From 84055284a8504ff0fd1d9c0cf8e839f9c63e7f40 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Arturo=20Filast=C3=B2?= <arturo@filasto.net>
Date: Fri, 26 Jul 2024 16:41:36 +0200
Subject: [PATCH] Pin AMI to prevent destroy and re-create

---
 tf/modules/ansible_controller/main.tf |  9 +++------
 tf/modules/cloudhsm/main.tf           | 24 ++----------------------
 2 files changed, 5 insertions(+), 28 deletions(-)

diff --git a/tf/modules/ansible_controller/main.tf b/tf/modules/ansible_controller/main.tf
index 7cc22aad..ae109d45 100644
--- a/tf/modules/ansible_controller/main.tf
+++ b/tf/modules/ansible_controller/main.tf
@@ -1,7 +1,3 @@
-data "aws_ssm_parameter" "ubuntu_22_ami" {
-  name = "/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id"
-}
-
 resource "aws_security_group" "ansible_ctrl_sg" {
   description = "security group for ansible controller"
   name_prefix = "ooni-ansible-ctrl"
@@ -40,7 +36,8 @@ resource "aws_security_group" "ansible_ctrl_sg" {
 }
 
 resource "aws_instance" "ansible_controller" {
-  ami           = data.aws_ssm_parameter.ubuntu_22_ami.value
+  # Ubuntu 22.04
+  ami           = "ami-07652eda1fbad7432"
   instance_type = var.instance_type
   key_name      = var.key_name
 
@@ -60,7 +57,7 @@ resource "aws_instance" "ansible_controller" {
 
   vpc_security_group_ids = [aws_security_group.ansible_ctrl_sg.id]
 
-  tags = var.tags
+  tags = merge(var.tags, { Name = "ansible-controller" })
 }
 
 resource "aws_route53_record" "oonith_service_alias" {
diff --git a/tf/modules/cloudhsm/main.tf b/tf/modules/cloudhsm/main.tf
index 97f71822..1ea6d588 100644
--- a/tf/modules/cloudhsm/main.tf
+++ b/tf/modules/cloudhsm/main.tf
@@ -34,29 +34,9 @@ resource "aws_security_group" "hsm" {
   }
 }
 
-data "aws_ami" "amazon_linux" {
-  most_recent = true
-  owners      = ["amazon"]
-
-  filter {
-    name   = "name"
-    values = ["al2023-ami-*"]
-  }
-
-  filter {
-    name   = "architecture"
-    values = ["x86_64"]
-  }
-
-  filter {
-    name   = "virtualization-type"
-    values = ["hvm"]
-  }
-
-}
-
 resource "aws_instance" "codesign_box" {
-  ami = data.aws_ami.amazon_linux.id
+  # Amazon linux
+  ami = "ami-03bb61bfa8e4d149e"
 
   key_name      = var.key_name
   instance_type = "t3.micro"