Use variable for AMI ID

To limit the amount of changes of each deployment, and make sure the AMI used in the LC is appropriate for the given region, I added it to a variable.

Use variable for AMI ID
To limit the amount of changes of each deployment, and make sure the AMI used in the LC is appropriate for the given region, I added it to a variable.
44e9ee9b · Jared Kosanovic · 82d81887 · 44e9ee9b · 44e9ee9b · 44e9ee9b
Commit 44e9ee9b authored 4 years ago by Jared Kosanovic
--- a/README.md
+++ b/README.md
@@ -260,10 +260,14 @@ $ cd terraform
 ```
 #### Test Environment
 [testenv]: #test-environment
+
+If your aws profile differs from "default", override it using the `aws_profile` variable.
+
 ```shell script
 $ terraform init -backend-config="bucket=test-interop-terraform-state" \
                 -backend-config="key=ei.secureagent.tfstate" \
                 -backend-config="region=us-east-1"
+$ terraform apply -var-file=test.secure_agent.tfvars -var="aws_profile=<your_aws_profile_name>"
 ```
 #### Production Environment
 [prodenv]: #production-environment
@@ -271,33 +275,7 @@ $ terraform init -backend-config="bucket=test-interop-terraform-state" \
 $ terraform init -backend-config="bucket=prod-interop-terraform-state" \
                 -backend-config="key=ei.secureagent.tfstate" \
                 -backend-config="region=us-east-2"
-```
-```shell script
-$ terraform validate
-
-# create `secure_agent.tfvars` with required variables.
-$ cat secure_agent.tfvars
-image_name="265723766240.dkr.ecr.us-east-1.amazonaws.com/enterprise-integrations/iics_secure_agent:git-8f6f0d24"
-
-# sample `secure_agent.tfvars` for production set up.
-$ cat prod.secure_agent.tvfars
-image_name="265723766240.dkr.ecr.us-east-1.amazonaws.com/enterprise-integrations/iics_secure_agent:git-8f6f0d24"
-aws_region="us-east-2"
-vpc_tags={"Name":"prod-tier","tier":"prod"}
-private_subnets_filter={"Name":"prod-private-*"}
-security_group={"Name":"internal","tier":"prod"}
-container_name="iics-secure-agent-prod"
-ecs_iam_role="iics-secure-agent-iam-role-prod"
-ecs_execution_role="iics-secure-agent-ecs-execution-role-prod"
-ecs_cluster_tags={"Name":"iics-agent-cluster","tier":"prod"}
-ecs_task_tags={"Name":"iics-secure-agent","tier":"prod"}
-efs_tags={"Name":"iics-secure-agent","tier":"prod"}
-secure_agent_sg_tags={"Name":"secure-agent-efs-sg","tier":"prod"}
-iam_instance_profile="secure-agent-ecs-instance-profile-prod"
-iics_secret_access_policy="iics-secret-access-policy-prod"
-
-$ terraform plan -out agent.tfplan -var-file=<path>/<to>/secure_agent.tfvars
-$ terraform apply "agent.tfplan"
+$ terraform apply -var-file=prod.secure_agent.tfvars -var="aws_profile=<your_aws_profile_name>"
 ```

 ### Memory and CPU for Secure Agent

--- a/terraform/autoscaling-group.tf
+++ b/terraform/autoscaling-group.tf
@@ -4,7 +4,7 @@ data "aws_ssm_parameter" "ecs-optimized" {

 resource "aws_launch_configuration" "secure-agent-launch-config" {
  # Fix me: Make this use the ecs-optimized parameter so that it always uses the latest version.
-  image_id          = "ami-00f69adbdc780866c"
+  image_id          = var.ecs_optimized_ami

  enable_monitoring = false


--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -151,4 +151,8 @@ variable "secure_agent_efs_sg" {

 variable "iics_secret_access_policy" {
  default = "iics-secret-access-policy-test"
-}
\ No newline at end of file
+}
+
+variable "ecs_optimized_ami" {
+  default = "ami-00f69adbdc780866c"
+}