16 |
17 |
18 | 
19 |
20 |
21 | 
22 |
23 |
24 | 
25 |
26 |
27 |
28 | 8 | With our comprehensive DevOps toolkit - streamline operations, automate workflows, enhance collaboration and, most importantly, deploy with confidence. 9 |
10 | 11 | 12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
30 |
31 |
32 | 
33 |
34 |
35 | 
36 |
37 |
38 | 
39 |
40 |
41 | 
42 |
43 |
44 |
We are The Cloud Experts!
181 |We ❤️ Open Source and you can check out our other modules to get help with your new Cloud ideas.
183 | 184 | [website]: https://clouddrove.com 185 | [blog]: https://blog.clouddrove.com 186 | [slack]: https://www.launchpass.com/devops-talks 187 | [github]: https://github.com/clouddrove 188 | [linkedin]: https://cpco.io/linkedin 189 | [twitter]: https://twitter.com/clouddrove/ 190 | [email]: https://clouddrove.com/contact-us.html 191 | [terraform_modules]: https://github.com/clouddrove?utf8=%E2%9C%93&q=terraform-&type=&language= 192 | -------------------------------------------------------------------------------- /README.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # This is the canonical configuration for the `README.md` 4 | # Run `make readme` to rebuild the `README.md` 5 | 6 | # Name of this project 7 | name: Terraform AWS EC2 8 | 9 | # License of this project 10 | license: "APACHE" 11 | 12 | # Canonical GitHub repo 13 | github_repo: clouddrove/terraform-aws-ec2 14 | 15 | # Badges to display 16 | badges: 17 | - name: "Latest Release" 18 | image: "https://img.shields.io/github/release/clouddrove/terraform-aws-ec2.svg" 19 | url: "https://github.com/clouddrove/terraform-aws-ec2/releases/latest" 20 | - name: "tfsec" 21 | image: "https://github.com/clouddrove/terraform-aws-ec2/actions/workflows/tfsec.yml/badge.svg" 22 | url: "https://github.com/clouddrove/terraform-aws-ec2/actions/workflows/tfsec.yml" 23 | - name: "Licence" 24 | image: "https://img.shields.io/badge/License-APACHE-blue.svg" 25 | url: "LICENSE.md" 26 | - name: "Changelog" 27 | image: "https://img.shields.io/badge/Changelog-blue" 28 | url: "CHANGELOG.md" 29 | 30 | prerequesties: 31 | - name: Terraform 32 | url: https://learn.hashicorp.com/terraform/getting-started/install.html 33 | version: ">= 1.6.6" 34 | 35 | providers: 36 | - name: aws 37 | url: https://aws.amazon.com/ 38 | version: ">= 5.31.0" 39 | 40 | module_dependencies: 41 | - name: Labels Module 42 | url: https://github.com/clouddrove/terraform-aws-labels 43 | description: Provides resource tagging. 44 | 45 | # description of this project 46 | description: |- 47 | Terraform module to create an EC2 resource on AWS with ElasticC IP Addresses and Elastic Block Store. 48 | 49 | # How to use this project 50 | # How to use this project 51 | usage: |- 52 | Here is examples of how you can use this module in your inventory structure: 53 | ### Basic Example 54 | ```hcl 55 | module "ec2" { 56 | source = "clouddrove/ec2/aws" 57 | version = "1.3.1" 58 | 59 | name = "ec2" 60 | environment = "test" 61 | label_order = ["name", "environment"] 62 | 63 | ## security-group 64 | vpc_id = module.vpc.vpc_id 65 | ssh_allowed_ip = ["0.0.0.0/0"] 66 | ssh_allowed_ports = [22] 67 | 68 | #instance 69 | instance_count = 1 70 | ami = "ami-08d658f84a6d84a80" 71 | instance_type = "c4.xlarge" 72 | 73 | #Networking 74 | subnet_ids = tolist(module.public_subnets.public_subnet_id) 75 | 76 | #Keypair 77 | public_key = "ssh-rsa ArJh5/gxz7sbSSseLd+ldHEOM3+lajUSGqWk3Bw/NgygEf1Kgw7gyK3jsTVVcokhK3TDuR3pi4u2QDR2tvLXddPKd37a2S7rjeqecw+XRW9559zKaR7RJJfjO1u1Onc2tgA3y0btdju2bcYBtFkRVOLwpog8CvslYEDV1Vf9HNeh9A3yOS6Pkjq6gDMrsUVF89ps3zuLmdVBIlCOnJDkwHK71lKihGKdkeXEtAj0aOQzAJsIpDFXz7vob9OiA/fb2T3t4R1EwEsPEnYVczKMsqUyqa+EE36bItcZHQyCPVN7+bRJyJpPcrfrsAa4yMtiHUUiecPdL/6HYwGHxxl2UQR5NE4NR35NI86Q+q1kNOc5VctxxQOTHBwKHaGvKLk4c5gHXaEl8yyYL0wVkL00KYx3GCh1LvRdQ" 78 | 79 | #IAM 80 | iam_instance_profile = module.iam-role.name 81 | 82 | #Root Volume 83 | root_block_device = [ 84 | { 85 | volume_type = "gp3" 86 | volume_size = 15 87 | delete_on_termination = true 88 | } 89 | ] 90 | 91 | #EBS Volume 92 | ebs_volume_enabled = false 93 | ebs_volume_type = "gp3" 94 | ebs_volume_size = 30 95 | 96 | #Tags 97 | instance_tags = { "snapshot" = true } 98 | 99 | } 100 | ``` 101 | 102 | ### ebs_mount 103 | ```hcl 104 | module "ec2" { 105 | source = "clouddrove/ec2/aws" 106 | version = "1.3.1" 107 | 108 | name = "ec2" 109 | environment = "test" 110 | label_order = ["name", "environment"] 111 | 112 | ## security group 113 | vpc_id = module.vpc.vpc_id 114 | ssh_allowed_ip = ["0.0.0.0/0"] 115 | ssh_allowed_ports = [22] 116 | 117 | #Instance 118 | instance_count = 1 119 | ami = "ami-08d658f84a6d84a80" 120 | instance_type = "t2.nano" 121 | 122 | #Keypair 123 | public_key = "HEOM3+lajUSGqWk3Bw/NgygEf1Kgw7gyK3jsTVVcokhK3TDuR3pi4u2QDR2tvLXddPKd37a2S7rjeqecw+XRW9559zKaR7RJJfjO1u1Onc2tgA3y0btdju2bcYBtFkRVOLwpog8CvslYEDLmdVBIlCOnJDkwHK71lKihGKdkeXEtAj0aOQzAJsIpDFXz7vob9OiA/fb2T3t4R1EwEsPEnYVczKMsqUyqa+EE36bItcZHQyCPVN7+bRJyJpPcrfrsAa4yMtiHUUiecPdL/6HYwGHxA5rUX3uD2UBm6sbGBH00ZCj6yUxl2UQR5NE4NR35NI86Q+q1kNOc5VctxxQOTHBwKHaGvKLk4c5gHXaEl8yyYL0wVkL00KYx3GCh1" 124 | 125 | #Networking 126 | subnet_ids = tolist(module.public_subnets.public_subnet_id) 127 | 128 | #IAM 129 | iam_instance_profile = module.iam-role.name 130 | 131 | #Root Volume 132 | root_block_device = [ 133 | { 134 | volume_type = "gp3" 135 | volume_size = 15 136 | delete_on_termination = true 137 | } 138 | ] 139 | 140 | #EBS Volume 141 | ebs_volume_enabled = true 142 | ebs_volume_type = "gp3" 143 | ebs_volume_size = 30 144 | 145 | #Tags 146 | instance_tags = { "snapshot" = true } 147 | 148 | #Mount EBS With User Data 149 | user_data = file("user-data.sh") 150 | } 151 | ``` 152 | 153 | ### spot-instance 154 | ```hcl 155 | module "spot-ec2" { 156 | source = "clouddrove/ec2/aws" 157 | version = "1.3.1" 158 | 159 | name = "ec2" 160 | environment = "test" 161 | label_order = ["name", "environment"] 162 | 163 | ## security-group 164 | vpc_id = module.vpc.vpc_id 165 | ssh_allowed_ip = ["0.0.0.0/0"] 166 | ssh_allowed_ports = [22] 167 | 168 | #Keypair 169 | public_key = "h5/gxz7sbSSseLd+ldHEOM3+lajUSGqWk3Bw/NgygEf1Kgw7gyK3jsTVVcokhK3TDuR3pi4u2QDR2tvLXddPKd37a2S7rjeqecw+XRW9559zKaR7RJJfjO1u1Onc2tgA3y0btdju2bcYBtFkRVOLwpog8CvslYEDV1Vf9HNeh9A3yOS6Pkjq6gDMrsUVF89ps3zuLmdVBIlCOnJDkwHK71lKihGKdkeXEtAj0aOQzAJsIpDFXz7vob9OiA/fb2T3t4R1EwEsPEnYVczKMsqUyqa+EE36bItcZHQyCPVN7+bRJyJpPcrfrsAa4yMtiHUUiecPdL/6HYwGHxA5rUX3uD2UBm6sbGBHxQOTHBwKHaGvKLk4c5gHXaEl8yyYL0wVkL00KYx3GCh1LvRdQL8fvzImBCNg" 170 | 171 | # Spot-instance 172 | spot_price = "0.3" 173 | spot_wait_for_fulfillment = true 174 | spot_type = "persistent" 175 | spot_instance_interruption_behavior = "terminate" 176 | spot_instance_enabled = true 177 | spot_instance_count = 1 178 | spot_ami = "ami-08d658f84a6d84a80" 179 | instance_type = "c4.xlarge" 180 | 181 | #Networking 182 | subnet_ids = tolist(module.public_subnets.public_subnet_id) 183 | 184 | #IAM 185 | iam_instance_profile = module.iam-role.name 186 | 187 | #Root Volume 188 | root_block_device = [ 189 | { 190 | volume_type = "gp3" 191 | volume_size = 15 192 | delete_on_termination = true 193 | } 194 | ] 195 | 196 | #EBS Volume 197 | ebs_volume_enabled = true 198 | ebs_volume_type = "gp3" 199 | ebs_volume_size = 30 200 | 201 | #Tags 202 | spot_instance_tags = { "snapshot" = true } 203 | 204 | } 205 | ``` -------------------------------------------------------------------------------- /_test/basic_example/ec2_test.go: -------------------------------------------------------------------------------- 1 | // Managed By : CloudDrove 2 | // Description : This Terratest is used to test the Terraform EC2 module. 3 | // Copyright @ CloudDrove. All Right Reserved. 4 | package test 5 | 6 | import ( 7 | "testing" 8 | "github.com/gruntwork-io/terratest/modules/terraform" 9 | "github.com/stretchr/testify/assert" 10 | ) 11 | 12 | func Test(t *testing.T) { 13 | t.Parallel() 14 | 15 | terraformOptions := &terraform.Options{ 16 | // Source path of Terraform directory. 17 | TerraformDir: "../../_example/basic_example", 18 | Upgrade: true, 19 | } 20 | 21 | // This will run 'terraform init' and 'terraform application' and will fail the test if any errors occur 22 | terraform.InitAndApply(t, terraformOptions) 23 | 24 | // To clean up any resources that have been created, run 'terraform destroy' towards the end of the test 25 | defer terraform.Destroy(t, terraformOptions) 26 | 27 | // To get the value of an output variable, run 'terraform output' 28 | Tags := terraform.OutputMap(t, terraformOptions, "tags") 29 | 30 | // Check that we get back the outputs that we expect 31 | assert.Equal(t, "ec2-test", Tags["Name"]) 32 | } 33 | -------------------------------------------------------------------------------- /_test/ebs_mount/ec2_test.go: -------------------------------------------------------------------------------- 1 | // Managed By : CloudDrove 2 | // Description : This Terratest is used to test the Terraform EC2 module. 3 | // Copyright @ CloudDrove. All Right Reserved. 4 | package test 5 | 6 | import ( 7 | "testing" 8 | "github.com/gruntwork-io/terratest/modules/terraform" 9 | "github.com/stretchr/testify/assert" 10 | ) 11 | 12 | func Test(t *testing.T) { 13 | t.Parallel() 14 | 15 | terraformOptions := &terraform.Options{ 16 | // Source path of Terraform directory. 17 | TerraformDir: "../../_example/ebs_mount", 18 | Upgrade: true, 19 | } 20 | 21 | // This will run 'terraform init' and 'terraform application' and will fail the test if any errors occur 22 | terraform.InitAndApply(t, terraformOptions) 23 | 24 | // To clean up any resources that have been created, run 'terraform destroy' towards the end of the test 25 | defer terraform.Destroy(t, terraformOptions) 26 | 27 | // To get the value of an output variable, run 'terraform output' 28 | Tags := terraform.OutputMap(t, terraformOptions, "tags") 29 | 30 | // Check that we get back the outputs that we expect 31 | assert.Equal(t, "ec2-test", Tags["Name"]) 32 | } 33 | -------------------------------------------------------------------------------- /docs/io.md: -------------------------------------------------------------------------------- 1 | ## Inputs 2 | 3 | | Name | Description | Type | Default | Required | 4 | |------|-------------|------|---------|:--------:| 5 | | algorithm | Name of the algorithm to use when generating the private key. Currently-supported values are: RSA, ECDSA, ED25519. | `string` | `"RSA"` | no | 6 | | alias | The display name of the alias. The name must start with the word `alias` followed by a forward slash. | `string` | `"alias/ec2-test"` | no | 7 | | allowed\_ip | List of allowed ip. | `list(any)` |[| no | 8 | | allowed\_ports | List of allowed ingress ports | `list(any)` |
