachment" "ssm_policy_attachment" {
+resource "aws_iam_role_policy_attachment" "red_ssm_policy_attachment" {
   role       = aws_iam_role.red_role.name
   policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
 }
 
 # Role policy for S3 bucket access
 resource "aws_iam_role_policy" "s3_bucket_policy" {
-  name = "${var.project_name}-s3-bucket-policy"
+  name = "${lower(var.project_name)}-s3-bucket-policy"
   role = aws_iam_role.red_role.name
 
   count = var.enable_s3_bucket_policy ? 1 : 0
@@ -47,10 +47,8 @@ resource "aws_iam_role_policy" "s3_bucket_policy" {
       "Action": [
         "s3:GetObject",
         "s3:PutObject",
-        "s3:ListBucket",
         "s3:DeleteObject",
-        "s3:ListBucket",
-        "s3:GetBucketLocation"
+        "s3:ListBucket"
       ],
       "Resource": [
         "arn:aws:s3:::${var.s3_bucket_name}",

red-instance/ec2_iam.tf

@@ -1,11 +1,13 @@
+# Creates a key pair for the EC2 instance and saves the private key to a file
+
 # Create a key pair for the EC2 instance
 resource "aws_key_pair" "red_key" {
-  key_name   = "${var.project_name}-red-instance-key"
+  key_name   = "${lower(var.project_name)}-red-instance-key"
   public_key = tls_private_key.red_private_key.public_key_openssh
 
   tags = merge(
     {
-      Name = "${var.project_name}-red-instance-key"
+      Name = "${lower(var.project_name)}-red-instance-key"
     },
     var.additional_tags,
   )
@@ -18,8 +20,8 @@ resource "tls_private_key" "red_private_key" {
 }
 
 # Save the private key to a file
-resource "local_file" "private_key_pem" {
-  filename        = "${var.project_name}-ec2-key.pem"
+resource "local_file" "red_private_key_file" {
+  filename        = "${lower(var.project_name)}-ec2-key.pem"
   content         = tls_private_key.red_private_key.private_key_pem
   file_permission = "0400"
 }

red-instance/ec2_key.tf

@@ -1,3 +1,5 @@
+# Contains the main resource block for creating the Red Instance
+
 # Provider configuration with default tags
 provider "aws" {
   region = var.region
@@ -25,13 +27,13 @@ data "aws_ami" "red_ami" {
     values = ["hvm"]
   }
 
-  owners = [var.ami_owner] # Canonical
+  owners = [var.ami_owner]
 }
 
 # Dynamic block for creating ingress rules
 resource "aws_security_group" "allow_ssh" {
   vpc_id = var.create_vpc ? aws_vpc.main[0].id : var.vpc_id
-  name   = "${var.project_name}-ingress-sg"
+  name   = "${lower(var.project_name)}-ingress-sg"
 
   # Dynamic ingress rules
   dynamic "ingress" {
@@ -43,7 +45,7 @@ resource "aws_security_group" "allow_ssh" {
       cidr_blocks = ingress.value.cidr_blocks
     }
   }
-
+  # Allows all egress traffic
   egress {
     from_port   = 0
     to_port     = 0
@@ -53,7 +55,7 @@ resource "aws_security_group" "allow_ssh" {
 
   tags = merge(
     {
-      Name = "${var.project_name}-Red-Instance"
+      Name = "${lower(var.project_name)}-red-instance"
     },
     var.additional_tags,
   )
@@ -87,7 +89,7 @@ resource "aws_instance" "red-instance" {
 
   tags = merge(
     {
-      Name = "${var.project_name}-Red-Instance"
+      Name = "${lower(var.project_name)}-red-instance"
     },
     var.additional_tags,
   )

red-instance/main.tf

@@ -1,13 +1,3 @@
-output "vpc_id" {
-  value       = var.create_vpc ? aws_vpc.main[0].id : "VPC was inherited from another module or resource"
-  description = "The ID of the created VPC"
-}
-
-output "subnet_id" {
-  value       = var.create_vpc ? aws_subnet.public[0].id : "Subnet was inherited from another module or resource"
-  description = "The ID of the created subnet"
-}
-
 output "key_name" {
   value       = aws_key_pair.red_key.key_name
   description = "The name of the key pair"
@@ -19,10 +9,20 @@ output "key_fingerprint" {
 }
 
 output "private_key_path" {
-  value       = local_file.private_key_pem.filename
+  value       = local_file.red_private_key_file.filename
   description = "The path to the private key file"
 }
 
