From fdc37611e9e596769c3e1ff591c25820764efaec Mon Sep 17 00:00:00 2001
From: Mark Valdez <mvaldez@revacomm.com>
Date: Thu, 7 Dec 2023 09:53:56 -0700
Subject: [PATCH 1/3] add cloudwatch policy for ec2 metrics

---
 CHANGELOG.md |  4 ++++
 policies.tf  | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
 variables.tf |  7 +++++++
 3 files changed, 61 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a300a3a..706cf70 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,3 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 * Striking 1.0.0 release
 * Adding sqs flag
+
+# 1.0.1
+
+* Adding Cloudwatch metrics policy for ec2
diff --git a/policies.tf b/policies.tf
index 9eb07ee..8ba78c9 100644
--- a/policies.tf
+++ b/policies.tf
@@ -179,6 +179,56 @@ resource "aws_iam_role_policy_attachment" "secrets-manager" {
   policy_arn = aws_iam_policy.secrets-manager[0].arn
 }
 
+################################################################################
+# CloudWatch Policy for EC2 metrics
+################################################################################
+data "aws_iam_policy_document" "ec2_metrics" {
+  count = var.create_role && var.attach_ec2_metrics_policy ? 1 : 0
+
+  statement {
+    sid = "AllowReadingMetricsFromCloudWatch"
+    actions = [
+      "cloudwatch:DescribeAlarmsForMetric",
+      "cloudwatch:DescribeAlarmHistory",
+      "cloudwatch:DescribeAlarms",
+      "cloudwatch:ListMetrics",
+      "cloudwatch:GetMetricData",
+      "cloudwatch:GetInsightRuleReport"
+    ]
+    resources = ["*"]
+  }
+
+  statement {
+    sid = "AllowReadingTagsInstancesRegionsFromEC2"
+    actions = ["ec2:DescribeTags", "ec2:DescribeInstances", "ec2:DescribeRegions"]
+    resources = ["*"]
+  }
+
+  statement {
+    sid = "AllowReadingResourcesForTags"
+    actions = "tag:GetResources"
+    resources = ["*"]
+  }
+}
+
+resource "aws_iam_policy" "ec2_metrics" {
+  count = var.create_role && var.attach_ec2_metrics_policy ? 1 : 0
+
+  name_prefix = "${var.policy_name_prefix}${var.app_name}_Policy-"
+  path        = var.role_path
+  description = "View EC2 metrics"
+  policy      = data.aws_iam_policy_document.ec2_metrics[0].json
+
+  tags = var.tags
+}
+
+resource "aws_iam_role_policy_attachment" "ec2_metrics" {
+  count = var.create_role && var.attach_ec2_metrics_policy ? 1 : 0
+
+  role       = aws_iam_role.this[0].name
+  policy_arn = aws_iam_policy.ec2_metrics[0].arn
+}
+
 ################################################################################
 # CloudWatch Policy for container insights
 ################################################################################
diff --git a/variables.tf b/variables.tf
index 7cf9e78..c1e1e96 100644
--- a/variables.tf
+++ b/variables.tf
@@ -168,3 +168,10 @@ variable "sqs_read_write_arns" {
   type        = list(string)
   default     = []
 }
+
+# Cloudwatch
+variable "attach_ec2_metrics_policy" {
+  description = "Determines whether to attach the Cloudwatch policy for ec2 metrics to the role"
+  type = bool
+  default = false
+}
\ No newline at end of file

From f9f0d3418545337305fed344f9dceb2baadbed3e Mon Sep 17 00:00:00 2001
From: Mark Valdez <mvaldez@revacomm.com>
Date: Mon, 11 Dec 2023 10:24:13 -0700
Subject: [PATCH 2/3] enable cloudwatch ec2 metrics by default

---
 variables.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/variables.tf b/variables.tf
index c1e1e96..9f4ec2d 100644
--- a/variables.tf
+++ b/variables.tf
@@ -173,5 +173,5 @@ variable "sqs_read_write_arns" {
 variable "attach_ec2_metrics_policy" {
   description = "Determines whether to attach the Cloudwatch policy for ec2 metrics to the role"
   type = bool
-  default = false
+  default = true
 }
\ No newline at end of file

From 3f7b70114b39d76706fbf4a1e100c658eedca48f Mon Sep 17 00:00:00 2001
From: Mark Valdez <mvaldez@revacomm.com>
Date: Wed, 13 Dec 2023 08:15:29 -0700
Subject: [PATCH 3/3] move 1.0.1 before 1.0.0 in changelog

---
 CHANGELOG.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 706cf70..627823c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,11 +4,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+# 1.0.1
+
+* Adding Cloudwatch metrics policy for ec2
+
 # 1.0.0
 
 * Striking 1.0.0 release
 * Adding sqs flag
-
-# 1.0.1
-
-* Adding Cloudwatch metrics policy for ec2