terraform-aws-elastic-beanstalk-environment icon indicating copy to clipboard operation
terraform-aws-elastic-beanstalk-environment copied to clipboard

Published 20 hours ago verified publisher icon cloudposse

Feat/instance profile iam

Open florian0410 opened this issue 3 years ago • 9 comments

what

  • Enhancement of #107 + #113, due to original developer seemingly abandoning the original PR.
    • Adds service_role_name as another 'override', like instance_role_name is in the original PR.
  • Allow the user of the module to specify an existing IAM Role name for the instance profile.
  • Allow the user of the module to specify an existing IAM Role name for the service profile.
  • This IAM role name will be used to create the instance profile that is assigned to the EC2 instances managed by Elastic Beanstalk.
  • Add lifecycle create_before_destroy since some of my testings showed that we could break the environment if we remove the IAM role before Beanstalk finished to update the environment.
  • Add example using nlb

why

  • Some environments/users do not have the ability to create their own IAM roles/policies, for security reasons. This change allows a user to provide their own IAM role if one already exists.
  • Currently the module creates an IAM role and a series of permissions for the role.
  • It is hard to specify what permission to use
  • We cannot entirely define the permissions to use even with extended_ec2_policy_document

references

  • closes #70
  • closes #107
  • closes #127
  • closes #113
  • Give a solution for #181 (still some work to do after this)

Mentions

I reused propositions from #113 and #107 for this PR with some rebase, thank you to @bstascavage and @Jbarna

florian0410 avatar Aug 02 '21 21:08 florian0410

/test all

florian0410 avatar Aug 02 '21 21:08 florian0410

/test all

florian0410 avatar Aug 26 '21 13:08 florian0410

The create_before_destroy lifecycle sounds like it could cause other problems. I'll defer to my teammates to see if they have any issues with it.

cc: @aknysh @jamengual

nitrocode avatar Aug 26 '21 15:08 nitrocode

/test all

florian0410 avatar Aug 27 '21 10:08 florian0410

/test all

florian0410 avatar Sep 28 '21 19:09 florian0410

Hello @nitrocode just fixed some things according to your suggestions.

Is the security groups feature still blocking MR in this repository ?

florian0410 avatar Sep 28 '21 20:09 florian0410

This pull request is now in conflict. Could you fix it @florian0410? 🙏

mergify[bot] avatar Dec 16 '21 17:12 mergify[bot]

@florian0410 please resolve the conflicts

aknysh avatar Dec 31 '21 16:12 aknysh

@florian0410 please resolve the conflicts

aknysh avatar Jan 18 '22 15:01 aknysh

@florian0410 please resolve the conflicts!

lbeltramino-uala avatar Nov 24 '22 19:11 lbeltramino-uala

@florian0410 please resolve the conflicts!

lbeltramino avatar Nov 25 '22 12:11 lbeltramino

please resolve the conflicts! we need this

damiromero-uala avatar Nov 25 '22 12:11 damiromero-uala

@lbeltramino-uala @lbeltramino @damiromero-uala -- At this point, I think @florian0410 is likely too busy and isn't likely to pick this one up. I would highly suggest that one of you take his work and create a new branch, work through the conflicts, and PR that. I would be happy to review, so please add me as a reviewer if you choose to do so. Thanks!

Gowiem avatar Nov 27 '22 19:11 Gowiem