From da89c075dbd42930c232ed1d4adfc58552b48e69 Mon Sep 17 00:00:00 2001
From: Niek Palm <npalm@users.noreply.github.com>
Date: Fri, 8 May 2020 07:39:42 +0200
Subject: [PATCH] Add policies to create ec2 instance for scale up (#8)

---
 .../runners/policies/lambda-scale-down.json   | 11 +++++++++
 modules/runners/policies/lambda-scale-up.json | 16 +++++++++++++
 modules/runners/scale-runners-lambda.tf       | 23 ++++++++++++++++---
 3 files changed, 47 insertions(+), 3 deletions(-)
 create mode 100644 modules/runners/policies/lambda-scale-down.json
 create mode 100644 modules/runners/policies/lambda-scale-up.json

diff --git a/modules/runners/policies/lambda-scale-down.json b/modules/runners/policies/lambda-scale-down.json
new file mode 100644
index 0000000000..0e500fde30
--- /dev/null
+++ b/modules/runners/policies/lambda-scale-down.json
@@ -0,0 +1,11 @@
+{
+    "Effect": "Allow",
+    "Action": [
+      "ec2:DescribeInstances*",
+      "ec2:DescribeTags",
+      "ec2:CreateTags",
+      "ec2:TerminateInstances"
+    ],
+    "Resource": ["*"]
+  },
+}
\ No newline at end of file
diff --git a/modules/runners/policies/lambda-scale-up.json b/modules/runners/policies/lambda-scale-up.json
new file mode 100644
index 0000000000..de5c01c2b1
--- /dev/null
+++ b/modules/runners/policies/lambda-scale-up.json
@@ -0,0 +1,16 @@
+{
+    "Effect": "Allow",
+    "Action": [
+      "ec2:DescribeInstances",
+      "ec2:DescribeTags",
+      "ec2:CreateTags",
+      "ec2:RunInstances",
+    ],
+    "Resource": ["*"]
+  },
+  {
+    "Effect": "Allow",
+    "Action": "iam:PassRole",
+    "Resource": "${arn_runner_instance_role}"
+  }
+}
\ No newline at end of file
diff --git a/modules/runners/scale-runners-lambda.tf b/modules/runners/scale-runners-lambda.tf
index b3ae4e2f26..c13e9dfa76 100644
--- a/modules/runners/scale-runners-lambda.tf
+++ b/modules/runners/scale-runners-lambda.tf
@@ -59,17 +59,34 @@ resource "aws_iam_policy_attachment" "scale_runners_lambda_logging" {
   policy_arn = aws_iam_policy.lambda_logging.arn
 }
 
-resource "aws_iam_policy" "scale_runners_lambda" {
+resource "aws_iam_policy" "scale_runners_lambda_sqs" {
   name        = "${var.environment}-lamda-scale-runners-sqs-receive-policy"
-  description = "Lambda webhook policy"
+  description = "Lambda scale up sqs policy"
 
   policy = templatefile("${path.module}/policies/lambda-scale-runners.json", {
     sqs_arn = var.sqs.arn
   })
 }
 
+resource "aws_iam_policy_attachment" "scale_runners_lambda_sqs" {
+  name       = "${var.environment}-scale-up-sqs"
+  roles      = [aws_iam_role.scale_runners_lambda.name]
+  policy_arn = aws_iam_policy.scale_runners_lambda_sqs.arn
+}
+
+
+resource "aws_iam_policy" "scale_runners_lambda" {
+  name        = "${var.environment}-lamda-scale-up-policy"
+  description = "Lambda scale up policy"
+
+  policy = templatefile("${path.module}/policies/lambda-scale-up.json", {
+    arn_runner_instance_role = aws_iam_role.runner.arn
+  })
+}
+
 resource "aws_iam_policy_attachment" "scale_runners_lambda" {
-  name       = "${var.environment}-scale-runners"
+  name       = "${var.environment}-scale-up"
   roles      = [aws_iam_role.scale_runners_lambda.name]
   policy_arn = aws_iam_policy.scale_runners_lambda.arn
 }
+