From f7b87b50f1494d2ade3e39021f1aed241a1572dc Mon Sep 17 00:00:00 2001
From: Nuwan Rajika Kumarasiri <nuwan.kumarasiri@wisc.edu>
Date: Wed, 11 Mar 2020 12:46:22 -0500
Subject: [PATCH] Update Secure Agent's EC2 instance for a better instance -
 WISCALERTS-2

* Adjusted the instance to be a `t2.xlarge` since we are going to have more load.
* Increased container memory to 15 GiB.
* Increased EC2 instance's EBS root volume to 40 GB.
* Re-named the profile to indicate the environment it's associated to.
---
 terraform/autoscaling-group.tf |  5 ++++-
 terraform/security.tf          |  5 +++++
 terraform/variables.tf         | 22 +++++++++++++---------
 3 files changed, 22 insertions(+), 10 deletions(-)

diff --git a/terraform/autoscaling-group.tf b/terraform/autoscaling-group.tf
index 2e34ca0..6dfc203 100644
--- a/terraform/autoscaling-group.tf
+++ b/terraform/autoscaling-group.tf
@@ -34,13 +34,16 @@ resource "aws_launch_configuration" "secure-agent-launch-config" {
   enable_monitoring = false
 
   iam_instance_profile = aws_iam_instance_profile.ecs-instance-profile.name
-  security_groups      = [data.aws_security_group.sec-group.id]
+  security_groups      = [data.aws_security_group.sec-group.id, data.aws_security_group.default.id]
   user_data            = <<EOF
               #!/bin/bash
               echo ECS_CLUSTER=${var.ecs_cluster_name} >> /etc/ecs/ecs.config
               sudo yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm
               EOF
   instance_type        = var.instance_type
+  root_block_device {
+    volume_size = var.instance_ebs_size
+  }
   lifecycle {
     create_before_destroy = true
   }
diff --git a/terraform/security.tf b/terraform/security.tf
index d459e3d..900795e 100644
--- a/terraform/security.tf
+++ b/terraform/security.tf
@@ -3,6 +3,11 @@ data "aws_security_group" "sec-group" {
   tags   = var.security_group
 }
 
+data "aws_security_group" "default" {
+  vpc_id = data.aws_vpc.vpc.id
+  name = "default"
+}
+
 // open port 2049 for NFSv4
 resource "aws_security_group" "secure-agent-efs-sg" {
   name   = var.secure_agent_efs_sg
diff --git a/terraform/variables.tf b/terraform/variables.tf
index 92648e3..61204a6 100644
--- a/terraform/variables.tf
+++ b/terraform/variables.tf
@@ -61,7 +61,18 @@ variable "container_hostname" {
 }
 
 variable "container_memory" {
-  default = 5120 # 5GB
+  default = 15360 # 15GiB
+}
+
+variable "instance_ebs_size" {
+  default = 40 # 40GB
+}
+
+# see Secure Agent system requirements, before changing instance type, see the
+# supported instance types for launch configuration. See `container_memory` above for
+# configuring memory for container process.
+variable "instance_type" {
+  default = "t2.xlarge" # 4 vCPU, 16 GB
 }
 
 variable "container_app_port" {
@@ -78,15 +89,8 @@ variable "container_count" {
   default = 1
 }
 
-# see Secure Agent system requirements, before changing instance type, see the
-# supported instance types for launch configuration. See `container_memory` above for
-# configuring memory for container process.
-variable "instance_type" {
-  default = "t2.large" # 2 vCPU, 8 GB
-}
-
 variable "ecs_iam_role" {
-  default = "iics-secure-agent-iam-role"
+  default = "iics-secure-agent-iam-role-test"
 }
 
 variable "ecs_cluster_name" {
-- 
GitLab