Add policies to create ec2 instance for scale up (#8)

github-aws-runners · May 8, 2020 · da89c07 · da89c07
1 parent cf7124c
commit da89c07
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 3 deletions.
diff --git a/modules/runners/policies/lambda-scale-down.json b/modules/runners/policies/lambda-scale-down.json
@@ -0,0 +1,11 @@
+{
+    "Effect": "Allow",
+    "Action": [
+      "ec2:DescribeInstances*",
+      "ec2:DescribeTags",
+      "ec2:CreateTags",
+      "ec2:TerminateInstances"
+    ],
+    "Resource": ["*"]
+  },
+}
diff --git a/modules/runners/policies/lambda-scale-up.json b/modules/runners/policies/lambda-scale-up.json
@@ -0,0 +1,16 @@
+{
+    "Effect": "Allow",
+    "Action": [
+      "ec2:DescribeInstances",
+      "ec2:DescribeTags",
+      "ec2:CreateTags",
+      "ec2:RunInstances",
+    ],
+    "Resource": ["*"]
+  },
+  {
+    "Effect": "Allow",
+    "Action": "iam:PassRole",
+    "Resource": "${arn_runner_instance_role}"
+  }
+}
diff --git a/modules/runners/scale-runners-lambda.tf b/modules/runners/scale-runners-lambda.tf
@@ -59,17 +59,34 @@ resource "aws_iam_policy_attachment" "scale_runners_lambda_logging" {
   policy_arn = aws_iam_policy.lambda_logging.arn
 }
 
-resource "aws_iam_policy" "scale_runners_lambda" {
+resource "aws_iam_policy" "scale_runners_lambda_sqs" {
   name        = "${var.environment}-lamda-scale-runners-sqs-receive-policy"
-  description = "Lambda webhook policy"
+  description = "Lambda scale up sqs policy"
 
   policy = templatefile("${path.module}/policies/lambda-scale-runners.json", {
     sqs_arn = var.sqs.arn
   })
 }
 
+resource "aws_iam_policy_attachment" "scale_runners_lambda_sqs" {
+  name       = "${var.environment}-scale-up-sqs"
+  roles      = [aws_iam_role.scale_runners_lambda.name]
+  policy_arn = aws_iam_policy.scale_runners_lambda_sqs.arn
+}
+
+
+resource "aws_iam_policy" "scale_runners_lambda" {
+  name        = "${var.environment}-lamda-scale-up-policy"
+  description = "Lambda scale up policy"
+
+  policy = templatefile("${path.module}/policies/lambda-scale-up.json", {
+    arn_runner_instance_role = aws_iam_role.runner.arn
+  })
+}
+
 resource "aws_iam_policy_attachment" "scale_runners_lambda" {
-  name       = "${var.environment}-scale-runners"
+  name       = "${var.environment}-scale-up"
   roles      = [aws_iam_role.scale_runners_lambda.name]
   policy_arn = aws_iam_policy.scale_runners_lambda.arn
 }
+