Completed task on using IAM roles in AWS via Terraform by whatislavx · Pull Request #22 · mate-academy/aws_devops_task_5_use_iam_roles

whatislavx · 2026-03-16T12:26:35Z

No description provided.

Copilot

Pull request overview

This PR updates the Terraform module for the Grafana EC2 deployment to use an IAM role (via instance profile) for CloudWatch access, and parameterizes previously hard-coded configuration via input variables.

Changes:

Parameterized AMI selection, instance sizing, tagging, key pair, and user-data paths via new variables and updated resource references.
Added IAM resources (policy, role, role-policy attachment, instance profile) and attached the instance profile to the EC2 instance.
Updated outputs and committed updated terraform.tfvars and a generated tfplan.json.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
`main.tf`	Uses new variables and adds IAM policy/role/attachment/instance profile; wires instance profile into EC2 instance.
`variables.tf`	Adds new inputs for AMI selection, key pair, tagging, instance type, and user-data path.
`terraform.tfvars`	Populates variables with concrete values for the lab environment.
`outputs.tf`	Fixes IAM role ARN output to reference the correct role resource.
`tfplan.json`	Adds generated Terraform plan JSON used by the repository’s test script.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

@@ -0,0 +1 @@
+{"format_version":"1.2","terraform_version":"1.14.4","variables":{"ami_name_pattern":{"value":"amzn2-ami-hvm-*-gp2"},"ami_owners":{"value":["amazon"]},"instance_type":{"value":"t2.micro"},"key_pair_name":{"value":"aws-grafana-lab-key"},"public_key_path":{"value":"~/.ssh/id_rsa.pub"},"resource_name_tag":{"value":"mate-aws-grafana-lab"},"security_group_id":{"value":"sg-0dde7e9651d3cbd07"},"subnet_id":{"value":"subnet-0f505455b2df01be3"},"user_data_path":{"value":"./install-grafana.sh"}},"planned_values":{"outputs":{"grafana_iam_role_arn":{"sensitive":false},"grafana_url":{"sensitive":false},"instance_public_ip":{"sensitive":false}},"root_module":{"resources":[{"address":"aws_iam_instance_profile.instance_profile","mode":"managed","type":"aws_iam_instance_profile","name":"instance_profile","provider_name":"registry.terraform.io/hashicorp/aws","schema_version":0,"values":{"name":"grafana_instance_profile","path":"/","role":"grafana_role","tags":null},"sensitive_values":{"tags_all":{}}},{"address":"aws_iam_policy.policy","mode":"managed","type":"aws_iam_policy","name":"policy","provider_name":"registry.terraform.io/hashicorp/aws","schema_version":0,"values":{"description":"My test policy","name":"grafana_policy","path":"/","policy":"{\"Statement\":[{\"Action\":[\"cloudwatch:DescribeAlarmsForMetric\",\"cloudwatch:DescribeAlarmHistory\",\"cloudwatch:DescribeAlarms\",\"cloudwatch:ListMetrics\",\"cloudwatch:GetMetricData\",\"cloudwatch:GetInsightRuleReport\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"AllowReadingMetricsFromCloudWatch\"},{\"Action\":\"pi:GetResourceMetrics\",\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"AllowReadingResourceMetricsFromPerformanceInsights\"},{\"Action\":[\"logs:DescribeLogGroups\",\"logs:GetLogGroupFields\",\"logs:StartQuery\",\"logs:StopQuery\",\"logs:GetQueryResults\",\"logs:GetLogEvents\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"AllowReadingLogsFromCloudWatch\"},{\"Action\":[\"ec2:DescribeTags\",\"ec2:DescribeInstances\",\"ec2:DescribeRegions\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"AllowReadingTagsInstancesRegionsFromEC2\"},{\"Action\":\"tag:GetResources\",\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"AllowReadingResourcesForTags\"}],\"Version\":\"2012-10-17\"}","tags":null},"sensitive_values":{"tags_all":{}}},{"address":"aws_iam_role.role","mode":"managed","type":"aws_iam_role","name":"role","provider_name":"registry.terraform.io/hashicorp/aws","schema_version":0,"values":{"assume_role_policy":"{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ec2.amazonaws.com\"},\"Sid\":\"\"}],\"Version\":\"2012-10-17\"}","description":null,"force_detach_policies":false,"max_session_duration":3600,"name":"grafana_role","path":"/","permissions_boundary":null,"tags":{"tag-key":"grafana_role"},"tags_all":{"tag-key":"grafana_role"}},"sensitive_values":{"inline_policy":[],"managed_policy_arns":[],"tags":{},"tags_all":{}}},{"address":"aws_iam_role_policy_attachment.test-attach","mode":"managed","type":"aws_iam_role_policy_attachment","name":"test-attach","provider_name":"registry.terraform.io/hashicorp/aws","schema_version":0,"values":{"role":"grafana_role"},"sensitive_values":{}},{"address":"aws_instance.this","mode":"managed","type":"aws_instance","name":"this","provider_name":"registry.terraform.io/hashicorp/aws","schema_version":1,"values":{"ami":"ami-08f4f484ed94e8352","associate_public_ip_address":true,"credit_specification":[],"get_password_data":false,"hibernation