--- /dev/null
+resource "aws_security_group" "management-elb" {
+ count = "${var.management_elb > 0 ? 1 : 0}"
+ vpc_id = "${var.vpc_id}"
+ name = "${var.management_service_name}-elb"
+ description = "${var.management_service_name} internal ELB"
+}
+resource "aws_security_group_rule" "management-elb-out-all" {
+ count = "${var.management_elb > 0 ? 1 : 0}"
+ security_group_id = "${aws_security_group.management-elb.id}"
+ type = "egress"
+ from_port = 0
+ to_port = 0
+ protocol = "all"
+ cidr_blocks = [ "0.0.0.0/0" ]
+}
+resource "aws_security_group_rule" "management-elb-in-ssh" {
+ count = "${var.management_elb > 0 ? 1 : 0}"
+ security_group_id = "${aws_security_group.management-elb.id}"
+ type = "ingress"
+ from_port = 22
+ to_port = 22
+ protocol = "tcp"
+ cidr_blocks = [ "0.0.0.0/0" ]
+}
+
+resource "aws_security_group" "management" {
+ vpc_id = "${var.vpc_id}"
+ name = "${var.management_service_name}"
+ description = "${var.management_service_name} service"
+}
+resource "aws_security_group_rule" "management-out-all" {
+ security_group_id = "${aws_security_group.management.id}"
+ type = "egress"
+ from_port = 0
+ to_port = 0
+ protocol = "all"
+ cidr_blocks = [ "0.0.0.0/0" ]
+}
+resource "aws_security_group_rule" "management-in-self" {
+ security_group_id = "${aws_security_group.management.id}"
+ type = "ingress"
+ from_port = 0
+ to_port = 0
+ protocol = "all"
+ self = true
+}
+resource "aws_security_group_rule" "management-in-elb" {
+ security_group_id = "${aws_security_group.management.id}"
+ type = "ingress"
+ from_port = 0
+ to_port = 0
+ protocol = "all"
+ source_security_group_id = "${aws_security_group.management-elb.id}"
+}
+
+resource "aws_elb" "management" {
+ count = "${var.management_elb > 0 ? 1 : 0}"
+ name = "${var.management_service_name}-int-elb"
+ security_groups = ["${aws_security_group.management-elb.id}"]
+ internal = true
+ listener {
+ instance_port = 22
+ instance_protocol = "TCP"
+ lb_port = 22
+ lb_protocol = "TCP"
+ }
+ health_check {
+ healthy_threshold = 3
+ unhealthy_threshold = 2
+ target = "TCP:22"
+ interval = 30
+ timeout = 10
+ }
+ idle_timeout = 600
+ subnets = ["${var.management_subnet_ids}"]
+}
+
+data "aws_ami" "amazon_linux" {
+ count = "${length(var.ami) > 0 ? 0 : 1}"
+ most_recent = true
+ owners = ["amazon"]
+ filter {
+ name = "name"
+ values = ["amzn-ami-hvm-*-gp2"]
+ }
+ filter {
+ name = "root-device-type"
+ values = ["ebs"]
+ }
+}
+
+data "aws_region" "current" {
+ current = true
+}
+data "template_file" "user_data" {
+ template = "${file("${path.module}/user-data.tpl")}"
+ vars {
+ region = "${data.aws_region.current.name}"
+ app_name = "${var.management_service_name}"
+ stack = ""
+ phase = "${var.phase}"
+ country = ""
+ cluster = "${var.management_service_name}-d0${var.phase}"
+ acct_name = "${var.acct_name}"
+ }
+}
+
+resource "aws_launch_configuration" "management" {
+ name_prefix = "${var.management_service_name}"
+ image_id = "${length(var.ami) > 0 ? var.ami : data.aws_ami.amazon_linux.image_id}"
+ instance_type = "${var.instance_type}"
+ iam_instance_profile = "${aws_iam_instance_profile.management.name}"
+ key_name = "${var.key_name}"
+ security_groups = ["${concat(var.security_group_ids, list(aws_security_group.management.id))}"]
+ associate_public_ip_address = false
+ user_data = "${data.template_file.user_data.rendered}"
+ lifecycle {
+ create_before_destroy = true
+ }
+}
+
+resource "aws_autoscaling_group" "management" {
+ name = "${var.management_service_name}"
+ launch_configuration = "${aws_launch_configuration.management.name}"
+ vpc_zone_identifier = ["${var.management_subnet_ids}"]
+ min_size = 0
+ max_size = "${length(var.management_subnet_ids)}"
+ default_cooldown = 10
+ health_check_type = "EC2"
+ load_balancers = ["${var.management_elb > 0 ? aws_elb.management.name : ""}"]
+ lifecycle {
+ create_before_destroy = true
+ }
+ tag {
+ propagate_at_launch = true
+ key = "module"
+ value = "${var.management_service_name}"
+ }
+ tag {
+ propagate_at_launch = true
+ key = "phase"
+ value = "${var.phase}"
+ }
+}
+
+resource "aws_autoscaling_notification" "management" {
+ group_names = ["${aws_autoscaling_group.management.name}"]
+ topic_arn = "${aws_sns_topic.management-events.arn}"
+ notifications = [
+ "autoscaling:EC2_INSTANCE_LAUNCH",
+ "autoscaling:EC2_INSTANCE_LAUNCH_ERROR",
+ "autoscaling:EC2_INSTANCE_TERMINATE",
+ "autoscaling:EC2_INSTANCE_TERMINATE_ERROR"
+ ]
+}
+
+data "aws_subnet" "management" {
+ count = "${length(var.management_subnet_ids)}"
+ id = "${element(var.management_subnet_ids, count.index)}"
+}
+
+resource "aws_ebs_volume" "management-data" {
+ count = "${length(var.management_subnet_ids) * var.management_data_efs}"
+ availability_zone = "${element(data.aws_subnet.management.*.availability_zone, count.index)}"
+ size = "${var.management_data_volume_size}"
+ type = "gp2"
+ tags {
+ module = "${var.management_service_name}"
+ }
+}
+
+resource "aws_efs_file_system" "management-data" {
+ count = "${var.management_data_efs}"
+ creation_token = "${var.management_service_name}-data"
+ tags {
+ Name = "${var.management_service_name}-data"
+ }
+}
+
+resource "aws_efs_mount_target" "management-data" {
+ count = "${length(var.management_subnet_ids) * var.management_data_efs}"
+ file_system_id = "${aws_efs_file_system.management-data.id}"
+ subnet_id = "${element(var.management_subnet_ids, count.index)}"
+ security_groups = ["${aws_security_group.management.id}"]
+}