Adding the Route 53 samples

@@ -28,13 +28,13 @@ The presentation could be found [here](https://docs.google.com/presentation/d/1Z
   
 1.  Moving deployment script into temlplate provider
 2.  Using *length()* function to get size and create multiple resources
+3.  Add IAM profile for instance
 
 ### Sample5. Scaling our applications, adding scaling policies
   
-1.  Add IAM profile for instance
-2.  Creating launch configuration, autoscaling grops
-3.  Building module
-4.  Dealing with LoadBalancers and http
+1.  Creating launch configuration, autoscaling grops
+2.  Building module
+3.  Dealing with LoadBalancers and Certificates
 
 ### AppendixA.  Upgrading applications environment
 1.  Blue/Green deployment

+## Define a policy to RO
+resource "aws_iam_policy" "ec2-ro-policy" {
+    name        = "ec2-ro-policy"
+    path        = "/"
+    description = "Autocreated Policy to read tags from ec2 instance"
+    policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "Stmt1506366968000",
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeInstances",
+                "ec2:DescribeTags"
+            ],
+            "Resource": [
+                "*"
+            ]
+        }
+    ]
+}
+EOF
+}
+
+## STS AssumeRole Data
+data "aws_iam_policy_document" "instance-assume-role-policy" {
+  statement {
+  actions = ["sts:AssumeRole"]
+      principals {
+      type        = "Service"
+      identifiers = ["ec2.amazonaws.com"]
+                  }
+     }
+}
+
+## Add EC2 instance role
+resource "aws_iam_role" "ec2-instance-role" {
+     name               = "ec2-instance-role"
+     path               = "/"
+     assume_role_policy = "${data.aws_iam_policy_document.instance-assume-role-policy.json}"
+      }
+
+## Attach policy to role
+resource "aws_iam_policy_attachment" "ec2-policy-attachemnt" {
+    name       = "ec2-policy-attachemnt"
+    roles      = ["${aws_iam_role.ec2-instance-role.name}"]
+    policy_arn = "${aws_iam_policy.ec2-ro-policy.arn}"
+  }
+
+## Create instance profile and attah the role
+resource "aws_iam_instance_profile" "ec2-instance-profile" {
+          name  = "ec2-instance-profile"
+          role = "${aws_iam_role.ec2-instance-role.name}"
+}
+

@@ -16,5 +16,5 @@ default_db_subnet_group_subnet_ids = {
      eu-west-1 = [ "subnet-f1e92d8a", "subnet-304b7f7a"  ]
 }
 
-#
-instance_suffix = ["a","b"] 
+# Define instance suffix
+instance_suffix = ["blue","green"] 

@@ -8,12 +8,29 @@ module "m-elb-xpdays" {
   backend_port     = "3334"
   backend_protocol = "http"
 
-  #  ssl_certificate_id = "${data.aws_acm_certificate.wisehands.me.arn}"
+  ssl_certificate_id = "${data.aws_acm_certificate.star-shalb-com.arn}"
   health_check_target = "HTTP:3334/"
 
   #  elb_security_group = "${aws_security_group.elb-sg.id}"
 }
 
+# Get the certificate assigned
+data "aws_acm_certificate" "star-shalb-com" {
+    domain   = "*.aws.shalb.com"
+    statuses = ["ISSUED"]
+
+}
+
+# Attach the domain to ELB
+
+resource "aws_route53_record" "xpdays-aws-shalb-com" {
+  zone_id = "Z36XQDCMS0HHZM"
+  name    = "xpdays.aws.shalb.com"
+  type    = "CNAME"
+  ttl     = "300"
+  records = ["${module.m-elb-xpdays.elb_dns_name}"]
+}
+
 ## Add rule for access to ELB SG into default SG
 resource "aws_security_group_rule" "allow_3334_xpdays" {
   type                     = "ingress"

@@ -4,13 +4,13 @@ resource "aws_elb" "elb" {
   internal        = "${var.elb_is_internal}"
   security_groups = ["${aws_security_group.elb-sg.id}"]
 
-  #  listener {
-  #    instance_port = "${var.backend_port}"
-  #    instance_protocol = "${var.backend_protocol}"
-  #    lb_port = 443
-  #    lb_protocol = "https"
-  # #   ssl_certificate_id = "${var.ssl_certificate_id}"
-  #  }
+    listener {
+      instance_port = "${var.backend_port}"
+      instance_protocol = "${var.backend_protocol}"
+      lb_port = 443
+      lb_protocol = "https"
+      ssl_certificate_id = "${var.ssl_certificate_id}"
+    }
 
   listener {
     instance_port     = "${var.backend_port}"