":null,"iam_instance_profile":"grafana_instance_profile","instance_type":"t2.micro","key_name":"aws-grafana-lab-key","launch_template":[],"source_dest_check":true,"subnet_id":"subnet-0f505455b2df01be3","tags":{"Name":"mate-aws-grafana-lab"},"tags_all":{"Name":"mate-aws-grafana-lab"},"timeouts":null,"user_data":"2bd3ada6c540a3442e076f804f65df2a7a20960f","user_data_replace_on_change":false,"volume_tags":null,"vpc_security_group_ids":["sg-0dde7e9651d3cbd07"]},"sensitive_values":{"capacity_reservation_specification":[],"cpu_options":[],"credit_specification":[],"ebs_block_device":[],"enclave_options":[],"ephemeral_block_device":[],"instance_market_options":[],"ipv6_addresses":[],"launch_template":[],"maintenance_options":[],"metadata_options":[],"network_interface":[],"private_dns_name_options":[],"root_block_device":[],"secondary_private_ips":[],"security_groups":[],"tags":{},"tags_all":{},"vpc_security_group_ids":[false]}},{"address":"aws_key_pair.this","mode":"managed","type":"aws_key_pair","name":"this","provider_name":"registry.terraform.io/hashicorp/aws","schema_version":1,"values":{"key_name":"aws-grafana-lab-key","public_key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBta8T6JDDqhYYnqzIe3l5DIhR6Id++tdfakOAxK9vpx asus@MyComputer","tags":{"Name":"mate-aws-grafana-lab"},"tags_all":{"Name":"mate-aws-grafana-lab"}},"sensitive_values":{"tags":{},"tags_all":{}}}]}},"resource_changes":[{"address":"aws_iam_instance_profile.instance_profile","mode":"managed","type":"aws_iam_instance_profile","name":"instance_profile","provider_name":"registry.terraform.io/hashicorp/aws","change":{"actions":["create"],"before":null,"after":{"name":"grafana_instance_profile","path":"/","role":"grafana_role","tags":null},"after_unknown":{"arn":true,"create_date":true,"id":true,"name_prefix":true,"tags_all":true,"unique_id":true},"before_sensitive":false,"after_sensitive":{"tags_all":{}}}},{"address":"aws_iam_policy.policy","mode":"managed","type":"aws_iam_policy","name":"policy","provider_name":"registry.terraform.io/hashicorp/aws","change":{"actions":["create"],"before":null,"after":{"description":"My test policy","name":"grafana_policy","path":"/","policy":"{\"Statement\":[{\"Action\":[\"cloudwatch:DescribeAlarmsForMetric\",\"cloudwatch:DescribeAlarmHistory\",\"cloudwatch:DescribeAlarms\",\"cloudwatch:ListMetrics\",\"cloudwatch:GetMetricData\",\"cloudwatch:GetInsightRuleReport\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"AllowReadingMetricsFromCloudWatch\"},{\"Action\":\"pi:GetResourceMetrics\",\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"AllowReadingResourceMetricsFromPerformanceInsights\"},{\"Action\":[\"logs:DescribeLogGroups\",\"logs:GetLogGroupFields\",\"logs:StartQuery\",\"logs:StopQuery\",\"logs:GetQueryResults\",\"logs:GetLogEvents\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"AllowReadingLogsFromCloudWatch\"},{\"Action\":[\"ec2:DescribeTags\",\"ec2:DescribeInstances\",\"ec2:DescribeRegions\"],\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"AllowReadingTagsInstancesRegionsFromEC2\"},{\"Action\":\"tag:GetResources\",\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"AllowReadingResourcesForTags\"}],\"Version\":\"2012-10-17\"}","tags":null},"after_unknown":{"arn":true,"attachment_count":true,"id":true,"name_prefix":true,"policy_id":true,"tags_all":true},"before_sensitive":false,"after_sensitive":{"tags_all":{}}}},{"address":"aws_iam_role.role","mode":"managed","type":"aws_iam_role","name":"role","provider_name":"registry.terraform.io/hashicorp/aws","change":{"actions":["create"],"before":null,"after":{"assume_role_policy":"{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ec2.amazonaws.com\"},\"Sid\":\"\"}],\"Version\":\"2012-10-17\"}","description":null,"force_detach_policies":false,"max_session_duration":3600,"name":"grafana_role","path":"/","permissions_boundary":null,"tags":{"tag-key":"grafana_role"},"tags_all":{"tag-key":"grafana_role"}},"after_unknown":{"arn":true,"create_date":true,"id":true,"inline_policy":true,"managed_policy_arns":true,"name_prefix":true,"tags":{},"tags_all":{},"unique_id":true},"before_sensitive":false,"after_sensitive":{"inline_policy":[],"managed_policy_arns":[],"tags":{},"tags_all":{}}}},{"address":"aws_iam_role_policy_attachment.test-attach","mode":"managed","type":"aws_iam_role_policy_attachment","name":"test-attach","provider_name":"registry.terraform.io/hashicorp/aws","change":{"actions":["create"],"before":null,"after":{"role":"grafana_role"},"after_unknown":{"id":true,"policy_arn":true},"before_sensitive":false,"after_sensitive":{}}},{"address":"aws_instance.this","mode":"managed","type":"aws_instance","name":"this","provider_name":"registry.terraform.io/hashicorp/aws","change":{"actions":["create"],"before":null,"after":{"ami":"ami-08f4f484ed94e8352","associate_public_ip_address":true,"credit_specification":[],"get_password_data":false,