Skip to content

Commit

Permalink
Merge pull request #3748 from ministryofjustice/csr/DSOS/2166-ssm-doc…
Browse files Browse the repository at this point in the history 
…-pre-ami

ami build ssm doc
  • Loading branch information
@haitchison
haitchison authored Oct 20, 2023
2 parents 40b0d73 + a377097 commit b10400d
Show file tree
Hide file tree
Showing 2 changed files with 190 additions and 0 deletions.
14 changes: 14 additions & 0 deletions terraform/environments/corporate-staff-rostering/ec2_common.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,4 +38,18 @@ resource "aws_ssm_document" "cloud_watch_agent" {
Name = "windows-cloudwatch-agent-config"
},
)
}

resource "aws_ssm_document" "ami_build" {
name = "ami-build"
document_type = "Command"
document_format = "YAML"
content = file("./ssm-documents/ami-build.yaml")

tags = merge(
local.tags,
{
Name = "ami-build"
},
)
}
176 changes: 176 additions & 0 deletions terraform/environments/corporate-staff-rostering/ssm-documents/ami-build.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,176 @@
---
schemaVersion: "2.2"
description: "SSM Document to convert an Azure VM into an AWS AMI."
parameters:
InstanceId:
type: "String"
description: "ID of the MGN replicated Azure server"
VolumeId:
type: "String"
description: "Root volume ID to be snapshotted"
SnapshotName:
type: "String"
description: "Name of the resultant snapshot"
AMIName:
type: "String"
description: "Name of the AMI being built"

mainSteps:
- name: CreateSnapshot
action: aws:createSnapshot
inputs:
InstanceId: "{{ InstanceId }}"
VolumeId: "{{ VolumeId }}"
description: "{{ SnapshotName }}"
onFailure: Stop

- name: getRootVolumeSpace
action: aws:runPowerShellScript
inputs:
runCommand:
- |
$rootVolume = Get-WmiObject -Query "SELECT * FROM Win32_LogicalDisk WHERE DeviceID = 'C:'"
$availableSpaceGB = [math]::Round(($rootVolume.FreeSpace / 1GB), 2)
Write-Output "Available space on the C drive is $availableSpaceGB"
- name: spaceAvailable
action: aws:runPowerShellScript
inputs:
runCommand:
- |
$totalSpaceGB = [math]::Round(($rootVolume.Size / 1GB), 2)
$availablePercentage = [math]::Round((($availableSpaceGB / $totalSpaceGB) * 100), 2)
Write-Output "Available space on the root volume (C:) is $availablePercentage% of the total space"
- name: extendDiskStop
action: aws:runPowerShellScript
maxAttempts: 1
onFailure: Stop
inputs:
runCommand:
- |
if ($availablePercentage% -lt 50) {
Write-Output "Available disk space is less than 50%. Stopping doc execution."
Exit 1
}
- name: stopDiscoveryAgent
action: aws:runPowerShellScript
inputs:
runCommand:
- |
Stop-Service -Name 'AWSDiscoveryService' -ErrorAction SilentlyContinue
- name: UninstallDiscoveryAgent
action: aws:runPowerShellScript
inputs:
runCommand:
- |
if (Test-Path 'C:\Program Files\Amazon\Amazon AppStream\aws-discovery-agent\uninstall.exe') {
Start-Process 'C:\Program Files\Amazon\Amazon AppStream\aws-discovery-agent\uninstall.exe' -ArgumentList '/S' -Wait
} elseif (Test-Path 'C:\Program Files\AWS\AWS Discovery Agent\uninstall.exe') {
Start-Process 'C:\Program Files\AWS\AWS Discovery Agent\uninstall.exe' -ArgumentList '/S' -Wait
} else {
Write-Host "AWS Discovery Agent not found for uninstallation."
}
- name: verifyUninstallation
action: aws:runPowerShellScript
inputs:
runCommand:
- |
if (-not (Test-Path 'C:\Program Files\Amazon\Amazon AppStream\aws-discovery-agent\uninstall.exe') -and -not (Test-Path 'C:\Program Files\AWS\AWS Discovery Agent\uninstall.exe'))
{
Write-Host "AWS Discovery Agent is successfully uninstalled."
} else {
Write-Host "AWS Discovery Agent uninstallation may have failed."
}
onFailure: Stop

- name: InstallFirefoxBrowser
action: aws:runPowerShellScript
inputs:
runCommand:
- |
Invoke-WebRequest -URI "https://download.mozilla.org/?product=firefox-esr-next-latest-ssl&os=win64&lang=en-GB" -OutFile "$ENV:TEMP\MozillaFirefox.exe"
Invoke-Item "$ENV:TEMP\MozillaFirefox.exe"
# wireshark

- name: InstallNmapTool
action: aws:runPowerShellScript
inputs:
runCommand:
- |
Invoke-WebRequest -URI "https://nmap.org/download" -OutFile "$ENV:TEMP\nmap.exe"
Invoke-Item "$ENV:TEMP\nmap.exe"
- name: checkADModulePresent
action: aws:runPowerShellScript
inputs:
runCommand:
- |
$module = Get-Module -ListAvailable -Name ActiveDirectory
if (-not $module) {
Write-Error "Active Directory module is not installed. Installing..."
}
- name: InstallActiveDirectoryModule
action: aws:runPowerShellScript
inputs:
runCommand:
- |
Install-WindowsFeature -Name "RSAT-AD-PowerShell" -IncludeAllSubFeature
- name: InstallEC2LaunchV2
action: aws:runPowerShellScript
inputs:
runCommand:
- |
Invoke-WebRequest -URI https://s3.amazonaws.com/ec2-downloads-windows/SSM-Agent/EC2Launch/latest/install.ps1 -OutFile $env:TEMP\install.ps1
powershell -ExecutionPolicy Bypass -File $env:TEMP\install.ps1
- name: verifyInstallation
action: aws:runPowerShellScript
inputs:
runCommand:
- |
if (Get-Service -Name EC2Launch | Where-Object {$_.Status -eq 'Running'}) {
Write-Output "EC2LaunchV2 driver installed and running successfully."
} else {
Write-Output "EC2LaunchV2 driver installation or service startup failed."
}
- name: stopInstance
action: aws:changeInstanceState
inputs:
instaneID: "{{ InstanceId }}"
desiredState: stopped

- name: createImage
action: aws:createImage
inputs:
InstanceId: "{{ InstanceId }}"
name: "{{ AMIName }}"
description: AMI created from "{{ InstanceId }}"
noReboot: true

- name: outputImageId
action: aws:runPowerShellScript
inputs:
runCommand:
- |
Write-Output "Image ID: $ImageId"
- name: waitForAMI
action: aws:waitForImages
inputs:
imageIds: ["{{ createImage.ImageId }}"]
state: available
maxResults: 1

- name: startInstance
action: aws:changeInstanceState
inputs:
instanceId: "{{ InstanceId }}"
desiredState: running

0 comments on commit b10400d

Please sign in to comment.