Merge pull request #699 from cisagov/improvement/add_ansible_provisio…

…ner_for_bod_bastion

Add a post-deployment Ansible provisioner for the BOD bastion

terraform/README.md

@@ -163,6 +163,7 @@ terraform apply -var-file=<your_workspace>.tfvars
 
 | Name | Source | Version |
 |------|--------|---------|
+| bod\_bastion\_ansible\_provisioner | github.com/cloudposse/terraform-null-ansible | n/a |
 | bod\_docker\_ansible\_provisioner | github.com/cloudposse/terraform-null-ansible | n/a |
 | cyhy\_bastion\_ansible\_provisioner | github.com/cloudposse/terraform-null-ansible | n/a |
 | cyhy\_dashboard\_ansible\_provisioner | github.com/cloudposse/terraform-null-ansible | n/a |

terraform/bod_bastion_ec2.tf

@@ -44,3 +44,19 @@ resource "aws_instance" "bod_bastion" {
     },
   )
 }
+
+# Provision the bastion EC2 instance via Ansible
+module "bod_bastion_ansible_provisioner" {
+  source = "github.com/cloudposse/terraform-null-ansible"
+
+  arguments = [
+    "--user=${var.remote_ssh_user}",
+    "--ssh-common-args='-o StrictHostKeyChecking=no'",
+  ]
+  envs = [
+    "host=${aws_instance.bod_bastion.public_ip}",
+    "host_groups=bod_bastion",
+  ]
+  playbook = "../ansible/playbook.yml"
+  dry_run  = false
+}

terraform/scripts/deploy_new_bod_bastion_ami.sh

@@ -44,4 +44,5 @@ terraform apply -var-file="$workspace.tfvars" \
   -target=aws_route53_record.bod_rev_bastion_PTR \
   -target=aws_security_group_rule.bastion_self_ssh \
   -target=aws_security_group_rule.bastion_ssh_from_trusted \
-  -target=aws_security_group_rule.bastion_ssh_to_docker
+  -target=aws_security_group_rule.bastion_ssh_to_docker \
+  -target=module.bod_bastion_ansible_provisioner