+output "vpc_id" {
+  value       = var.create_vpc ? aws_vpc.main[0].id : "VPC was inherited from another module or resource"
+  description = "The ID of the created VPC"
+}
+
+output "subnet_id" {
+  value       = var.create_vpc ? aws_subnet.public[0].id : "Subnet was inherited from another module or resource"
+  description = "The ID of the created subnet"
+}
+
 output "public_ip" {
   value       = var.allocate_eip ? aws_eip.red_instance_eip[0].public_ip : "Public IP not allocated"
   description = "The public IP address of the instance"

red-instance/outputs.tf

@@ -13,7 +13,7 @@ resource "aws_eip" "red_instance_eip" {
 
   tags = merge(
     {
-      Name = "${var.project_name}-red-instance-eip"
+      Name = "${lower(var.project_name)}-red-instance-eip"
     },
     var.additional_tags,
   )

red-instance/public_dns.tf

@@ -7,9 +7,12 @@ resource "aws_vpc" "main" {
   enable_dns_support   = true
   enable_dns_hostnames = true
 
-  tags = {
-    Name = "main-vpc"
-  }
+  tags = merge(
+    {
+      Name = "${lower(var.project_name)}-red-instance-vpc"
+    },
+    var.additional_tags,
+  )
 }
 
 # Create a public subnet
@@ -19,19 +22,25 @@ resource "aws_subnet" "public" {
   cidr_block              = "10.0.1.0/24"
   map_public_ip_on_launch = true
 
-  tags = {
-    Name = "public-subnet"
-  }
+  tags = merge(
+    {
+      Name = "${lower(var.project_name)}-red-instance-public-subnet"
+    },
+    var.additional_tags,
+  )
 }
 
 # Create an internet gateway
-resource "aws_internet_gateway" "main" {
+resource "aws_internet_gateway" "igw" {
   count  = var.create_vpc ? 1 : 0
   vpc_id = aws_vpc.main[0].id
 
-  tags = {
-    Name = "main-igw"
-  }
+  tags = merge(
+    {
+      Name = "${lower(var.project_name)}-red-instance-igw"
+    },
+    var.additional_tags,
+  )
 }
 
 # Create a route table and associate it with the public subnet
@@ -41,12 +50,15 @@ resource "aws_route_table" "public" {
 
   route {
     cidr_block = "0.0.0.0/0"
-    gateway_id = aws_internet_gateway.main[0].id
+    gateway_id = aws_internet_gateway.igw[0].id
   }
 
-  tags = {
-    Name = "public-route-table"
-  }
+  tags = merge(
+    {
+      Name = "${lower(var.project_name)}-red-instance-public-route-table"
+    },
+    var.additional_tags,
+  )
 }
 
 # Associate the route table with the public subnet

red-instance/public_vpc.tf

@@ -1,3 +1,4 @@
+####################################################################################################
 # Required Variables
 variable "project_name" {
   description = "Set the project name."
@@ -9,7 +10,8 @@ variable "region" {
   type        = string
 }
 
-# Optional EC2 Variables
+####################################################################################################
+# Optional Red Instance Variables
 variable "additional_tags" {
   description = "Additional tags to apply to the resources"
   type        = map(string)
@@ -82,7 +84,8 @@ variable "user_data_script_path" {
   default     = ""
 }
 
-# Optional Variables for Infrastructure
+####################################################################################################
+# Optional Variables for Red Instance Features
 variable "create_vpc" {
   description = "Controls whether networking resources should be created for public exposed server"
   type        = bool

red-instance/variables.tf

@@ -1,3 +1,5 @@
+# Define the required Terraform version and provider version
+
 terraform {
   required_version = "1.9.0"
   required_providers {