"0.0.0.0/0"
]
[| no | 9 | | assign\_eip\_address | Assign an Elastic IP address to the instance. | `bool` | `true` | no | 10 | | capacity\_reservation\_specification | Describes an instance's Capacity Reservation targeting option | `any` | `{}` | no | 11 | | cpu\_credits | The credit option for CPU usage. Can be `standard` or `unlimited`. T3 instances are launched as unlimited by default. T2 instances are launched as standard by default. | `string` | `"standard"` | no | 12 | | cpu\_options | Defines CPU options to apply to the instance at launch time. | `any` | `{}` | no | 13 | | customer\_master\_key\_spec | Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: SYMMETRIC\_DEFAULT, RSA\_2048, RSA\_3072, RSA\_4096, ECC\_NIST\_P256, ECC\_NIST\_P384, ECC\_NIST\_P521, or ECC\_SECG\_P256K1. Defaults to SYMMETRIC\_DEFAULT. | `string` | `"SYMMETRIC_DEFAULT"` | no | 14 | | default\_instance\_enabled | Flag to control the instance creation. | `bool` | `true` | no | 15 | | deletion\_window\_in\_days | Duration in days after which the key is deleted after destruction of the resource. | `number` | `7` | no | 16 | | delimiter | Delimiter to be used between `organization`, `environment`, `name` and `attributes`. | `string` | `"-"` | no | 17 | | dns\_enabled | Flag to control the dns\_enable. | `bool` | `false` | no | 18 | | dns\_zone\_id | The Zone ID of Route53. | `string` | `"Z1XJD7SSBKXLC1"` | no | 19 | | ebs\_block\_device | Additional EBS block devices to attach to the instance | `list(any)` | `[]` | no | 20 | | ebs\_device\_name | Name of the EBS device to mount. | `list(string)` |
80,
443
]
[| no | 21 | | ebs\_iops | Amount of provisioned IOPS. This must be set with a volume\_type of io1. | `number` | `0` | no | 22 | | ebs\_volume\_enabled | Flag to control the ebs creation. | `bool` | `false` | no | 23 | | ebs\_volume\_size | Size of the EBS volume in gigabytes. | `number` | `30` | no | 24 | | ebs\_volume\_type | The type of EBS volume. Can be standard, gp3 or io1. | `string` | `"gp3"` | no | 25 | | egress\_ipv4\_cidr\_block | List of CIDR blocks. Cannot be specified with source\_security\_group\_id or self. | `list(string)` |
"/dev/xvdb",
"/dev/xvdc",
"/dev/xvdd",
"/dev/xvde",
"/dev/xvdf",
"/dev/xvdg",
"/dev/xvdh",
"/dev/xvdi",
"/dev/xvdj",
"/dev/xvdk",
"/dev/xvdl",
"/dev/xvdm",
"/dev/xvdn",
"/dev/xvdo",
"/dev/xvdp",
"/dev/xvdq",
"/dev/xvdr",
"/dev/xvds",
"/dev/xvdt",
"/dev/xvdu",
"/dev/xvdv",
"/dev/xvdw",
"/dev/xvdx",
"/dev/xvdy",
"/dev/xvdz"
]
[| no | 26 | | egress\_ipv4\_from\_port | Egress Start port (or ICMP type number if protocol is icmp or icmpv6). | `number` | `0` | no | 27 | | egress\_ipv4\_protocol | Protocol. If not icmp, icmpv6, tcp, udp, or all use the protocol number | `string` | `"-1"` | no | 28 | | egress\_ipv4\_to\_port | Egress end port (or ICMP code if protocol is icmp). | `number` | `65535` | no | 29 | | egress\_ipv6\_cidr\_block | List of CIDR blocks. Cannot be specified with source\_security\_group\_id or self. | `list(string)` |
"0.0.0.0/0"
]
[| no | 30 | | egress\_ipv6\_from\_port | Egress Start port (or ICMP type number if protocol is icmp or icmpv6). | `number` | `0` | no | 31 | | egress\_ipv6\_protocol | Protocol. If not icmp, icmpv6, tcp, udp, or all use the protocol number | `string` | `"-1"` | no | 32 | | egress\_ipv6\_to\_port | Egress end port (or ICMP code if protocol is icmp). | `number` | `65535` | no | 33 | | egress\_rule | Enable to create egress rule | `bool` | `true` | no | 34 | | enable | Flag to control module creation. | `bool` | `true` | no | 35 | | enable\_key\_pair | A boolean flag to enable/disable key pair. | `bool` | `true` | no | 36 | | enable\_key\_rotation | Specifies whether key rotation is enabled. | `string` | `true` | no | 37 | | enable\_security\_group | Enable default Security Group with only Egress traffic allowed. | `bool` | `true` | no | 38 | | enclave\_options\_enabled | Whether Nitro Enclaves will be enabled on the instance. Defaults to `false` | `bool` | `null` | no | 39 | | environment | Environment (e.g. `prod`, `dev`, `staging`). | `string` | `""` | no | 40 | | hostname | DNS records to create. | `string` | `"ec2"` | no | 41 | | iam\_instance\_profile | The IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile. | `string` | `null` | no | 42 | | instance\_configuration | Configuration options for the EC2 instance |
"::/0"
]
object({
ami = optional(string, "")
ebs_optimized = optional(bool, false)
instance_type = string
monitoring = optional(bool, false)
associate_public_ip_address = optional(bool, true)
disable_api_termination = optional(bool, false)
instance_initiated_shutdown_behavior = optional(string, "stop")
placement_group = optional(string, "")
tenancy = optional(string, "default")
host_id = optional(string, null)
cpu_core_count = optional(number, null)
cpu_threads_per_core = optional(number, null)
user_data = optional(string, "")
user_data_base64 = optional(string, null)
user_data_replace_on_change = optional(bool, null)
availability_zone = optional(string, null)
get_password_data = optional(bool, null)
private_ip = optional(string, null)
secondary_private_ips = optional(list(string), null)
source_dest_check = optional(bool, true)
ipv6_address_count = optional(number, null)
ipv6_addresses = optional(list(string), null)
hibernation = optional(bool, false)
root_block_device = optional(list(any), [])
ephemeral_block_device = optional(list(any), [])
}) | {
"instance_type": "t4g.small"
} | no |
43 | | instance\_count | Number of instances to launch. | `number` | `0` | no |
44 | | instance\_metadata\_tags\_enabled | Whether the metadata tag is available. Valid values include enabled or disabled. Defaults to enabled. | `string` | `"disabled"` | no |
45 | | instance\_profile\_enabled | Flag to control the instance profile creation. | `bool` | `true` | no |
46 | | instance\_tags | Instance tags. | `map(any)` | `{}` | no |
47 | | is\_enabled | Specifies whether the key is enabled. | `bool` | `true` | no |
48 | | is\_external | enable to udated existing security Group | `bool` | `false` | no |
49 | | key\_name | Key name of the Key Pair to use for the instance; which can be managed using the aws\_key\_pair resource. | `string` | `""` | no |
50 | | key\_usage | Specifies the intended use of the key. Defaults to ENCRYPT\_DECRYPT, and only symmetric encryption and decryption are supported. | `string` | `"ENCRYPT_DECRYPT"` | no |
51 | | kms\_description | The description of the key as viewed in AWS console. | `string` | `"Parameter Store KMS master key"` | no |
52 | | kms\_key\_enabled | Specifies whether the kms is enabled or disabled. | `bool` | `true` | no |
53 | | kms\_key\_id | The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. Can be specified only if at\_rest\_encryption\_enabled = true. | `string` | `""` | no |
54 | | kms\_multi\_region | Indicates whether the KMS key is a multi-Region (true) or regional (false) key. | `bool` | `false` | no |
55 | | label\_order | Label order, e.g. `name`,`application`. | `list(any)` | [| no | 56 | | launch\_template | Specifies a Launch Template to configure the instance. Parameters configured on this resource will override the corresponding parameters in the Launch Template | `map(string)` | `{}` | no | 57 | | managedby | ManagedBy, eg 'CloudDrove'. | `string` | `"hello@clouddrove.com"` | no | 58 | | metadata\_http\_endpoint\_enabled | Whether the metadata service is available. Valid values include enabled or disabled. Defaults to enabled. | `string` | `"enabled"` | no | 59 | | metadata\_http\_put\_response\_hop\_limit | The desired HTTP PUT response hop limit (between 1 and 64) for instance metadata requests. | `number` | `2` | no | 60 | | metadata\_http\_tokens\_required | Whether or not the metadata service requires session tokens, also referred to as Instance Metadata Service Version 2 (IMDSv2). Valid values include optional or required. Defaults to optional. | `string` | `"optional"` | no | 61 | | multi\_attach\_enabled | Specifies whether to enable Amazon EBS Multi-Attach. Multi-Attach is supported on io1 and io2 volumes. | `bool` | `false` | no | 62 | | name | Name (e.g. `app` or `cluster`). | `string` | `""` | no | 63 | | network\_interface | Customize network interfaces to be attached at instance boot time | `list(map(string))` | `[]` | no | 64 | | protocol | The protocol. If not icmp, tcp, udp, or all use the. | `string` | `"tcp"` | no | 65 | | public\_key | Name (e.g. `ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQ`). | `string` | `""` | no | 66 | | repository | Terraform current module repo | `string` | `"https://github.com/clouddrove/terraform-aws-ec2"` | no | 67 | | rsa\_bits | When algorithm is RSA, the size of the generated RSA key, in bits (default: 2048). | `number` | `4096` | no | 68 | | sg\_description | The security group description. | `string` | `"Instance default security group (only egress access is allowed)."` | no | 69 | | sg\_egress\_description | Description of the egress and ingress rule | `string` | `"Description of the rule."` | no | 70 | | sg\_egress\_ipv6\_description | Description of the egress\_ipv6 rule | `string` | `"Description of the rule."` | no | 71 | | sg\_ids | of the security group id. | `list(any)` | `[]` | no | 72 | | sg\_ingress\_description | Description of the ingress rule | `string` | `"Description of the ingress rule use elasticache."` | no | 73 | | spot\_configuration | Configuration options for the EC2 spot instance |
