tf/asg: Look up Fedora AMI by attributes

Instead of hard-coding the AMI ID of the Fedora build we want, we can use the `aws_ami` data source to search for it. The Fedora release team has a consistent naming scheme for AMIs, so finding the correct one is straightforward.
2023-11-13 20:27:50 -06:00 · 2023-11-13 20:27:50 -06:00 · 02772f17dd
parent 473e279a18
commit 02772f17dd
2 changed files with 22 additions and 1 deletions
--- a/terraform/asg.tf
+++ b/terraform/asg.tf
@ -27,11 +27,31 @@ resource "aws_security_group" "k8s-node" {
  }
 }

+data "aws_ami" "latest-fedora" {
+  most_recent = true
+  owners = ["125523088429"]
+
+  filter {
+    name = "name"
+    values = ["Fedora-Cloud-Base-38-1.*"]
+  }
+
+  filter {
+    name = "virtualization-type"
+    values = ["hvm"]
+  }
+
+  filter {
+    name = "architecture"
+    values = ["arm64"]
+  }
+}
+
 resource "aws_launch_template" "k8s-aarch64" {
  name = "k8s-aarch64"

  update_default_version = true
-  image_id               = "ami-0dcd72048e69236de"
+  image_id               = "${data.aws_ami.latest-fedora.id}"
  instance_type          = "t4g.medium"
  security_group_names   = [aws_security_group.k8s-node.name]
  key_name               = "dustin@rosalina"
--- a/terraform/iam-policy.json
+++ b/terraform/iam-policy.json
@ -11,6 +11,7 @@
                "autoscaling:DescribeTags",
                "sns:Unsubscribe",
                "sns:GetSubscriptionAttributes",
+                "ec2:DescribeImages",
                "ec2:DescribeSecurityGroups"
            ],
            "Resource": "*"