From 58c4b27da8e055b47802e5a74e6dae833a275f4d Mon Sep 17 00:00:00 2001
From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com>
Date: Thu, 5 Oct 2023 13:15:09 -0400
Subject: [PATCH] Add an Ansible provisioner for the bod bastion

This ensures that all instance types are being deployed in a consistent
manner. Although nothing should really be done to the bod bastion with
our current Ansible playbook for the post-deployment provisioner; this
will ensure any future changes for all hosts apply.
---
 terraform/README.md                             |  1 +
 terraform/bod_bastion_ec2.tf                    | 16 ++++++++++++++++
 terraform/scripts/deploy_new_bod_bastion_ami.sh |  3 ++-
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/terraform/README.md b/terraform/README.md
index 3816d016..2537b7ce 100644
--- a/terraform/README.md
+++ b/terraform/README.md
@@ -163,6 +163,7 @@ terraform apply -var-file=<your_workspace>.tfvars
 
 | Name | Source | Version |
 |------|--------|---------|
+| bod\_bastion\_ansible\_provisioner | github.com/cloudposse/terraform-null-ansible | n/a |
 | bod\_docker\_ansible\_provisioner | github.com/cloudposse/terraform-null-ansible | n/a |
 | cyhy\_bastion\_ansible\_provisioner | github.com/cloudposse/terraform-null-ansible | n/a |
 | cyhy\_dashboard\_ansible\_provisioner | github.com/cloudposse/terraform-null-ansible | n/a |
diff --git a/terraform/bod_bastion_ec2.tf b/terraform/bod_bastion_ec2.tf
index 4677ead3..effb9bdc 100644
--- a/terraform/bod_bastion_ec2.tf
+++ b/terraform/bod_bastion_ec2.tf
@@ -44,3 +44,19 @@ resource "aws_instance" "bod_bastion" {
     },
   )
 }
+
+# Provision the bastion EC2 instance via Ansible
+module "bod_bastion_ansible_provisioner" {
+  source = "github.com/cloudposse/terraform-null-ansible"
+
+  arguments = [
+    "--user=${var.remote_ssh_user}",
+    "--ssh-common-args='-o StrictHostKeyChecking=no'",
+  ]
+  envs = [
+    "host=${aws_instance.bod_bastion.public_ip}",
+    "host_groups=bod_bastion",
+  ]
+  playbook = "../ansible/playbook.yml"
+  dry_run  = false
+}
diff --git a/terraform/scripts/deploy_new_bod_bastion_ami.sh b/terraform/scripts/deploy_new_bod_bastion_ami.sh
index 840cf53b..218b5ef5 100755
--- a/terraform/scripts/deploy_new_bod_bastion_ami.sh
+++ b/terraform/scripts/deploy_new_bod_bastion_ami.sh
@@ -44,4 +44,5 @@ terraform apply -var-file="$workspace.tfvars" \
   -target=aws_route53_record.bod_rev_bastion_PTR \
   -target=aws_security_group_rule.bastion_self_ssh \
   -target=aws_security_group_rule.bastion_ssh_from_trusted \
-  -target=aws_security_group_rule.bastion_ssh_to_docker
+  -target=aws_security_group_rule.bastion_ssh_to_docker \
+  -target=module.bod_bastion_ansible_provisioner