@@ -13,9 +13,9 @@ variable "elb_is_internal" {
 
 // See README.md for details on finding the
 // ARN of an SSL certificate in EC2
-#variable "ssl_certificate_id" {
-#  description = "The ARN of the SSL Certificate in EC2"
-#}
+variable "ssl_certificate_id" {
+  description = "The ARN of the SSL Certificate in EC2"
+}
 
 variable "subnet_az1" {
   description = "The subnet for AZ1"

@@ -2,7 +2,7 @@
 hostname ${instancehostname} && hostname > /etc/hostname
 echo "127.0.0.1 localhost `hostname`" > /etc/hosts
 cd /home/ubuntu
-git clone https://bitbucket.org/bohdaq/wisehands.me.git
+git clone --branch ${versiontag}  https://bitbucket.org/bohdaq/wisehands.me.git
 cd /home/ubuntu/wisehands.me/ && play deps
 mkdir -p /home/ubuntu/wisehands.me/modules/guice-1.2
 cd /home/ubuntu/wisehands.me/modules/guice-1.2

@@ -6,6 +6,7 @@ data "template_file" "init" {
   vars {
     dbendpoint="${aws_db_instance.db-instance.username}:${aws_db_instance.db-instance.password}@${aws_db_instance.db-instance.endpoint}\\/${aws_db_instance.db-instance.name}"
     instancehostname="xpdays-${var.instance_suffix[count.index]}-${count.index}"
+    versiontag="${var.xpdays_versiontag}"
   }
 }
 
@@ -23,19 +24,19 @@ resource "aws_launch_configuration" "launch-xpdays" {
 
 ## Add Autoscaling group
 resource "aws_autoscaling_group" "asg-xpdays" {
-#    lifecycle { create_before_destroy = true }
-#    depends_on = ["aws_launch_configuration.launch-xpdays"]
+    lifecycle { create_before_destroy = true }
+    name                      = "asg-${aws_launch_configuration.launch-xpdays.name}-${var.instance_suffix[count.index]}"
+    
     desired_capacity          = "${lookup(var.instance_count_xpdays_desired, var.environment)}"
     max_size                  = "${lookup(var.instance_count_xpdays_max, var.environment)}"
     min_size                  = "${lookup(var.instance_count_xpdays_min, var.environment)}"
     health_check_grace_period = 300
     health_check_type         = "EC2"
     launch_configuration      = "${element(aws_launch_configuration.launch-xpdays.*.name, count.index)}"
-    name                      = "asg-xpdays-${var.instance_suffix[count.index]}"
     vpc_zone_identifier       =  ["${list(aws_subnet.default_subnet.id)}"]
     availability_zones        = ["${lookup(var.default_subnet_availability_zone, var.environment)}"]
     load_balancers            =  ["${module.m-elb-xpdays.elb_id}"]
-#    wait_for_elb_capacity     = "${element(var.instance_count_xpdays_desired[var.environment],count.index)}"
+    wait_for_elb_capacity     = "${lookup(var.instance_count_xpdays_min, var.environment)}"
     enabled_metrics = "${var.asg_enabled_metrics}"
     tag {
         key   = "Name"

+## Define the microservice version
+
+xpdays_versiontag = "0.0.2"
+
 ### AWS related
 
 region = {
@@ -44,7 +48,8 @@ asg_enabled_metrics = [ "GroupDesiredCapacity", "GroupPendingInstances", "GroupI
                         "GroupStandbyInstances", "GroupTotalInstances", "GroupMinSize" , "GroupTerminatingInstances" ]
 
 #
-instance_suffix = ["blue","green"]
+instance_suffix = ["blue"]
+#instance_suffix = ["blue","green"]
 
 
 instance_count_xpdays_desired = {
@@ -52,7 +57,7 @@ instance_count_xpdays_desired = {
 	        development = 1
 }
 instance_count_xpdays_min = {
-	        production = 0
+	        production = 1
 	        development = 1
 }
 instance_count_xpdays_max = {

-# VPC related stuff
+## Application version stuff
+
+variable "xpdays_versiontag" {}
+
+## VPC related stuff
 
 variable "region" {
   type        = "map"