"hibernation":null,"iam_instance_profile":"grafana_instance_profile","instance_type":"t2.micro","key_name":"aws-grafana-lab-key","launch_template":[],"source_dest_check":true,"subnet_id":"subnet-0f505455b2df01be3","tags":{"Name":"mate-aws-grafana-lab"},"tags_all":{"Name":"mate-aws-grafana-lab"},"timeouts":null,"user_data":"2bd3ada6c540a3442e076f804f65df2a7a20960f","user_data_replace_on_change":false,"volume_tags":null,"vpc_security_group_ids":["sg-0dde7e9651d3cbd07"]},"after_unknown":{"arn":true,"availability_zone":true,"capacity_reservation_specification":true,"cpu_core_count":true,"cpu_options":true,"cpu_threads_per_core":true,"credit_specification":[],"disable_api_stop":true,"disable_api_termination":true,"ebs_block_device":true,"ebs_optimized":true,"enable_primary_ipv6":true,"enclave_options":true,"ephemeral_block_device":true,"host_id":true,"host_resource_group_arn":true,"id":true,"instance_initiated_shutdown_behavior":true,"instance_lifecycle":true,"instance_market_options":true,"instance_state":true,"ipv6_address_count":true,"ipv6_addresses":true,"launch_template":[],"maintenance_options":true,"metadata_options":true,"monitoring":true,"network_interface":true,"outpost_arn":true,"password_data":true,"placement_group":true,"placement_partition_number":true,"primary_network_interface_id":true,"private_dns":true,"private_dns_name_options":true,"private_ip":true,"public_dns":true,"public_ip":true,"root_block_device":true,"secondary_private_ips":true,"security_groups":true,"spot_instance_request_id":true,"tags":{},"tags_all":{},"tenancy":true,"user_data_base64":true,"vpc_security_group_ids":[false]},"before_sensitive":false,"after_sensitive":{"capacity_reservation_specification":[],"cpu_options":[],"credit_specification":[],"ebs_block_device":[],"enclave_options":[],"ephemeral_block_device":[],"instance_market_options":[],"ipv6_addresses":[],"launch_template":[],"maintenance_options":[],"metadata_options":[],"network_interface":[],"private_dns_name_options":[],"root_block_device":[],"secondary_private_ips":[],"security_groups":[],"tags":{},"tags_all":{},"vpc_security_group_ids":[false]}}},{"address":"aws_key_pair.this","mode":"managed","type":"aws_key_pair","name":"this","provider_name":"registry.terraform.io/hashicorp/aws","change":{"actions":["create"],"before":null,"after":{"key_name":"aws-grafana-lab-key","public_key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBta8T6JDDqhYYnqzIe3l5DIhR6Id++tdfakOAxK9vpx asus@MyComputer","tags":{"Name":"mate-aws-grafana-lab"},"tags_all":{"Name":"mate-aws-grafana-lab"}},"after_unknown":{"arn":true,"fingerprint":true,"id":true,"key_name_prefix":true,"key_pair_id":true,"key_type":true,"tags":{},"tags_all":{}},"before_sensitive":false,"after_sensitive":{"tags":{},"tags_all":{}}}}],"output_changes":{"grafana_iam_role_arn":{"actions":["create"],"before":null,"after_unknown":true,"before_sensitive":false,"after_sensitive":false},"grafana_url":{"actions":["create"],"before":null,"after_unknown":true,"before_sensitive":false,"after_sensitive":false},"instance_public_ip":{"actions":["create"],"before":null,"after_unknown":true,"before_sensitive":false,"after_sensitive":false}},"prior_state":{"format_version":"1.0","terraform_version":"1.14.4","values":{"root_module":{"resources":[{"address":"data.aws_ami.this","mode":"data","type":"aws_ami","name":"this","provider_name":"registry.terraform.io/hashicorp/aws","schema_version":0,"values":{"architecture":"x86_64","arn":"arn:aws:ec2:eu-central-1::image/ami-08f4f484ed94e8352","block_device_mappings":[{"device_name":"/dev/xvda","ebs":{"delete_on_termination":"true","encrypted":"false","iops":"0","snapshot_id":"snap-0afd69073a06ee5d7","throughput":"0","volume_initialization_rate":"0","volume_size":"8","volume_type":"gp2"},"no_device":"","virtual_name":""}],"boot_mode":"","creation_date":"2026-02-26T18:42:15.000Z","deprecation_time":"2026-05-27T18:48:00.000Z","description":"Amazon Linux 2 AMI 2.0.20260302.0 x86_64 HVM gp2","ena_support":true,"executable_users":null,"filter":[{"name":"architecture","values":["x86_64"]},{"name":"name","values":["amzn2-ami-hvm-*-gp2"]},{"name":"root-device-type","values":["ebs"]},{"name":"virtualization-type","values":["hvm"]}],"hypervisor":"xen","id":"ami-08f4f484ed94e8352","image_id":"ami-08f4f484ed94e8352","image_location":"amazon/amzn2-ami-hvm-2.0.20260302.0-x86_64-gp2","image_owner_alias":"amazon","image_type":"machine","imds_support":"","include_deprecated":false,"kernel_id":"","last_launched_time":"","most_recent":true,"name":"amzn2-ami-hvm-2.0.20260302.0-x86_64-gp2","name_regex":null,"owner_id":"137112412989","owners":["amazon"],"platform":"","platform_details":"Linux/UNIX","product_codes":[],"public":true,"ramdisk_id":"","root_device_name":"/dev/xvda","root_device_type":"ebs","root_snapshot_id":"snap-0afd69073a06ee5d7","sriov_net_support":"simple","state":"available","state_reason":{"code":"UNSET","message":"UNSET"},"tags":{},"timeouts":null,"tpm_support":"","uefi_data":null,"usage_operation":"RunInstances","virtualization_type":"hvm"},"sensitive_values":{"block_device_mappings":[{"ebs":{}}],"filter":[{"values":[false]},{"values":[false]},{"values":[false]},{"values":[false]}],"owners":[false],"product_codes":[],"state_reason":{},"tags":{}}}]}}},"configuration":{"provider_config":{"aws":{"name":"aws","full_name":"registry.terraform.io/hashicorp/aws","version_constraint":"~\u003e 