-
Notifications
You must be signed in to change notification settings - Fork 0
/
main2.tf
83 lines (73 loc) · 2.78 KB
/
main2.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
provider "aws" {
region = "your_aws_region"
}
variable "schedule" {
default = "cron(0 8 ? * MON-FRI *)" # Start at 08:00 UTC on weekdays
}
variable "tag" {
default = "AutoStartStop"
}
resource "aws_iam_policy" "ec2_start_stop_policy" {
name = "EC2StartStopPolicy"
description = "Policy for starting and stopping EC2 instances"
policy = jsonencode({
Version = "2012-10-17",
Statement = [
{
Effect = "Allow",
Action = [
"ec2:StartInstances",
"ec2:StopInstances"
],
Resource = "arn:aws:ec2:*:*:instance/*",
Condition = {
StringEquals = {
"aws:RequestTag/${var.tag}" = "true"
},
"Bool": {
"aws:ResourceTag/${var.tag}" = "true"
}
}
}
]
})
}
resource "aws_iam_policy_attachment" "ec2_start_stop_policy_attachment" {
name = "EC2StartStopPolicyAttachment"
roles = ["your_iam_role"]
policy_arn = aws_iam_policy.ec2_start_stop_policy.arn
}
resource "aws_cloudwatch_event_rule" "start_ec2_instances" {
name = "StartEC2Instances"
description = "Start EC2 instances on schedule"
schedule_expression = var.schedule
}
resource "aws_cloudwatch_event_target" "start_ec2_target" {
rule = aws_cloudwatch_event_rule.start_ec2_instances.name
target_id = "StartEC2InstancesTarget"
arn = "arn:aws:lambda:your_aws_region:your_account_id:function:start_ec2_instances_lambda_function"
}
resource "aws_lambda_permission" "allow_cloudwatch_to_invoke_lambda" {
statement_id = "AllowExecutionFromCloudWatch"
action = "lambda:InvokeFunction"
function_name = "arn:aws:lambda:your_aws_region:your_account_id:function:start_ec2_instances_lambda_function"
principal = "events.amazonaws.com"
source_arn = aws_cloudwatch_event_rule.start_ec2_instances.arn
}
resource "aws_cloudwatch_event_rule" "stop_ec2_instances" {
name = "StopEC2Instances"
description = "Stop EC2 instances on schedule"
schedule_expression = var.schedule
}
resource "aws_cloudwatch_event_target" "stop_ec2_target" {
rule = aws_cloudwatch_event_rule.stop_ec2_instances.name
target_id = "StopEC2InstancesTarget"
arn = "arn:aws:lambda:your_aws_region:your_account_id:function:stop_ec2_instances_lambda_function"
}
resource "aws_lambda_permission" "allow_cloudwatch_to_invoke_lambda_stop" {
statement_id = "AllowExecutionFromCloudWatchStop"
action = "lambda:InvokeFunction"
function_name = "arn:aws:lambda:your_aws_region:your_account_id:function:stop_ec2_instances_lambda_function"
principal = "events.amazonaws.com"
source_arn = aws_cloudwatch_event_rule.stop_ec2_instances.arn
}