I want to create 2 aws_scheduler_schedule
resources, one to start an instance and another to stop it.
Those schedulers must of course have the corresponding roles; here is how I go about it
# ---------------------------------------------------------------------------------------------------------------------
# GITHUB-RUNNER EC2 SCHEDULERS
# ---------------------------------------------------------------------------------------------------------------------
resource "aws_scheduler_schedule" "gh_runners_ubuntu_start" {
for_each = var.gh_runners
name = format("%s-%s", "gh_runners_ubuntu_start", each.value.runner_id)
flexible_time_window {
mode = "OFF"
}
schedule_expression = each.value.start_time
target {
arn = "arn:aws:scheduler:::aws-sdk:ec2:startInstances"
role_arn = aws_iam_role.gh_runners_ubuntu_scheduler_role[each.key].arn
input = jsonencode({
InstanceIds = [
module.gh_runners_ubuntu[each.key].id
]
})
}
}
resource "aws_scheduler_schedule" "gh_runners_ubuntu_stop" {
for_each = var.gh_runners
name = format("%s-%s", "gh_runners_ubuntu_stop", each.value.runner_name)
flexible_time_window {
mode = "OFF"
}
schedule_expression = each.value.stop_time
target {
arn = "arn:aws:scheduler:::aws-sdk:ec2:stopInstances"
role_arn = aws_iam_role.gh_runners_ubuntu_scheduler_role[each.key].arn
input = jsonencode({
InstanceIds = [
module.gh_runners_ubuntu[each.key].id
]
})
}
}
resource "aws_iam_role" "gh_runners_ubuntu_scheduler_role" {
for_each = var.gh_runners
name = format("%s-%s", "gh_runners_ubuntu_scheduler_role", each.value.runner_name)
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Principal = {
Service = "events.amazonaws.com"
}
Condition = {
ArnEquals = {
"aws:SourceArn" = [
aws_scheduler_schedule.gh_runners_ubuntu_start[each.key].arn,
aws_scheduler_schedule.gh_runners_ubuntu_stop[each.key].arn,
]
}
}
}
]
})
}
resource "aws_iam_role_policy" "gh_runners_ubuntu_scheduler_role_policy" {
for_each = var.gh_runners
name = format("%s-%s", "gh_runners_ubuntu_scheduler_role_policy", each.value.runner_name)
role = aws_iam_role.gh_runners_ubuntu_scheduler[each.key].id
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Effect = "Allow"
Action = ["ec2:StopInstances", "ec2:StartInstances"]
Resource = module.gh_runners_ubuntu[each.key].arn
}
]
})
}
the plan fails as follows:
Error: Cycle: aws_scheduler_schedule.gh_runners_ubuntu_stop, aws_iam_role.gh_runners_ubuntu_scheduler_role, aws_scheduler_schedule.gh_runners_ubuntu_start
How can I go about it?