5.0"}},"root_module":{"outputs":{"grafana_iam_role_arn":{"expression":{"references":["aws_iam_role.role.arn","aws_iam_role.role"]}},"grafana_url":{"expression":{"references":["aws_instance.this.public_ip","aws_instance.this"]}},"instance_public_ip":{"expression":{"references":["aws_instance.this.public_ip","aws_instance.this"]}}},"resources":[{"address":"aws_iam_instance_profile.instance_profile","mode":"managed","type":"aws_iam_instance_profile","name":"instance_profile","provider_config_key":"aws","expressions":{"name":{"constant_value":"grafana_instance_profile"},"role":{"references":["aws_iam_role.role.name","aws_iam_role.role"]}},"schema_version":0},{"address":"aws_iam_policy.policy","mode":"managed","type":"aws_iam_policy","name":"policy","provider_config_key":"aws","expressions":{"description":{"constant_value":"My test policy"},"name":{"constant_value":"grafana_policy"},"path":{"constant_value":"/"},"policy":{}},"schema_version":0},{"address":"aws_iam_role.role","mode":"managed","type":"aws_iam_role","name":"role","provider_config_key":"aws","expressions":{"assume_role_policy":{},"name":{"constant_value":"grafana_role"},"tags":{"constant_value":{"tag-key":"grafana_role"}}},"schema_version":0},{"address":"aws_iam_role_policy_attachment.test-attach","mode":"managed","type":"aws_iam_role_policy_attachment","name":"test-attach","provider_config_key":"aws","expressions":{"policy_arn":{"references":["aws_iam_policy.policy.arn","aws_iam_policy.policy"]},"role":{"references":["aws_iam_role.role.name","aws_iam_role.role"]}},"schema_version":0},{"address":"aws_instance.this","mode":"managed","type":"aws_instance","name":"this","provider_config_key":"aws","expressions":{"ami":{"references":["data.aws_ami.this.id","data.aws_ami.this"]},"associate_public_ip_address":{"constant_value":true},"iam_instance_profile":{"references":["aws_iam_instance_profile.instance_profile.name","aws_iam_instance_profile.instance_profile"]},"instance_type":{"references":["var.instance_type"]},"key_name":{"references":["aws_key_pair.this.key_name","aws_key_pair.this"]},"subnet_id":{"references":["var.subnet_id"]},"tags":{"references":["var.resource_name_tag"]},"user_data":{"references":["var.user_data_path"]},"vpc_security_group_ids":{"references":["var.security_group_id"]}},"schema_version":1},{"address":"aws_key_pair.this","mode":"managed","type":"aws_key_pair","name":"this","provider_config_key":"aws","expressions":{"key_name":{"references":["var.key_pair_name"]},"public_key":{"references":["var.public_key_path"]},"tags":{"references":["var.resource_name_tag"]}},"schema_version":1},{"address":"data.aws_ami.this","mode":"data","type":"aws_ami","name":"this","provider_config_key":"aws","expressions":{"filter":[{"name":{"constant_value":"name"},"values":{"references":["var.ami_name_pattern"]}},{"name":{"constant_value":"root-device-type"},"values":{"constant_value":["ebs"]}},{"name":{"constant_value":"virtualization-type"},"values":{"constant_value":["hvm"]}},{"name":{"constant_value":"architecture"},"values":{"constant_value":["x86_64"]}}],"most_recent":{"constant_value":true},"owners":{"references":["var.ami_owners"]}},"schema_version":0}],"variables":{"ami_name_pattern":{"description":"AMI name pattern."},"ami_owners":{"description":"AMI owners."},"instance_type":{"description":"EC2 instance type for the Grafana host."},"key_pair_name":{"description":"Name of the EC2 key pair to create/use."},"public_key_path":{"description":"Path to the public key used for the EC2 key pair."},"resource_name_tag":{"description":"Value for the Name tag across resources."},"security_group_id":{"description":"ID of the security group, you deployed in the previous task."},"subnet_id":{"description":"ID of the VPC subnet, you deployed in the previous task."},"user_data_path":{"description":"Path to the user data script for instance bootstrap."}}}},"relevant_attributes":[{"resource":"data.aws_ami.this","attribute":["id"]},{"resource":"aws_iam_instance_profile.instance_profile","attribute":["name"]},{"resource":"aws_iam_role.role","attribute":["arn"]},{"resource":"aws_iam_policy.policy","attribute":["arn"]},{"resource":"aws_instance.this","attribute":["public_ip"]},{"resource":"aws_iam_role.role","attribute":["name"]},{"resource":"aws_key_pair.this","attribute":["key_name"]}],"timestamp":"2026-03-16T12:19:59Z","applyable":true,"complete":true,"errored":false}


