Worker lifecycle and permissions additions

e8a43eee · Chris Merrett · 140c11e0 · e8a43eee · e8a43eee
Commit e8a43eee authored Sep 12, 2018 by Chris Merrett
Show whitespace changes
Inline Side-by-side

Showing with 11 additions and 1 deletion

data.tf data.tf +3 -1

workers.tf workers.tf +8 -0

No files found.
--- a/data.tf
+++ b/data.tf
@@ -75,10 +75,12 @@ data "aws_iam_policy_document" "workers_autoscaling" {
    actions = [
      "autoscaling:DescribeAutoScalingGroups",
      "autoscaling:DescribeAutoScalingInstances",
+      "autoscaling:DescribeLaunchConfigurations",
      "autoscaling:DescribeTags",
+      "autoscaling:GetAsgForInstance",
      "autoscaling:SetDesiredCapacity",
      "autoscaling:TerminateInstanceInAutoScalingGroup",
-      "autoscaling:DescribeLaunchConfigurations",
+      "autoscaling:UpdateAutoScalingGroup",
      "ec2:DescribeLaunchTemplateVersions",
    ]


--- a/workers.tf
+++ b/workers.tf
@@ -7,6 +7,10 @@ resource "aws_launch_configuration" "workers" {
  name_prefix                 = "${var.cluster_name}-eks-workers-"
  security_groups             = ["${aws_security_group.workers.id}"]
  user_data_base64            = "${base64encode(data.template_file.workers_userdata.rendered)}"
+
+  lifecycle {
+    create_before_destroy = true
+  }
 }

 resource "aws_autoscaling_group" "workers" {
@@ -40,6 +44,10 @@ resource "aws_autoscaling_group" "workers" {
    value               = "owned"
    propagate_at_launch = true
  }
+
+  lifecycle {
+    ignore_changes = ["desired_capacity"]
+  }
 }

 resource "aws_security_group" "workers" {