From a6ed77d95e4f0be38e9e0fcbc5dd11e74fc9abed Mon Sep 17 00:00:00 2001
From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com>
Date: Thu, 5 Oct 2023 13:15:09 -0400
Subject: [PATCH] Add an Ansible provisioner for the bod bastion

This ensures that all instance types are being deployed in a consistent
manner. Although nothing should really be done to the bod bastion with
our current Ansible playbook for the post-deployment provisioner; this
will ensure any future changes for all hosts apply.
---
 terraform/README.md          |  1 +
 terraform/bod_bastion_ec2.tf | 16 ++++++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/terraform/README.md b/terraform/README.md
index 3816d016..2537b7ce 100644
--- a/terraform/README.md
+++ b/terraform/README.md
@@ -163,6 +163,7 @@ terraform apply -var-file=<your_workspace>.tfvars
 
 | Name | Source | Version |
 |------|--------|---------|
+| bod\_bastion\_ansible\_provisioner | github.com/cloudposse/terraform-null-ansible | n/a |
 | bod\_docker\_ansible\_provisioner | github.com/cloudposse/terraform-null-ansible | n/a |
 | cyhy\_bastion\_ansible\_provisioner | github.com/cloudposse/terraform-null-ansible | n/a |
 | cyhy\_dashboard\_ansible\_provisioner | github.com/cloudposse/terraform-null-ansible | n/a |
diff --git a/terraform/bod_bastion_ec2.tf b/terraform/bod_bastion_ec2.tf
index 4677ead3..effb9bdc 100644
--- a/terraform/bod_bastion_ec2.tf
+++ b/terraform/bod_bastion_ec2.tf
@@ -44,3 +44,19 @@ resource "aws_instance" "bod_bastion" {
     },
   )
 }
+
+# Provision the bastion EC2 instance via Ansible
+module "bod_bastion_ansible_provisioner" {
+  source = "github.com/cloudposse/terraform-null-ansible"
+
+  arguments = [
+    "--user=${var.remote_ssh_user}",
+    "--ssh-common-args='-o StrictHostKeyChecking=no'",
+  ]
+  envs = [
+    "host=${aws_instance.bod_bastion.public_ip}",
+    "host_groups=bod_bastion",
+  ]
+  playbook = "../ansible/playbook.yml"
+  dry_run  = false
+}