+  name = "grafana_role"

-# 1 - create policy 
+  assume_role_policy = file("grafana-role-assume-policy.json")


+
+# Access
+key_pair_name   = "aws-grafana-lab-key"
+public_key_path = "~/.ssh/id_rsa.pub"


linubah

LGTM

feat: Update main.tf and outputs.tf

c8d98c8

Copilot AI review requested due to automatic review settings March 16, 2026 12:26

Copilot started reviewing on behalf of whatislavx March 16, 2026 12:27 View session

Copilot AI reviewed Mar 16, 2026

View reviewed changes

linubah approved these changes Mar 17, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Completed task on using IAM roles in AWS via Terraform#22

Completed task on using IAM roles in AWS via Terraform#22
whatislavx wants to merge 1 commit into
mate-academy:mainfrom
whatislavx:main

whatislavx commented Mar 16, 2026

Uh oh!

Copilot AI left a comment

Uh oh!

linubah left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

		@@ -0,0 +1 @@
		{"format_version":"1.2","terraform_version":"1.14.4","variables":{"ami_name_pattern":{"value":"amzn2-ami-hvm--gp2"},"ami_owners":{"value":["amazon"]},"instance_type":{"value":"t2.micro"},"key_pair_name":{"value":"aws-grafana-lab-key"},"public_key_path":{"value":"~/.ssh/id_rsa.pub"},"resource_name_tag":{"value":"mate-aws-grafana-lab"},"security_group_id":{"value":"sg-0dde7e9651d3cbd07"},"subnet_id":{"value":"subnet-0f505455b2df01be3"},"user_data_path":{"value":"./install-grafana.sh"}},"planned_values":{"outputs":{"grafana_iam_role_arn":{"sensitive":false},"grafana_url":{"sensitive":false},"instance_public_ip":{"sensitive":false}},"root_module":{"resources":[{"address":"aws_iam_instance_profile.instance_profile","mode":"managed","type":"aws_iam_instance_profile","name":"instance_profile","provider_name":"registry.terraform.io/hashicorp/aws","schema_version":0,"values":{"name":"grafana_instance_profile","path":"/","role":"grafana_role","tags":null},"sensitive_values":{"tags_all":{}}},{"address":"aws_iam_policy.policy","mode":"managed","type":"aws_iam_policy","name":"policy","provider_name":"registry.terraform.io/hashicorp/aws","schema_version":0,"values":{"description":"My test policy","name":"grafana_policy","path":"/","policy":"{\"Statement\":[{\"Action\":[\"cloudwatch:DescribeAlarmsForMetric\",\"cloudwatch:DescribeAlarmHistory\",\"cloudwatch:DescribeAlarms\",\"cloudwatch:ListMetrics\",\"cloudwatch:GetMetricData\",\"cloudwatch:GetInsightRuleReport\"],\"Effect\":\"Allow\",\"Resource\":\"\",\"Sid\":\"AllowReadingMetricsFromCloudWatch\"},{\"Action\":\"pi:GetResourceMetrics\",\"Effect\":\"Allow\",\"Resource\":\"\",\"Sid\":\"AllowReadingResourceMetricsFromPerformanceInsights\"},{\"Action\":[\"logs:DescribeLogGroups\",\"logs:GetLogGroupFields\",\"logs:StartQuery\",\"logs:StopQuery\",\"logs:GetQueryResults\",\"logs:GetLogEvents\"],\"Effect\":\"Allow\",\"Resource\":\"\",\"Sid\":\"AllowReadingLogsFromCloudWatch\"},{\"Action\":[\"ec2:DescribeTags\",\"ec2:DescribeInstances\",\"ec2:DescribeRegions\"],\"Effect\":\"Allow\",\"Resource\":\"\",\"Sid\":\"AllowReadingTagsInstancesRegionsFromEC2\"},{\"Action\":\"tag:GetResources\",\"Effect\":\"Allow\",\"Resource\":\"\",\"Sid\":\"AllowReadingResourcesForTags\"}],\"Version\":\"2012-10-17\"}","tags":null},"sensitive_values":{"tags_all":{}}},{"address":"aws_iam_role.role","mode":"managed","type":"aws_iam_role","name":"role","provider_name":"registry.terraform.io/hashicorp/aws","schema_version":0,"values":{"assume_role_policy":"{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ec2.amazonaws.com\"},\"Sid\":\"\"}],\"Version\":\"2012-10-17\"}","description":null,"force_detach_policies":false,"max_session_duration":3600,"name":"grafana_role","path":"/","permissions_boundary":null,"tags":{"tag-key":"grafana_role"},"tags_all":{"tag-key":"grafana_role"}},"sensitive_values":{"inline_policy":[],"managed_policy_arns":[],"tags":{},"tags_all":{}}},{"address":"aws_iam_role_policy_attachment.test-attach","mode":"managed","type":"aws_iam_role_policy_attachment","name":"test-attach","provider_name":"registry.terraform.io/hashicorp/aws","schema_version":0,"values":{"role":"grafana_role"},"sensitive_values":{}},{"address":"aws_instance.this","mode":"managed","type":"aws_instance","name":"this","provider_name":"registry.terraform.io/hashicorp/aws","schema_version":1,"values":{"ami":"ami-08f4f484ed94e8352","associate_public_ip_address":true,"credit_specification":[],"get_password_data":false,"hibernation":null,"iam_instance_profile":"grafana_instance_profile","instance_type":"t2.micro","key_name":"aws-grafana-lab-key","launch_template":[],"source_dest_check":true,"subnet_id":"subnet-0f505455b2df01be3","tags":{"Name":"mate-aws-grafana-lab"},"tags_all":{"Name":"mate-aws-grafana-lab"},"timeouts":null,"user_data":"2bd3ada6c540a3442e076f804f65df2a7a20960f","user_data_replace_on_change":false,"volume_tags":null,"vpc_security_group_ids":["sg-0dde7e9651d3cbd07"]},"sensitive_values":{"capacity_reservation_specification":[],"cpu_options":[],"credit_specification":[],"ebs_block_device":[],"enclave_options":[],"ephemeral_block_device":[],"instance_market_options":[],"ipv6_addresses":[],"launch_template":[],"maintenance_options":[],"metadata_options":[],"network_interface":[],"private_dns_name_options":[],"root_block_device":[],"secondary_private_ips":[],"security_groups":[],"tags":{},"tags_all":{},"vpc_security_group_ids":[false]}},{"address":"aws_key_pair.this","mode":"managed","type":"aws_key_pair","name":"this","provider_name":"registry.terraform.io/hashicorp/aws","schema_version":1,"values":{"key_name":"aws-grafana-lab-key","public_key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBta8T6JDDqhYYnqzIe3l5DIhR6Id++tdfakOAxK9vpx asus@MyComputer","tags":{"Name":"mate-aws-grafana-lab"},"tags_all":{"Name":"mate-aws-grafana-lab"}},"sensitive_values":{"tags":{},"tags_all":{}}}]}},"resource_changes":[{"address":"aws_iam_instance_profile.instance_profile","mode":"managed","type":"aws_iam_instance_profile","name":"instance_profile","provider_name":"registry.terraform.io/hashicorp/aws","change":{"actions":["create"],"before":null,"after":{"name":"grafana_instance_profile","path":"/","role":"grafana_role","tags":null},"after_unknown":{"arn":true,"create_date":true,"id":true,"name_prefix":true,"tags_all":true,"unique_id":true},"before_sensitive":false,"after_sensitive":{"tags_all":{}}}},{"address":"aws_iam_policy.policy","mode":"managed","type":"aws_iam_policy","name":"policy","provider_name":"registry.terraform.io/hashicorp/aws","change":{"actions":["create"],"before":null,"after":{"description":"My test policy","name":"grafana_policy","path":"/","policy":"{\"Statement\":[{\"Action\":[\"cloudwatch:DescribeAlarmsForMetric\",\"cloudwatch:DescribeAlarmHistory\",\"cloudwatch:DescribeAlarms\",\"cloudwatch:ListMetrics\",\"cloudwatch:GetMetricData\",\"cloudwatch:GetInsightRuleReport\"],\"Effect\":\"Allow\",\"Resource\":\"\",\"Sid\":\"AllowReadingMetricsFromCloudWatch\"},{\"Action\":\"pi:GetResourceMetrics\",\"Effect\":\"Allow\",\"Resource\":\"\",\"Sid\":\"AllowReadingResourceMetricsFromPerformanceInsights\"},{\"Action\":[\"logs:DescribeLogGroups\",\"logs:GetLogGroupFields\",\"logs:StartQuery\",\"logs:StopQuery\",\"logs:GetQueryResults\",\"logs:GetLogEvents\"],\"Effect\":\"Allow\",\"Resource\":\"\",\"Sid\":\"AllowReadingLogsFromCloudWatch\"},{\"Action\":[\"ec2:DescribeTags\",\"ec2:DescribeInstances\",\"ec2:DescribeRegions\"],\"Effect\":\"Allow\",\"Resource\":\"\",\"Sid\":\"AllowReadingTagsInstancesRegionsFromEC2\"},{\"Action\":\"tag:GetResources\",\"Effect\":\"Allow\",\"Resource\":\"\",\"Sid\":\"AllowReadingResourcesForTags\"}],\"Version\":\"2012-10-17\"}","tags":null},"after_unknown":{"arn":true,"attachment_count":true,"id":true,"name_prefix":true,"policy_id":true,"tags_all":true},"before_sensitive":false,"after_sensitive":{"tags_all":{}}}},{"address":"aws_iam_role.role","mode":"managed","type":"aws_iam_role","name":"role","provider_name":"registry.terraform.io/hashicorp/aws","change":{"actions":["create"],"before":null,"after":{"assume_role_policy":"{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ec2.amazonaws.com\"},\"Sid\":\"\"}],\"Version\":\"2012-10-17\"}","description":null,"force_detach_policies":false,"max_session_duration":3600,"name":"grafana_role","path":"/","permissions_boundary":null,"tags":{"tag-key":"grafana_role"},"tags_all":{"tag-key":"grafana_role"}},"after_unknown":{"arn":true,"create_date":true,"id":true,"inline_policy":true,"managed_policy_arns":true,"name_prefix":true,"tags":{},"tags_all":{},"unique_id":true},"before_sensitive":false,"after_sensitive":{"inline_policy":[],"managed_policy_arns":[],"tags":{},"tags_all":{}}}},{"address":"aws_iam_role_policy_attachment.test-attach","mode":"managed","type":"aws_iam_role_policy_attachment","name":"test-attach","provider_name":"registry.terraform.io/hashicorp/aws","change":{"actions":["create"],"before":null,"after":{"role":"grafana_role"},"after_unknown":{"id":true,"policy_arn":true},"before_sensitive":false,"after_sensitive":{}}},{"address":"aws_instance.this","mode":"managed","type":"aws_instance","name":"this","provider_name":"registry.terraform.io/hashicorp/aws","change":{"actions":["create"],"before":null,"after":{"ami":"ami-08f4f484ed94e8352","associate_public_ip_address":true,"credit_specification":[],"get_password_data":false,"hibernation":null,"iam_instance_profile":"grafana_instance_profile","instance_type":"t2.micro","key_name":"aws-grafana-lab-key","launch_template":[],"source_dest_check":true,"subnet_id":"subnet-0f505455b2df01be3","tags":{"Name":"mate-aws-grafana-lab"},"tags_all":{"Name":"mate-aws-grafana-lab"},"timeouts":null,"user_data":"2bd3ada6c540