Terraform with AWS

LCInstanceGen.sh

#!/bin/bash

REGION=${REGION:-"ap-southeast-2"}
INSTANCE='HAL-TheBigPHPMachine'
SCRIPT_EXT=-$REGION$INSTANCE
cp StartEC2Instances.py.template StartEC2Instances$SCRIPT_EXT.py
sed -i '' 's/__REGION__/'${REGION}'/g' StartEC2Instances$SCRIPT_EXT.py
sed -i '' 's/__INSTANCE__/'${INSTANCE}'/g' StartEC2Instances$SCRIPT_EXT.py
zip StartEC2Instances.zip StartEC2Instances$SCRIPT_EXT.py

cp StopEC2Instances.py.template StopEC2Instances$SCRIPT_EXT.py
sed -i '' 's/__REGION__/'${REGION}'/g' StopEC2Instances$SCRIPT_EXT.py
sed -i '' 's/__INSTANCE__/'${INSTANCE}'/g' StopEC2Instances$SCRIPT_EXT.py
zip StopEC2Instances.zip StopEC2Instances$SCRIPT_EXT.py

main.tf

provider "aws" {
  region = "${var.region}"
  shared_credentials_file = "~/.aws/credentials"
}

variable "region" {
  type = "string"
  default = "ap-southeast-2"
}

variable "instance" {
  type = "string"
}

resource "aws_iam_role" "iam_for_lambda" {
  name = "iam_for_lambda"
  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
EOF
}

resource "aws_lambda_function" "StartEC2Instances" {
  filename = "StartEC2Instances-${var.region}${var.instance}.zip"
  function_name = "StartEC2Instances-${var.region}${var.instance}"
  role = "${aws_iam_role.iam_for_lambda.arn}"
  handler = "StartEC2Instances-${var.region}${var.instance}.lambda_handler"
  source_code_hash = "${base64sha256(file("StartEC2Instances-${var.region}${var.instance}.zip"))}"
  runtime = "python2.7"
  environment {
    variables = {
      foo = "bar"
    }
  }
}

resource "aws_lambda_function" "StopEC2Instances" {
  filename = "StopEC2Instances-${var.region}${var.instance}.zip"
  function_name = "StopEC2Instances-${var.region}${var.instance}"
  role = "${aws_iam_role.iam_for_lambda.arn}"
  handler = "StopEC2Instances-${var.region}${var.instance}.lambda_handler"
  source_code_hash = "${base64sha256(file("StopEC2Instances-${var.region}${var.instance}.zip"))}"
  runtime = "python2.7"
  environment {
    variables = {
      foo = "bar"
    }
  }
}

# CloudWatch Alarm -> CloudWatch Event Target -> Posts to SNS Topic ->
## Start
resource "aws_cloudwatch_event_rule" "fires_at_8am_each_business_day" {
  name = "fires_at_8am_each_business_day"
  description = "CloudWatch Even that fires at 8am each day"
  schedule_expression = "cron(0 8 ? * MON-FRI *)"
}

resource "aws_cloudwatch_event_target" "sns_start_machines" {
  rule      = "${aws_cloudwatch_event_rule.fires_at_8am_each_business_day.name}"
  arn       = "${aws_sns_topic.start_machines.arn}"
}

resource "aws_sns_topic" "start_machines" {
  name = "start_machines"
}

resource "aws_sns_topic_subscription" "sns_start_machines" {
  topic_arn = "${aws_sns_topic.start_machines.arn}"
  protocol = "lambda"
  endpoint = "${aws_lambda_function.StartEC2Instances.arn}"
}

resource "aws_lambda_permission" "sns_start_machines" {
  statement_id = "AllowExecutionFromSNS"
  action = "lambda:InvokeFunction"
  function_name = "${aws_lambda_function.StartEC2Instances.arn}"
  principal = "sns.amazonaws.com"
  source_arn = "${aws_sns_topic.start_machines.arn}"
}

## Stop
resource "aws_sns_topic" "stop_machines" {
  name = "stop_machines"
}

resource "aws_cloudwatch_event_rule" "fires_at_8pm_each_business_day" {
  name = "fires_at_8pm_each_business_day"
  description = "CloudWatch Even that fires at 8pm each day"
  schedule_expression = "cron(0 20 ? * MON-FRI *)"
}

resource "aws_cloudwatch_event_target" "sns_stop_machines" {
  rule      = "${aws_cloudwatch_event_rule.fires_at_8pm_each_business_day.name}"
  arn       = "${aws_sns_topic.stop_machines.arn}"
}

resource "aws_sns_topic_subscription" "sns_stop_machines" {
  topic_arn = "${aws_sns_topic.stop_machines.arn}"
  protocol = "lambda"
  endpoint = "${aws_lambda_function.StopEC2Instances.arn}"
}

resource "aws_lambda_permission" "sns_stop_machines" {
  statement_id = "AllowExecutionFromSNS"
  action = "lambda:InvokeFunction"
  function_name = "${aws_lambda_function.StopEC2Instances.arn}"
  principal = "sns.amazonaws.com"
  source_arn = "${aws_sns_topic.stop_machines.arn}"
}

Makefile

create_ws:
	terraform workspace new lambdas
LCInstanceGen:
	./LCInstanceGen.sh
plan:
  terraform plan -var instance='HAL-TheBigPHPMachine' -var region=ap-southeast-2
apply:
  terraform apply -var instance='HAL-TheBigPHPMachine' -var region=ap-southeast-2
destroy:
  terraform destroy -force -var instance='HAL-TheBigPHPMachine' -var region=ap-southeast-2
invoke:
  aws lambda invoke --function-name StopEC2Instances-ap-southeast-2HAL-TheBigPHPMachine test.txt
list_topics:
  aws sns list-topics  
update:
  @MAKE LCInstanceGen
  @MAKE plan
  @MAKE apply

StartEC2Instances.py.template

import boto3

region = '__REGION__'
instances = ['__INSTANCE__']

def lambda_handler(event, context):
    ec2 = boto3.client('ec2', region_name=region)
    ec2.start_instances(InstanceIds=instances)
    print 'started your instances: ' + str(instances)

StopEC2Instances.py.template

import boto3

region = '__REGION__'
instances = ['__INSTANCE__']

def lambda_handler(event, context):
    ec2 = boto3.client('ec2', region_name=region)
    ec2.stop_instances(InstanceIds=instances)
    print 'stopped your instances: ' + str(instances)