"name",
"environment"
]
object({
spot_price = optional(string, null)
wait_for_fulfillment = optional(bool, false)
spot_type = optional(string, null)
launch_group = optional(string, null)
block_duration_minutes = optional(number, null)
instance_interruption_behavior = optional(string, null)
valid_until = optional(string, null)
valid_from = optional(string, null)
}) | `{}` | no |
74 | | spot\_instance\_count | Number of instances to launch. | `number` | `0` | no |
75 | | spot\_instance\_enabled | Flag to control the instance creation. | `bool` | `true` | no |
76 | | spot\_instance\_tags | Instance tags. | `map(any)` | `{}` | no |
77 | | ssh\_allowed\_ip | List of allowed ip. | `list(any)` | `[]` | no |
78 | | ssh\_allowed\_ports | List of allowed ingress ports | `list(any)` | `[]` | no |
79 | | ssh\_protocol | The protocol. If not icmp, tcp, udp, or all use the. | `string` | `"tcp"` | no |
80 | | ssh\_sg\_ingress\_description | Description of the ingress rule | `string` | `"Description of the ingress rule use elasticache."` | no |
81 | | subnet\_ids | A list of VPC Subnet IDs to launch in. | `list(string)` | `[]` | no |
82 | | tags | Additional tags (e.g. map(`BusinessUnit`,`XYZ`). | `map(any)` | `{}` | no |
83 | | timeouts | Define maximum timeout for creating, updating, and deleting EC2 instance resources | `map(string)` | `{}` | no |
84 | | ttl | The TTL of the record to add to the DNS zone to complete certificate validation. | `string` | `"300"` | no |
85 | | type | Type of DNS records to create. | `string` | `"CNAME"` | no |
86 | | vpc\_id | The ID of the VPC that the instance security group belongs to. | `string` | `""` | no |
87 |
88 | ## Outputs
89 |
90 | | Name | Description |
91 | |------|-------------|
92 | | arn | The ARN of the instance. |
93 | | az | The availability zone of the instance. |
94 | | instance\_count | The count of instances. |
95 | | instance\_id | The instance ID. |
96 | | ipv6\_addresses | A list of assigned IPv6 addresses. |
97 | | key\_name | The key name of the instance. |
98 | | name | Name of SSH key. |
99 | | placement\_group | The placement group of the instance. |
100 | | private\_ip | Private IP of instance. |
101 | | public\_ip | Public IP of instance (or EIP). |
102 | | spot\_bid\_status | The current bid status of the Spot Instance Request |
103 | | spot\_instance\_id | The instance ID. |
104 | | subnet\_id | The EC2 subnet ID. |
105 | | tags | The instance ID. |
106 | | vpc\_security\_group\_ids | The associated security groups in non-default VPC. |
107 |
108 |
--------------------------------------------------------------------------------
/examples/basic/example.tf:
--------------------------------------------------------------------------------
1 | ##----------------------------------------------------------------------------------
2 | ## Terraform module to create instance module on AWS.
3 | ##----------------------------------------------------------------------------------
4 | module "ec2" {
5 | source = "./../../"
6 | name = "ec2"
7 | environment = "test"
8 |
9 | ##----------------------------------------------------------------------------------
10 | ## Below A security group controls the traffic that is allowed to reach and leave the resources that it is associated with.
11 | ##----------------------------------------------------------------------------------
12 | #tfsec:aws-ec2-no-public-ingress-sgr
13 | vpc_id = "vpc-xxxxxxxxx"
14 | ssh_allowed_ip = ["0.0.0.0/0"]
15 | ssh_allowed_ports = [22]
16 |
17 | #instance
18 | instance_count = 1
19 | instance_configuration = {
20 | ami = "ami-08d658f84a6d84a80"
21 | instance_type = "t4g.small"
22 |
23 | #Root Volume
24 | root_block_device = [
25 | {
26 | volume_type = "gp3"
27 | volume_size = 15
28 | delete_on_termination = true
29 | }
30 | ]
31 | }
32 |
33 | #Networking
34 | subnet_ids = ["subnet-xxxxxxxx"]
35 |
36 | #Keypair
37 | public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCm63Yf1+E6Fkts7LcAdOalvdUrZE0oA1A6pJUkx9c/V8ZFuclg7uNdnXV98iHWlA6tcvV69HsdBJZU3w66+6rxGgM0dbwSalRz60IGM40HwRTYZNn0e/1xwL3O0tvsIiSdapLDjPXIm4zZGQL7KXT98f6LJzDfDBF67ZEAVoeOxIl/a1k+DOTRuFtg7dtvPhJQpDCh685EtiC/+HH4vpHcw3LcNfP2WaifQpCG4Pxgj6KWf1bGVJhhpN26lbJYfN4n+GZJYDKDS+Tc4eF4aC1s1JnOtKC2z1bb+FI7Y4ZdYfIsdf0P1Fo751JLp7fjTqckBgxYd+iXAhKO6dPjbVp3L56pxTJbbSgi5Cw29+Ef8AcK9WOGCgbnma7XmCpFF0NxSSLim74p2y+oyjt1UmX9UvOKnb1MXlGW4JYo4qQV4M5TL64JcYa5sSRDvMhtpC83YVpKyRb3bTNZySsgkDuxFCNsJ0c9UAWTbqzSmhpPsM9ItfBSxhq0oiogGpvNgXM="
38 |
39 | #IAM
40 | iam_instance_profile = "iam-profile-xxxxxxxxx"
41 |
42 |
43 | #Tags
44 | instance_tags = { "snapshot" = true }
45 |
46 | }
--------------------------------------------------------------------------------
/examples/basic/outputs.tf:
--------------------------------------------------------------------------------
1 | output "instance_id" {
2 | value = module.ec2[*].instance_id
3 | description = "The instance ID."
4 | }
5 |
6 | output "tags" {
7 | value = module.ec2.tags
8 | description = "The instance tags."
9 | }
10 |
11 | output "public_ip" {
12 | value = module.ec2.public_ip
13 | description = "Public IP address assigned to the instance, if applicable."
14 | }
--------------------------------------------------------------------------------
/examples/basic/versions.tf:
--------------------------------------------------------------------------------
1 | # Terraform version
2 | terraform {
3 | required_version = ">= 1.5.5"
4 |
5 | required_providers {
6 | aws = {
7 | source = "hashicorp/aws"
8 | version = ">= 5.13.1"
9 | }
10 | }
11 | }
--------------------------------------------------------------------------------
/examples/complete/example.tf:
--------------------------------------------------------------------------------
1 | ####----------------------------------------------------------------------------------
2 | ## Provider block added, Use the Amazon Web Services (AWS) provider to interact with the many resources supported by AWS.
3 | ####----------------------------------------------------------------------------------
4 | provider "aws" {
5 | region = "us-west-1"
6 | }
7 |
8 | locals {
9 | environment = "test-app"
10 | label_order = ["name", "environment"]
11 | }
12 |
13 | ####----------------------------------------------------------------------------------
14 | ## A VPC is a virtual network that closely resembles a traditional network that you'd operate in your own data center.
15 | ####----------------------------------------------------------------------------------
16 | module "vpc" {
17 | source = "clouddrove/vpc/aws"
18 | version = "2.0.0"
19 | name = "vpc"
20 | environment = local.environment
21 | label_order = local.label_order
22 | cidr_block = "172.16.0.0/16"
23 | }
24 |
25 | ####----------------------------------------------------------------------------------
26 | ## A subnet is a range of IP addresses in your VPC.
27 | ####----------------------------------------------------------------------------------
28 | module "public_subnets" {
29 | source = "clouddrove/subnet/aws"
30 | version = "2.0.1"
31 | name = "public-subnet"
32 | environment = local.environment
33 | label_order = local.label_order
34 | availability_zones = ["us-west-1b", "us-west-1c"]
35 | vpc_id = module.vpc.vpc_id
36 | cidr_block = module.vpc.vpc_cidr_block
37 | type = "public"
38 | igw_id = module.vpc.igw_id
39 | ipv6_cidr_block = module.vpc.ipv6_cidr_block
40 | }
41 |
42 | module "iam-role" {
43 | source = "clouddrove/iam-role/aws"
44 | version = "1.3.2"
45 | name = "iam-role"
46 | environment = local.environment
47 | label_order = local.label_order
48 | assume_role_policy = data.aws_iam_policy_document.default.json
49 | policy_enabled = true
50 | policy = data.aws_iam_policy_document.iam-policy.json
51 | }
52 |
53 | data "aws_iam_policy_document" "default" {
54 | statement {
55 | effect = "Allow"
56 | actions = ["sts:AssumeRole"]
57 | principals {
58 | type = "Service"
59 | identifiers = ["ec2.amazonaws.com"]
60 | }
61 | }
62 | }
63 |
64 | data "aws_iam_policy_document" "iam-policy" {
65 | statement {
66 | actions = [
67 | "ssm:UpdateInstanceInformation",
68 | "ssmmessages:CreateControlChannel",
69 | "ssmmessages:CreateDataChannel",
70 | "ssmmessages:OpenControlChannel",
71 | "ssmmessages:OpenDataChannel"]
72 | effect = "Allow"
73 | resources = ["*"]
74 | }
75 | }
76 |
77 | ##----------------------------------------------------------------------------------
78 | ## Terraform module to create ec2 instance module on AWS.
79 | ##----------------------------------------------------------------------------------
80 | module "ec2" {
81 | source = "./../../"
82 | name = "ec2"
83 | environment = local.environment
84 |
85 | ##----------------------------------------------------------------------------------
86 | ## Below A security group controls the traffic that is allowed to reach and leave the resources that it is associated with.
87 | ##----------------------------------------------------------------------------------
88 | #tfsec:aws-ec2-no-public-ingress-sgr
89 | vpc_id = module.vpc.vpc_id
90 | ssh_allowed_ip = ["0.0.0.0/0"]
91 | ssh_allowed_ports = [22]
92 | #Instance
93 | instance_count = 1
94 | instance_configuration = {
95 | ami = "ami-0f8e81a3da6e2510a"
96 | instance_type = "t4g.small"
97 |
98 | #Root Volume
99 | root_block_device = [
100 | {
101 | volume_type = "gp3"
102 | volume_size = 15
103 | delete_on_termination = true
104 | }
105 | ]
106 | #Mount EBS With User Data
107 | user_data = file("user-data.sh")
108 | }
109 |
110 | #Keypair
111 | public_key = ""
112 |
113 | #Networking
114 | subnet_ids = tolist(module.public_subnets.public_subnet_id)
115 |
116 | #IAM
117 | iam_instance_profile = module.iam-role.name
118 |
119 |
120 |
121 | #EBS Volume
122 | ebs_volume_enabled = true
123 | ebs_volume_type = "gp3"
124 | ebs_volume_size = 30
125 |
126 | #Tags
127 | instance_tags = { "snapshot" = true }
128 |
129 |
130 | }
--------------------------------------------------------------------------------
/examples/complete/outputs.tf:
--------------------------------------------------------------------------------
1 | output "instance_id" {
2 | value = module.ec2[*].instance_id
3 | description = "The instance ID."
4 | }
5 |
6 | output "tags" {
7 | value = module.ec2.tags
8 | description = "The instance tags."
9 | }
10 |
11 | output "public_ip" {
12 | value = module.ec2.public_ip
13 | description = "Public IP address assigned to the instance, if applicable."
14 | }
15 |
--------------------------------------------------------------------------------
/examples/complete/user-data.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | ### Mountig ebs volume
4 |
5 | # Specify the target directory where you want to mount the devices
6 | mount_point="/data"
7 |
8 | # Device to skip
9 | device_to_skip="xvda"
10 |
11 | # Filesystem type
12 | filesystem_type="ext4" # Change this to the appropriate filesystem type
13 |
14 | # Create the mount point directory if it doesn't exist
15 | sudo mkdir -p "$mount_point"
16 |
17 | # Use lsblk to list block devices, filter by type "disk" (whole disks)
18 | # and exclude read-only filesystems (ro)
19 | block_devices=$(lsblk -o NAME,TYPE,RO -r -n | awk '$2 == "disk" && $3 == "0" {print $1}')
20 |
21 | # Iterate through the block devices, skip the specified device, and attempt to mount the rest
22 | for device in $block_devices; do
23 | if [ "$device" != "$device_to_skip" ]; then
24 | echo "Mounting $device at $mount_point/$device"
25 | sudo mkdir -p "$mount_point/$device"
26 | sudo mkfs -t "$filesystem_type" "/dev/$device" # Format the device with the specified filesystem
27 | sudo mount "/dev/$device" "$mount_point/$device"
28 | if [ $? -eq 0 ]; then
29 | echo "Mounting successful."
30 | else
31 | echo "Failed to mount $device."
32 | fi
33 | else
34 | echo "Skipping $device."
35 | fi
36 | done
37 | echo "Mounting complete."
--------------------------------------------------------------------------------
/examples/complete/versions.tf:
--------------------------------------------------------------------------------
1 | # Terraform version
2 | terraform {
3 | required_version = ">= 1.5.5"
4 |
5 | required_providers {
6 | aws = {
7 | source = "hashicorp/aws"
8 | version = ">= 5.13.1"
9 | }
10 | }
11 | }
--------------------------------------------------------------------------------
/examples/spot_instance/example.tf:
--------------------------------------------------------------------------------
1 | ####----------------------------------------------------------------------------------
2 | ## Terraform module to create spot instance module on AWS.
3 | ####----------------------------------------------------------------------------------
4 | module "spot-ec2" {
5 | source = "./../../"
6 | name = "ec2"
7 | environment = "test"
8 |
9 | ####----------------------------------------------------------------------------------
10 | ## Below A security group controls the traffic that is allowed to reach and leave the resources that it is associated with.
11 | ####----------------------------------------------------------------------------------
12 | vpc_id = "vpc-xxxxxxxx"
13 | ssh_allowed_ip = ["0.0.0.0/0"]
14 | ssh_allowed_ports = [22]
15 |
16 | #Keypair
17 | public_key = ""
18 |
19 | # Spot-instance
20 | spot_configuration = {
21 | spot_price = "0.3"
22 | wait_for_fulfillment = true
23 | spot_type = "persistent"
24 | instance_interruption_behavior = "terminate"
25 | spot_instance_enabled = true
26 | spot_instance_count = 1
27 | instance_type = "t4g.small"
28 |
29 | root_block_device = [
30 | {
31 | volume_type = "gp3"
32 | volume_size = 15
33 | delete_on_termination = true
34 | }
35 | ]
36 | }
37 |
38 | #Networking
39 | subnet_ids = ["subnet-xxxxxxxx"]
40 |
41 | #IAM
42 | iam_instance_profile = "iam-profile-xxxxxxxxx"
43 |
44 | #Root Volume
45 |
46 | #EBS Volume
47 | ebs_volume_enabled = true
48 | ebs_volume_type = "gp3"
49 | ebs_volume_size = 30
50 |
51 | #Tags
52 | spot_instance_tags = { "snapshot" = true }
53 |
54 | }
--------------------------------------------------------------------------------
/examples/spot_instance/outputs.tf:
--------------------------------------------------------------------------------
1 | output "spot_instance_id" {
2 | value = module.spot-ec2[*].spot_instance_id
3 | description = "The instance ID."
4 | }
5 |
6 | output "spot_tags" {
7 | value = module.spot-ec2[*].tags
8 | description = "The instance tags."
9 | }
10 |
11 | output "spot_bid_status" {
12 | value = module.spot-ec2.spot_bid_status
13 | description = "The current bid status of the Spot Instance Request"
14 | }
--------------------------------------------------------------------------------
/examples/spot_instance/versions.tf:
--------------------------------------------------------------------------------
1 | # Terraform version
2 | terraform {
3 | required_version = ">= 1.5.5"
4 |
5 | required_providers {
6 | aws = {
7 | source = "hashicorp/aws"
8 | version = ">= 5.13.1"
9 | }
10 | }
11 | }
--------------------------------------------------------------------------------
/main.tf:
--------------------------------------------------------------------------------
1 | ##----------------------------------------------------------------------------------
2 | ## Labels module callled that will be used for naming and tags.
3 | ##----------------------------------------------------------------------------------
4 | module "labels" {
5 | source = "clouddrove/labels/aws"
6 | version = "1.3.0"
7 | name = var.name
8 | repository = var.repository
9 | environment = var.environment
10 | managedby = var.managedby
11 | label_order = var.label_order
12 | }
13 |
14 | locals {
15 | ebs_iops = var.ebs_volume_type == "io1" || var.ebs_volume_type == "io2" || var.ebs_volume_type == "gp3" ? var.ebs_iops : 0
16 | }
17 |
18 | data "aws_ami" "ubuntu" {
19 | most_recent = "true"
20 | filter {
21 | name = "name"
22 | values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
23 | }
24 | owners = ["099720109477"]
25 | }
26 |
27 | ##----------------------------------------------------------------------------------
28 | ## resource for generating or importing an SSH public key file into AWS.
29 | ##----------------------------------------------------------------------------------
30 | resource "tls_private_key" "default" {
31 | count = var.enable && var.public_key == "" && var.enable_key_pair ? 1 : 0
32 | algorithm = var.algorithm
33 | rsa_bits = var.rsa_bits
34 | }
35 |
36 | resource "aws_key_pair" "default" {
37 | count = var.enable && var.enable_key_pair == true ? 1 : 0
38 | key_name = format("%s-key-pair", module.labels.id)
39 | public_key = var.public_key == "" ? join("", tls_private_key.default[*].public_key_openssh) : var.public_key
40 | tags = module.labels.tags
41 | }
42 |
43 |
44 | ##----------------------------------------------------------------------------------
45 | ## Below resources will create SECURITY-GROUP and its components.
46 | ##----------------------------------------------------------------------------------
47 | resource "aws_security_group" "default" {
48 | count = var.enable && var.enable_security_group && length(var.sg_ids) < 1 ? 1 : 0
49 | name = format("%s-sg", module.labels.id)
50 | vpc_id = var.vpc_id
51 | description = var.sg_description
52 | tags = module.labels.tags
53 | lifecycle {
54 | create_before_destroy = true
55 | }
56 | }
57 |
58 | ##----------------------------------------------------------------------------------
59 | ## Below resources will create SECURITY-GROUP-RULE and its components.
60 | ##----------------------------------------------------------------------------------
61 | #tfsec:ignore:aws-ec2-no-public-egress-sgr
62 | resource "aws_security_group_rule" "egress_ipv4" {
63 | count = (var.enable && var.enable_security_group && length(var.sg_ids) < 1 && var.is_external == false && var.egress_rule) ? 1 : 0
64 | description = var.sg_egress_description
65 | type = "egress"
66 | from_port = var.egress_ipv4_from_port
67 | to_port = var.egress_ipv4_to_port
68 | protocol = var.egress_ipv4_protocol
69 | cidr_blocks = var.egress_ipv4_cidr_block
70 | security_group_id = join("", aws_security_group.default[*].id)
71 | }
72 | #tfsec:ignore:aws-ec2-no-public-egress-sgr
73 | resource "aws_security_group_rule" "egress_ipv6" {
74 | count = var.enable && var.enable_security_group && length(var.sg_ids) < 1 && var.is_external == false && var.egress_rule ? 1 : 0
75 | description = var.sg_egress_ipv6_description
76 | type = "egress"
77 | from_port = var.egress_ipv6_from_port
78 | to_port = var.egress_ipv6_to_port
79 | protocol = var.egress_ipv6_protocol
80 | ipv6_cidr_blocks = var.egress_ipv6_cidr_block
81 | security_group_id = join("", aws_security_group.default[*].id)
82 | }
83 | #tfsec:ignore:aws-ec2-no-public-ingress-sgr
84 | resource "aws_security_group_rule" "ssh_ingress" {
85 | count = var.enable && length(var.ssh_allowed_ip) > 0 && length(var.sg_ids) < 1 ? length(compact(var.ssh_allowed_ports)) : 0
86 | description = var.ssh_sg_ingress_description
87 | type = "ingress"
88 | from_port = element(var.ssh_allowed_ports, count.index)
89 | to_port = element(var.ssh_allowed_ports, count.index)
90 | protocol = var.ssh_protocol
91 | cidr_blocks = var.ssh_allowed_ip
92 | security_group_id = join("", aws_security_group.default[*].id)
93 | }
94 | #tfsec:ignore:aws-ec2-no-public-ingress-sgr
95 | resource "aws_security_group_rule" "ingress" {
96 | count = var.enable && length(var.allowed_ip) > 0 && length(var.sg_ids) < 1 ? length(compact(var.allowed_ports)) : 0
97 |
98 | description = var.sg_ingress_description
99 | type = "ingress"
100 | from_port = element(var.allowed_ports, count.index)
101 | to_port = element(var.allowed_ports, count.index)
102 | protocol = var.protocol
103 | cidr_blocks = var.allowed_ip
104 | security_group_id = join("", aws_security_group.default[*].id)
105 | }
106 |
107 | ##----------------------------------------------------------------------------------
108 | ## Below resources will create KMS-KEY and its components.
109 | ##----------------------------------------------------------------------------------
110 | resource "aws_kms_key" "default" {
111 | count = var.enable && var.kms_key_enabled && var.kms_key_id == "" ? 1 : 0
112 | description = var.kms_description
113 | key_usage = var.key_usage
114 | deletion_window_in_days = var.deletion_window_in_days
115 | is_enabled = var.is_enabled
116 | enable_key_rotation = var.enable_key_rotation
117 | customer_master_key_spec = var.customer_master_key_spec
118 | policy = data.aws_iam_policy_document.kms.json
119 | multi_region = var.kms_multi_region
120 | tags = module.labels.tags
121 | }
122 |
123 | data "aws_caller_identity" "this" {}
124 |
125 | resource "aws_kms_alias" "default" {
126 | count = var.enable && var.kms_key_enabled && var.kms_key_id == "" ? 1 : 0
127 | name = coalesce(var.alias, format("alias/%v", module.labels.id))
128 | target_key_id = var.kms_key_id == "" ? join("", aws_kms_key.default[*].id) : var.kms_key_id
129 | }
130 |
131 | data "aws_iam_policy_document" "kms" {
132 | version = "2012-10-17"
133 | statement {
134 | sid = "Enable IAM User Permissions"
135 | effect = "Allow"
136 | principals {
137 | type = "AWS"
138 | identifiers = [format("arn:aws:iam::%s:root", data.aws_caller_identity.this.account_id)]
139 | }
140 | actions = ["kms:*"]
141 | resources = ["*"]
142 | }
143 | }
144 |
145 | ##----------------------------------------------------------------------------------
146 | ## Below Terraform module to create an EC2 resource on AWS with Elastic IP Addresses and Elastic Block Store.
147 | ##----------------------------------------------------------------------------------
148 | #tfsec:ignore:aws-ec2-enforce-http-token-imds
149 | resource "aws_instance" "default" {
150 | count = var.enable && var.default_instance_enabled ? var.instance_count : 0
151 | ami = var.instance_configuration.ami == "" ? data.aws_ami.ubuntu.id : var.instance_configuration.ami
152 | ebs_optimized = var.instance_configuration.ebs_optimized
153 | instance_type = var.instance_configuration.instance_type
154 | key_name = var.key_name == "" ? join("", aws_key_pair.default[*].key_name) : var.key_name
155 | monitoring = var.instance_configuration.monitoring
156 | vpc_security_group_ids = length(var.sg_ids) < 1 ? aws_security_group.default[*].id : var.sg_ids
157 | subnet_id = element(distinct(compact(concat(var.subnet_ids))), count.index)
158 | associate_public_ip_address = var.instance_configuration.associate_public_ip_address
159 | disable_api_termination = var.instance_configuration.disable_api_termination
160 | instance_initiated_shutdown_behavior = var.instance_configuration.instance_initiated_shutdown_behavior
161 | placement_group = var.instance_configuration.placement_group
162 | tenancy = var.instance_configuration.tenancy
163 | host_id = var.instance_configuration.host_id
164 | cpu_core_count = var.instance_configuration.cpu_core_count
165 | cpu_threads_per_core = var.instance_configuration.cpu_threads_per_core
166 | user_data = var.instance_configuration.user_data
167 | user_data_base64 = var.instance_configuration.user_data_base64
168 | user_data_replace_on_change = var.instance_configuration.user_data_replace_on_change
169 | availability_zone = var.instance_configuration.availability_zone
170 | get_password_data = var.instance_configuration.get_password_data
171 | private_ip = var.instance_configuration.private_ip
172 | secondary_private_ips = var.instance_configuration.secondary_private_ips
173 | iam_instance_profile = join("", aws_iam_instance_profile.default[*].name)
174 | source_dest_check = var.instance_configuration.source_dest_check
175 | ipv6_address_count = var.instance_configuration.ipv6_address_count
176 | ipv6_addresses = var.instance_configuration.ipv6_addresses
177 | hibernation = var.instance_configuration.hibernation
178 |
179 | dynamic "cpu_options" {
180 | for_each = length(var.cpu_options) > 0 ? [var.cpu_options] : []
181 | content {
182 | core_count = lookup(cpu_options, "core_count", null)
183 | threads_per_core = lookup(cpu_options, "threads_per_core", null)
184 | amd_sev_snp = lookup(cpu_options, "amd_sev_snp", null)
185 | }
186 | }
187 |
188 | dynamic "capacity_reservation_specification" {
189 | for_each = length(var.capacity_reservation_specification) > 0 ? [var.capacity_reservation_specification] : []
190 | content {
191 | capacity_reservation_preference = lookup(capacity_reservation_specification, "capacity_reservation_preference", null)
192 | dynamic "capacity_reservation_target" {
193 | for_each = lookup(capacity_reservation_specification, "capacity_reservation_target", [])
194 | content {
195 | capacity_reservation_id = try(capacity_reservation_target, "capacity_reservation_id", null)
196 | capacity_reservation_resource_group_arn = try(capacity_reservation_target, "capacity_reservation_resource_group_arn", null)
197 | }
198 | }
199 | }
200 | }
201 |
202 | dynamic "root_block_device" {
203 | for_each = var.instance_configuration.root_block_device
204 | content {
205 | delete_on_termination = lookup(root_block_device.value, "delete_on_termination", null)
206 | encrypted = true
207 | iops = lookup(root_block_device.value, "iops", null)
208 | kms_key_id = var.kms_key_id == "" ? join("", aws_kms_key.default[*].arn) : lookup(root_block_device.value, "kms_key_id", null)
209 | volume_size = lookup(root_block_device.value, "volume_size", null)
210 | volume_type = lookup(root_block_device.value, "volume_type", null)
211 | tags = merge(module.labels.tags,
212 | {
213 | "Name" = format("%s-root-volume%s%s", module.labels.id, var.delimiter, (count.index))
214 | },
215 | var.tags
216 | )
217 | }
218 | }
219 |
220 | dynamic "ebs_block_device" {
221 | for_each = var.ebs_block_device
222 | content {
223 | delete_on_termination = lookup(ebs_block_device.value, "delete_on_termination", true)
224 | device_name = ebs_block_device.value.device_name
225 | encrypted = lookup(ebs_block_device.value, "encrypted", true)
226 | iops = lookup(ebs_block_device.value, "iops", null)
227 | kms_key_id = var.kms_key_id == "" ? join("", aws_kms_key.default[*].arn) : lookup(ebs_block_device.value, "kms_key_id", null)
228 | snapshot_id = lookup(ebs_block_device.value, "snapshot_id", null)
229 | volume_size = lookup(ebs_block_device.value, "volume_size", null)
230 | volume_type = lookup(ebs_block_device.value, "volume_type", "gp3")
231 | throughput = lookup(ebs_block_device.value, "throughput", null)
232 | tags = merge(module.labels.tags,
233 | {
234 | "Name" = format("%s%s%s", module.labels.id, var.delimiter, (count.index))
235 | }, { "device_name" = ebs_block_device.value.device_name },
236 | var.instance_tags
237 | )
238 | }
239 | }
240 |
241 | dynamic "ephemeral_block_device" {
242 | for_each = var.instance_configuration.ephemeral_block_device
243 | content {
244 | device_name = ephemeral_block_device.value.device_name
245 | no_device = lookup(ephemeral_block_device.value, "no_device", null)
246 | virtual_name = lookup(ephemeral_block_device.value, "virtual_name", null)
247 | }
248 | }
249 |
250 | metadata_options {
251 | http_endpoint = var.metadata_http_endpoint_enabled
252 | instance_metadata_tags = var.instance_metadata_tags_enabled
253 | http_put_response_hop_limit = var.metadata_http_put_response_hop_limit
254 | http_tokens = var.metadata_http_tokens_required
255 | }
256 |
257 | credit_specification {
258 | cpu_credits = var.cpu_credits
259 | }
260 |
261 | dynamic "network_interface" {
262 | for_each = var.network_interface
263 | content {
264 | device_index = network_interface.value.device_index
265 | network_interface_id = lookup(network_interface.value, "network_interface_id", null)
266 | delete_on_termination = lookup(network_interface.value, "delete_on_termination", false)
267 | }
268 | }
269 |
270 | dynamic "launch_template" {
271 | for_each = length(var.launch_template) > 0 ? [var.launch_template] : []
272 | content {
273 | id = lookup(var.launch_template, "id", null)
274 | name = lookup(var.launch_template, "name", null)
275 | version = lookup(var.launch_template, "version", null)
276 | }
277 | }
278 |
279 | timeouts {
280 | create = lookup(var.timeouts, "create", null)
281 | delete = lookup(var.timeouts, "delete", null)
282 | }
283 |
284 | enclave_options {
285 | enabled = var.enclave_options_enabled
286 | }
287 |
288 | tags = merge(
289 | module.labels.tags,
290 | {
291 | "Name" = format("%s%s%s", module.labels.id, var.delimiter, (count.index))
292 | },
293 | var.instance_tags
294 | )
295 |
296 | lifecycle {
297 | # Due to several known issues in Terraform AWS provider related to arguments of aws_instance:
298 | # (eg, https://github.com/terraform-providers/terraform-provider-aws/issues/2036)
299 | # we have to ignore changes in the following arguments
300 | ignore_changes = [
301 | private_ip,
302 | ]
303 | }
304 | }
305 |
306 | ##----------------------------------------------------------------------------------
307 | ## Provides an Elastic IP resource..
308 | ##----------------------------------------------------------------------------------
309 | resource "aws_eip" "default" {
310 | count = var.enable && var.assign_eip_address ? var.instance_count : 0
311 | network_interface = element(aws_instance.default[*].primary_network_interface_id, count.index)
312 | tags = merge(
313 | module.labels.tags,
314 | {
315 | "Name" = format("%s%s%s-eip", module.labels.id, var.delimiter, (count.index))
316 | }
317 | )
318 | }
319 |
320 | ##----------------------------------------------------------------------------------
321 | ## Manages a single EBS volume.
322 | ##----------------------------------------------------------------------------------
323 | resource "aws_ebs_volume" "default" {
324 | count = var.enable && var.ebs_volume_enabled ? var.instance_count : 0
325 | availability_zone = element(aws_instance.default[*].availability_zone, count.index)
326 | size = var.ebs_volume_size
327 | iops = local.ebs_iops
328 | type = var.ebs_volume_type
329 | multi_attach_enabled = var.multi_attach_enabled
330 | encrypted = true
331 | kms_key_id = var.kms_key_id == "" ? join("", aws_kms_key.default[*].arn) : var.kms_key_id
332 | tags = merge(module.labels.tags,
333 | { "Name" = format("%s-ebs-volume%s%s", module.labels.id, var.delimiter, (count.index))
334 | },
335 | var.tags
336 | )
337 | depends_on = [aws_instance.default]
338 | }
339 |
340 | ##----------------------------------------------------------------------------------
341 | ## Provides an AWS EBS Volume Attachment as a top level resource, to attach and detach volumes from AWS Instances.
342 | ##----------------------------------------------------------------------------------
343 | resource "aws_volume_attachment" "default" {
344 | count = var.enable && var.ebs_volume_enabled ? var.instance_count : 0
345 | device_name = element(var.ebs_device_name, count.index)
346 | volume_id = element(aws_ebs_volume.default[*].id, count.index)
347 | instance_id = element(aws_instance.default[*].id, count.index)
348 | depends_on = [aws_instance.default]
349 | }
350 |
351 | ##----------------------------------------------------------------------------------
352 | ## Provides an IAM instance profile.
353 | ##----------------------------------------------------------------------------------
354 | resource "aws_iam_instance_profile" "default" {
355 | count = var.enable && var.instance_profile_enabled ? 1 : 0
356 | name = format("%s%sinstance-profile", module.labels.id, var.delimiter)
357 | role = var.iam_instance_profile
358 | }
359 |
360 | ##----------------------------------------------------------------------------------
361 | ## Below resource will create ROUTE-53 resource for memcached.
362 | ##----------------------------------------------------------------------------------
363 | resource "aws_route53_record" "default" {
364 | count = var.enable && var.dns_enabled ? var.instance_count : 0
365 | zone_id = var.dns_zone_id
366 | name = format("%s%s%s", var.hostname, var.delimiter, (count.index))
367 | type = var.type
368 | ttl = var.ttl
369 | records = [element(aws_instance.default[*].private_dns, count.index)]
370 | }
371 |
372 | ##----------------------------------------------------------------------------------
373 | ## Below Provides an EC2 Spot Instance Request resource. This allows instances to be requested on the spot market..
374 | ##----------------------------------------------------------------------------------
375 | resource "aws_spot_instance_request" "default" {
376 | count = var.enable && var.spot_instance_enabled ? var.spot_instance_count : 0
377 | spot_price = var.spot_configuration.spot_price
378 | wait_for_fulfillment = var.spot_configuration.wait_for_fulfillment
379 | spot_type = var.spot_configuration.spot_type
380 | launch_group = var.spot_configuration.launch_group
381 | block_duration_minutes = var.spot_configuration.block_duration_minutes
382 | instance_interruption_behavior = var.spot_configuration.instance_interruption_behavior
383 | valid_until = var.spot_configuration.valid_until
384 | valid_from = var.spot_configuration.valid_from
385 |
386 | # Instance configuration
387 | ami = var.instance_configuration.ami == "" ? data.aws_ami.ubuntu.id : var.instance_configuration.ami
388 | ebs_optimized = var.instance_configuration.ebs_optimized
389 | instance_type = var.instance_configuration.instance_type
390 | key_name = var.key_name == "" ? join("", aws_key_pair.default[*].key_name) : var.key_name
391 | monitoring = var.instance_configuration.monitoring
392 | vpc_security_group_ids = length(var.sg_ids) < 1 ? aws_security_group.default[*].id : var.sg_ids
393 | subnet_id = element(distinct(compact(concat(var.subnet_ids))), count.index)
394 | associate_public_ip_address = var.instance_configuration.associate_public_ip_address
395 | disable_api_termination = var.instance_configuration.disable_api_termination
396 | instance_initiated_shutdown_behavior = var.instance_configuration.instance_initiated_shutdown_behavior
397 | placement_group = var.instance_configuration.placement_group
398 | tenancy = var.instance_configuration.tenancy
399 | host_id = var.instance_configuration.host_id
400 | cpu_core_count = var.instance_configuration.cpu_core_count
401 | cpu_threads_per_core = var.instance_configuration.cpu_threads_per_core
402 | user_data = var.instance_configuration.user_data
403 | user_data_base64 = var.instance_configuration.user_data_base64
404 | user_data_replace_on_change = var.instance_configuration.user_data_replace_on_change
405 | availability_zone = var.instance_configuration.availability_zone
406 | get_password_data = var.instance_configuration.get_password_data
407 | private_ip = var.instance_configuration.private_ip
408 | secondary_private_ips = var.instance_configuration.secondary_private_ips
409 | iam_instance_profile = join("", aws_iam_instance_profile.default[*].name)
410 | source_dest_check = var.instance_configuration.source_dest_check
411 | ipv6_address_count = var.instance_configuration.ipv6_address_count
412 | ipv6_addresses = var.instance_configuration.ipv6_addresses
413 | hibernation = var.instance_configuration.hibernation
414 |
415 | dynamic "cpu_options" {
416 | for_each = length(var.cpu_options) > 0 ? [var.cpu_options] : []
417 | content {
418 | core_count = lookup(cpu_options, "core_count", null)
419 | threads_per_core = lookup(cpu_options, "threads_per_core", null)
420 | amd_sev_snp = lookup(cpu_options, "amd_sev_snp", null)
421 | }
422 | }
423 |
424 | dynamic "capacity_reservation_specification" {
425 | for_each = length(var.capacity_reservation_specification) > 0 ? [var.capacity_reservation_specification] : []
426 | content {
427 | capacity_reservation_preference = lookup(capacity_reservation_specification, "capacity_reservation_preference", null)
428 | dynamic "capacity_reservation_target" {
429 | for_each = lookup(capacity_reservation_specification, "capacity_reservation_target", [])
430 | content {
431 | capacity_reservation_id = try(capacity_reservation_target, "capacity_reservation_id", null)
432 | capacity_reservation_resource_group_arn = try(capacity_reservation_target, "capacity_reservation_resource_group_arn", null)
433 | }
434 | }
435 | }
436 | }
437 |
438 | dynamic "root_block_device" {
439 | for_each = var.instance_configuration.root_block_device
440 | content {
441 | delete_on_termination = lookup(root_block_device.value, "delete_on_termination", null)
442 | encrypted = true
443 | iops = lookup(root_block_device.value, "iops", null)
444 | kms_key_id = var.kms_key_id == "" ? join("", aws_kms_key.default[*].arn) : lookup(root_block_device.value, "kms_key_id", null)
445 | volume_size = lookup(root_block_device.value, "volume_size", null)
446 | volume_type = lookup(root_block_device.value, "volume_type", null)
447 | tags = merge(module.labels.tags,
448 | {
449 | "Name" = format("%s-root-volume%s%s", module.labels.id, var.delimiter, (count.index))
450 | },
451 | var.tags
452 | )
453 | }
454 | }
455 |
456 | dynamic "ebs_block_device" {
457 | for_each = var.ebs_block_device
458 | content {
459 | delete_on_termination = lookup(ebs_block_device.value, "delete_on_termination", null)
460 | device_name = ebs_block_device.value.device_name
461 | encrypted = lookup(ebs_block_device.value, "encrypted", null)
462 | iops = lookup(ebs_block_device.value, "iops", null)
463 | kms_key_id = var.kms_key_id == "" ? join("", aws_kms_key.default[*].arn) : lookup(root_block_device.value, "kms_key_id", null)
464 | snapshot_id = lookup(ebs_block_device.value, "snapshot_id", null)
465 | volume_size = lookup(ebs_block_device.value, "volume_size", null)
466 | volume_type = lookup(ebs_block_device.value, "volume_type", null)
467 | throughput = lookup(ebs_block_device.value, "throughput", null)
468 | tags = merge(module.labels.tags,
469 | {
470 | "Name" = format("%s%s%s", module.labels.id, var.delimiter, (count.index))
471 | }, { "device_name" = ebs_block_device.value.device_name },
472 | var.instance_tags
473 | )
474 | }
475 | }
476 |
477 | dynamic "ephemeral_block_device" {
478 | for_each = var.instance_configuration.ephemeral_block_device
479 | content {
480 | device_name = ephemeral_block_device.value.device_name
481 | no_device = lookup(ephemeral_block_device.value, "no_device", null)
482 | virtual_name = lookup(ephemeral_block_device.value, "virtual_name", null)
483 | }
484 | }
485 |
486 | metadata_options {
487 | http_endpoint = var.metadata_http_endpoint_enabled
488 | instance_metadata_tags = var.instance_metadata_tags_enabled
489 | http_put_response_hop_limit = var.metadata_http_put_response_hop_limit
490 | http_tokens = var.metadata_http_tokens_required
491 | }
492 |
493 | credit_specification {
494 | cpu_credits = var.cpu_credits
495 | }
496 |
497 | dynamic "network_interface" {
498 | for_each = var.network_interface
499 | content {
500 | device_index = network_interface.value.device_index
501 | network_interface_id = lookup(network_interface.value, "network_interface_id", null)
502 | delete_on_termination = lookup(network_interface.value, "delete_on_termination", false)
503 | }
504 | }
505 |
506 | dynamic "launch_template" {
507 | for_each = length(var.launch_template) > 0 ? [var.launch_template] : []
508 | content {
509 | id = lookup(var.launch_template, "id", null)
510 | name = lookup(var.launch_template, "name", null)
511 | version = lookup(var.launch_template, "version", null)
512 | }
513 | }
514 |
515 | enclave_options {
516 | enabled = var.enclave_options_enabled
517 | }
518 |
519 | timeouts {
520 | create = try(var.timeouts.create, null)
521 | delete = try(var.timeouts.delete, null)
522 | }
523 |
524 | tags = merge(
525 | module.labels.tags,
526 | {
527 |
528 | "Name" = format("%s%s%s", module.labels.id, var.delimiter, (count.index))
529 | },
530 | var.spot_instance_tags
531 | )
532 |
533 | lifecycle {
534 | # Due to several known issues in Terraform AWS provider related to arguments of aws_instance:
535 | # (eg, https://github.com/terraform-providers/terraform-provider-aws/issues/2036)
536 | # we have to ignore changes in the following arguments
537 | ignore_changes = [
538 | private_ip,
539 | ]
540 | }
541 | }
--------------------------------------------------------------------------------
/outputs.tf:
--------------------------------------------------------------------------------
1 | #Module : EC2
2 | #Description : Terraform module to create an EC2 resource on AWS with Elastic IP Addresses # and Elastic Block Store.
3 | output "instance_id" {
4 | value = aws_instance.default[*].id
5 | description = "The instance ID."
6 | }
7 |
8 | output "arn" {
9 | value = aws_instance.default[*].arn
10 | description = "The ARN of the instance."
11 | }
12 |
13 | output "az" {
14 | value = aws_instance.default[*].availability_zone
15 | description = "The availability zone of the instance."
16 | }
17 |
18 | output "public_ip" {
19 | value = concat(aws_eip.default[*].public_ip, aws_instance.default[*].public_ip, [""])
20 | description = "Public IP of instance (or EIP)."
21 |
22 | }
23 |
24 | output "private_ip" {
25 | value = aws_instance.default[*].private_ip
26 | description = "Private IP of instance."
27 | }
28 |
29 | output "placement_group" {
30 | value = join("", aws_instance.default[*].placement_group)
31 | description = "The placement group of the instance."
32 | }
33 |
34 | output "key_name" {
35 | value = join("", aws_instance.default[*].key_name)
36 | description = "The key name of the instance."
37 | }
38 |
39 | output "ipv6_addresses" {
40 | value = aws_instance.default[*].ipv6_addresses
41 | sensitive = true
42 | description = "A list of assigned IPv6 addresses."
43 | }
44 |
45 | output "vpc_security_group_ids" {
46 | value = aws_instance.default[*].vpc_security_group_ids
47 | sensitive = true
48 | description = "The associated security groups in non-default VPC."
49 | }
50 |
51 | output "subnet_id" {
52 | value = aws_instance.default[*].subnet_id
53 | sensitive = true
54 | description = "The EC2 subnet ID."
55 | }
56 |
57 | output "instance_count" {
58 | value = var.instance_count
59 | description = "The count of instances."
60 | }
61 | output "name" {
62 | value = join("", aws_key_pair.default[*].key_name)
63 | description = "Name of SSH key."
64 | }
65 |
66 | output "spot_instance_id" {
67 | value = aws_spot_instance_request.default[*].spot_instance_id
68 | description = "The instance ID."
69 | }
70 |
71 | output "spot_bid_status" {
72 | description = "The current bid status of the Spot Instance Request"
73 | value = join("", aws_spot_instance_request.default[*].spot_bid_status)
74 | }
75 | output "tags" {
76 | value = module.labels.tags
77 | description = "The instance ID."
78 | }
--------------------------------------------------------------------------------
/variables.tf:
--------------------------------------------------------------------------------
1 | #Module : LABEL
2 | #Description : Terraform label module variables.
3 | variable "name" {
4 | type = string
5 | default = ""
6 | description = "Name (e.g. `app` or `cluster`)."
7 | }
8 |
9 | variable "repository" {
10 | type = string
11 | default = "https://github.com/clouddrove/terraform-aws-ec2"
12 | description = "Terraform current module repo"
13 |
14 | validation {
15 | # regex(...) fails if it cannot find a match
16 | condition = can(regex("^https://", var.repository))
17 | error_message = "The module-repo value must be a valid Git repo link."
18 | }
19 | }
20 |
21 | variable "environment" {
22 | type = string
23 | default = ""
24 | description = "Environment (e.g. `prod`, `dev`, `staging`)."
25 | }
26 |
27 | variable "label_order" {
28 | type = list(any)
29 | default = ["name", "environment"]
30 | description = "Label order, e.g. `name`,`application`."
31 | }
32 |
33 | variable "delimiter" {
34 | type = string
35 | default = "-"
36 | description = "Delimiter to be used between `organization`, `environment`, `name` and `attributes`."
37 | }
38 |
39 | variable "tags" {
40 | type = map(any)
41 | default = {}
42 | description = "Additional tags (e.g. map(`BusinessUnit`,`XYZ`)."
43 | }
44 |
45 | variable "managedby" {
46 | type = string
47 | default = "hello@clouddrove.com"
48 | description = "ManagedBy, eg 'CloudDrove'."
49 | }
50 |
51 | # Module : EC2 Module
52 | # Description : Terraform EC2 module variables.
53 | variable "enable" {
54 | type = bool
55 | default = true
56 | description = "Flag to control module creation."
57 | }
58 |
59 | variable "instance_configuration" {
60 | description = "Configuration options for the EC2 instance"
61 | type = object({
62 | ami = optional(string, "")
63 | ebs_optimized = optional(bool, false)
64 | instance_type = string
65 | monitoring = optional(bool, false)
66 | associate_public_ip_address = optional(bool, true)
67 | disable_api_termination = optional(bool, false)
68 | instance_initiated_shutdown_behavior = optional(string, "stop")
69 | placement_group = optional(string, "")
70 | tenancy = optional(string, "default")
71 | host_id = optional(string, null)
72 | cpu_core_count = optional(number, null)
73 | cpu_threads_per_core = optional(number, null)
74 | user_data = optional(string, "")
75 | user_data_base64 = optional(string, null)
76 | user_data_replace_on_change = optional(bool, null)
77 | availability_zone = optional(string, null)
78 | get_password_data = optional(bool, null)
79 | private_ip = optional(string, null)
80 | secondary_private_ips = optional(list(string), null)
81 | source_dest_check = optional(bool, true)
82 | ipv6_address_count = optional(number, null)
83 | ipv6_addresses = optional(list(string), null)
84 | hibernation = optional(bool, false)
85 | root_block_device = optional(list(any), [])
86 | ephemeral_block_device = optional(list(any), [])
87 | })
88 | default = {
89 | instance_type = "t4g.small" # Providing a default instance type
90 | }
91 | }
92 |
93 | variable "assign_eip_address" {
94 | type = bool
95 | default = true
96 | description = "Assign an Elastic IP address to the instance."
97 | sensitive = true
98 | }
99 |
100 | variable "ebs_iops" {
101 | type = number
102 | default = 0
103 | description = "Amount of provisioned IOPS. This must be set with a volume_type of io1."
104 | }
105 |
106 | variable "ebs_device_name" {
107 | type = list(string)
108 | default = ["/dev/xvdb", "/dev/xvdc", "/dev/xvdd", "/dev/xvde", "/dev/xvdf", "/dev/xvdg", "/dev/xvdh", "/dev/xvdi", "/dev/xvdj", "/dev/xvdk", "/dev/xvdl", "/dev/xvdm", "/dev/xvdn", "/dev/xvdo", "/dev/xvdp", "/dev/xvdq", "/dev/xvdr", "/dev/xvds", "/dev/xvdt", "/dev/xvdu", "/dev/xvdv", "/dev/xvdw", "/dev/xvdx", "/dev/xvdy", "/dev/xvdz"]
109 | description = "Name of the EBS device to mount."
110 | }
111 |
112 | variable "ebs_volume_size" {
113 | type = number
114 | default = 30
115 | description = "Size of the EBS volume in gigabytes."
116 | }
117 |
118 | variable "ebs_volume_type" {
119 | type = string
120 | default = "gp3"
121 | description = "The type of EBS volume. Can be standard, gp3 or io1."
122 | }
123 |
124 | variable "default_instance_enabled" {
125 | type = bool
126 | default = true
127 | description = "Flag to control the instance creation."
128 | }
129 |
130 | variable "ebs_volume_enabled" {
131 | type = bool
132 | default = false
133 | description = "Flag to control the ebs creation."
134 | }
135 | variable "instance_profile_enabled" {
136 | type = bool
137 | default = true
138 | description = "Flag to control the instance profile creation."
139 | }
140 |
141 | variable "subnet_ids" {
142 | type = list(string)
143 | default = []
144 | description = "A list of VPC Subnet IDs to launch in."
145 | sensitive = true
146 | }
147 |
148 | variable "instance_count" {
149 | type = number
150 | default = 0
151 | description = "Number of instances to launch."
152 | }
153 |
154 | variable "network_interface" {
155 | description = "Customize network interfaces to be attached at instance boot time"
156 | type = list(map(string))
157 | default = []
158 | }
159 |
160 |
161 | variable "iam_instance_profile" {
162 | type = string
163 | default = null
164 | description = "The IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile."
165 | }
166 |
167 | variable "cpu_credits" {
168 | type = string
169 | default = "standard"
170 | description = "The credit option for CPU usage. Can be `standard` or `unlimited`. T3 instances are launched as unlimited by default. T2 instances are launched as standard by default."
171 | }
172 |
173 | variable "instance_tags" {
174 | type = map(any)
175 | default = {}
176 | description = "Instance tags."
177 | }
178 | variable "spot_instance_tags" {
179 | type = map(any)
180 | default = {}
181 | description = "Instance tags."
182 | }
183 |
184 | variable "dns_zone_id" {
185 | type = string
186 | default = "Z1XJD7SSBKXLC1"
187 | description = "The Zone ID of Route53."
188 | sensitive = true
189 | }
190 |
191 | variable "dns_enabled" {
192 | type = bool
193 | default = false
194 | description = "Flag to control the dns_enable."
195 | }
196 |
197 | variable "hostname" {
198 | type = string
199 | default = "ec2"
200 | description = "DNS records to create."
201 | sensitive = true
202 | }
203 |
204 | variable "type" {
205 | type = string
206 | default = "CNAME"
207 | description = "Type of DNS records to create."
208 | }
209 |
210 | variable "ttl" {
211 | type = string
212 | default = "300"
213 | description = "The TTL of the record to add to the DNS zone to complete certificate validation."
214 | }
215 |
216 | variable "metadata_http_tokens_required" {
217 | type = string
218 | default = "optional"
219 | description = "Whether or not the metadata service requires session tokens, also referred to as Instance Metadata Service Version 2 (IMDSv2). Valid values include optional or required. Defaults to optional."
220 | }
221 |
222 | variable "metadata_http_endpoint_enabled" {
223 | type = string
224 | default = "enabled"
225 | description = "Whether the metadata service is available. Valid values include enabled or disabled. Defaults to enabled."
226 | }
227 |
228 | variable "metadata_http_put_response_hop_limit" {
229 | type = number
230 | default = 2
231 | description = "The desired HTTP PUT response hop limit (between 1 and 64) for instance metadata requests."
232 | }
233 |
234 | variable "instance_metadata_tags_enabled" {
235 | type = string
236 | default = "disabled"
237 | description = "Whether the metadata tag is available. Valid values include enabled or disabled. Defaults to enabled."
238 | }
239 |
240 | variable "multi_attach_enabled" {
241 | type = bool
242 | default = false
243 | description = "Specifies whether to enable Amazon EBS Multi-Attach. Multi-Attach is supported on io1 and io2 volumes."
244 | }
245 |
246 | variable "kms_key_enabled" {
247 | type = bool
248 | default = true
249 | description = "Specifies whether the kms is enabled or disabled."
250 | }
251 |
252 | variable "kms_key_id" {
253 | type = string
254 | default = ""
255 | description = "The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. Can be specified only if at_rest_encryption_enabled = true."
256 | }
257 |
258 | variable "alias" {
259 | type = string
260 | default = "alias/ec2-test"
261 | description = "The display name of the alias. The name must start with the word `alias` followed by a forward slash."
262 | }
263 |
264 | variable "kms_description" {
265 | type = string
266 | default = "Parameter Store KMS master key"
267 | description = "The description of the key as viewed in AWS console."
268 | }
269 |
270 | variable "key_usage" {
271 | type = string
272 | default = "ENCRYPT_DECRYPT"
273 | sensitive = true
274 | description = "Specifies the intended use of the key. Defaults to ENCRYPT_DECRYPT, and only symmetric encryption and decryption are supported."
275 | }
276 |
277 | variable "deletion_window_in_days" {
278 | type = number
279 | default = 7
280 | description = "Duration in days after which the key is deleted after destruction of the resource."
281 | }
282 |
283 | variable "is_enabled" {
284 | type = bool
285 | default = true
286 | description = "Specifies whether the key is enabled."
287 | }
288 |
289 | variable "enable_key_rotation" {
290 | type = string
291 | default = true
292 | description = "Specifies whether key rotation is enabled."
293 | }
294 |
295 | variable "customer_master_key_spec" {
296 | type = string
297 | default = "SYMMETRIC_DEFAULT"
298 | description = "Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: SYMMETRIC_DEFAULT, RSA_2048, RSA_3072, RSA_4096, ECC_NIST_P256, ECC_NIST_P384, ECC_NIST_P521, or ECC_SECG_P256K1. Defaults to SYMMETRIC_DEFAULT."
299 | sensitive = true
300 | }
301 |
302 | variable "kms_multi_region" {
303 | type = bool
304 | default = false
305 | description = "Indicates whether the KMS key is a multi-Region (true) or regional (false) key."
306 | }
307 | variable "vpc_id" {
308 | type = string
309 | default = ""
310 | description = "The ID of the VPC that the instance security group belongs to."
311 | sensitive = true
312 | }
313 |
314 | variable "allowed_ip" {
315 | type = list(any)
316 | default = ["0.0.0.0/0"]
317 | description = "List of allowed ip."
318 | }
319 |
320 | variable "allowed_ports" {
321 | type = list(any)
322 | default = [80, 443]
323 | description = "List of allowed ingress ports"
324 | }
325 |
326 | variable "protocol" {
327 | type = string
328 | default = "tcp"
329 | description = "The protocol. If not icmp, tcp, udp, or all use the."
330 | }
331 |
332 | variable "enable_security_group" {
333 | type = bool
334 | default = true
335 | description = "Enable default Security Group with only Egress traffic allowed."
336 | }
337 |
338 | variable "egress_rule" {
339 | type = bool
340 | default = true
341 | description = "Enable to create egress rule"
342 | }
343 |
344 | variable "is_external" {
345 | type = bool
346 | default = false
347 | description = "enable to udated existing security Group"
348 | }
349 |
350 | variable "sg_ids" {
351 | type = list(any)
352 | default = []
353 | description = "of the security group id."
354 | }
355 |
356 | variable "sg_description" {
357 | type = string
358 | default = "Instance default security group (only egress access is allowed)."
359 | description = "The security group description."
360 | }
361 | variable "sg_egress_description" {
362 | type = string
363 | default = "Description of the rule."
364 | description = "Description of the egress and ingress rule"
365 | }
366 |
367 | variable "sg_egress_ipv6_description" {
368 | type = string
369 | default = "Description of the rule."
370 | description = "Description of the egress_ipv6 rule"
371 | }
372 |
373 | variable "sg_ingress_description" {
374 | type = string
375 | default = "Description of the ingress rule use elasticache."
376 | description = "Description of the ingress rule"
377 | }
378 |
379 | variable "ssh_allowed_ip" {
380 | type = list(any)
381 | default = []
382 | description = "List of allowed ip."
383 | }
384 |
385 | variable "ssh_allowed_ports" {
386 | type = list(any)
387 | default = []
388 | description = "List of allowed ingress ports"
389 | }
390 |
391 | variable "ssh_protocol" {
392 | type = string
393 | default = "tcp"
394 | description = "The protocol. If not icmp, tcp, udp, or all use the."
395 | }
396 |
397 | variable "ssh_sg_ingress_description" {
398 | type = string
399 | default = "Description of the ingress rule use elasticache."
400 | description = "Description of the ingress rule"
401 | }
402 |
403 | ### key-pair #####
404 |
405 | variable "enable_key_pair" {
406 | type = bool
407 | default = true
408 | description = "A boolean flag to enable/disable key pair."
409 | }
410 |
411 | variable "public_key" {
412 | type = string
413 | default = ""
414 | description = "Name (e.g. `ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQ`)."
415 | sensitive = true
416 | }
417 |
418 | ###### spot
419 | variable "spot_instance_enabled" {
420 | type = bool
421 | default = true
422 | description = "Flag to control the instance creation."
423 | }
424 |
425 | variable "spot_instance_count" {
426 | type = number
427 | default = 0
428 | description = "Number of instances to launch."
429 | }
430 |
431 | variable "spot_configuration" {
432 | description = "Configuration options for the EC2 spot instance"
433 | type = object({
434 | spot_price = optional(string, null)
435 | wait_for_fulfillment = optional(bool, false)
436 | spot_type = optional(string, null)
437 | launch_group = optional(string, null)
438 | block_duration_minutes = optional(number, null)
439 | instance_interruption_behavior = optional(string, null)
440 | valid_until = optional(string, null)
441 | valid_from = optional(string, null)
442 | })
443 | default = {}
444 | }
445 |
446 | variable "cpu_options" {
447 | description = "Defines CPU options to apply to the instance at launch time."
448 | type = any
449 | default = {}
450 | }
451 |
452 | variable "capacity_reservation_specification" {
453 | description = "Describes an instance's Capacity Reservation targeting option"
454 | type = any
455 | default = {}
456 | }
457 |
458 | variable "launch_template" {
459 | description = "Specifies a Launch Template to configure the instance. Parameters configured on this resource will override the corresponding parameters in the Launch Template"
460 | type = map(string)
461 | default = {}
462 | }
463 |
464 | variable "enclave_options_enabled" {
465 | description = "Whether Nitro Enclaves will be enabled on the instance. Defaults to `false`"
466 | type = bool
467 | default = null
468 | }
469 |
470 | variable "timeouts" {
471 | description = "Define maximum timeout for creating, updating, and deleting EC2 instance resources"
472 | type = map(string)
473 | default = {}
474 | }
475 |
476 | variable "ebs_block_device" {
477 | description = "Additional EBS block devices to attach to the instance"
478 | type = list(any)
479 | default = []
480 | }
481 |
482 | variable "key_name" {
483 | description = "Key name of the Key Pair to use for the instance; which can be managed using the aws_key_pair resource."
484 | type = string
485 | default = ""
486 | }
487 |
488 | variable "algorithm" {
489 | description = "Name of the algorithm to use when generating the private key. Currently-supported values are: RSA, ECDSA, ED25519."
490 | type = string
491 | default = "RSA"
492 | }
493 |
494 | variable "rsa_bits" {
495 | description = "When algorithm is RSA, the size of the generated RSA key, in bits (default: 2048)."
496 | type = number
497 | default = 4096
498 | }
499 |
500 | variable "egress_ipv4_from_port" {
501 | description = "Egress Start port (or ICMP type number if protocol is icmp or icmpv6)."
502 | type = number
503 | default = 0
504 | }
505 |
506 | variable "egress_ipv4_to_port" {
507 | description = "Egress end port (or ICMP code if protocol is icmp)."
508 | type = number
509 | default = 65535
510 | }
511 |
512 | variable "egress_ipv4_protocol" {
513 | description = "Protocol. If not icmp, icmpv6, tcp, udp, or all use the protocol number"
514 | type = string
515 | default = "-1"
516 | }
517 |
518 | variable "egress_ipv4_cidr_block" {
519 | description = " List of CIDR blocks. Cannot be specified with source_security_group_id or self."
520 | type = list(string)
521 | default = ["0.0.0.0/0"]
522 | }
523 |
524 | variable "egress_ipv6_from_port" {
525 | description = "Egress Start port (or ICMP type number if protocol is icmp or icmpv6)."
526 | type = number
527 | default = 0
528 | }
529 |
530 | variable "egress_ipv6_to_port" {
531 | description = "Egress end port (or ICMP code if protocol is icmp)."
532 | type = number
533 | default = 65535
534 | }
535 |
536 | variable "egress_ipv6_protocol" {
537 | description = "Protocol. If not icmp, icmpv6, tcp, udp, or all use the protocol number"
538 | type = string
539 | default = "-1"
540 | }
541 |
542 | variable "egress_ipv6_cidr_block" {
543 | description = " List of CIDR blocks. Cannot be specified with source_security_group_id or self."
544 | type = list(string)
545 | default = ["::/0"]
546 | }
547 |
548 |
--------------------------------------------------------------------------------
/versions.tf:
--------------------------------------------------------------------------------
1 | # Terraform version
2 | terraform {
3 | required_version = ">= 1.5.5"
4 |
5 | required_providers {
6 | aws = {
7 | source = "hashicorp/aws"
8 | version = ">= 5.13.1"
9 | }
10 | tls = {
11 | source = "hashicorp/tls"
12 | version = ">= 4.0"
13 | }
14 | }
15 | }
--------------------------------------------------------------------------------