a3442e076f804f65df2a7a20960f","user_data_replace_on_change":false,"volume_tags":null,"vpc_security_group_ids":["sg-0dde7e9651d3cbd07"]},"after_unknown":{"arn":true,"availability_zone":true,"capacity_reservation_specification":true,"cpu_core_count":true,"cpu_options":true,"cpu_threads_per_core":true,"credit_specification":[],"disable_api_stop":true,"disable_api_termination":true,"ebs_block_device":true,"ebs_optimized":true,"enable_primary_ipv6":true,"enclave_options":true,"ephemeral_block_device":true,"host_id":true,"host_resource_group_arn":true,"id":true,"instance_initiated_shutdown_behavior":true,"instance_lifecycle":true,"instance_market_options":true,"instance_state":true,"ipv6_address_count":true,"ipv6_addresses":true,"launch_template":[],"maintenance_options":true,"metadata_options":true,"monitoring":true,"network_interface":true,"outpost_arn":true,"password_data":true,"placement_group":true,"placement_partition_number":true,"primary_network_interface_id":true,"private_dns":true,"private_dns_name_options":true,"private_ip":true,"public_dns":true,"public_ip":true,"root_block_device":true,"secondary_private_ips":true,"security_groups":true,"spot_instance_request_id":true,"tags":{},"tags_all":{},"tenancy":true,"user_data_base64":true,"vpc_security_group_ids":[false]},"before_sensitive":false,"after_sensitive":{"capacity_reservation_specification":[],"cpu_options":[],"credit_specification":[],"ebs_block_device":[],"enclave_options":[],"ephemeral_block_device":[],"instance_market_options":[],"ipv6_addresses":[],"launch_template":[],"maintenance_options":[],"metadata_options":[],"network_interface":[],"private_dns_name_options":[],"root_block_device":[],"secondary_private_ips":[],"security_groups":[],"tags":{},"tags_all":{},"vpc_security_group_ids":[false]}}},{"address":"aws_key_pair.this","mode":"managed","type":"aws_key_pair","name":"this","provider_name":"registry.terraform.io/hashicorp/aws","change":{"actions":["create"],"before":null,"after":{"key_name":"aws-grafana-lab-key","public_key":"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBta8T6JDDqhYYnqzIe3l5DIhR6Id++tdfakOAxK9vpx asus@MyComputer","tags":{"Name":"mate-aws-grafana-lab"},"tags_all":{"Name":"mate-aws-grafana-lab"}},"after_unknown":{"arn":true,"fingerprint":true,"id":true,"key_name_prefix":true,"key_pair_id":true,"key_type":true,"tags":{},"tags_all":{}},"before_sensitive":false,"after_sensitive":{"tags":{},"tags_all":{}}}}],"output_changes":{"grafana_iam_role_arn":{"actions":["create"],"before":null,"after_unknown":true,"before_sensitive":false,"after_sensitive":false},"grafana_url":{"actions":["create"],"before":null,"after_unknown":true,"before_sensitive":false,"after_sensitive":false},"instance_public_ip":{"actions":["create"],"before":null,"after_unknown":true,"before_sensitive":false,"after_sensitive":false}},"prior_state":{"format_version":"1.0","terraform_version":"1.14.4","values":{"root_module":{"resources":[{"address":"data.aws_ami.this","mode":"data","type":"aws_ami","name":"this","provider_name":"registry.terraform.io/hashicorp/aws","schema_version":0,"values":{"architecture":"x86_64","arn":"arn:aws:ec2:eu-central-1::image/ami-08f4f484ed94e8352","block_device_mappings":[{"device_name":"/dev/xvda","ebs":{"delete_on_termination":"true","encrypted":"false","iops":"0","snapshot_id":"snap-0afd69073a06ee5d7","throughput":"0","volume_initialization_rate":"0","volume_size":"8","volume_type":"gp2"},"no_device":"","virtual_name":""}],"boot_mode":"","creation_date":"2026-02-26T18:42:15.000Z","deprecation_time":"2026-05-27T18:48:00.000Z","description":"Amazon Linux 2 AMI 2.0.20260302.0 x86_64 HVM gp2","ena_support":true,"executable_users":null,"filter":[{"name":"architecture","values":["x86_64"]},{"name":"name","values":["amzn2-ami-hvm--gp2"]},{"name":"root-device-type","values":["ebs"]},{"name":"virtualization-type","values":["hvm"]}],"hypervisor":"xen","id":"ami-08f4f484ed94e8352","image_id":"ami-08f4f484ed94e8352","image_location":"amazon/amzn2-ami-hvm-2.0.20260302.0-x86_64-gp2","image_owner_alias":"amazon","image_type":"machine","imds_support":"","include_deprecated":false,"kernel_id":"","last_launched_time":"","most_recent":true,"name":"amzn2-ami-hvm-2.0.20260302.0-x86_64-gp2","name_regex":null,"owner_id":"137112412989","owners":["amazon"],"platform":"","platform_details":"Linux/UNIX","product_codes":[],"public":true,"ramdisk_id":"","root_device_name":"/dev/xvda","root_device_type":"ebs","root_snapshot_id":"snap-0afd69073a06ee5d7","sriov_net_support":"simple","state":"available","state_reason":{"code":"UNSET","message":"UNSET"},"tags":{},"timeouts":null,"tpm_support":"","uefi_data":null,"usage_operation":"RunInstances","virtualization_type":"hvm"},"sensitive_values":{"block_device_mappings":[{"ebs":{}}],"filter":[{"values":[false]},{"values":[false]},{"values":[false]},{"values":[false]}],"owners":[false],"product_codes":[],"state_reason":{},"tags":{}}}]}}},"configuration":{"provider_config":{"aws":{"name":"aws","full_name":"registry.terraform.io/hashicorp/aws","version_constraint":"~\u003e 5.0"}},"root_module":{"outputs":{"grafana_iam_role_arn":{"expression":{"references":["aws_iam_role.role.arn","aws_iam_role.role"]}},"grafana_url":{"expression":{"references":["aws_instance.this.public_ip","aws_instance.this"]}},"instance_public_ip":{"expression":{"references":["aws_instance.this.public_ip","aws_instance.this"]}}},"resources":[{"address":"aws_iam_instance_profile.instance_profile","mode":"managed","type":"aws_iam_instance_profile","name":"instance_profile","provider_config_key":"aws","expressions":{"name":{"constant_value":"grafana_instance_profile"},"role":{"references":["aws_iam_role.role.name","aws_iam_role.role"]}},"schema_version":0},{"address":"aws_iam_policy.policy","mode":"managed","type":"aws_iam_policy","name":"policy","provider_config_key":"aws","expressions":{"description":{"constant_value":"My test policy"},"name":{"constant_value":"grafana_policy"},"path":{"constant_value":"/"},"policy":{}},"schema_version":0},{"address":"aws_iam_role.role","mode":"managed","type":"aws_iam_role","name":"role","provider_config_key":"aws","expressions":{"assume_role_policy":{},"name":{"constant_value":"grafana_role"},"tags":{"constant_value":{"tag-key":"grafana_role"}}},"schema_version":0},{"address":"aws_iam_role_policy_attachment.test-attach","mode":"managed","type":"aws_iam_role_policy_attachment","name":"test-attach","provider_config_key":"aws","expressions":{"policy_arn":{"references":["aws_iam_policy.policy.arn","aws_iam_policy.policy"]},"role":{"references":["aws_iam_role.role.name","aws_iam_role.role"]}},"schema_version":0},{"address":"aws_instance.this","mode":"managed","type":"aws_instance","name":"this","provider_config_key":"aws","expressions":{"ami":{"references":["data.aws_ami.this.id","data.aws_ami.this"]},"associate_public_ip_address":{"constant_value":true},"iam_instance_profile":{"references":["aws_iam_instance_profile.instance_profile.name","aws_iam_instance_profile.instance_profile"]},"instance_type":{"references":["var.instance_type"]},"key_name":{"references":["aws_key_pair.this.key_name","aws_key_pair.this"]},"subnet_id":{"references":["var.subnet_id"]},"tags":{"references":["var.resource_name_tag"]},"user_data":{"references":["var.user_data_path"]},"vpc_security_group_ids":{"references":["var.security_group_id"]}},"schema_version":1},{"address":"aws_key_pair.this","mode":"managed","type":"aws_key_pair","name":"this","provider_config_key":"aws","expressions":{"key_name":{"references":["var.key_pair_name"]},"public_key":{"references":["var.public_key_path"]},"tags":{"references":["var.resource_name_tag"]}},"schema_version":1},{"address":"data.aws_ami.this","mode":"data","type":"aws_ami","name":"this","provider_config_key":"aws","expressions":{"filter":[{"name":{"constant_value":"name"},"values":{"references":["var.ami_name_pattern"]}},{"name":{"constant_value":"root-device-type"},"values":{"constant_value":["ebs"]}},{"name":{"constant_value":"virtualization-type"},"values":{"constant_value":["hvm"]}},{"name":{"constant_value":"architecture"},"values":{"constant_value":["x86_64"]}}],"most_recent":{"constant_value":true},"owners":{"references":["var.ami_owners"]}},"schema_version":0}],"variables":{"ami_name_pattern":{"description":"AMI name pattern."},"ami_owners":{"description":"AMI owners."},"instance_type":{"description":"EC2 instance type for the Grafana host."},"key_pair_name":{"description":"Name of the EC2 key pair to create/use."},"public_key_path":{"description":"Path to the public key used for the EC2 key pair."},"resource_name_tag":{"description":"Value for the Name tag across resources."},"security_group_id":{"description":"ID of the security group, you deployed in the previous task."},"subnet_id":{"description":"ID of the VPC subnet, you deployed in the previous task."},"user_data_path":{"description":"Path to the user data script for instance bootstrap."}}}},"relevant_attributes":[{"resource":"data.aws_ami.this","attribute":["id"]},{"resource":"aws_iam_instance_profile.instance_profile","attribute":["name"]},{"resource":"aws_iam_role.role","attribute":["arn"]},{"resource":"aws_iam_policy.policy","attribute":["arn"]},{"resource":"aws_instance.this","attribute":["public_ip"]},{"resource":"aws_iam_role.role","attribute":["name"]},{"resource":"aws_key_pair.this","attribute":["key_name"]}],"timestamp":"2026-03-16T12:19:59Z","applyable":true,"complete":true,"errored":false}

Conversation

whatislavx commented Mar 16, 2026

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

linubah left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants