├── roles ├── gen_ai_demo │ ├── tests │ │ ├── inventory │ │ └── test.yml │ ├── handlers │ │ └── main.yml │ ├── tasks │ │ ├── download_tf_module.yml │ │ ├── cloud_init_config.yml │ │ ├── main.yml │ │ ├── sg_eni_attachment.yml │ │ ├── ec2_vm.yml │ │ ├── read_tfstate.yml │ │ ├── output.yml │ │ └── generate_keys.yml │ ├── defaults │ │ └── main.yml │ ├── vars │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── README.md ├── amazon_ec2_rhel_default_vpc │ ├── tests │ │ ├── inventory │ │ └── test.yml │ ├── handlers │ │ └── main.yml │ ├── tasks │ │ ├── download_tf_module.yml │ │ ├── main.yml │ │ ├── ec2_vm.yml │ │ ├── sg_eni_attachment.yml │ │ ├── read_tfstate.yml │ │ ├── output.yml │ │ └── generate_keys.yml │ ├── defaults │ │ └── main.yml │ ├── vars │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── README.md └── amazon_linux_ec2_non_default_vpc │ ├── tests │ ├── inventory │ └── test.yml │ ├── handlers │ └── main.yml │ ├── tasks │ ├── download_tf_module.yml │ ├── subnet.yml │ ├── main.yml │ ├── ec2.yml │ ├── sg.yml │ ├── read_tfstate.yml │ ├── output.yml │ └── keypair.yml │ ├── defaults │ └── main.yml │ ├── vars │ └── main.yml │ ├── meta │ └── main.yml │ └── README.md ├── requirements.yml ├── requirements.txt ├── playbooks ├── intel_aws_vm_gen_ai_demo.yml ├── intel_aws_vm_ec2_rhel_default_vpc.yml ├── intel_amazon_linux_ec2_non_default_vpc.yml └── intel_aws_vm.yml ├── galaxy.yml ├── security.md ├── .gitignore ├── CONTRIBUTING.md ├── CODE_OF_CONDUCT.md ├── LICENSE.md └── README.md /roles/gen_ai_demo/tests/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | 3 | -------------------------------------------------------------------------------- /requirements.yml: -------------------------------------------------------------------------------- 1 | --- 2 | collections: 3 | - amazon.aws 4 | -------------------------------------------------------------------------------- /roles/amazon_ec2_rhel_default_vpc/tests/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | 3 | -------------------------------------------------------------------------------- /roles/amazon_linux_ec2_non_default_vpc/tests/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | 3 | -------------------------------------------------------------------------------- /roles/gen_ai_demo/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for gen_ai_demo 3 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | ansible==8.5.0 2 | boto3==1.29.0 3 | botocore==1.32.0 4 | cryptography==44.0.1 -------------------------------------------------------------------------------- /roles/amazon_ec2_rhel_default_vpc/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for amazon_ec2_rhel_default_vpc 3 | -------------------------------------------------------------------------------- /roles/amazon_linux_ec2_non_default_vpc/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for amazon-linux-ec2-non-default-vpc 3 | -------------------------------------------------------------------------------- /roles/gen_ai_demo/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | remote_user: root 4 | roles: 5 | - gen_ai_demo 6 | -------------------------------------------------------------------------------- /roles/amazon_ec2_rhel_default_vpc/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | remote_user: root 4 | roles: 5 | - amazon_ec2_rhel_default_vpc 6 | -------------------------------------------------------------------------------- /roles/amazon_linux_ec2_non_default_vpc/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | remote_user: root 4 | roles: 5 | - amazon-linux-ec2-non-default-vpc 6 | -------------------------------------------------------------------------------- /roles/gen_ai_demo/tasks/download_tf_module.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Clone a github repository {{ vm_tf_source|basename }} 3 | git: 4 | repo: '{{ vm_tf_source }}' 5 | dest: '{{ vm_tf_module_download_path }}' 6 | clone: yes 7 | update: yes 8 | version: main -------------------------------------------------------------------------------- /playbooks/intel_aws_vm_gen_ai_demo.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Run gen_ai_demo role 3 | hosts: localhost 4 | tasks: 5 | - name: Running a role gen ai demo 6 | ansible.builtin.import_role: 7 | name: gen_ai_demo 8 | vars: 9 | gen_ai_demo_state: present -------------------------------------------------------------------------------- /roles/amazon_ec2_rhel_default_vpc/tasks/download_tf_module.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Clone a github repository {{ vm_tf_source|basename }} 3 | git: 4 | repo: '{{ vm_tf_source }}' 5 | dest: '{{ vm_tf_module_download_path }}' 6 | clone: yes 7 | update: yes 8 | version: main -------------------------------------------------------------------------------- /roles/gen_ai_demo/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for gen_ai_demo 3 | tags: [] 4 | ec2_update: false 5 | instance_id: '' 6 | random_id: '' 7 | keypair_name: '' 8 | ec2_instance: '' 9 | ec2_info: 10 | instances: [] 11 | vm_tf_source: https://github.com/intel/terraform-intel-aws-vm.git -------------------------------------------------------------------------------- /roles/amazon_linux_ec2_non_default_vpc/tasks/download_tf_module.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Clone a github repository {{ ec2_tf_source|basename }} 3 | git: 4 | repo: '{{ ec2_tf_source }}' 5 | dest: '{{ ec2_tf_module_download_path }}' 6 | clone: yes 7 | update: yes 8 | version: main 9 | 10 | -------------------------------------------------------------------------------- /roles/amazon_ec2_rhel_default_vpc/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for amazon_ec2_rhel_default_vpc 3 | tags: [] 4 | ec2_update: false 5 | instance_id: '' 6 | random_id: '' 7 | keypair_name: '' 8 | ec2_instance: '' 9 | ec2_info: 10 | instances: [] 11 | vm_tf_source: https://github.com/intel/terraform-intel-aws-vm.git -------------------------------------------------------------------------------- /playbooks/intel_aws_vm_ec2_rhel_default_vpc.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Run amazon_ec2_rhel_default_vpc role 3 | hosts: localhost 4 | tasks: 5 | - name: Running a role Amazon EC2 rhel default vpc 6 | ansible.builtin.import_role: 7 | name: amazon_ec2_rhel_default_vpc 8 | vars: 9 | ec2_rhel_default_vpc_state: present -------------------------------------------------------------------------------- /roles/amazon_linux_ec2_non_default_vpc/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for amazon-linux-ec2-non-default-vpc 3 | tags: [] 4 | ec2_update: false 5 | instance_id: '' 6 | random_id: '' 7 | keypair_name: '' 8 | ec2_instance: '' 9 | ec2_info: 10 | instances: [] 11 | ec2_tf_source: https://github.com/intel/terraform-intel-aws-vm.git 12 | -------------------------------------------------------------------------------- /playbooks/intel_amazon_linux_ec2_non_default_vpc.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: playbook using amazon linux ec2 3 | hosts: localhost 4 | tasks: 5 | - name: running a role amazon linux ec2 non default vpc 6 | ansible.builtin.import_role: 7 | name: amazon_linux_ec2_non_default_vpc 8 | vars: 9 | ec2_state: present 10 | 11 | -------------------------------------------------------------------------------- /galaxy.yml: -------------------------------------------------------------------------------- 1 | namespace: intel 2 | name: ansible_intel_aws_vm 3 | version: 1.0.0 4 | readme: README.md 5 | authors: 6 | - optimized-cloud-modules@intel.com 7 | description: This module will create new Amazon virtual machine, The instance is pre-configured with parameters. 8 | tags: 9 | - ansible 10 | - aws 11 | - vm 12 | repository: 'https://github.com/intel/ansible-intel-aws-vm' 13 | -------------------------------------------------------------------------------- /roles/gen_ai_demo/tasks/cloud_init_config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Slurp the cloud_init config file 3 | ansible.builtin.slurp: 4 | src: '{{ vm_tf_module_download_path }}/{{ cloud_init_config_path }}/cloud_init.yml' 5 | register: cloud_init_output 6 | 7 | - set_fact: 8 | cloud_init_data: "{{ cloud_init_output['content'] | b64decode }}" 9 | 10 | - ansible.builtin.debug: 11 | var: cloud_init_data 12 | -------------------------------------------------------------------------------- /security.md: -------------------------------------------------------------------------------- 1 | # Security Policy 2 | Intel is committed to rapidly addressing security vulnerabilities affecting our customers and providing clear guidance on the solution, impact, severity and mitigation. 3 | 4 | ## Reporting a Vulnerability 5 | Please report any security vulnerabilities in this project utilizing the guidelines [here](https://www.intel.com/content/www/us/en/security-center/vulnerability-handling-guidelines.html). 6 | -------------------------------------------------------------------------------- /roles/amazon_linux_ec2_non_default_vpc/tasks/subnet.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: subnet to create the EC2 instance 3 | amazon.aws.ec2_vpc_subnet_info: 4 | filters: 5 | vpc-id: "{{vpc_id}}" 6 | register: vpc_subnet_info 7 | 8 | - debug: 9 | var: vpc_subnet_info 10 | 11 | - set_fact: 12 | subnet_ids: "{{ vpc_subnet_info.subnets | map(attribute='subnet_id') }}" 13 | when: vpc_subnet_info.subnets is defined 14 | 15 | - debug: 16 | var: subnet_ids -------------------------------------------------------------------------------- /roles/amazon_ec2_rhel_default_vpc/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Clone a github repository 3 | ansible.builtin.include_tasks: 4 | file: download_tf_module.yml 5 | when: ec2_rhel_default_vpc_state == 'present' 6 | 7 | - name: Read TF state 8 | ansible.builtin.include_tasks: 9 | file: read_tfstate.yml 10 | 11 | - name: Generate OpenSSH keys 12 | ansible.builtin.include_tasks: 13 | file: generate_keys.yml 14 | 15 | - name: Running ec2_vm 16 | ansible.builtin.include_tasks: 17 | file: ec2_vm.yml 18 | 19 | - name: Create SG and attach to elastic network interface(ENI) 20 | ansible.builtin.include_tasks: 21 | file: sg_eni_attachment.yml 22 | 23 | - name: EC2 rhel default vpc output 24 | ansible.builtin.include_tasks: 25 | file: output.yml 26 | when: ec2_rhel_default_vpc_state == 'present' -------------------------------------------------------------------------------- /roles/amazon_linux_ec2_non_default_vpc/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for amazon-linux-ec2-non-default-vpc 3 | - name: download module 4 | ansible.builtin.include_tasks: 5 | file: download_tf_module.yml 6 | when: ec2_state == "present" 7 | 8 | - name: Read TF state 9 | ansible.builtin.include_tasks: 10 | file: read_tfstate.yml 11 | 12 | - name: Generate openssh keys 13 | ansible.builtin.include_tasks: 14 | file: keypair.yml 15 | 16 | - name: subnet configure 17 | ansible.builtin.include_tasks: 18 | file: subnet.yml 19 | 20 | - name: ec2 configure 21 | ansible.builtin.include_tasks: 22 | file: ec2.yml 23 | 24 | - name: sg configure 25 | ansible.builtin.include_tasks: 26 | file: sg.yml 27 | 28 | - name: output 29 | ansible.builtin.include_tasks: 30 | file: output.yml 31 | when: ec2_state == "present" 32 | -------------------------------------------------------------------------------- /roles/gen_ai_demo/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Clone a github repository 3 | ansible.builtin.include_tasks: 4 | file: download_tf_module.yml 5 | when: gen_ai_demo_state == 'present' 6 | 7 | - name: Read TF state 8 | ansible.builtin.include_tasks: 9 | file: read_tfstate.yml 10 | 11 | - name: Read cloud_init config file 12 | ansible.builtin.include_tasks: 13 | file: cloud_init_config.yml 14 | 15 | - name: Generate OpenSSH keys 16 | ansible.builtin.include_tasks: 17 | file: generate_keys.yml 18 | 19 | - name: Running ec2_vm 20 | ansible.builtin.include_tasks: 21 | file: ec2_vm.yml 22 | 23 | - name: Create SG and attach to elastic network interface(ENI) 24 | ansible.builtin.include_tasks: 25 | file: sg_eni_attachment.yml 26 | 27 | - name: Gen ai demo output 28 | ansible.builtin.include_tasks: 29 | file: output.yml 30 | when: gen_ai_demo_state == 'present' -------------------------------------------------------------------------------- /roles/amazon_ec2_rhel_default_vpc/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for amazon_ec2_rhel_default_vpc 3 | vm_tf_module_download_path: '/home/{{ansible_env.USER}}/{{role_name}}/terraform/aws_vm/' 4 | ansible_python_interpreter: /usr/bin/python3 5 | 6 | # private Key 7 | private_key_type: RSA 8 | private_key_size: 4096 9 | 10 | file_name: /home/{{ansible_env.USER}}/key_files/tfkey 11 | directory_keyfiles: /home/{{ansible_env.USER}}/key_files 12 | 13 | tls_privatekey_file_path: /home/{{ansible_env.USER}}/key_files/private_key.pem 14 | tls_publickey_file_path: /home/{{ansible_env.USER}}/key_files/public_key.pem 15 | 16 | # security_group 17 | security_group_name: ssh_security_group 18 | security_group_rules: 19 | - from_port: 22 20 | to_port: 22 21 | proto: "tcp" 22 | cidr_ip: "0.0.0.0/0" 23 | 24 | # ec2_vm.yml vars 25 | ec2_rhel_default_vpc_state: present 26 | ami: "ami-0c41531b8d18cc72b" 27 | duration_count_tag: 2 28 | -------------------------------------------------------------------------------- /playbooks/intel_aws_vm.yml: -------------------------------------------------------------------------------- 1 | - hosts: localhost 2 | vars: 3 | terraform_source: https://github.com/intel/terraform-intel-aws-vm.git 4 | tasks: 5 | - set_fact: 6 | terraform_module_download_path: '/home/{{ansible_env.USER}}/terraform/main/intel_aws_vm/' 7 | 8 | - name: Clone a github repository 9 | git: 10 | repo: '{{ terraform_source }}' 11 | dest: '{{ terraform_module_download_path }}' 12 | clone: yes 13 | update: yes 14 | version: main 15 | 16 | - name: AWS VM Module 17 | community.general.terraform: 18 | project_path: '{{ terraform_module_download_path }}' 19 | state: present 20 | force_init: true 21 | provider_upgrade: true 22 | complex_vars: true 23 | # for additional variables 24 | # https://github.com/intel/terraform-intel-aws-vm/blob/main/variables.tf 25 | variables: 26 | name: aws_instance_test 27 | register: vm_output 28 | 29 | - debug: 30 | var: vm_output -------------------------------------------------------------------------------- /roles/amazon_linux_ec2_non_default_vpc/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for amazon-linux-ec2-non-default-vpc 3 | # optional 4 | ec2_tf_module_download_path: '/home/{{ansible_env.USER}}/{{role_name}}/terraform/ec2_vpc/' 5 | ansible_python_interpreter: /usr/bin/python3 6 | 7 | #ec2 creation 8 | ec2_state: present 9 | key_name: "TY_key" 10 | subnet_id: "{{ subnet_info.subnets[0].id }}" 11 | tags_name: 12 | Name : "my-test-vm-{{ random_id.rid.dec }}" 13 | Owner : "OwnerName-{{ random_id.rid.dec }}" 14 | Duration : "2" 15 | 16 | #keypair 17 | private_key_type: RSA 18 | private_key_size: 4096 19 | file_name: /home/{{ansible_env.USER}}/key_files/tfkey 20 | directory_keyfiles: /home/{{ansible_env.USER}}/key_files 21 | random_id_length: 12 22 | 23 | TLS_privatekey_file_path: /home/{{ansible_env.USER}}/key_files/private_key.pem 24 | TLS_publickey_file_path: /home/{{ansible_env.USER}}/key_files/public_key.pem 25 | 26 | # security_group 27 | security_group_name: ssh_security_group 28 | security_group_rules: 29 | - from_port: 22 30 | to_port: 22 31 | proto: "tcp" 32 | cidr_ip: "0.0.0.0/0" 33 | 34 | #network 35 | vpc_id: "vpc-0bf95158fd23f4e2e" 36 | duration_count_tag: 2 37 | 38 | 39 | 40 | -------------------------------------------------------------------------------- /roles/amazon_linux_ec2_non_default_vpc/tasks/ec2.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: ec2 creation 3 | community.general.terraform: 4 | project_path: '{{ ec2_tf_module_download_path }}' 5 | state: '{{ ec2_state }}' 6 | force_init: true 7 | provider_upgrade: true 8 | complex_vars: true 9 | variables: 10 | key_name: '{{ keypair_name }}' 11 | subnet_id: '{{ subnet_ids[0] }}' 12 | tags: 13 | "Name": "my-test-vm-{{ random_id }}" 14 | "Owner": "OwnerName-{{ random_id }}" 15 | "Duration": "{{ duration_count_tag }}" 16 | register: ec2_output 17 | 18 | - debug: 19 | var: ec2_output 20 | - set_fact: 21 | primary_net_interface_id: "{{ ec2_output.outputs.primary_network_interface_id.value }}" 22 | instance_id: "{{ ec2_output.outputs.id.value }}" 23 | when: ec2_state == 'present' 24 | 25 | - amazon.aws.ec2_instance_info: 26 | instance_ids: "{{ ec2_output.outputs.id.value }}" 27 | register: ec2_info 28 | when: ec2_state == 'present' 29 | 30 | - set_fact: 31 | default_security_group_id: "{{ ec2_info['instances'][0]['security_groups'][0]['group_id'] }}" 32 | when: ec2_state == 'present' 33 | 34 | - debug: 35 | var: default_security_group_id 36 | when: ec2_state == 'present' 37 | -------------------------------------------------------------------------------- /roles/amazon_linux_ec2_non_default_vpc/tasks/sg.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: security group to configure ports for ssh and provide security group rules 3 | amazon.aws.ec2_security_group: 4 | name: '{{ security_group_name }}-{{ instance_id }}' 5 | description: "security group to configure ports for ssh" 6 | rules: "{{ security_group_rules }}" 7 | state: '{{ ec2_state }}' 8 | register: security_group_output 9 | 10 | - name: Print security group returned information 11 | ansible.builtin.debug: 12 | msg: "{{ security_group_output }}" 13 | 14 | - set_fact: 15 | security_group_id: "{{ security_group_output['group_id'] }}" 16 | when: ec2_state == 'present' 17 | 18 | 19 | - name: Attach Security Group to elastic Network Interface(ENI) 20 | amazon.aws.ec2_eni: 21 | eni_id: "{{ primary_net_interface_id }}" 22 | security_groups: 23 | - "{{ security_group_id }}" 24 | - "{{ default_security_group_id }}" 25 | state: '{{ ec2_state }}' 26 | register: sg_eni_attach_output 27 | when: ec2_state == 'present' 28 | 29 | - name: Print security group to elastic network interface(ENI) attachment returned information 30 | ansible.builtin.debug: 31 | msg: "{{ sg_eni_attach_output }}" 32 | 33 | 34 | 35 | 36 | -------------------------------------------------------------------------------- /roles/amazon_ec2_rhel_default_vpc/tasks/ec2_vm.yml: -------------------------------------------------------------------------------- 1 | - community.general.terraform: 2 | project_path: '{{ vm_tf_module_download_path }}' 3 | state: '{{ ec2_rhel_default_vpc_state }}' 4 | force_init: true 5 | provider_upgrade: true 6 | complex_vars: true 7 | variables: 8 | key_name: '{{ keypair_name }}' 9 | ami: '{{ ami }}' 10 | tags: 11 | "Name": "my-test-vm-{{ random_id }}" 12 | "Owner": "OwnerName-{{ random_id }}" 13 | "Duration": "{{ duration_count_tag }}" 14 | register: ec2_rhel_vm_output 15 | 16 | - debug: 17 | var: ec2_rhel_vm_output 18 | 19 | - set_fact: 20 | primary_net_interface_id: "{{ ec2_rhel_vm_output.outputs.primary_network_interface_id.value }}" 21 | instance_id: "{{ ec2_rhel_vm_output.outputs.id.value }}" 22 | when: ec2_rhel_default_vpc_state == 'present' 23 | 24 | - amazon.aws.ec2_instance_info: 25 | instance_ids: "{{ instance_id }}" 26 | register: ec2_info 27 | when: ec2_rhel_default_vpc_state == 'present' 28 | 29 | - set_fact: 30 | default_security_group_id: "{{ ec2_info['instances'][0]['security_groups'][0]['group_id'] }}" 31 | when: ec2_rhel_default_vpc_state == 'present' 32 | 33 | - debug: 34 | var: default_security_group_id 35 | when: ec2_rhel_default_vpc_state == 'present' -------------------------------------------------------------------------------- /roles/gen_ai_demo/tasks/sg_eni_attachment.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: security group to configure ports for ssh and provide security group rules 3 | amazon.aws.ec2_security_group: 4 | name: '{{ security_group_name }}-{{ instance_id }}' 5 | description: "security group to configure ports for ssh" 6 | rules: "{{ default_security_group_rules }}" 7 | state: '{{ gen_ai_demo_state }}' 8 | register: security_group_output 9 | 10 | - name: Print security group returned information 11 | ansible.builtin.debug: 12 | msg: "{{ security_group_output }}" 13 | 14 | - set_fact: 15 | security_group_id: "{{ security_group_output['group_id'] }}" 16 | when: gen_ai_demo_state == 'present' 17 | 18 | # count parameter? 19 | - name: Attach security group to elastic network interface(ENI) 20 | amazon.aws.ec2_eni: 21 | eni_id: "{{ primary_net_interface_id }}" # check on dynamic eni_id variable from terraform script 22 | security_groups: 23 | - "{{ security_group_id }}" 24 | - "{{ default_security_group_id }}" 25 | state: '{{ gen_ai_demo_state }}' 26 | register: sg_eni_attach_output 27 | when: gen_ai_demo_state == 'present' 28 | 29 | - name: Print security group to elastic network interface(ENI) attachment returned information 30 | ansible.builtin.debug: 31 | msg: "{{ sg_eni_attach_output }}" -------------------------------------------------------------------------------- /roles/amazon_ec2_rhel_default_vpc/tasks/sg_eni_attachment.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: security group to configure ports for ssh and provide security group rules 3 | amazon.aws.ec2_security_group: 4 | name: '{{ security_group_name }}-{{ instance_id }}' 5 | description: "security group to configure ports for ssh" 6 | rules: "{{ security_group_rules }}" 7 | state: '{{ ec2_rhel_default_vpc_state }}' 8 | register: security_group_output 9 | 10 | - name: Print security group returned information 11 | ansible.builtin.debug: 12 | msg: "{{ security_group_output }}" 13 | 14 | - set_fact: 15 | security_group_id: "{{ security_group_output['group_id'] }}" 16 | when: ec2_rhel_default_vpc_state == 'present' 17 | 18 | # count parameter? 19 | - name: Attach security group to elastic network interface(ENI) 20 | amazon.aws.ec2_eni: 21 | eni_id: "{{ primary_net_interface_id }}" # check on dynamic eni_id variable from terraform script 22 | security_groups: 23 | - "{{ security_group_id }}" 24 | - "{{ default_security_group_id }}" 25 | state: '{{ ec2_rhel_default_vpc_state }}' 26 | register: sg_eni_attach_output 27 | when: ec2_rhel_default_vpc_state == 'present' 28 | 29 | - name: Print security group to elastic network interface(ENI) attachment returned information 30 | ansible.builtin.debug: 31 | msg: "{{ sg_eni_attach_output }}" -------------------------------------------------------------------------------- /roles/gen_ai_demo/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | vm_tf_module_download_path: '/home/{{ansible_env.USER}}/{{role_name}}/terraform/aws_vm/' 3 | cloud_init_config_path: examples/gen-ai-demo/ 4 | ansible_python_interpreter: /usr/bin/python3 5 | # AMI 6 | aws_ami_owner: 099720109477 7 | # aws_ami_name: name 8 | aws_ami_value: "ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*" 9 | # virtualization_name: virtualization-type 10 | virtualization_value: "hvm" 11 | 12 | private_key_type: RSA 13 | private_key_size: 4096 14 | 15 | file_name: /home/{{ansible_env.USER}}/key_files/tfkey 16 | directory_keyfiles: /home/{{ansible_env.USER}}/key_files 17 | 18 | random_id_length: 5 19 | 20 | tls_privatekey_file_path: /home/{{ansible_env.USER}}/key_files/private_key.pem 21 | tls_publickey_file_path: /home/{{ansible_env.USER}}/key_files/public_key.pem 22 | 23 | security_group_name: ssh_security_group 24 | default_security_group_rules: 25 | - from_port: 22 26 | to_port: 22 27 | proto: "tcp" 28 | cidr_ip: "0.0.0.0/0" 29 | - from_port: 7860 30 | to_port: 7860 31 | proto: "tcp" 32 | cidr_ip: "0.0.0.0/0" 33 | - from_port: 5000 34 | to_port: 5000 35 | proto: "tcp" 36 | cidr_ip: "0.0.0.0/0" 37 | - from_port: 5001 38 | to_port: 5001 39 | proto: "tcp" 40 | cidr_ip: "0.0.0.0/0" 41 | 42 | # ec2_vm.yml vars 43 | gen_ai_demo_state: present 44 | instance_type: "m7i.4xlarge" 45 | availability_zone: "us-east-2c" 46 | volume_size: 100 47 | duration_count_tag: 2 48 | -------------------------------------------------------------------------------- /roles/gen_ai_demo/tasks/ec2_vm.yml: -------------------------------------------------------------------------------- 1 | - community.general.terraform: 2 | project_path: '{{ vm_tf_module_download_path }}' 3 | state: '{{ gen_ai_demo_state }}' 4 | force_init: true 5 | provider_upgrade: true 6 | complex_vars: true 7 | variables: 8 | instance_type: '{{ instance_type }}' 9 | availability_zone: '{{ availability_zone }}' 10 | key_name: '{{ keypair_name }}' 11 | ami: '{{ ami_id }}' 12 | user_data: '{{ cloud_init_data }}' 13 | root_block_device: 14 | - volume_size: '{{ volume_size }}' 15 | tags: 16 | "Name": "my-test-vm-{{ random_id }}" 17 | "Owner": "OwnerName-{{ random_id }}" 18 | "Duration": "{{ duration_count_tag }}" 19 | register: gen_ai_demo_output 20 | 21 | - debug: 22 | var: gen_ai_demo_output 23 | 24 | - set_fact: 25 | primary_net_interface_id: "{{ gen_ai_demo_output.outputs.primary_network_interface_id.value }}" 26 | instance_id: "{{ gen_ai_demo_output.outputs.id.value }}" 27 | when: gen_ai_demo_state == 'present' 28 | 29 | - amazon.aws.ec2_instance_info: 30 | instance_ids: "{{ gen_ai_demo_output.outputs.id.value }}" 31 | register: ec2_info 32 | when: gen_ai_demo_state == 'present' 33 | 34 | - set_fact: 35 | default_security_group_id: "{{ ec2_info['instances'][0]['security_groups'][0]['group_id'] }}" 36 | when: gen_ai_demo_state == 'present' 37 | 38 | - debug: 39 | var: default_security_group_id 40 | when: gen_ai_demo_state == 'present' -------------------------------------------------------------------------------- /roles/amazon_linux_ec2_non_default_vpc/tasks/read_tfstate.yml: -------------------------------------------------------------------------------- 1 | - name: Read terraform output 2 | command: chdir='{{ ec2_tf_module_download_path }}' terraform output -json 3 | register: ec2_output 4 | 5 | - debug: 6 | var: ec2_output 7 | 8 | - set_fact: 9 | ec2_output: "{{ ec2_output.stdout }}" 10 | 11 | - debug: 12 | var: ec2_output 13 | 14 | - block: 15 | - name: "Checking resource for deletion" 16 | debug: 17 | msg: "Terraform cannot delete the resource because it is not found in the state file. Manual intervention is required." 18 | - meta: end_play 19 | when: ec2_state == 'absent' and ec2_output | length == 0 20 | 21 | - set_fact: 22 | instance_id: "{{ ec2_output.id.value }}" 23 | tags: "{{ ec2_output.tags_all.value }}" 24 | when: ec2_output | length > 0 25 | 26 | - set_fact: 27 | random_id: "{{ tags.Name.split('-')[-1] }}" 28 | when: tags | length > 0 29 | 30 | - amazon.aws.ec2_instance_info: 31 | instance_ids: "{{ instance_id }}" 32 | register: ec2_info 33 | when: instance_id | length > 0 34 | 35 | - debug: 36 | var: ec2_info 37 | 38 | - set_fact: 39 | ec2_instance: "{{ ec2_info.instances[0] }}" 40 | when: ec2_info.instances is defined 41 | 42 | - set_fact: 43 | keypair_name: "{{ ec2_instance['key_name'] }}" 44 | ami_id: "{{ ec2_instance['image_id'] }}" 45 | when: ec2_instance | length > 0 46 | 47 | - set_fact: 48 | ec2_update: true 49 | when: ec2_state == 'present' and ec2_instance | length > 0 50 | 51 | - ansible.builtin.debug: 52 | msg: 53 | - "instance_id: {{ instance_id }}" 54 | - "random_id: {{ random_id }}" 55 | - "keypair_name: {{ keypair_name }}" 56 | -------------------------------------------------------------------------------- /roles/gen_ai_demo/tasks/read_tfstate.yml: -------------------------------------------------------------------------------- 1 | - name: Read terraform output 2 | command: chdir='{{ vm_tf_module_download_path }}' terraform output -json 3 | register: gen_ai_demo_tf_output 4 | 5 | - debug: 6 | var: gen_ai_demo_tf_output 7 | 8 | - set_fact: 9 | gen_ai_demo_tf_output: "{{ gen_ai_demo_tf_output.stdout }}" 10 | 11 | - debug: 12 | var: gen_ai_demo_tf_output 13 | 14 | - block: 15 | - name: "Checking Terraform resource" 16 | debug: 17 | msg: "Terraform cannot delete the resource because it is not found in the state file. Manual intervention is required." 18 | - meta: end_play 19 | when: gen_ai_demo_state == 'absent' and gen_ai_demo_tf_output | length == 0 20 | 21 | - set_fact: 22 | instance_id: "{{ gen_ai_demo_tf_output.id.value }}" 23 | tags: "{{ gen_ai_demo_tf_output.tags_all.value }}" 24 | when: gen_ai_demo_tf_output | length > 0 25 | 26 | - set_fact: 27 | random_id: "{{ tags.Name.split('-')[-1] }}" 28 | when: tags | length > 0 29 | 30 | - amazon.aws.ec2_instance_info: 31 | instance_ids: "{{ instance_id }}" 32 | register: ec2_info 33 | when: instance_id | length > 0 34 | 35 | - debug: 36 | var: ec2_info 37 | 38 | - set_fact: 39 | ec2_instance: "{{ ec2_info.instances[0] }}" 40 | when: ec2_info.instances is defined 41 | 42 | - set_fact: 43 | keypair_name: "{{ ec2_instance['key_name'] }}" 44 | ami_id: "{{ ec2_instance['image_id'] }}" 45 | when: ec2_instance | length > 0 46 | 47 | - set_fact: 48 | ec2_update: true 49 | when: gen_ai_demo_state == 'present' and ec2_instance | length > 0 50 | 51 | - ansible.builtin.debug: 52 | msg: 53 | - "instance_id: {{ instance_id }}" 54 | - "random_id: {{ random_id }}" 55 | - "keypair_name: {{ keypair_name }}" 56 | -------------------------------------------------------------------------------- /roles/amazon_ec2_rhel_default_vpc/tasks/read_tfstate.yml: -------------------------------------------------------------------------------- 1 | - name: Read terraform output 2 | command: chdir='{{ vm_tf_module_download_path }}' terraform output -json 3 | register: ec2_rhel_vm_tf_output 4 | 5 | - debug: 6 | var: ec2_rhel_vm_tf_output 7 | 8 | - set_fact: 9 | ec2_rhel_vm_tf_output: "{{ ec2_rhel_vm_tf_output.stdout }}" 10 | 11 | - debug: 12 | var: ec2_rhel_vm_tf_output 13 | 14 | - block: 15 | - name: "Checking resource for deletion" 16 | debug: 17 | msg: "Terraform cannot delete the resource because it is not found in the state file. Manual intervention is required." 18 | - meta: end_play 19 | when: ec2_rhel_default_vpc_state == 'absent' and ec2_rhel_vm_tf_output | length == 0 20 | 21 | - set_fact: 22 | instance_id: "{{ ec2_rhel_vm_tf_output.id.value }}" 23 | tags: "{{ ec2_rhel_vm_tf_output.tags_all.value }}" 24 | when: ec2_rhel_vm_tf_output | length > 0 25 | 26 | - set_fact: 27 | random_id: "{{ tags.Name.split('-')[-1] }}" 28 | when: tags | length > 0 29 | 30 | - amazon.aws.ec2_instance_info: 31 | instance_ids: "{{ instance_id }}" 32 | register: ec2_info 33 | when: instance_id | length > 0 34 | 35 | - debug: 36 | var: ec2_info 37 | 38 | - set_fact: 39 | ec2_instance: "{{ ec2_info.instances[0] }}" 40 | when: ec2_info.instances is defined 41 | 42 | - set_fact: 43 | keypair_name: "{{ ec2_instance['key_name'] }}" 44 | ami_id: "{{ ec2_instance['image_id'] }}" 45 | when: ec2_instance | length > 0 46 | 47 | - set_fact: 48 | ec2_update: true 49 | when: ec2_rhel_default_vpc_state == 'present' and ec2_instance | length > 0 50 | 51 | - ansible.builtin.debug: 52 | msg: 53 | - "instance_id: {{ instance_id }}" 54 | - "random_id: {{ random_id }}" 55 | - "keypair_name: {{ keypair_name }}" 56 | -------------------------------------------------------------------------------- /roles/gen_ai_demo/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: your name 3 | description: your role description 4 | company: your company (optional) 5 | 6 | # If the issue tracker for your role is not on github, uncomment the 7 | # next line and provide a value 8 | # issue_tracker_url: http://example.com/issue/tracker 9 | 10 | # Choose a valid license ID from https://spdx.org - some suggested licenses: 11 | # - BSD-3-Clause (default) 12 | # - MIT 13 | # - GPL-2.0-or-later 14 | # - GPL-3.0-only 15 | # - Apache-2.0 16 | # - CC-BY-4.0 17 | license: license (GPL-2.0-or-later, MIT, etc) 18 | 19 | min_ansible_version: 2.1 20 | 21 | # If this a Container Enabled role, provide the minimum Ansible Container version. 22 | # min_ansible_container_version: 23 | 24 | # 25 | # Provide a list of supported platforms, and for each platform a list of versions. 26 | # If you don't wish to enumerate all versions for a particular platform, use 'all'. 27 | # To view available platforms and versions (or releases), visit: 28 | # https://galaxy.ansible.com/api/v1/platforms/ 29 | # 30 | # platforms: 31 | # - name: Fedora 32 | # versions: 33 | # - all 34 | # - 25 35 | # - name: SomePlatform 36 | # versions: 37 | # - all 38 | # - 1.0 39 | # - 7 40 | # - 99.99 41 | 42 | galaxy_tags: [] 43 | # List tags for your role here, one per line. A tag is a keyword that describes 44 | # and categorizes the role. Users find roles by searching for tags. Be sure to 45 | # remove the '[]' above, if you add tags to this list. 46 | # 47 | # NOTE: A tag is limited to a single word comprised of alphanumeric characters. 48 | # Maximum 20 tags per role. 49 | 50 | dependencies: [] 51 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 52 | # if you add dependencies to this list. 53 | -------------------------------------------------------------------------------- /roles/amazon_ec2_rhel_default_vpc/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: your name 3 | description: your role description 4 | company: your company (optional) 5 | 6 | # If the issue tracker for your role is not on github, uncomment the 7 | # next line and provide a value 8 | # issue_tracker_url: http://example.com/issue/tracker 9 | 10 | # Choose a valid license ID from https://spdx.org - some suggested licenses: 11 | # - BSD-3-Clause (default) 12 | # - MIT 13 | # - GPL-2.0-or-later 14 | # - GPL-3.0-only 15 | # - Apache-2.0 16 | # - CC-BY-4.0 17 | license: license (GPL-2.0-or-later, MIT, etc) 18 | 19 | min_ansible_version: 2.1 20 | 21 | # If this a Container Enabled role, provide the minimum Ansible Container version. 22 | # min_ansible_container_version: 23 | 24 | # 25 | # Provide a list of supported platforms, and for each platform a list of versions. 26 | # If you don't wish to enumerate all versions for a particular platform, use 'all'. 27 | # To view available platforms and versions (or releases), visit: 28 | # https://galaxy.ansible.com/api/v1/platforms/ 29 | # 30 | # platforms: 31 | # - name: Fedora 32 | # versions: 33 | # - all 34 | # - 25 35 | # - name: SomePlatform 36 | # versions: 37 | # - all 38 | # - 1.0 39 | # - 7 40 | # - 99.99 41 | 42 | galaxy_tags: [] 43 | # List tags for your role here, one per line. A tag is a keyword that describes 44 | # and categorizes the role. Users find roles by searching for tags. Be sure to 45 | # remove the '[]' above, if you add tags to this list. 46 | # 47 | # NOTE: A tag is limited to a single word comprised of alphanumeric characters. 48 | # Maximum 20 tags per role. 49 | 50 | dependencies: [] 51 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 52 | # if you add dependencies to this list. 53 | -------------------------------------------------------------------------------- /roles/amazon_linux_ec2_non_default_vpc/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: your name 3 | description: your role description 4 | company: your company (optional) 5 | 6 | # If the issue tracker for your role is not on github, uncomment the 7 | # next line and provide a value 8 | # issue_tracker_url: http://example.com/issue/tracker 9 | 10 | # Choose a valid license ID from https://spdx.org - some suggested licenses: 11 | # - BSD-3-Clause (default) 12 | # - MIT 13 | # - GPL-2.0-or-later 14 | # - GPL-3.0-only 15 | # - Apache-2.0 16 | # - CC-BY-4.0 17 | license: license (GPL-2.0-or-later, MIT, etc) 18 | 19 | min_ansible_version: 2.1 20 | 21 | # If this a Container Enabled role, provide the minimum Ansible Container version. 22 | # min_ansible_container_version: 23 | 24 | # 25 | # Provide a list of supported platforms, and for each platform a list of versions. 26 | # If you don't wish to enumerate all versions for a particular platform, use 'all'. 27 | # To view available platforms and versions (or releases), visit: 28 | # https://galaxy.ansible.com/api/v1/platforms/ 29 | # 30 | # platforms: 31 | # - name: Fedora 32 | # versions: 33 | # - all 34 | # - 25 35 | # - name: SomePlatform 36 | # versions: 37 | # - all 38 | # - 1.0 39 | # - 7 40 | # - 99.99 41 | 42 | galaxy_tags: [] 43 | # List tags for your role here, one per line. A tag is a keyword that describes 44 | # and categorizes the role. Users find roles by searching for tags. Be sure to 45 | # remove the '[]' above, if you add tags to this list. 46 | # 47 | # NOTE: A tag is limited to a single word comprised of alphanumeric characters. 48 | # Maximum 20 tags per role. 49 | 50 | dependencies: [] 51 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 52 | # if you add dependencies to this list. 53 | -------------------------------------------------------------------------------- /roles/amazon_linux_ec2_non_default_vpc/tasks/output.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - set_fact: 3 | ec2_instance : '{{ ec2_output.outputs }}' 4 | when: ec2_output.outputs | length > 0 5 | 6 | - name: Validating ec2_output output 7 | fail: 8 | msg: "ec2_output instance got an error" 9 | when: ec2_output.outputs | length == 0 10 | 11 | - name: Displaying ec2 output 12 | ansible.builtin.debug: 13 | msg: 14 | - "instance_id: {{ ec2_instance.id.value }}" 15 | - "instance_arn: {{ ec2_instance.arn.value }}" 16 | - "capacity_reservation_specification: {{ ec2_instance.capacity_reservation_specification.value }}" 17 | - "instance_state: {{ ec2_instance.instance_state.value }}" 18 | - "outpost_arn: {{ ec2_instance.outpost_arn.value }}" 19 | - "password_data: {{ ec2_instance.password_data.value }}" 20 | - "primary_network_interface_id: {{ ec2_instance.primary_network_interface_id.value }}" 21 | - "private_dns: {{ ec2_instance.private_dns.value }}" 22 | - "public_dns: {{ ec2_instance.public_dns.value }}" 23 | - "public_ip: {{ ec2_instance.public_ip.value }}" 24 | - "private_ip: {{ ec2_instance.private_ip.value }}" 25 | - "ipv6_addresses: {{ ec2_instance.ipv6_addresses.value }}" 26 | - "tags_all: {{ ec2_instance.tags_all.value }}" 27 | - "spot_bid_status: {{ ec2_instance.spot_bid_status.value }}" 28 | - "spot_request_state: {{ ec2_instance.spot_request_state.value }}" 29 | - "spot_instance_id: {{ ec2_instance.spot_instance_id.value }}" 30 | #- "iam_role_name: {{ ec2_instance.iam_role_name.value }}" 31 | #- "iam_role_arn: {{ ec2_instance.iam_role_arn.value }}" 32 | #- "iam_role_unique_id: {{ ec2_instance.iam_role_unique_id.value }}" 33 | #- "iam_instance_profile_arn: {{ ec2_instance.iam_instance_profile_arn.value }}" 34 | #- "iam_instance_profile_id: {{ ec2_instance.iam_instance_profile_id.value }}" 35 | #- "iam_instance_profile_unique: {{ ec2_instance.iam_instance_profile_unique.value }}" -------------------------------------------------------------------------------- /roles/gen_ai_demo/tasks/output.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - set_fact: 3 | gen_ai_demo_instance : '{{ gen_ai_demo_output.outputs }}' 4 | when: gen_ai_demo_output.outputs | length > 0 5 | 6 | - name: Validating gen_ai_demo output 7 | fail: 8 | msg: "gen_ai_demo instance got an error" 9 | when: gen_ai_demo_output.outputs | length == 0 10 | 11 | - name: Displaying vm output 12 | ansible.builtin.debug: 13 | msg: 14 | - "instance_id: {{ gen_ai_demo_instance.id.value }}" 15 | - "instance_arn: {{ gen_ai_demo_instance.arn.value }}" 16 | - "capacity_reservation_specification: {{ gen_ai_demo_instance.capacity_reservation_specification.value }}" 17 | - "instance_state: {{ gen_ai_demo_instance.instance_state.value }}" 18 | - "outpost_arn: {{ gen_ai_demo_instance.outpost_arn.value }}" 19 | - "password_data: {{ gen_ai_demo_instance.password_data.value }}" 20 | - "primary_network_interface_id: {{ gen_ai_demo_instance.primary_network_interface_id.value }}" 21 | - "private_dns: {{ gen_ai_demo_instance.private_dns.value }}" 22 | - "public_dns: {{ gen_ai_demo_instance.public_dns.value }}" 23 | - "public_ip: {{ gen_ai_demo_instance.public_ip.value }}" 24 | - "private_ip: {{ gen_ai_demo_instance.private_ip.value }}" 25 | - "ipv6_addresses: {{ gen_ai_demo_instance.ipv6_addresses.value }}" 26 | - "tags_all: {{ gen_ai_demo_instance.tags_all.value }}" 27 | - "spot_bid_status: {{ gen_ai_demo_instance.spot_bid_status.value }}" 28 | - "spot_request_state: {{ gen_ai_demo_instance.spot_request_state.value }}" 29 | - "spot_instance_id: {{ gen_ai_demo_instance.spot_instance_id.value }}" 30 | # - "iam_role_name: {{ gen_ai_demo_instance.iam_role_name.value }}" 31 | # - "iam_role_arn: {{ gen_ai_demo_instance.iam_role_arn.value }}" 32 | # - "iam_role_unique_id: {{ gen_ai_demo_instance.iam_role_unique_id.value }}" 33 | # - "iam_instance_profile_arn: {{ gen_ai_demo_instance.iam_instance_profile_arn.value }}" 34 | # - "iam_instance_profile_id: {{ gen_ai_demo_instance.iam_instance_profile_id.value }}" 35 | # - "iam_instance_profile_unique: {{ gen_ai_demo_instance.iam_instance_profile_unique.value }}" -------------------------------------------------------------------------------- /roles/amazon_ec2_rhel_default_vpc/tasks/output.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - set_fact: 3 | ec2_rhel_vm_instance : '{{ ec2_rhel_vm_output.outputs }}' 4 | when: ec2_rhel_vm_output.outputs | length > 0 5 | 6 | - name: Validating ec2_rhel_default_vpc output 7 | fail: 8 | msg: "ec2_rhel_vm_instance instance got an error" 9 | when: ec2_rhel_vm_output.outputs | length == 0 10 | 11 | - name: Displaying mysql output 12 | ansible.builtin.debug: 13 | msg: 14 | - "instance_id: {{ ec2_rhel_vm_instance.id.value }}" 15 | - "instance_arn: {{ ec2_rhel_vm_instance.arn.value }}" 16 | - "capacity_reservation_specification: {{ ec2_rhel_vm_instance.capacity_reservation_specification.value }}" 17 | - "instance_state: {{ ec2_rhel_vm_instance.instance_state.value }}" 18 | - "outpost_arn: {{ ec2_rhel_vm_instance.outpost_arn.value }}" 19 | - "password_data: {{ ec2_rhel_vm_instance.password_data.value }}" 20 | - "primary_network_interface_id: {{ ec2_rhel_vm_instance.primary_network_interface_id.value }}" 21 | - "private_dns: {{ ec2_rhel_vm_instance.private_dns.value }}" 22 | - "public_dns: {{ ec2_rhel_vm_instance.public_dns.value }}" 23 | - "public_ip: {{ ec2_rhel_vm_instance.public_ip.value }}" 24 | - "private_ip: {{ ec2_rhel_vm_instance.private_ip.value }}" 25 | - "ipv6_addresses: {{ ec2_rhel_vm_instance.ipv6_addresses.value }}" 26 | - "tags_all: {{ ec2_rhel_vm_instance.tags_all.value }}" 27 | - "spot_bid_status: {{ ec2_rhel_vm_instance.spot_bid_status.value }}" 28 | - "spot_request_state: {{ ec2_rhel_vm_instance.spot_request_state.value }}" 29 | - "spot_instance_id: {{ ec2_rhel_vm_instance.spot_instance_id.value }}" 30 | # - "iam_role_name: {{ gen_ai_demo_instance.iam_role_name.value }}" 31 | # - "iam_role_arn: {{ gen_ai_demo_instance.iam_role_arn.value }}" 32 | # - "iam_role_unique_id: {{ gen_ai_demo_instance.iam_role_unique_id.value }}" 33 | # - "iam_instance_profile_arn: {{ gen_ai_demo_instance.iam_instance_profile_arn.value }}" 34 | # - "iam_instance_profile_id: {{ gen_ai_demo_instance.iam_instance_profile_id.value }}" 35 | # - "iam_instance_profile_unique: {{ gen_ai_demo_instance.iam_instance_profile_unique.value }}" -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | ansible.cfg 6 | 7 | # C extensions 8 | *.so 9 | 10 | # PyInstaller 11 | # Usually these files are written by a python script from a template 12 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 13 | *.manifest 14 | *.spec 15 | 16 | # Installer logs 17 | pip-log.txt 18 | pip-delete-this-directory.txt 19 | 20 | # Unit test / coverage reports 21 | htmlcov/ 22 | .tox/ 23 | .nox/ 24 | .coverage 25 | .coverage.* 26 | .cache 27 | nosetests.xml 28 | coverage.xml 29 | *.cover 30 | *.py,cover 31 | .hypothesis/ 32 | .pytest_cache/ 33 | 34 | # Translations 35 | *.mo 36 | *.pot 37 | 38 | # Django stuff: 39 | *.log 40 | local_settings.py 41 | db.sqlite3 42 | db.sqlite3-journal 43 | 44 | # Flask stuff: 45 | instance/ 46 | .webassets-cache 47 | 48 | # Scrapy stuff: 49 | .scrapy 50 | 51 | # Sphinx documentation 52 | docs/_build/ 53 | 54 | # PyBuilder 55 | target/ 56 | 57 | # Jupyter Notebook 58 | .ipynb_checkpoints 59 | 60 | # IPython 61 | profile_default/ 62 | ipython_config.py 63 | 64 | # pyenv 65 | .python-version 66 | 67 | # pipenv 68 | # According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. 69 | # However, in case of collaboration, if having platform-specific dependencies or dependencies 70 | # having no cross-platform support, pipenv may install dependencies that don't work, or not 71 | # install all needed dependencies. 72 | #Pipfile.lock 73 | 74 | # PEP 582; used by e.g. github.com/David-OConnor/pyflow 75 | __pypackages__/ 76 | 77 | # Celery stuff 78 | celerybeat-schedule 79 | celerybeat.pid 80 | 81 | # SageMath parsed files 82 | *.sage.py 83 | 84 | # Environments 85 | .env 86 | .venv 87 | env/ 88 | venv/ 89 | ENV/ 90 | env.bak/ 91 | venv.bak/ 92 | 93 | # Spyder project settings 94 | .spyderproject 95 | .spyproject 96 | 97 | # Rope project settings 98 | .ropeproject 99 | 100 | # mkdocs documentation 101 | /site 102 | 103 | # mypy 104 | .mypy_cache/ 105 | .dmypy.json 106 | dmypy.json 107 | 108 | # Pyre type checker 109 | .pyre/ 110 | 111 | # inventory 112 | *.ini 113 | 114 | context/ 115 | 116 | # inventory/vars for testing 117 | testing.inventory.yml 118 | testing.extra-vars.yml 119 | 120 | # IDEs 121 | .idea 122 | 123 | # Changelogs 124 | changelogs/.plugin-cache.yaml 125 | 126 | # VSCode settings file 127 | /.vscode/settings.json -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | ### License 4 | 5 | is licensed under the terms in [LICENSE]. By contributing to the project, you agree to the license and copyright terms therein and release your contribution under these terms. 6 | 7 | ### Sign your work 8 | 9 | Please use the sign-off line at the end of the patch. Your signature certifies that you wrote the patch or otherwise have the right to pass it on as an open-source patch. The rules are pretty simple: if you can certify 10 | the below (from [developercertificate.org](http://developercertificate.org/)): 11 | 12 | ``` 13 | Developer Certificate of Origin 14 | Version 1.1 15 | 16 | Copyright (C) 2004, 2006 The Linux Foundation and its contributors. 17 | 660 York Street, Suite 102, 18 | San Francisco, CA 94110 USA 19 | 20 | Everyone is permitted to copy and distribute verbatim copies of this 21 | license document, but changing it is not allowed. 22 | 23 | Developer's Certificate of Origin 1.1 24 | 25 | By making a contribution to this project, I certify that: 26 | 27 | (a) The contribution was created in whole or in part by me and I 28 | have the right to submit it under the open source license 29 | indicated in the file; or 30 | 31 | (b) The contribution is based upon previous work that, to the best 32 | of my knowledge, is covered under an appropriate open source 33 | license and I have the right under that license to submit that 34 | work with modifications, whether created in whole or in part 35 | by me, under the same open source license (unless I am 36 | permitted to submit under a different license), as indicated 37 | in the file; or 38 | 39 | (c) The contribution was provided directly to me by some other 40 | person who certified (a), (b) or (c) and I have not modified 41 | it. 42 | 43 | (d) I understand and agree that this project and the contribution 44 | are public and that a record of the contribution (including all 45 | personal information I submit with it, including my sign-off) is 46 | maintained indefinitely and may be redistributed consistent with 47 | this project or the open source license(s) involved. 48 | ``` 49 | 50 | Then you just add a line to every git commit message: 51 | 52 | Signed-off-by: Joe Smith 53 | 54 | Use your real name (sorry, no pseudonyms or anonymous contributions.) 55 | 56 | If you set your `user.name` and `user.email` git configs, you can sign your 57 | commit automatically with `git commit -s`. 58 | -------------------------------------------------------------------------------- /roles/amazon_linux_ec2_non_default_vpc/tasks/keypair.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: create random string 3 | set_fact: 4 | random_id: "{{ lookup('community.general.random_string', length=12, min_special=0, special=false, lower=false, upper=false) }}" 5 | when: ec2_state == 'present' and ec2_update == false 6 | - debug: 7 | var: random_id 8 | 9 | - name: Create a directory for storing public and private key files 10 | ansible.builtin.file: 11 | path: "{{ directory_keyfiles }}" 12 | state: directory 13 | mode: '0777' 14 | when: ec2_state == 'present' and ec2_update == false 15 | 16 | - name: Generate openssl private key 17 | community.crypto.openssl_privatekey: 18 | type: '{{ private_key_type }}' 19 | size: '{{ private_key_size }}' 20 | path: '{{ TLS_privatekey_file_path }}' 21 | force: true 22 | return_content: true 23 | state: present 24 | register: openssh_key 25 | when: ec2_state == 'present' and ec2_update == false 26 | - set_fact: 27 | private_openssh_key: "{{ openssh_key['privatekey'] }}" 28 | when: ec2_state == 'present' and ec2_update == false 29 | 30 | - name: Generate an OpenSSL public key from private key 31 | community.crypto.openssl_publickey: 32 | force: true 33 | format: "OpenSSH" 34 | path: '{{ TLS_publickey_file_path }}' 35 | privatekey_content: "{{ private_openssh_key }}" 36 | return_content: true 37 | register: openssh_public_key 38 | when: ec2_state == 'present' and ec2_update == false 39 | - set_fact: 40 | openssh_public_key: "{{ openssh_public_key['publickey'] }}" 41 | when: ec2_state == 'present' and ec2_update == false 42 | 43 | - name: Print openssh_public_key variable 44 | ansible.builtin.debug: 45 | msg: "openssh_public_key: '{{ openssh_public_key }}'" 46 | when: ec2_state == 'present' and ec2_update == false 47 | 48 | - set_fact: 49 | keypair_name: TF_key-{{ random_id }} 50 | 51 | - name: Create an AWS key pair 52 | amazon.aws.ec2_key: 53 | name: "{{ keypair_name }}" 54 | key_material: "{{ openssh_public_key }}" 55 | state: "{{ec2_state}}" 56 | register: keypair_output 57 | when: ec2_update == false 58 | 59 | - debug: 60 | var: keypair_output 61 | 62 | - name: Creating a file with content 63 | copy: 64 | dest: '{{ file_name }}' 65 | mode: '0777' 66 | content: | 67 | '{{ private_openssh_key }}' 68 | when: ec2_state == 'present' and ec2_update == false 69 | 70 | - name: Set keypair name 71 | set_fact: 72 | keypair_name: "{{ keypair_output.key.name }}" 73 | when: ec2_state == 'present' and keypair_output.key is defined 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | -------------------------------------------------------------------------------- /roles/amazon_ec2_rhel_default_vpc/tasks/generate_keys.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create random string 3 | set_fact: 4 | random_id: "{{ lookup('community.general.random_string', length=12, min_special=0, 5 | special=false, lower=false, upper=false) }}" 6 | when: ec2_rhel_default_vpc_state == 'present' and ec2_update == false 7 | 8 | - debug: 9 | var: random_id 10 | 11 | - name: Create a directory for storing public and private key files 12 | ansible.builtin.file: 13 | path: "{{ directory_keyfiles }}" 14 | state: directory 15 | mode: '0777' 16 | when: ec2_rhel_default_vpc_state == 'present' and ec2_update == false 17 | 18 | - name: Generate OpenSSL private keys 19 | community.crypto.openssl_privatekey: 20 | type: '{{ private_key_type }}' 21 | size: '{{ private_key_size }}' 22 | path: '{{ tls_privatekey_file_path }}' 23 | force: true 24 | return_content: true 25 | state: present 26 | register: openssh_key 27 | when: ec2_rhel_default_vpc_state == 'present' and ec2_update == false 28 | 29 | - set_fact: 30 | private_openssh_key: "{{ openssh_key['privatekey'] }}" 31 | when: ec2_rhel_default_vpc_state == 'present' and ec2_update == false 32 | 33 | - name: Generate an OpenSSL public key from private key 34 | community.crypto.openssl_publickey: 35 | force: true 36 | format: "OpenSSH" 37 | path: '{{ tls_publickey_file_path }}' 38 | privatekey_content: "{{ private_openssh_key }}" 39 | return_content: true 40 | register: openssh_public_key #publickey 41 | when: ec2_rhel_default_vpc_state == 'present' and ec2_update == false 42 | 43 | - set_fact: 44 | openssh_public_key: "{{ openssh_public_key['publickey'] }}" 45 | when: ec2_rhel_default_vpc_state == 'present' and ec2_update == false 46 | 47 | - name: Print openssh_public_key variable 48 | ansible.builtin.debug: 49 | msg: "openssh_public_key: '{{ openssh_public_key }}'" 50 | when: ec2_rhel_default_vpc_state == 'present' and ec2_update == false 51 | 52 | - set_fact: 53 | keypair_name: TF_key-{{ random_id }} 54 | 55 | - name: Create an AWS key pair 56 | amazon.aws.ec2_key: 57 | name: "{{ keypair_name }}" 58 | key_material: "{{ openssh_public_key }}" 59 | state: "{{ ec2_rhel_default_vpc_state }}" 60 | register: keypair_output 61 | when: ec2_update == false 62 | 63 | - debug: 64 | var: keypair_output 65 | 66 | - name: Creating a file with content 67 | copy: 68 | dest: '{{ file_name }}' 69 | mode: '0777' 70 | content: | 71 | '{{ private_openssh_key }}' 72 | when: ec2_rhel_default_vpc_state == 'present' and ec2_update == false 73 | 74 | - name: Set keypair name 75 | set_fact: 76 | keypair_name: "{{ keypair_output.key.name }}" 77 | when: ec2_rhel_default_vpc_state == 'present' and keypair_output.key is defined 78 | -------------------------------------------------------------------------------- /roles/gen_ai_demo/tasks/generate_keys.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Gather information about ec2 AMIs 3 | amazon.aws.ec2_ami_info: 4 | owners: '{{ aws_ami_owner }}' 5 | filters: 6 | name: "{{ aws_ami_value }}" 7 | virtualization-type: "{{ virtualization_value }}" 8 | register: ami_info_output 9 | when: gen_ai_demo_state == 'present' and ec2_update == false 10 | 11 | - set_fact: 12 | ami_id: '{{ ami_info_output["images"][0]["image_id"] }}' 13 | when: gen_ai_demo_state == 'present' and ec2_update == false 14 | 15 | - name: Create random string 16 | set_fact: 17 | random_id: "{{ lookup('community.general.random_string', length=12, min_special=0, 18 | special=false, lower=false, upper=false) }}" 19 | when: gen_ai_demo_state == 'present' and ec2_update == false 20 | 21 | - debug: 22 | var: random_id 23 | 24 | - name: Create a directory for storing public and private key files 25 | ansible.builtin.file: 26 | path: "{{directory_keyfiles}}" 27 | state: directory 28 | mode: '0777' 29 | when: gen_ai_demo_state == 'present' and ec2_update == false 30 | 31 | - name: Generate OpenSSL private keys 32 | community.crypto.openssl_privatekey: 33 | type: '{{ private_key_type }}' 34 | size: '{{ private_key_size }}' 35 | path: '{{ tls_privatekey_file_path }}' 36 | force: true 37 | return_content: true 38 | state: present 39 | register: openssh_key 40 | when: gen_ai_demo_state == 'present' and ec2_update == false 41 | 42 | - set_fact: 43 | private_openssh_key: "{{ openssh_key['privatekey'] }}" 44 | when: gen_ai_demo_state == 'present' and ec2_update == false 45 | 46 | - name: Generate an OpenSSL public key from private key 47 | community.crypto.openssl_publickey: 48 | force: true 49 | format: "OpenSSH" 50 | path: '{{ tls_publickey_file_path }}' 51 | privatekey_content: "{{ private_openssh_key }}" 52 | return_content: true 53 | register: openssh_public_key #publickey 54 | when: gen_ai_demo_state == 'present' and ec2_update == false 55 | 56 | - set_fact: 57 | openssh_public_key: "{{ openssh_public_key['publickey'] }}" 58 | when: gen_ai_demo_state == 'present' and ec2_update == false 59 | 60 | 61 | - name: Print openssh_public_key variable 62 | ansible.builtin.debug: 63 | msg: "openssh_public_key: '{{ openssh_public_key }}'" 64 | when: gen_ai_demo_state == 'present' and ec2_update == false 65 | 66 | - set_fact: 67 | keypair_name: TF_key-{{ random_id }} 68 | 69 | - name: Create an AWS key pair 70 | amazon.aws.ec2_key: 71 | name: "{{ keypair_name }}" 72 | key_material: "{{ openssh_public_key }}" 73 | state: "{{ gen_ai_demo_state }}" 74 | register: keypair_output 75 | when: ec2_update == false 76 | 77 | - debug: 78 | var: keypair_output 79 | 80 | - name: Creating a file with content 81 | copy: 82 | dest: '{{ file_name }}' 83 | mode: '0777' 84 | content: | 85 | '{{ private_openssh_key }}' 86 | when: gen_ai_demo_state == 'present' and ec2_update == false 87 | 88 | - name: Set keypair name 89 | set_fact: 90 | keypair_name: '{{ keypair_output.key.name }}' 91 | when: gen_ai_demo_state == 'present' and keypair_output.key is defined 92 | 93 | - debug: 94 | var: keypair_name 95 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | We as members, contributors, and leaders pledge to make participation in our 6 | community a harassment-free experience for everyone, regardless of age, body 7 | size, visible or invisible disability, ethnicity, sex characteristics, gender 8 | identity and expression, level of experience, education, socio-economic status, 9 | nationality, personal appearance, race, caste, color, religion, or sexual 10 | identity and orientation. 11 | 12 | We pledge to act and interact in ways that contribute to an open, welcoming, 13 | diverse, inclusive, and healthy community. 14 | 15 | ## Our Standards 16 | 17 | Examples of behavior that contributes to a positive environment for our 18 | community include: 19 | 20 | * Demonstrating empathy and kindness toward other people 21 | * Being respectful of differing opinions, viewpoints, and experiences 22 | * Giving and gracefully accepting constructive feedback 23 | * Accepting responsibility and apologizing to those affected by our mistakes, 24 | and learning from the experience 25 | * Focusing on what is best not just for us as individuals, but for the overall 26 | community 27 | 28 | Examples of unacceptable behavior include: 29 | 30 | * The use of sexualized language or imagery, and sexual attention or advances of 31 | any kind 32 | * Trolling, insulting or derogatory comments, and personal or political attacks 33 | * Public or private harassment 34 | * Publishing others' private information, such as a physical or email address, 35 | without their explicit permission 36 | * Other conduct which could reasonably be considered inappropriate in a 37 | professional setting 38 | 39 | ## Enforcement Responsibilities 40 | 41 | Community leaders are responsible for clarifying and enforcing our standards of 42 | acceptable behavior and will take appropriate and fair corrective action in 43 | response to any behavior that they deem inappropriate, threatening, offensive, 44 | or harmful. 45 | 46 | Community leaders have the right and responsibility to remove, edit, or reject 47 | comments, commits, code, wiki edits, issues, and other contributions that are 48 | not aligned to this Code of Conduct, and will communicate reasons for moderation 49 | decisions when appropriate. 50 | 51 | ## Scope 52 | 53 | This Code of Conduct applies within all community spaces, and also applies when 54 | an individual is officially representing the community in public spaces. 55 | Examples of representing our community include using an official e-mail address, 56 | posting via an official social media account, or acting as an appointed 57 | representative at an online or offline event. 58 | 59 | ## Enforcement 60 | 61 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 62 | reported to the community leaders responsible for enforcement at 63 | CommunityCodeOfConduct AT intel DOT com. 64 | All complaints will be reviewed and investigated promptly and fairly. 65 | 66 | All community leaders are obligated to respect the privacy and security of the 67 | reporter of any incident. 68 | 69 | ## Enforcement Guidelines 70 | 71 | Community leaders will follow these Community Impact Guidelines in determining 72 | the consequences for any action they deem in violation of this Code of Conduct: 73 | 74 | ### 1. Correction 75 | 76 | **Community Impact**: Use of inappropriate language or other behavior deemed 77 | unprofessional or unwelcome in the community. 78 | 79 | **Consequence**: A private, written warning from community leaders, providing 80 | clarity around the nature of the violation and an explanation of why the 81 | behavior was inappropriate. A public apology may be requested. 82 | 83 | ### 2. Warning 84 | 85 | **Community Impact**: A violation through a single incident or series of 86 | actions. 87 | 88 | **Consequence**: A warning with consequences for continued behavior. No 89 | interaction with the people involved, including unsolicited interaction with 90 | those enforcing the Code of Conduct, for a specified period of time. This 91 | includes avoiding interactions in community spaces as well as external channels 92 | like social media. Violating these terms may lead to a temporary or permanent 93 | ban. 94 | 95 | ### 3. Temporary Ban 96 | 97 | **Community Impact**: A serious violation of community standards, including 98 | sustained inappropriate behavior. 99 | 100 | **Consequence**: A temporary ban from any sort of interaction or public 101 | communication with the community for a specified period of time. No public or 102 | private interaction with the people involved, including unsolicited interaction 103 | with those enforcing the Code of Conduct, is allowed during this period. 104 | Violating these terms may lead to a permanent ban. 105 | 106 | ### 4. Permanent Ban 107 | 108 | **Community Impact**: Demonstrating a pattern of violation of community 109 | standards, including sustained inappropriate behavior, harassment of an 110 | individual, or aggression toward or disparagement of classes of individuals. 111 | 112 | **Consequence**: A permanent ban from any sort of public interaction within the 113 | community. 114 | 115 | ## Attribution 116 | 117 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], 118 | version 2.1, available at 119 | [https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1]. 120 | 121 | Community Impact Guidelines were inspired by 122 | [Mozilla's code of conduct enforcement ladder][Mozilla CoC]. 123 | 124 | For answers to common questions about this code of conduct, see the FAQ at 125 | [https://www.contributor-covenant.org/faq][FAQ]. Translations are available at 126 | [https://www.contributor-covenant.org/translations][translations]. 127 | 128 | [homepage]: https://www.contributor-covenant.org 129 | [v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html 130 | [Mozilla CoC]: https://github.com/mozilla/diversity 131 | [FAQ]: https://www.contributor-covenant.org/faq 132 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | 2 | Apache License 3 | Version 2.0, January 2004 4 | http://www.apache.org/licenses/ 5 | 6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 7 | 8 | 1. Definitions. 9 | 10 | "License" shall mean the terms and conditions for use, reproduction, 11 | and distribution as defined by Sections 1 through 9 of this document. 12 | 13 | "Licensor" shall mean the copyright owner or entity authorized by 14 | the copyright owner that is granting the License. 15 | 16 | "Legal Entity" shall mean the union of the acting entity and all 17 | other entities that control, are controlled by, or are under common 18 | control with that entity. For the purposes of this definition, 19 | "control" means (i) the power, direct or indirect, to cause the 20 | direction or management of such entity, whether by contract or 21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 22 | outstanding shares, or (iii) beneficial ownership of such entity. 23 | 24 | "You" (or "Your") shall mean an individual or Legal Entity 25 | exercising permissions granted by this License. 26 | 27 | "Source" form shall mean the preferred form for making modifications, 28 | including but not limited to software source code, documentation 29 | source, and configuration files. 30 | 31 | "Object" form shall mean any form resulting from mechanical 32 | transformation or translation of a Source form, including but 33 | not limited to compiled object code, generated documentation, 34 | and conversions to other media types. 35 | 36 | "Work" shall mean the work of authorship, whether in Source or 37 | Object form, made available under the License, as indicated by a 38 | copyright notice that is included in or attached to the work 39 | (an example is provided in the Appendix below). 40 | 41 | "Derivative Works" shall mean any work, whether in Source or Object 42 | form, that is based on (or derived from) the Work and for which the 43 | editorial revisions, annotations, elaborations, or other modifications 44 | represent, as a whole, an original work of authorship. For the purposes 45 | of this License, Derivative Works shall not include works that remain 46 | separable from, or merely link (or bind by name) to the interfaces of, 47 | the Work and Derivative Works thereof. 48 | 49 | "Contribution" shall mean any work of authorship, including 50 | the original version of the Work and any modifications or additions 51 | to that Work or Derivative Works thereof, that is intentionally 52 | submitted to Licensor for inclusion in the Work by the copyright owner 53 | or by an individual or Legal Entity authorized to submit on behalf of 54 | the copyright owner. For the purposes of this definition, "submitted" 55 | means any form of electronic, verbal, or written communication sent 56 | to the Licensor or its representatives, including but not limited to 57 | communication on electronic mailing lists, source code control systems, 58 | and issue tracking systems that are managed by, or on behalf of, the 59 | Licensor for the purpose of discussing and improving the Work, but 60 | excluding communication that is conspicuously marked or otherwise 61 | designated in writing by the copyright owner as "Not a Contribution." 62 | 63 | "Contributor" shall mean Licensor and any individual or Legal Entity 64 | on behalf of whom a Contribution has been received by Licensor and 65 | subsequently incorporated within the Work. 66 | 67 | 2. Grant of Copyright License. Subject to the terms and conditions of 68 | this License, each Contributor hereby grants to You a perpetual, 69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 70 | copyright license to reproduce, prepare Derivative Works of, 71 | publicly display, publicly perform, sublicense, and distribute the 72 | Work and such Derivative Works in Source or Object form. 73 | 74 | 3. Grant of Patent License. Subject to the terms and conditions of 75 | this License, each Contributor hereby grants to You a perpetual, 76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 77 | (except as stated in this section) patent license to make, have made, 78 | use, offer to sell, sell, import, and otherwise transfer the Work, 79 | where such license applies only to those patent claims licensable 80 | by such Contributor that are necessarily infringed by their 81 | Contribution(s) alone or by combination of their Contribution(s) 82 | with the Work to which such Contribution(s) was submitted. If You 83 | institute patent litigation against any entity (including a 84 | cross-claim or counterclaim in a lawsuit) alleging that the Work 85 | or a Contribution incorporated within the Work constitutes direct 86 | or contributory patent infringement, then any patent licenses 87 | granted to You under this License for that Work shall terminate 88 | as of the date such litigation is filed. 89 | 90 | 4. Redistribution. You may reproduce and distribute copies of the 91 | Work or Derivative Works thereof in any medium, with or without 92 | modifications, and in Source or Object form, provided that You 93 | meet the following conditions: 94 | 95 | (a) You must give any other recipients of the Work or 96 | Derivative Works a copy of this License; and 97 | 98 | (b) You must cause any modified files to carry prominent notices 99 | stating that You changed the files; and 100 | 101 | (c) You must retain, in the Source form of any Derivative Works 102 | that You distribute, all copyright, patent, trademark, and 103 | attribution notices from the Source form of the Work, 104 | excluding those notices that do not pertain to any part of 105 | the Derivative Works; and 106 | 107 | (d) If the Work includes a "NOTICE" text file as part of its 108 | distribution, then any Derivative Works that You distribute must 109 | include a readable copy of the attribution notices contained 110 | within such NOTICE file, excluding those notices that do not 111 | pertain to any part of the Derivative Works, in at least one 112 | of the following places: within a NOTICE text file distributed 113 | as part of the Derivative Works; within the Source form or 114 | documentation, if provided along with the Derivative Works; or, 115 | within a display generated by the Derivative Works, if and 116 | wherever such third-party notices normally appear. The contents 117 | of the NOTICE file are for informational purposes only and 118 | do not modify the License. You may add Your own attribution 119 | notices within Derivative Works that You distribute, alongside 120 | or as an addendum to the NOTICE text from the Work, provided 121 | that such additional attribution notices cannot be construed 122 | as modifying the License. 123 | 124 | You may add Your own copyright statement to Your modifications and 125 | may provide additional or different license terms and conditions 126 | for use, reproduction, or distribution of Your modifications, or 127 | for any such Derivative Works as a whole, provided Your use, 128 | reproduction, and distribution of the Work otherwise complies with 129 | the conditions stated in this License. 130 | 131 | 5. Submission of Contributions. Unless You explicitly state otherwise, 132 | any Contribution intentionally submitted for inclusion in the Work 133 | by You to the Licensor shall be under the terms and conditions of 134 | this License, without any additional terms or conditions. 135 | Notwithstanding the above, nothing herein shall supersede or modify 136 | the terms of any separate license agreement you may have executed 137 | with Licensor regarding such Contributions. 138 | 139 | 6. Trademarks. This License does not grant permission to use the trade 140 | names, trademarks, service marks, or product names of the Licensor, 141 | except as required for reasonable and customary use in describing the 142 | origin of the Work and reproducing the content of the NOTICE file. 143 | 144 | 7. Disclaimer of Warranty. Unless required by applicable law or 145 | agreed to in writing, Licensor provides the Work (and each 146 | Contributor provides its Contributions) on an "AS IS" BASIS, 147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 148 | implied, including, without limitation, any warranties or conditions 149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 150 | PARTICULAR PURPOSE. You are solely responsible for determining the 151 | appropriateness of using or redistributing the Work and assume any 152 | risks associated with Your exercise of permissions under this License. 153 | 154 | 8. Limitation of Liability. In no event and under no legal theory, 155 | whether in tort (including negligence), contract, or otherwise, 156 | unless required by applicable law (such as deliberate and grossly 157 | negligent acts) or agreed to in writing, shall any Contributor be 158 | liable to You for damages, including any direct, indirect, special, 159 | incidental, or consequential damages of any character arising as a 160 | result of this License or out of the use or inability to use the 161 | Work (including but not limited to damages for loss of goodwill, 162 | work stoppage, computer failure or malfunction, or any and all 163 | other commercial damages or losses), even if such Contributor 164 | has been advised of the possibility of such damages. 165 | 166 | 9. Accepting Warranty or Additional Liability. While redistributing 167 | the Work or Derivative Works thereof, You may choose to offer, 168 | and charge a fee for, acceptance of support, warranty, indemnity, 169 | or other liability obligations and/or rights consistent with this 170 | License. However, in accepting such obligations, You may act only 171 | on Your own behalf and on Your sole responsibility, not on behalf 172 | of any other Contributor, and only if You agree to indemnify, 173 | defend, and hold each Contributor harmless for any liability 174 | incurred by, or claims asserted against, such Contributor by reason 175 | of your accepting any such warranty or additional liability. 176 | 177 | END OF TERMS AND CONDITIONS 178 | 179 | APPENDIX: How to apply the Apache License to your work. 180 | 181 | To apply the Apache License to your work, attach the following 182 | boilerplate notice, with the fields enclosed by brackets "[]" 183 | replaced with your own identifying information. (Don't include 184 | the brackets!) The text should be enclosed in the appropriate 185 | comment syntax for the file format. We also recommend that a 186 | file or class name and description of purpose be included on the 187 | same "printed page" as the copyright notice for easier 188 | identification within third-party archives. 189 | 190 | Copyright [yyyy] [name of copyright owner] 191 | 192 | Licensed under the Apache License, Version 2.0 (the "License"); 193 | you may not use this file except in compliance with the License. 194 | You may obtain a copy of the License at 195 | 196 | http://www.apache.org/licenses/LICENSE-2.0 197 | 198 | Unless required by applicable law or agreed to in writing, software 199 | distributed under the License is distributed on an "AS IS" BASIS, 200 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 201 | See the License for the specific language governing permissions and 202 | limitations under the License. 203 | -------------------------------------------------------------------------------- /roles/gen_ai_demo/README.md: -------------------------------------------------------------------------------- 1 |

2 | Intel Logo 3 |

4 | 5 | # Intel® Optimized Cloud Modules for Ansible 6 | 7 | © Copyright 2024, Intel Corporation 8 | 9 | ## AWS M7i EC2 Instance with 4th Generation Intel® Xeon® Scalable Processor (Sapphire Rapids) & Intel® Cloud Optimized Recipe for FastChat and Stable Diffusion 10 | 11 | This demo will showcase Large Language Model(LLM) CPU inference using 4th Gen Xeon Scalable Processors on AWS using FastChat and Stable Diffusion. 12 | 13 | ## Installation of `gen_ai_demo` role 14 | 15 | ### Below are ways to install and use it: 16 | 17 | 1. **Case 1:-** When user's needs can be met with the default configuration, and they want to install a collection 18 | from Ansible Galaxy to the default location (as a third-party collection), it is recommended to use the following command: 19 | ```commandline 20 | ansible-galaxy collection install 21 | ``` 22 | 23 | 2. **Case 2:-** When user's needs cannot be met with the default configuration, wants to extend/modify existing configuration and flow, They can install collection using Ansible Galaxy in user's define location. 24 | Use below approaches: 25 | 26 | 1. 27 | ```commandline 28 | ansible-galaxy collection install -p 29 | ``` 30 | Note: collection will download collection, you can remove as per need. 31 | 32 | 2. Download source and copy role directory to your Ansible boilerplate from GitHub (Used to extended behavior of role) 33 | ```commandline 34 | git clone https://github.com/intel/ansible-intel-aws-vm.git 35 | cd ansible-intel-aws-vm 36 | cp -r role/gen_ai_demo// 37 | 38 | 39 | ## Usage 40 | Use playbook to run gen_ai_demo role as below 41 | ```yaml 42 | --- 43 | - name: Run gen_ai_demo role 44 | hosts: localhost 45 | tasks: 46 | - name: Running a role gen ai demo 47 | ansible.builtin.import_role: 48 | name: gen_ai_demo 49 | vars: 50 | gen_ai_demo_state: present 51 | ``` 52 | Use below Command: 53 | ```commandline 54 | ansible-playbook intel_aws_vm_gen_ai_demo.yml 55 | ``` 56 | 57 | ## Run Ansible with Different State 58 | #### State - present (terraform apply) 59 | ```yaml 60 | --- 61 | - name: Run gen_ai_demo role 62 | hosts: localhost 63 | tasks: 64 | - name: Running a role gen ai demo 65 | ansible.builtin.import_role: 66 | name: gen_ai_demo 67 | vars: 68 | gen_ai_demo_state: present 69 | ``` 70 | Use below Command: 71 | ```commandline 72 | ansible-playbook intel_aws_vm_gen_ai_demo.yml 73 | ``` 74 | 75 | #### State - absent (terraform destroy) 76 | ```yaml 77 | --- 78 | - name: Run gen_ai_demo role 79 | hosts: localhost 80 | tasks: 81 | - name: Running a role gen ai demo 82 | ansible.builtin.import_role: 83 | name: gen_ai_demo 84 | vars: 85 | gen_ai_demo_state: absent 86 | ``` 87 | Use below Command: 88 | ```commandline 89 | ansible-playbook intel_aws_vm_gen_ai_demo.yml 90 | ``` 91 | Note: **It deletes ec2 vm instance, security group and key pair**. 92 | 93 | Requirements 94 | ------------ 95 | | Name | Version | 96 | |-------------------------------------------------------------------------------------|----------| 97 | | [Terraform](#requirement\_terraform) | =1.5.7 | 98 | | [AWS](#requirement\_aws) | ~> 4.36.0 | 99 | | [Random](#requirement\_random) | ~>3.4.3 | 100 | | [Ansible Core](#requirement\_ansible\_core) | ~>2.14.2 | 101 | | [Ansible](#requirement\_ansible) | ~>7.2.0-1 | 102 | | [boto3](#requirement\_boto3) | ~>1.29.0 | 103 | | [botocore](#requirement\_botocore) | ~>1.32.0 | 104 | | [cryptography](#requirement\_cryptography) | ~>41.0.5 | 105 | 106 | Note: Above role requires `Terraform` as we are executing terraform module [terraform-intel-aws-vm]() using Ansible module called [community.general.terraform]() 107 | 108 | ### Terraform Modules 109 | | Name | 110 | |---------------------------------------------------------------------------------------| 111 | | [terraform-intel-aws-vm]() | 112 | 113 | # Ansible 114 | ## Module State Inputs 115 | 116 | | Name | Description | Type | Default | Required | 117 | |----------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------|----------|-----------|:--------:| 118 | | [gen_ai_demo\_state](#input\_auto\_major\_version\_upgrades) | It specifices ec2 state of given stage, choies: "planned", "present" ← (default), "absent" | `string` | `present` | no | 119 | 120 | 121 | ## VM Exposed Inputs 122 | 123 | | Name | Description | Type | Default | Required | 124 | |-------------------------------------------------------------------------------------------------|---------------------------------------------|----------|------------------------|:--------:| 125 | | [instance_type](#input_instance_type) | Instance SKU | `string` | `m7i.4xlarge` | no | 126 | | [availability_zone](#input_availability_zone_name) | AZ to start the instance in | `string` | `us-east-2c` | no | 127 | | [volume_size](#input_volume_size) | Storage size | `int` | `100` | no | 128 | | [duration_count_tag](#input_duration_count_tag) | Tag: Duration count | `int` | `2` | no | 129 | 130 | ## Security group Exposed Inputs 131 | 132 | | Name | Description | Type | Default | Required | 133 | |----------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------|-------------|-----------------------------------|:--------:| 134 | | [security_group_name](#input_security_group_name) | Security group name is a unique identifier for a security group within a VPC | `string` | `ssh_security_group` with prefix | no | 135 | | [security_group_rules](#input_security_group_rules) | Security group rules are a set of firewall rules that control the inbound and outbound traffic for an EC2 instance. | `list(map)` | `[{"from_port": 22, "to_port": 22, "proto": "tcp", "cidr_ip": "0.0.0.0/0"}, {"from_port": 7860, "to_port": 7860, "proto": "tcp", "cidr_ip": "0.0.0.0/0"}, {"from_port": 5000, "to_port": 5000, "proto": "tcp", "cidr_ip": "0.0.0.0/0"}, {"from_port": 5001, "to_port": 5001, "proto": "tcp", "cidr_ip": "0.0.0.0/0"}]` | no | 136 | 137 | 138 | ## VM Terraform Extended Inputs 139 | Below input variables can be used to extend variables in role, add or update variable in vars/main.yml file 140 | ### Usage 141 | 142 | roles/gen_ai_demo/vars/main.yml 143 | 144 | ```yaml 145 | subnet_id: "" # As default value 146 | ``` 147 | 148 | roles/gen_ai_demo/tasks/ec2_vm.yml 149 | ```yaml 150 | # TF module "terraform-intel-aws-vm" 151 | - name: EC2 vm 152 | community.general.terraform: 153 | project_path: '{{ vm_tf_module_download_path }}' 154 | state: '{{ gen_ai_demo_state }}' 155 | force_init: true 156 | complex_vars: true 157 | variables: 158 | instance_type: '{{ type_of_instance }}' 159 | availability_zone: '{{ availability_zone_name }}' 160 | key_name: '{{ keypair_name }}' 161 | ami: '{{ ami_id }}' 162 | user_data: '{{ cloud_init_data }}' 163 | root_block_device: 164 | - volume_size: '{{ size_of_volume }}' 165 | tags: 166 | "Name": "my-test-vm-{{ random_id }}" 167 | "Owner": "OwnerName-{{ random_id }}" 168 | "Duration": "{{ duration_count_tag }}" 169 | subnet_id: "{{ subnet_id }}" 170 | register: gen_ai_demo_output 171 | 172 | ``` 173 | 174 | Use `subnet_id` in playbook 175 | ```yaml 176 | --- 177 | - name: Run gen_ai_demo role 178 | hosts: localhost 179 | tasks: 180 | - name: Running a role gen ai demo 181 | ansible.builtin.import_role: 182 | name: gen_ai_demo 183 | vars: 184 | gen_ai_demo_state: present 185 | subnet_id: 186 | 187 | ``` 188 | 189 | ## Inputs 190 | 191 | | Name | Description | Type | Default | Required | 192 | |------|-------------|------|---------|:--------:| 193 | | [ami](#input\_ami) | ID of AMI to use for the instance | `string` | `null` | no | 194 | | [ami\_ssm\_parameter](#input\_ami\_ssm\_parameter) | SSM parameter name for the AMI ID. For Amazon Linux AMI SSM parameters see [reference](https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-public-parameters-ami.html). To find the latest Windows AMI using Systems Manager, use this [reference](https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/finding-an-ami.html#finding-an-ami-parameter-store) | `string` | `"/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2"` | no | 195 | | [associate\_public\_ip\_address](#input\_associate\_public\_ip\_address) | Whether to associate a public IP address with an instance in a VPC | `bool` | `null` | no | 196 | | [availability\_zone](#input\_availability\_zone) | AZ to start the instance in | `string` | `null` | no | 197 | | [capacity\_reservation\_specification](#input\_capacity\_reservation\_specification) | Describes an instance's Capacity Reservation targeting option | `any` | `{}` | no | 198 | | [cpu\_core\_count](#input\_cpu\_core\_count) | Sets the number of CPU cores for an instance. | `number` | `null` | no | 199 | | [cpu\_credits](#input\_cpu\_credits) | The credit option for CPU usage (unlimited or standard) | `string` | `null` | no | 200 | | [cpu\_threads\_per\_core](#input\_cpu\_threads\_per\_core) | Sets the number of CPU threads per core for an instance (has no effect unless cpu\_core\_count is also set). | `number` | `null` | no | 201 | | [create](#input\_create) | Whether to create an instance | `bool` | `true` | no | 202 | | [create\_iam\_instance\_profile](#input\_create\_iam\_instance\_profile) | Determines whether an IAM instance profile is created or to use an existing IAM instance profile | `bool` | `false` | no | 203 | | [create\_spot\_instance](#input\_create\_spot\_instance) | Depicts if the instance is a spot instance | `bool` | `false` | no | 204 | | [disable\_api\_stop](#input\_disable\_api\_stop) | If true, enables EC2 Instance Stop Protection. | `bool` | `null` | no | 205 | | [disable\_api\_termination](#input\_disable\_api\_termination) | If true, enables EC2 Instance Termination Protection | `bool` | `null` | no | 206 | | [ebs\_block\_device](#input\_ebs\_block\_device) | Additional EBS block devices to attach to the instance | `list(map(string))` | `[]` | no | 207 | | [ebs\_optimized](#input\_ebs\_optimized) | If true, the launched EC2 instance will be EBS-optimized | `bool` | `null` | no | 208 | | [enable\_volume\_tags](#input\_enable\_volume\_tags) | Whether to enable volume tags (if enabled it conflicts with root\_block\_device tags) | `bool` | `true` | no | 209 | | [enclave\_options\_enabled](#input\_enclave\_options\_enabled) | Whether Nitro Enclaves will be enabled on the instance. Defaults to `false` | `bool` | `null` | no | 210 | | [ephemeral\_block\_device](#input\_ephemeral\_block\_device) | Customize Ephemeral (also known as Instance Store) volumes on the instance | `list(map(string))` | `[]` | no | 211 | | [get\_password\_data](#input\_get\_password\_data) | If true, wait for password data to become available and retrieve it. | `bool` | `null` | no | 212 | | [hibernation](#input\_hibernation) | If true, the launched EC2 instance will support hibernation | `bool` | `null` | no | 213 | | [host\_id](#input\_host\_id) | ID of a dedicated host that the instance will be assigned to. Use when an instance is to be launched on a specific dedicated host | `string` | `null` | no | 214 | | [iam\_instance\_profile](#input\_iam\_instance\_profile) | IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile | `string` | `null` | no | 215 | | [iam\_role\_description](#input\_iam\_role\_description) | Description of the role | `string` | `null` | no | 216 | | [iam\_role\_name](#input\_iam\_role\_name) | Name to use on IAM role created | `string` | `null` | no | 217 | | [iam\_role\_path](#input\_iam\_role\_path) | IAM role path | `string` | `null` | no | 218 | | [iam\_role\_permissions\_boundary](#input\_iam\_role\_permissions\_boundary) | ARN of the policy that is used to set the permissions boundary for the IAM role | `string` | `null` | no | 219 | | [iam\_role\_policies](#input\_iam\_role\_policies) | Policies attached to the IAM role | `map(string)` | `{}` | no | 220 | | [iam\_role\_tags](#input\_iam\_role\_tags) | A map of additional tags to add to the IAM role/profile created | `map(string)` | `{}` | no | 221 | | [iam\_role\_use\_name\_prefix](#input\_iam\_role\_use\_name\_prefix) | Determines whether the IAM role name (`iam_role_name` or `name`) is used as a prefix | `bool` | `true` | no | 222 | | [instance\_initiated\_shutdown\_behavior](#input\_instance\_initiated\_shutdown\_behavior) | Shutdown behavior for the instance. Amazon defaults this to stop for EBS-backed instances and terminate for instance-store instances. Cannot be set on instance-store instance | `string` | `null` | no | 223 | | [instance\_type](#input\_instance\_type) | Instance SKU, see comments above for guidance | `string` | `"m7i.large"` | no | 224 | | [ipv6\_address\_count](#input\_ipv6\_address\_count) | A number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet | `number` | `null` | no | 225 | | [ipv6\_addresses](#input\_ipv6\_addresses) | Specify one or more IPv6 addresses from the range of the subnet to associate with the primary network interface | `list(string)` | `null` | no | 226 | | [key\_name](#input\_key\_name) | Key name of the Key Pair to use for the instance; which can be managed using the `aws_key_pair` resource | `string` | `null` | no | 227 | | [launch\_template](#input\_launch\_template) | Specifies a Launch Template to configure the instance. Parameters configured on this resource will override the corresponding parameters in the Launch Template | `map(string)` | `null` | no | 228 | | [metadata\_options](#input\_metadata\_options) | Customize the metadata options of the instance | `map(string)` | `{}` | no | 229 | | [monitoring](#input\_monitoring) | If true, the launched EC2 instance will have detailed monitoring enabled | `bool` | `false` | no | 230 | | [name](#input\_name) | Name to be used on EC2 instance created | `string` | `""` | no | 231 | | [network\_interface](#input\_network\_interface) | Customize network interfaces to be attached at instance boot time | `list(map(string))` | `[]` | no | 232 | | [placement\_group](#input\_placement\_group) | The Placement Group to start the instance in | `string` | `null` | no | 233 | | [private\_ip](#input\_private\_ip) | Private IP address to associate with the instance in a VPC | `string` | `null` | no | 234 | | [root\_block\_device](#input\_root\_block\_device) | Customize details about the root block device of the instance. See Block Devices below for details | `list(any)` | `[]` | no | 235 | | [secondary\_private\_ips](#input\_secondary\_private\_ips) | A list of secondary private IPv4 addresses to assign to the instance's primary network interface (eth0) in a VPC. Can only be assigned to the primary network interface (eth0) attached at instance creation, not a pre-existing network interface i.e. referenced in a `network_interface block` | `list(string)` | `null` | no | 236 | | [source\_dest\_check](#input\_source\_dest\_check) | Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. | `bool` | `true` | no | 237 | | [spot\_block\_duration\_minutes](#input\_spot\_block\_duration\_minutes) | The required duration for the Spot instances, in minutes. This value must be a multiple of 60 (60, 120, 180, 240, 300, or 360) | `number` | `null` | no | 238 | | [spot\_instance\_interruption\_behavior](#input\_spot\_instance\_interruption\_behavior) | Indicates Spot instance behavior when it is interrupted. Valid values are `terminate`, `stop`, or `hibernate` | `string` | `"terminate"` | no | 239 | | [spot\_instance\_type](#input\_spot\_instance\_type) | If set to one-time, after the instance is terminated, the spot request will be closed. Default `persistent` | `string` | `"one-time"` | no | 240 | | [spot\_launch\_group](#input\_spot\_launch\_group) | A launch group is a group of spot instances that launch together and terminate together. If left empty instances are launched and terminated individually | `string` | `null` | no | 241 | | [spot\_price](#input\_spot\_price) | The maximum price to request on the spot market. Defaults to on-demand price | `string` | `null` | no | 242 | | [spot\_valid\_from](#input\_spot\_valid\_from) | The start date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ) | `string` | `null` | no | 243 | | [spot\_valid\_until](#input\_spot\_valid\_until) | The end date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ) | `string` | `null` | no | 244 | | [spot\_wait\_for\_fulfillment](#input\_spot\_wait\_for\_fulfillment) | If set, Terraform will wait for the Spot Request to be fulfilled, and will throw an error if the timeout of 10m is reached | `bool` | `null` | no | 245 | | [subnet\_id](#input\_subnet\_id) | The VPC Subnet ID to launch in | `string` | `null` | no | 246 | | [tags](#input\_tags) | A mapping of tags to assign to the resource | `map(string)` | `{}` | no | 247 | | [tenancy](#input\_tenancy) | The tenancy of the instance (if the instance is running in a VPC). Available values: default, dedicated, host. | `string` | `null` | no | 248 | | [timeouts](#input\_timeouts) | Define maximum timeout for creating, updating, and deleting EC2 instance resources | `map(string)` | `{}` | no | 249 | | [user\_data](#input\_user\_data) | The user data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see user\_data\_base64 instead. | `string` | `null` | no | 250 | | [user\_data\_base64](#input\_user\_data\_base64) | Can be used instead of user\_data to pass base64-encoded binary data directly. Use this instead of user\_data whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption. | `string` | `null` | no | 251 | | [user\_data\_replace\_on\_change](#input\_user\_data\_replace\_on\_change) | When used in combination with user\_data or user\_data\_base64 will trigger a destroy and recreate when set to true. Defaults to false if not set. | `bool` | `false` | no | 252 | | [volume\_tags](#input\_volume\_tags) | A mapping of tags to assign to the devices created by the instance at launch time | `map(string)` | `{}` | no | 253 | | [vpc\_security\_group\_ids](#input\_vpc\_security\_group\_ids) | A list of security group IDs to associate with | `list(string)` | `null` | no | 254 | 255 | ## Outputs 256 | 257 | | Name | Description | 258 | |------|-------------| 259 | | [arn](#output\_arn) | The ARN of the instance | 260 | | [capacity\_reservation\_specification](#output\_capacity\_reservation\_specification) | Capacity reservation specification of the instance | 261 | | [iam\_instance\_profile\_arn](#output\_iam\_instance\_profile\_arn) | ARN assigned by AWS to the instance profile | 262 | | [iam\_instance\_profile\_id](#output\_iam\_instance\_profile\_id) | Instance profile's ID | 263 | | [iam\_instance\_profile\_unique](#output\_iam\_instance\_profile\_unique) | Stable and unique string identifying the IAM instance profile | 264 | | [iam\_role\_arn](#output\_iam\_role\_arn) | The Amazon Resource Name (ARN) specifying the IAM role | 265 | | [iam\_role\_name](#output\_iam\_role\_name) | The name of the IAM role | 266 | | [iam\_role\_unique\_id](#output\_iam\_role\_unique\_id) | Stable and unique string identifying the IAM role | 267 | | [id](#output\_id) | The ID of the instance | 268 | | [instance\_state](#output\_instance\_state) | The state of the instance. One of: `pending`, `running`, `shutting-down`, `terminated`, `stopping`, `stopped` | 269 | | [ipv6\_addresses](#output\_ipv6\_addresses) | The IPv6 address assigned to the instance, if applicable. | 270 | | [outpost\_arn](#output\_outpost\_arn) | The ARN of the Outpost the instance is assigned to | 271 | | [password\_data](#output\_password\_data) | Base-64 encoded encrypted password data for the instance. Useful for getting the administrator password for instances running Microsoft Windows. This attribute is only exported if `get_password_data` is true | 272 | | [primary\_network\_interface\_id](#output\_primary\_network\_interface\_id) | The ID of the instance's primary network interface | 273 | | [private\_dns](#output\_private\_dns) | The private DNS name assigned to the instance can only be used inside the Amazon EC2, and only available if you've enabled DNS hostnames for your VPC | 274 | | [private\_ip](#output\_private\_ip) | The private IP address assigned to the instance. | 275 | | [public\_dns](#output\_public\_dns) | The public DNS name assigned to the instance. For EC2-VPC, this is only available if you've enabled DNS hostnames for your VPC | 276 | | [public\_ip](#output\_public\_ip) | The public IP address assigned to the instance, if applicable. Note: If you are using an aws\_eip with your instance, you should refer to the EIP's address directly and not use `public_ip` as this field will change after the EIP is attached | 277 | | [spot\_bid\_status](#output\_spot\_bid\_status) | The current bid status of the Spot Instance Request | 278 | | [spot\_instance\_id](#output\_spot\_instance\_id) | The Instance ID (if any) that is currently fulfilling the Spot Instance request | 279 | | [spot\_request\_state](#output\_spot\_request\_state) | The current request state of the Spot Instance Request | 280 | | [tags\_all](#output\_tags\_all) | A map of tags assigned to the resource, including those inherited from the provider default\_tags configuration block | 281 | 282 | -------------------------------------------------------------------------------- /roles/amazon_linux_ec2_non_default_vpc/README.md: -------------------------------------------------------------------------------- 1 |

2 | Intel Logo 3 |

4 | 5 | # Intel® Optimized Cloud Modules for Ansible 6 | 7 | © Copyright 2024, Intel Corporation 8 | 9 | ## Ansible Intel AWS VM - Linux VM in Non Default VPC 10 | 11 | 12 | This example creates an AWS EC2 instance on 4th Generation Intel® Xeon® Scalable Processor (Sapphire Rapids) on Linux Operating System in a non-default VPC. The non-default VPC id is needed to be passed in this module as a variable. It is configured to create the EC2 instance in US-East-1 region. The region is provided in variables.tf in this example folder. 13 | 14 | This example also creates an EC2 key pair. It associates the public key with the EC2 instance. The private key is created in the local system where terraform apply is done. It also creates a new scurity group to open up the SSH port 22 to a specific IP CIDR block. 15 | 16 | In this example, the tags Name, Owner and Duration are added to the EC2 instance when it is created. 17 | 18 | ## Architecture Diagram 19 |

20 | amazon-ec2-non-default-vpc 21 |

22 | 23 | ## Installation of `amazon_linux_ec2_non_default_vpc` role 24 | 25 | ### Below are ways to install and use it: 26 | 27 | 1. **Case 1:-** When user's needs can be met with the default configuration, and they want to install a collection 28 | from Ansible Galaxy to the default location (as a third-party collection), it is recommended to use the following command: 29 | ```commandline 30 | ansible-galaxy collection install 31 | ``` 32 | 33 | 2. **Case 2:-** When user's needs cannot be met with the default configuration, wants to extend/modify existing configuration and flow, They can install collection using Ansible Galaxy in user's define location. 34 | Use below approaches: 35 | 36 | 1. 37 | ```commandline 38 | ansible-galaxy collection install -p 39 | ``` 40 | Note: collection will download collection, you can remove as per need. 41 | 42 | 2. Download source and copy role directory to your Ansible boilerplate from GitHub (Used to extended behavior of role) 43 | ```commandline 44 | git clone https://github.com/intel/ansible-intel-aws-vm.git 45 | cd ansible-intel-aws-vm 46 | cp -r role/amazon_linux_ec2_non_default_vpc // 47 | 48 | 49 | 50 | ## Usage 51 | Use playbook to run amazon_linux_ec2_non_default_vpc role as below 52 | ```yaml 53 | --- 54 | - name: playbook using amazon linux ec2 55 | hosts: localhost 56 | tasks: 57 | - name: running a role amazon linux ec2 non default vpc 58 | ansible.builtin.import_role: 59 | name: amazon_linux_ec2_non_default_vpc 60 | vars: 61 | ec2_state: present 62 | ``` 63 | Use below Command: 64 | ```commandline 65 | ansible-playbook intel_amazon_linux_ec2_non_default_vpc.yml 66 | ``` 67 | 68 | ## Run Ansible with Different State 69 | #### State - present (terraform apply) 70 | ```yaml 71 | - name: playbook using amazon linux ec2 72 | hosts: localhost 73 | tasks: 74 | - name: running a role amazon linux ec2 non default vpc 75 | ansible.builtin.import_role: 76 | name: amazon_linux_ec2_non_default_vpc 77 | vars: 78 | ec2_state: present 79 | ``` 80 | Use below Command: 81 | ```commandline 82 | ansible-playbook intel_amazon_linux_ec2_non_default_vpc.yml 83 | ``` 84 | 85 | #### State - absent (terraform destroy) 86 | ```yaml 87 | - name: playbook using amazon linux ec2 88 | hosts: localhost 89 | tasks: 90 | - name: running a role amazon linux ec2 non default vpc 91 | ansible.builtin.import_role: 92 | name: amazon_linux_ec2_non_default_vpc 93 | vars: 94 | ec2_state: absent 95 | ``` 96 | Use below Command: 97 | ```commandline 98 | ansible-playbook intel_amazon_linux_ec2_non_default_vpc.yml 99 | ``` 100 | Note: **It deletes ec2 vm instance and key pair**. 101 | 102 | Requirements 103 | ------------ 104 | | Name | Version | 105 | |-------------------------------------------------------------------------------------|----------| 106 | | [Terraform](#requirement\_terraform) | =1.5.7 | 107 | | [AWS](#requirement\_aws) | ~> 4.36.0 | 108 | | [Random](#requirement\_random) | ~>3.4.3 | 109 | | [Ansible Core](#requirement\_ansible\_core) | ~>2.14.2 | 110 | | [Ansible](#requirement\_ansible) | ~>7.2.0-1 | 111 | | [boto3](#requirement\_boto3) | ~>1.29.0 | 112 | | [botocore](#requirement\_botocore) | ~>1.32.0 | 113 | | [cryptography](#requirement\_cryptography) | ~>41.0.5 | 114 | 115 | Note: Above role requires `Terraform` as we are executing terraform module [terraform-intel-aws-vm]() using Ansible module called [community.general.terraform]() 116 | 117 | ### Terraform Modules 118 | | Name | 119 | |---------------------------------------------------------------------------------------| 120 | | [terraform-intel-aws-vm]() | 121 | 122 | # Ansible 123 | ## Module State Inputs 124 | 125 | | Name | Description | Type | Default | Required | 126 | |-----------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------|----------|-----------|:--------:| 127 | | [ec2_state](#input\_auto\_major\_version\_upgrades) | It specifices ec2 state of given stage, choies: "planned", "present" ← (default), "absent" | `string` | `present` | no | 128 | 129 | 130 | ## VM Exposed Inputs 131 | 132 | | Name | Description | Type | Default | Required | 133 | |-------------------------------------------------------------------------------------------------|-----------------------------------|----------|-------------------------|:--------:| 134 | | [vpc_id](#input_ami) | vpc id to use for the instance | `string` | `vpc-0bf95158fd23f4e2e` | no | 135 | | [duration_count_tag](#input_duration_count_tag) | Tag: Duration count | `int` | `2` | no | 136 | 137 | ## Security group Exposed Inputs 138 | 139 | | Name | Description | Type | Default | Required | 140 | |----------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------|-------------|-----------------------------------|:--------:| 141 | | [security_group_name](#input_security_group_name) | Security group name is a unique identifier for a security group within a VPC | `string` | `ssh_security_group` with prefix | no | 142 | | [security_group_rules](#input_security_group_rules) | Security group rules are a set of firewall rules that control the inbound and outbound traffic for an EC2 instance. | `list(map)` | `[{"from_port": 22, "to_port": 22, "proto": "tcp", "cidr_ip": "0.0.0.0/0"}]` | no | 143 | 144 | 145 | ## VM Terraform Extended Inputs 146 | Below Input variables can be used to extend variables in role, Add or update variable in vars/main.yml file 147 | ### Usage 148 | 149 | roles/amazon_linux_ec2_non_default_vpc/vars/main.yml 150 | 151 | ```yaml 152 | subnet_id: "" 153 | ``` 154 | 155 | roles/amazon_ec2_rhel_default_vpc/tasks/ec2_vm.yml 156 | ```yaml 157 | --- 158 | - name: ec2 creation 159 | community.general.terraform: 160 | project_path: '{{ ec2_tf_module_download_path }}' 161 | state: '{{ ec2_state }}' 162 | force_init: true 163 | complex_vars: true 164 | variables: 165 | key_name: '{{ keypair_name }}' 166 | subnet_id: '{{ subnet_ids[0] }}' 167 | tags: 168 | "Name": "my-test-vm-{{ random_id }}" 169 | "Owner": "OwnerName-{{ random_id }}" 170 | "Duration": "{{ duration_count_tag }}" 171 | register: ec2_output 172 | ``` 173 | 174 | Use `duration_count_tag` in playbook 175 | ```yaml 176 | --- 177 | - name: playbook using amazon linux ec2 178 | hosts: localhost 179 | tasks: 180 | - name: running a role amazon linux ec2 non default vpc 181 | ansible.builtin.import_role: 182 | name: amazon_linux_ec2_non_default_vpc 183 | vars: 184 | ec2_state: present 185 | subnet_id: 186 | ``` 187 | 188 | ## Inputs 189 | 190 | | Name | Description | Type | Default | Required | 191 | |------|-------------|------|---------|:--------:| 192 | | [ami](#input\_ami) | ID of AMI to use for the instance | `string` | `null` | no | 193 | | [ami\_ssm\_parameter](#input\_ami\_ssm\_parameter) | SSM parameter name for the AMI ID. For Amazon Linux AMI SSM parameters see [reference](https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-public-parameters-ami.html). To find the latest Windows AMI using Systems Manager, use this [reference](https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/finding-an-ami.html#finding-an-ami-parameter-store) | `string` | `"/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2"` | no | 194 | | [associate\_public\_ip\_address](#input\_associate\_public\_ip\_address) | Whether to associate a public IP address with an instance in a VPC | `bool` | `null` | no | 195 | | [availability\_zone](#input\_availability\_zone) | AZ to start the instance in | `string` | `null` | no | 196 | | [capacity\_reservation\_specification](#input\_capacity\_reservation\_specification) | Describes an instance's Capacity Reservation targeting option | `any` | `{}` | no | 197 | | [cpu\_core\_count](#input\_cpu\_core\_count) | Sets the number of CPU cores for an instance. | `number` | `null` | no | 198 | | [cpu\_credits](#input\_cpu\_credits) | The credit option for CPU usage (unlimited or standard) | `string` | `null` | no | 199 | | [cpu\_threads\_per\_core](#input\_cpu\_threads\_per\_core) | Sets the number of CPU threads per core for an instance (has no effect unless cpu\_core\_count is also set). | `number` | `null` | no | 200 | | [create](#input\_create) | Whether to create an instance | `bool` | `true` | no | 201 | | [create\_iam\_instance\_profile](#input\_create\_iam\_instance\_profile) | Determines whether an IAM instance profile is created or to use an existing IAM instance profile | `bool` | `false` | no | 202 | | [create\_spot\_instance](#input\_create\_spot\_instance) | Depicts if the instance is a spot instance | `bool` | `false` | no | 203 | | [disable\_api\_stop](#input\_disable\_api\_stop) | If true, enables EC2 Instance Stop Protection. | `bool` | `null` | no | 204 | | [disable\_api\_termination](#input\_disable\_api\_termination) | If true, enables EC2 Instance Termination Protection | `bool` | `null` | no | 205 | | [ebs\_block\_device](#input\_ebs\_block\_device) | Additional EBS block devices to attach to the instance | `list(map(string))` | `[]` | no | 206 | | [ebs\_optimized](#input\_ebs\_optimized) | If true, the launched EC2 instance will be EBS-optimized | `bool` | `null` | no | 207 | | [enable\_volume\_tags](#input\_enable\_volume\_tags) | Whether to enable volume tags (if enabled it conflicts with root\_block\_device tags) | `bool` | `true` | no | 208 | | [enclave\_options\_enabled](#input\_enclave\_options\_enabled) | Whether Nitro Enclaves will be enabled on the instance. Defaults to `false` | `bool` | `null` | no | 209 | | [ephemeral\_block\_device](#input\_ephemeral\_block\_device) | Customize Ephemeral (also known as Instance Store) volumes on the instance | `list(map(string))` | `[]` | no | 210 | | [get\_password\_data](#input\_get\_password\_data) | If true, wait for password data to become available and retrieve it. | `bool` | `null` | no | 211 | | [hibernation](#input\_hibernation) | If true, the launched EC2 instance will support hibernation | `bool` | `null` | no | 212 | | [host\_id](#input\_host\_id) | ID of a dedicated host that the instance will be assigned to. Use when an instance is to be launched on a specific dedicated host | `string` | `null` | no | 213 | | [iam\_instance\_profile](#input\_iam\_instance\_profile) | IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile | `string` | `null` | no | 214 | | [iam\_role\_description](#input\_iam\_role\_description) | Description of the role | `string` | `null` | no | 215 | | [iam\_role\_name](#input\_iam\_role\_name) | Name to use on IAM role created | `string` | `null` | no | 216 | | [iam\_role\_path](#input\_iam\_role\_path) | IAM role path | `string` | `null` | no | 217 | | [iam\_role\_permissions\_boundary](#input\_iam\_role\_permissions\_boundary) | ARN of the policy that is used to set the permissions boundary for the IAM role | `string` | `null` | no | 218 | | [iam\_role\_policies](#input\_iam\_role\_policies) | Policies attached to the IAM role | `map(string)` | `{}` | no | 219 | | [iam\_role\_tags](#input\_iam\_role\_tags) | A map of additional tags to add to the IAM role/profile created | `map(string)` | `{}` | no | 220 | | [iam\_role\_use\_name\_prefix](#input\_iam\_role\_use\_name\_prefix) | Determines whether the IAM role name (`iam_role_name` or `name`) is used as a prefix | `bool` | `true` | no | 221 | | [instance\_initiated\_shutdown\_behavior](#input\_instance\_initiated\_shutdown\_behavior) | Shutdown behavior for the instance. Amazon defaults this to stop for EBS-backed instances and terminate for instance-store instances. Cannot be set on instance-store instance | `string` | `null` | no | 222 | | [instance\_type](#input\_instance\_type) | Instance SKU, see comments above for guidance | `string` | `"m7i.large"` | no | 223 | | [ipv6\_address\_count](#input\_ipv6\_address\_count) | A number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet | `number` | `null` | no | 224 | | [ipv6\_addresses](#input\_ipv6\_addresses) | Specify one or more IPv6 addresses from the range of the subnet to associate with the primary network interface | `list(string)` | `null` | no | 225 | | [key\_name](#input\_key\_name) | Key name of the Key Pair to use for the instance; which can be managed using the `aws_key_pair` resource | `string` | `null` | no | 226 | | [launch\_template](#input\_launch\_template) | Specifies a Launch Template to configure the instance. Parameters configured on this resource will override the corresponding parameters in the Launch Template | `map(string)` | `null` | no | 227 | | [metadata\_options](#input\_metadata\_options) | Customize the metadata options of the instance | `map(string)` | `{}` | no | 228 | | [monitoring](#input\_monitoring) | If true, the launched EC2 instance will have detailed monitoring enabled | `bool` | `false` | no | 229 | | [name](#input\_name) | Name to be used on EC2 instance created | `string` | `""` | no | 230 | | [network\_interface](#input\_network\_interface) | Customize network interfaces to be attached at instance boot time | `list(map(string))` | `[]` | no | 231 | | [placement\_group](#input\_placement\_group) | The Placement Group to start the instance in | `string` | `null` | no | 232 | | [private\_ip](#input\_private\_ip) | Private IP address to associate with the instance in a VPC | `string` | `null` | no | 233 | | [root\_block\_device](#input\_root\_block\_device) | Customize details about the root block device of the instance. See Block Devices below for details | `list(any)` | `[]` | no | 234 | | [secondary\_private\_ips](#input\_secondary\_private\_ips) | A list of secondary private IPv4 addresses to assign to the instance's primary network interface (eth0) in a VPC. Can only be assigned to the primary network interface (eth0) attached at instance creation, not a pre-existing network interface i.e. referenced in a `network_interface block` | `list(string)` | `null` | no | 235 | | [source\_dest\_check](#input\_source\_dest\_check) | Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. | `bool` | `true` | no | 236 | | [spot\_block\_duration\_minutes](#input\_spot\_block\_duration\_minutes) | The required duration for the Spot instances, in minutes. This value must be a multiple of 60 (60, 120, 180, 240, 300, or 360) | `number` | `null` | no | 237 | | [spot\_instance\_interruption\_behavior](#input\_spot\_instance\_interruption\_behavior) | Indicates Spot instance behavior when it is interrupted. Valid values are `terminate`, `stop`, or `hibernate` | `string` | `"terminate"` | no | 238 | | [spot\_instance\_type](#input\_spot\_instance\_type) | If set to one-time, after the instance is terminated, the spot request will be closed. Default `persistent` | `string` | `"one-time"` | no | 239 | | [spot\_launch\_group](#input\_spot\_launch\_group) | A launch group is a group of spot instances that launch together and terminate together. If left empty instances are launched and terminated individually | `string` | `null` | no | 240 | | [spot\_price](#input\_spot\_price) | The maximum price to request on the spot market. Defaults to on-demand price | `string` | `null` | no | 241 | | [spot\_valid\_from](#input\_spot\_valid\_from) | The start date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ) | `string` | `null` | no | 242 | | [spot\_valid\_until](#input\_spot\_valid\_until) | The end date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ) | `string` | `null` | no | 243 | | [spot\_wait\_for\_fulfillment](#input\_spot\_wait\_for\_fulfillment) | If set, Terraform will wait for the Spot Request to be fulfilled, and will throw an error if the timeout of 10m is reached | `bool` | `null` | no | 244 | | [subnet\_id](#input\_subnet\_id) | The VPC Subnet ID to launch in | `string` | `null` | no | 245 | | [tags](#input\_tags) | A mapping of tags to assign to the resource | `map(string)` | `{}` | no | 246 | | [tenancy](#input\_tenancy) | The tenancy of the instance (if the instance is running in a VPC). Available values: default, dedicated, host. | `string` | `null` | no | 247 | | [timeouts](#input\_timeouts) | Define maximum timeout for creating, updating, and deleting EC2 instance resources | `map(string)` | `{}` | no | 248 | | [user\_data](#input\_user\_data) | The user data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see user\_data\_base64 instead. | `string` | `null` | no | 249 | | [user\_data\_base64](#input\_user\_data\_base64) | Can be used instead of user\_data to pass base64-encoded binary data directly. Use this instead of user\_data whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption. | `string` | `null` | no | 250 | | [user\_data\_replace\_on\_change](#input\_user\_data\_replace\_on\_change) | When used in combination with user\_data or user\_data\_base64 will trigger a destroy and recreate when set to true. Defaults to false if not set. | `bool` | `false` | no | 251 | | [volume\_tags](#input\_volume\_tags) | A mapping of tags to assign to the devices created by the instance at launch time | `map(string)` | `{}` | no | 252 | | [vpc\_security\_group\_ids](#input\_vpc\_security\_group\_ids) | A list of security group IDs to associate with | `list(string)` | `null` | no | 253 | 254 | ## Outputs 255 | 256 | | Name | Description | 257 | |------|-------------| 258 | | [arn](#output\_arn) | The ARN of the instance | 259 | | [capacity\_reservation\_specification](#output\_capacity\_reservation\_specification) | Capacity reservation specification of the instance | 260 | | [iam\_instance\_profile\_arn](#output\_iam\_instance\_profile\_arn) | ARN assigned by AWS to the instance profile | 261 | | [iam\_instance\_profile\_id](#output\_iam\_instance\_profile\_id) | Instance profile's ID | 262 | | [iam\_instance\_profile\_unique](#output\_iam\_instance\_profile\_unique) | Stable and unique string identifying the IAM instance profile | 263 | | [iam\_role\_arn](#output\_iam\_role\_arn) | The Amazon Resource Name (ARN) specifying the IAM role | 264 | | [iam\_role\_name](#output\_iam\_role\_name) | The name of the IAM role | 265 | | [iam\_role\_unique\_id](#output\_iam\_role\_unique\_id) | Stable and unique string identifying the IAM role | 266 | | [id](#output\_id) | The ID of the instance | 267 | | [instance\_state](#output\_instance\_state) | The state of the instance. One of: `pending`, `running`, `shutting-down`, `terminated`, `stopping`, `stopped` | 268 | | [ipv6\_addresses](#output\_ipv6\_addresses) | The IPv6 address assigned to the instance, if applicable. | 269 | | [outpost\_arn](#output\_outpost\_arn) | The ARN of the Outpost the instance is assigned to | 270 | | [password\_data](#output\_password\_data) | Base-64 encoded encrypted password data for the instance. Useful for getting the administrator password for instances running Microsoft Windows. This attribute is only exported if `get_password_data` is true | 271 | | [primary\_network\_interface\_id](#output\_primary\_network\_interface\_id) | The ID of the instance's primary network interface | 272 | | [private\_dns](#output\_private\_dns) | The private DNS name assigned to the instance. Can only be used inside the Amazon EC2, and only available if you've enabled DNS hostnames for your VPC | 273 | | [private\_ip](#output\_private\_ip) | The private IP address assigned to the instance. | 274 | | [public\_dns](#output\_public\_dns) | The public DNS name assigned to the instance. For EC2-VPC, this is only available if you've enabled DNS hostnames for your VPC | 275 | | [public\_ip](#output\_public\_ip) | The public IP address assigned to the instance, if applicable. NOTE: If you are using an aws\_eip with your instance, you should refer to the EIP's address directly and not use `public_ip` as this field will change after the EIP is attached | 276 | | [spot\_bid\_status](#output\_spot\_bid\_status) | The current bid status of the Spot Instance Request | 277 | | [spot\_instance\_id](#output\_spot\_instance\_id) | The Instance ID (if any) that is currently fulfilling the Spot Instance request | 278 | | [spot\_request\_state](#output\_spot\_request\_state) | The current request state of the Spot Instance Request | 279 | | [tags\_all](#output\_tags\_all) | A map of tags assigned to the resource, including those inherited from the provider default\_tags configuration block | 280 | -------------------------------------------------------------------------------- /roles/amazon_ec2_rhel_default_vpc/README.md: -------------------------------------------------------------------------------- 1 |

2 | Intel Logo 3 |

4 | 5 | # Intel® Optimized Cloud Modules for Ansible 6 | 7 | © Copyright 2024, Intel Corporation 8 | 9 | ## Ansible Intel AWS VM - Red Hat RHEL VM in Default VPC 10 | 11 | This example creates an AWS Red Hat Enterprise Linux (RHEL) EC2 instance on a 4th Generation Intel® Xeon® Scalable Processor (Sapphire Rapids) in the default VPC. It is configured to create the EC2 instance in US-East-1 region. The region is provided in variables.tf in this example folder. 12 | 13 | This example also creates an EC2 key pair. It associates the public key with the EC2 instance. The private key is created in the local system where terraform apply is done. It also creates a new scurity group to open up the SSH port 22 to a specific IP CIDR block. This example requires RHEL SSM Parameter name for the ami_ssm_parameter in the variables file. More information can be found on [Red Hat Enterprise Linux Images Available on Amazon Web Services Documentation]() 14 | 15 | In this example, the tags Name, Owner and Duration are added to the EC2 instance when it is created. 16 | 17 | ## Architecture Diagram 18 |

19 | amazon-ec2-rhel-default-vpc 20 |

21 | 22 | ## Installation of `amazon_ec2_rhel_default_vpc` role 23 | 24 | ### Below are ways to install and use it: 25 | 26 | 1. **Case 1:-** When user's needs can be met with the default configuration, and they want to install a collection 27 | from Ansible Galaxy to the default location (as a third-party collection), it is recommended to use the following command: 28 | ```commandline 29 | ansible-galaxy collection install 30 | ``` 31 | 32 | 2. **Case 2:-** When user's needs cannot be met with the default configuration, wants to extend/modify existing configuration and flow, They can install collection using Ansible Galaxy in user's define location. 33 | Use below approaches: 34 | 35 | 1. 36 | ```commandline 37 | ansible-galaxy collection install -p 38 | ``` 39 | Note: collection will download collection, you can remove as per need. 40 | 41 | 2. Download source and copy role directory to your Ansible boilerplate from GitHub (Used to extended behavior of role) 42 | ```commandline 43 | git clone https://github.com/intel/ansible-intel-aws-vm.git 44 | cd ansible-intel-aws-vm 45 | cp -r role/amazon_ec2_rhel_default_vpc // 46 | 47 | 48 | 49 | ## Usage 50 | Use playbook to run amazon_ec2_rhel_default_vpc role as below 51 | ```yaml 52 | --- 53 | - name: Run amazon_ec2_rhel_default_vpc role 54 | hosts: localhost 55 | tasks: 56 | - name: Running a role Amazon EC2 rhel default vpc 57 | ansible.builtin.import_role: 58 | name: amazon_ec2_rhel_default_vpc 59 | vars: 60 | ec2_rhel_default_vpc_state: present 61 | ``` 62 | Use below Command: 63 | ```commandline 64 | ansible-playbook intel_aws_vm_ec2_rhel_default_vpc.yml 65 | ``` 66 | 67 | ## Run Ansible with Different State 68 | #### State - present (terraform apply) 69 | ```yaml 70 | - name: Run amazon_ec2_rhel_default_vpc role 71 | hosts: localhost 72 | tasks: 73 | - name: Running a role Amazon EC2 rhel default vpc 74 | ansible.builtin.import_role: 75 | name: amazon_ec2_rhel_default_vpc 76 | vars: 77 | ec2_rhel_default_vpc_state: present 78 | ``` 79 | Use below Command: 80 | ```commandline 81 | ansible-playbook intel_aws_vm_ec2_rhel_default_vpc.yml 82 | ``` 83 | 84 | #### State - absent (terraform destroy) 85 | ```yaml 86 | - name: Run amazon_ec2_rhel_default_vpc role 87 | hosts: localhost 88 | tasks: 89 | - name: Running a role Amazon EC2 rhel default vpc 90 | ansible.builtin.import_role: 91 | name: amazon_ec2_rhel_default_vpc 92 | vars: 93 | ec2_rhel_default_vpc_state: absent 94 | ``` 95 | Use below Command: 96 | ```commandline 97 | ansible-playbook intel_aws_vm_ec2_rhel_default_vpc.yml 98 | ``` 99 | Note: **It deletes ec2 vm instance, security group and key pair**. 100 | 101 | Requirements 102 | ------------ 103 | | Name | Version | 104 | |-------------------------------------------------------------------------------------|----------| 105 | | [Terraform](#requirement\_terraform) | =1.5.7 | 106 | | [AWS](#requirement\_aws) | ~> 4.36.0 | 107 | | [Random](#requirement\_random) | ~>3.4.3 | 108 | | [Ansible Core](#requirement\_ansible\_core) | ~>2.14.2 | 109 | | [Ansible](#requirement\_ansible) | ~>7.2.0-1 | 110 | | [boto3](#requirement\_boto3) | ~>1.29.0 | 111 | | [botocore](#requirement\_botocore) | ~>1.32.0 | 112 | | [cryptography](#requirement\_cryptography) | ~>41.0.5 | 113 | 114 | Note: Above role requires `Terraform` as we are executing terraform module [terraform-intel-aws-vm]() using Ansible module called [community.general.terraform]() 115 | 116 | ### Terraform Modules 117 | | Name | 118 | |---------------------------------------------------------------------------------------| 119 | | [terraform-intel-aws-vm]() | 120 | 121 | # Ansible 122 | ## Module State Inputs 123 | 124 | | Name | Description | Type | Default | Required | 125 | |-----------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------|----------|-----------|:--------:| 126 | | [ec2_rhel_default_vpc\_state](#input\_auto\_major\_version\_upgrades) | It specifices ec2 state of given stage, choies: "planned", "present" ← (default), "absent" | `string` | `present` | no | 127 | 128 | 129 | ## VM Exposed Inputs 130 | 131 | | Name | Description | Type | Default | Required | 132 | |-------------------------------------------------------------------------------------------------|-----------------------------------|----------|-------------------------|:--------:| 133 | | [ami](#input_ami) | ID of AMI to use for the instance | `string` | `ami-0931978297f275f71` | no | 134 | | [duration_count_tag](#input_duration_count_tag) | Tag: Duration count | `int` | `2` | no | 135 | 136 | ## Security group Exposed Inputs 137 | 138 | | Name | Description | Type | Default | Required | 139 | |----------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------|-------------|-----------------------------------|:--------:| 140 | | [security_group_name](#input_security_group_name) | Security group name is a unique identifier for a security group within a VPC | `string` | `ssh_security_group` with prefix | no | 141 | | [security_group_rules](#input_security_group_rules) | Security group rules are a set of firewall rules that control the inbound and outbound traffic for an EC2 instance. | `list(map)` | `[{"from_port": 22, "to_port": 22, "proto": "tcp", "cidr_ip": "0.0.0.0/0"}]` | no | 142 | 143 | 144 | ## VM Terraform Extended Inputs 145 | Below input variables can be used to extend variables in role, add or update variable in vars/main.yml file 146 | ### Usage 147 | 148 | roles/amazon_ec2_rhel_default_vpc/vars/main.yml 149 | 150 | ```yaml 151 | availability_zone: "us-east-2c" 152 | ``` 153 | 154 | roles/amazon_ec2_rhel_default_vpc/tasks/ec2_vm.yml 155 | ```yaml 156 | # TF module "terraform-intel-aws-vm" 157 | - name: EC2 rhel vm 158 | community.general.terraform: 159 | project_path: '{{ vm_tf_module_download_path }}' 160 | state: '{{ ec2_rhel_default_vpc_state }}' 161 | force_init: true 162 | complex_vars: true 163 | variables: 164 | availability_zone: '{{ availability_zone }}' 165 | key_name: '{{ keypair_name }}' 166 | ami: '{{ ami }}' 167 | tags: 168 | "Name": "my-test-vm-{{ random_id }}" 169 | "Owner": "OwnerName-{{ random_id }}" 170 | "Duration": "{{ duration_count_tag }}" 171 | register: ec2_rhel_vm_output 172 | ``` 173 | 174 | Use `availability_zone` in playbook 175 | ```yaml 176 | --- 177 | - name: Run amazon_ec2_rhel_default_vpc role 178 | hosts: localhost 179 | tasks: 180 | - name: Running a role Amazon EC2 rhel default vpc 181 | ansible.builtin.import_role: 182 | name: amazon_ec2_rhel_default_vpc 183 | vars: 184 | ec2_rhel_default_vpc_state: present 185 | availability_zone: 186 | ``` 187 | 188 | ## Inputs 189 | 190 | | Name | Description | Type | Default | Required | 191 | |------|-------------|------|---------|:--------:| 192 | | [ami](#input\_ami) | ID of AMI to use for the instance | `string` | `null` | no | 193 | | [ami\_ssm\_parameter](#input\_ami\_ssm\_parameter) | SSM parameter name for the AMI ID. For Amazon Linux AMI SSM parameters see [reference](https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-public-parameters-ami.html). To find the latest Windows AMI using Systems Manager, use this [reference](https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/finding-an-ami.html#finding-an-ami-parameter-store) | `string` | `"/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2"` | no | 194 | | [associate\_public\_ip\_address](#input\_associate\_public\_ip\_address) | Whether to associate a public IP address with an instance in a VPC | `bool` | `null` | no | 195 | | [availability\_zone](#input\_availability\_zone) | AZ to start the instance in | `string` | `null` | no | 196 | | [capacity\_reservation\_specification](#input\_capacity\_reservation\_specification) | Describes an instance's Capacity Reservation targeting option | `any` | `{}` | no | 197 | | [cpu\_core\_count](#input\_cpu\_core\_count) | Sets the number of CPU cores for an instance. | `number` | `null` | no | 198 | | [cpu\_credits](#input\_cpu\_credits) | The credit option for CPU usage (unlimited or standard) | `string` | `null` | no | 199 | | [cpu\_threads\_per\_core](#input\_cpu\_threads\_per\_core) | Sets the number of CPU threads per core for an instance (has no effect unless cpu\_core\_count is also set). | `number` | `null` | no | 200 | | [create](#input\_create) | Whether to create an instance | `bool` | `true` | no | 201 | | [create\_iam\_instance\_profile](#input\_create\_iam\_instance\_profile) | Determines whether an IAM instance profile is created or to use an existing IAM instance profile | `bool` | `false` | no | 202 | | [create\_spot\_instance](#input\_create\_spot\_instance) | Depicts if the instance is a spot instance | `bool` | `false` | no | 203 | | [disable\_api\_stop](#input\_disable\_api\_stop) | If true, enables EC2 Instance Stop Protection. | `bool` | `null` | no | 204 | | [disable\_api\_termination](#input\_disable\_api\_termination) | If true, enables EC2 Instance Termination Protection | `bool` | `null` | no | 205 | | [ebs\_block\_device](#input\_ebs\_block\_device) | Additional EBS block devices to attach to the instance | `list(map(string))` | `[]` | no | 206 | | [ebs\_optimized](#input\_ebs\_optimized) | If true, the launched EC2 instance will be EBS-optimized | `bool` | `null` | no | 207 | | [enable\_volume\_tags](#input\_enable\_volume\_tags) | Whether to enable volume tags (if enabled it conflicts with root\_block\_device tags) | `bool` | `true` | no | 208 | | [enclave\_options\_enabled](#input\_enclave\_options\_enabled) | Whether Nitro Enclaves will be enabled on the instance. Defaults to `false` | `bool` | `null` | no | 209 | | [ephemeral\_block\_device](#input\_ephemeral\_block\_device) | Customize Ephemeral (also known as Instance Store) volumes on the instance | `list(map(string))` | `[]` | no | 210 | | [get\_password\_data](#input\_get\_password\_data) | If true, wait for password data to become available and retrieve it. | `bool` | `null` | no | 211 | | [hibernation](#input\_hibernation) | If true, the launched EC2 instance will support hibernation | `bool` | `null` | no | 212 | | [host\_id](#input\_host\_id) | ID of a dedicated host that the instance will be assigned to. Use when an instance is to be launched on a specific dedicated host | `string` | `null` | no | 213 | | [iam\_instance\_profile](#input\_iam\_instance\_profile) | IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile | `string` | `null` | no | 214 | | [iam\_role\_description](#input\_iam\_role\_description) | Description of the role | `string` | `null` | no | 215 | | [iam\_role\_name](#input\_iam\_role\_name) | Name to use on IAM role created | `string` | `null` | no | 216 | | [iam\_role\_path](#input\_iam\_role\_path) | IAM role path | `string` | `null` | no | 217 | | [iam\_role\_permissions\_boundary](#input\_iam\_role\_permissions\_boundary) | ARN of the policy that is used to set the permissions boundary for the IAM role | `string` | `null` | no | 218 | | [iam\_role\_policies](#input\_iam\_role\_policies) | Policies attached to the IAM role | `map(string)` | `{}` | no | 219 | | [iam\_role\_tags](#input\_iam\_role\_tags) | A map of additional tags to add to the IAM role/profile created | `map(string)` | `{}` | no | 220 | | [iam\_role\_use\_name\_prefix](#input\_iam\_role\_use\_name\_prefix) | Determines whether the IAM role name (`iam_role_name` or `name`) is used as a prefix | `bool` | `true` | no | 221 | | [instance\_initiated\_shutdown\_behavior](#input\_instance\_initiated\_shutdown\_behavior) | Shutdown behavior for the instance. Amazon defaults this to stop for EBS-backed instances and terminate for instance-store instances. Cannot be set on instance-store instance | `string` | `null` | no | 222 | | [instance\_type](#input\_instance\_type) | Instance SKU, see comments above for guidance | `string` | `"m7i.large"` | no | 223 | | [ipv6\_address\_count](#input\_ipv6\_address\_count) | A number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet | `number` | `null` | no | 224 | | [ipv6\_addresses](#input\_ipv6\_addresses) | Specify one or more IPv6 addresses from the range of the subnet to associate with the primary network interface | `list(string)` | `null` | no | 225 | | [key\_name](#input\_key\_name) | Key name of the Key Pair to use for the instance; which can be managed using the `aws_key_pair` resource | `string` | `null` | no | 226 | | [launch\_template](#input\_launch\_template) | Specifies a Launch Template to configure the instance. Parameters configured on this resource will override the corresponding parameters in the Launch Template | `map(string)` | `null` | no | 227 | | [metadata\_options](#input\_metadata\_options) | Customize the metadata options of the instance | `map(string)` | `{}` | no | 228 | | [monitoring](#input\_monitoring) | If true, the launched EC2 instance will have detailed monitoring enabled | `bool` | `false` | no | 229 | | [name](#input\_name) | Name to be used on EC2 instance created | `string` | `""` | no | 230 | | [network\_interface](#input\_network\_interface) | Customize network interfaces to be attached at instance boot time | `list(map(string))` | `[]` | no | 231 | | [placement\_group](#input\_placement\_group) | The Placement Group to start the instance in | `string` | `null` | no | 232 | | [private\_ip](#input\_private\_ip) | Private IP address to associate with the instance in a VPC | `string` | `null` | no | 233 | | [root\_block\_device](#input\_root\_block\_device) | Customize details about the root block device of the instance. See Block Devices below for details | `list(any)` | `[]` | no | 234 | | [secondary\_private\_ips](#input\_secondary\_private\_ips) | A list of secondary private IPv4 addresses to assign to the instance's primary network interface (eth0) in a VPC. Can only be assigned to the primary network interface (eth0) attached at instance creation, not a pre-existing network interface i.e. referenced in a `network_interface block` | `list(string)` | `null` | no | 235 | | [source\_dest\_check](#input\_source\_dest\_check) | Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. | `bool` | `true` | no | 236 | | [spot\_block\_duration\_minutes](#input\_spot\_block\_duration\_minutes) | The required duration for the Spot instances, in minutes. This value must be a multiple of 60 (60, 120, 180, 240, 300, or 360) | `number` | `null` | no | 237 | | [spot\_instance\_interruption\_behavior](#input\_spot\_instance\_interruption\_behavior) | Indicates Spot instance behavior when it is interrupted. Valid values are `terminate`, `stop`, or `hibernate` | `string` | `"terminate"` | no | 238 | | [spot\_instance\_type](#input\_spot\_instance\_type) | If set to one-time, after the instance is terminated, the spot request will be closed. Default `persistent` | `string` | `"one-time"` | no | 239 | | [spot\_launch\_group](#input\_spot\_launch\_group) | A launch group is a group of spot instances that launch together and terminate together. If left empty instances are launched and terminated individually | `string` | `null` | no | 240 | | [spot\_price](#input\_spot\_price) | The maximum price to request on the spot market. Defaults to on-demand price | `string` | `null` | no | 241 | | [spot\_valid\_from](#input\_spot\_valid\_from) | The start date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ) | `string` | `null` | no | 242 | | [spot\_valid\_until](#input\_spot\_valid\_until) | The end date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ) | `string` | `null` | no | 243 | | [spot\_wait\_for\_fulfillment](#input\_spot\_wait\_for\_fulfillment) | If set, Terraform will wait for the Spot Request to be fulfilled, and will throw an error if the timeout of 10m is reached | `bool` | `null` | no | 244 | | [subnet\_id](#input\_subnet\_id) | The VPC Subnet ID to launch in | `string` | `null` | no | 245 | | [tags](#input\_tags) | A mapping of tags to assign to the resource | `map(string)` | `{}` | no | 246 | | [tenancy](#input\_tenancy) | The tenancy of the instance (if the instance is running in a VPC). Available values: default, dedicated, host. | `string` | `null` | no | 247 | | [timeouts](#input\_timeouts) | Define maximum timeout for creating, updating, and deleting EC2 instance resources | `map(string)` | `{}` | no | 248 | | [user\_data](#input\_user\_data) | The user data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see user\_data\_base64 instead. | `string` | `null` | no | 249 | | [user\_data\_base64](#input\_user\_data\_base64) | Can be used instead of user\_data to pass base64-encoded binary data directly. Use this instead of user\_data whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption. | `string` | `null` | no | 250 | | [user\_data\_replace\_on\_change](#input\_user\_data\_replace\_on\_change) | When used in combination with user\_data or user\_data\_base64 will trigger a destroy and recreate when set to true. Defaults to false if not set. | `bool` | `false` | no | 251 | | [volume\_tags](#input\_volume\_tags) | A mapping of tags to assign to the devices created by the instance at launch time | `map(string)` | `{}` | no | 252 | | [vpc\_security\_group\_ids](#input\_vpc\_security\_group\_ids) | A list of security group IDs to associate with | `list(string)` | `null` | no | 253 | 254 | ## Outputs 255 | 256 | | Name | Description | 257 | |------|-------------| 258 | | [arn](#output\_arn) | The ARN of the instance | 259 | | [capacity\_reservation\_specification](#output\_capacity\_reservation\_specification) | Capacity reservation specification of the instance | 260 | | [iam\_instance\_profile\_arn](#output\_iam\_instance\_profile\_arn) | ARN assigned by AWS to the instance profile | 261 | | [iam\_instance\_profile\_id](#output\_iam\_instance\_profile\_id) | Instance profile's ID | 262 | | [iam\_instance\_profile\_unique](#output\_iam\_instance\_profile\_unique) | Stable and unique string identifying the IAM instance profile | 263 | | [iam\_role\_arn](#output\_iam\_role\_arn) | The Amazon Resource Name (ARN) specifying the IAM role | 264 | | [iam\_role\_name](#output\_iam\_role\_name) | The name of the IAM role | 265 | | [iam\_role\_unique\_id](#output\_iam\_role\_unique\_id) | Stable and unique string identifying the IAM role | 266 | | [id](#output\_id) | The ID of the instance | 267 | | [instance\_state](#output\_instance\_state) | The state of the instance. One of: `pending`, `running`, `shutting-down`, `terminated`, `stopping`, `stopped` | 268 | | [ipv6\_addresses](#output\_ipv6\_addresses) | The IPv6 address assigned to the instance, if applicable. | 269 | | [outpost\_arn](#output\_outpost\_arn) | The ARN of the Outpost the instance is assigned to | 270 | | [password\_data](#output\_password\_data) | Base-64 encoded encrypted password data for the instance. Useful for getting the administrator password for instances running Microsoft Windows. This attribute is only exported if `get_password_data` is true | 271 | | [primary\_network\_interface\_id](#output\_primary\_network\_interface\_id) | The ID of the instance's primary network interface | 272 | | [private\_dns](#output\_private\_dns) | The private DNS name assigned to the instance. Can only be used inside the Amazon EC2, and only available if you've enabled DNS hostnames for your VPC | 273 | | [private\_ip](#output\_private\_ip) | The private IP address assigned to the instance. | 274 | | [public\_dns](#output\_public\_dns) | The public DNS name assigned to the instance. For EC2-VPC, this is only available if you've enabled DNS hostnames for your VPC | 275 | | [public\_ip](#output\_public\_ip) | The public IP address assigned to the instance, if applicable. NOTE: If you are using an aws\_eip with your instance, you should refer to the EIP's address directly and not use `public_ip` as this field will change after the EIP is attached | 276 | | [spot\_bid\_status](#output\_spot\_bid\_status) | The current bid status of the Spot Instance Request | 277 | | [spot\_instance\_id](#output\_spot\_instance\_id) | The Instance ID (if any) that is currently fulfilling the Spot Instance request | 278 | | [spot\_request\_state](#output\_spot\_request\_state) | The current request state of the Spot Instance Request | 279 | | [tags\_all](#output\_tags\_all) | A map of tags assigned to the resource, including those inherited from the provider default\_tags configuration block | 280 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |

2 | Intel Logo 3 |

4 | 5 | # Intel® Optimized Cloud Modules for Ansible 6 | 7 | © Copyright 2024, Intel Corporation 8 | 9 | ## AWS VM module 10 | 11 | Configuration in this directory creates an AWS VM (EC2 Instance). The instance is created on an 4th Generation Intel® Xeon® Scalable Processor (Sapphire Rapids) by default. 12 | 13 | 14 | 15 | ### Explanation of this Ansible "AWS VM" collection 16 | This collection included 3 roles and 4 playbooks. 17 | 18 | **Role**:- Ansible roles are a way to reuse and organize your Ansible code. They are self-contained units that contain all the files and configuration needed to automate a specific task. 19 | Roles are defined using a directory structure with specific directories for tasks, variables, files, templates, and other artifacts. This structure makes it easy to find and reuse code, and it also makes it easy to extend behaviour of roles. 20 | 21 | To use a role in an Ansible playbook, you simply need to list it in the roles section of the playbook. Ansible will then automatically load the role and execute its tasks. 22 | 23 | For this module, there are 3 roles. 24 | 1. amazon_ec2_rhel_default_vpc - It creates an AWS Red Hat Enterprise Linux (RHEL) EC2 instance on a 4th Generation Intel® Xeon® Scalable Processor (Sapphire Rapids) in the default VPC 25 | 2. amazon_linux_ec2_non_default_vpc creates an AWS EC2 instance on 4th Generation Intel® Xeon® Scalable Processor (Sapphire Rapids) on Linux Operating System in a non-default VPC 26 | 3. gen_ai_demo It creates an Amazon M7i EC2 Instance with 4th Generation Intel® Xeon® Scalable Processor (Sapphire Rapids) & Intel® Cloud Optimized Recipe for FastChat and Stable Diffusion 27 | 28 | 29 | **Playbook**: An Ansible playbook is a YAML file that describes the tasks, are composed of a series of plays, which are groups of tasks that are executed in a specific order. Each play defines a set of tasks that should be executed on a specific group of hosts. 30 | Playbooks can also include variables, which can be used to store data that is used by the tasks. This makes it easy to reuse playbooks for different environments and configurations. 31 | for this module. 32 | For this module, there are 4 playbooks: 33 | 1. Playbook **intel_aws_vm.yml** - Used to create an AWS VM (EC2 Instance), it uses Terraform module **terraform-intel-aws-vm** and being called by Ansible module community.general.terraform 34 | 2. Playbook **intel_aws_vm_ec2_rhel_default_vpc.yml** - It executes role called [amazon_ec2_rhel_default_vpc](#amazon_ec2_rhel_default_vpc) 35 | 3. Playbook **intel_aws_vm_linux_ec2_non_default_vpc.yml** - It executes role called [amazon_linux_ec2_non_default_vpc](#amazon_linux_ec2_non_default_vpc) 36 | 4. Playbook **intel_aws_vm_gen_ai_demo** - It executes role called [gen_ai_demo](#gen_ai_demo) 37 | 38 | ## Code Structure 39 | ```bash 40 | . 41 | ├── CODE_OF_CONDUCT.md 42 | ├── CONTRIBUTING.md 43 | ├── galaxy.yml 44 | ├── playbooks 45 | │   ├── intel_amazon_linux_ec2_non_default_vpc.yml 46 | │   ├── intel_aws_vm_ec2_rhel_default_vpc.yml 47 | │   ├── intel_aws_vm_gen_ai_demo.yml 48 | │   └── intel_aws_vm.yml 49 | ├── README.md 50 | ├── requirements.txt 51 | ├── requirements.yml 52 | ├── roles 53 | │   ├── amazon_ec2_rhel_default_vpc 54 | │   │   ├── defaults 55 | │   │   │   └── main.yml 56 | │   │   ├── files 57 | │   │   ├── handlers 58 | │   │   │   └── main.yml 59 | │   │   ├── meta 60 | │   │   │   └── main.yml 61 | │   │   ├── README.md 62 | │   │   ├── tasks 63 | │   │   │   ├── download_tf_module.yml 64 | │   │   │   ├── ec2_vm.yml 65 | │   │   │   ├── generate_keys.yml 66 | │   │   │   ├── main.yml 67 | │   │   │   ├── output.yml 68 | │   │   │   ├── read_tfstate.yml 69 | │   │   │   └── sg_eni_attachment.yml 70 | │   │   ├── templates 71 | │   │   ├── tests 72 | │   │   │   ├── inventory 73 | │   │   │   └── test.yml 74 | │   │   └── vars 75 | │   │   └── main.yml 76 | │   ├── amazon_linux_ec2_non_default_vpc 77 | │   │   ├── defaults 78 | │   │   │   └── main.yml 79 | │   │   ├── files 80 | │   │   ├── handlers 81 | │   │   │   └── main.yml 82 | │   │   ├── meta 83 | │   │   │   └── main.yml 84 | │   │   ├── README.md 85 | │   │   ├── tasks 86 | │   │   │   ├── download_tf_module.yml 87 | │   │   │   ├── ec2.yml 88 | │   │   │   ├── keypair.yml 89 | │   │   │   ├── main.yml 90 | │   │   │   ├── output.yml 91 | │   │   │   ├── read_tfstate.yml 92 | │   │   │   ├── sg.yml 93 | │   │   │   └── subnet.yml 94 | │   │   ├── templates 95 | │   │   ├── tests 96 | │   │   │   ├── inventory 97 | │   │   │   └── test.yml 98 | │   │   └── vars 99 | │   │   └── main.yml 100 | │   └── gen_ai_demo 101 | │   ├── defaults 102 | │   │   └── main.yml 103 | │   ├── files 104 | │   ├── handlers 105 | │   │   └── main.yml 106 | │   ├── meta 107 | │   │   └── main.yml 108 | │   ├── README.md 109 | │   ├── tasks 110 | │   │   ├── cloud_init_config.yml 111 | │   │   ├── download_tf_module.yml 112 | │   │   ├── ec2_vm.yml 113 | │   │   ├── generate_keys.yml 114 | │   │   ├── main.yml 115 | │   │   ├── output.yml 116 | │   │   ├── read_tfstate.yml 117 | │   │   └── sg_eni_attachment.yml 118 | │   ├── templates 119 | │   ├── tests 120 | │   │   ├── inventory 121 | │   │   └── test.yml 122 | │   └── vars 123 | │   └── main.yml 124 | └── security.md 125 | 126 | 127 | ``` 128 | 129 | ## Installation of collection 130 | 131 | ### Below are ways to install and use it: 132 | 133 | 1. **Case 1:** When user's needs can be met with the default configuration, and they want to install a collection 134 | from Ansible Galaxy to the default location (as a third-party collection), it is recommended to use the following command: 135 | ```commandline 136 | ansible-galaxy collection install 137 | ``` 138 | 139 | 2. **Case 2:-** When user's needs cannot be met with the default configuration, wants to extend/modify existing configuration and flow, they can install collection using Ansible Galaxy in user's define location. 140 | Use below approaches: 141 | 142 | 1. 143 | ```commandline 144 | ansible-galaxy collection install -p 145 | ``` 146 | Note: collection will download collection, you can remove as per need. 147 | 148 | 2. Download source and copy role directory to your Ansible boilerplate from GitHub (used to extended behavior of role) 149 | ```commandline 150 | git clone https://github.com/intel/ansible-intel-aws-vm.git 151 | cd ansible-intel-aws-vm 152 | cp -r role/amazon_ec2_rhel_default_vpc // 153 | ``` 154 | (Example: /home/user/.ansible/roles) 155 | 156 | ## Authenticate AWS 157 | To authenticate AWS API, user needs to export below environment variable: 158 | ```bash 159 | export AWS_ACCESS_KEY_ID= 160 | export AWS_SECRET_ACCESS_KEY= 161 | export AWS_REGION= 162 | ``` 163 | 164 | ## Usage 165 | Use [playbook](playbooks/intel_aws_vm.yml) to execute Terraform module [terraform-intel-aws-vm]() using Ansible module [community.general.terraform]() as below 166 | 167 | ```ansible 168 | --- 169 | - hosts: localhost 170 | vars: 171 | terraform_source: https://github.com/intel/terraform-intel-aws-vm.git 172 | tasks: 173 | - set_fact: 174 | terraform_module_download_path: '/home/{{ansible_env.USER}}/terraform/main/intel_aws_vm/' 175 | 176 | - name: Clone a github repository 177 | git: 178 | repo: '{{ terraform_source }}' 179 | dest: '{{ terraform_module_download_path }}' 180 | clone: yes 181 | update: yes 182 | version: main 183 | 184 | - name: AWS VM Module 185 | community.general.terraform: 186 | project_path: '{{ terraform_module_download_path }}' 187 | state: present 188 | force_init: true 189 | complex_vars: true 190 | # for additional variables 191 | # https://github.com/intel/terraform-intel-aws-vm/blob/main/variables.tf 192 | variables: 193 | name: main-playbook-test 194 | register: vm_output 195 | 196 | - debug: 197 | var: vm_output 198 | ``` 199 | ### Update the variables 200 | Each of the playbooks have .yml files that you will need to update to insert items like VPC ID, and database settings 201 | 202 | ### Execution 203 | ansible-playbook 204 | 205 | EXAMPLE 206 | ```commandline 207 | ansible-playbook intel_aws_mysql.yml 208 | ``` 209 | 210 | ### Deployment Time 211 | Deployment time can vary but in most cases it takes approximately 15-20 minutes for the RDS database to be created or destroyed. 212 | 213 | ## Run Ansible with Different State 214 | You can deploy ansible in various states, similar to Terraform. These are used as variables in the "state" section of the code. There are 3 types, planned, present, absent.
215 | 216 | **planned** = will display what will be executed by does not deploy
217 | **present** = deploys the resources
218 | **absent** = destroys what was created using the present setting
219 | 220 | #### State - planned (terraform plan) 221 | ```yaml 222 | - name: AWS VM Module 223 | community.general.terraform: 224 | project_path: '{{ terraform_module_download_path }}' 225 | state: planned 226 | force_init: true 227 | complex_vars: true 228 | # for additional variables 229 | # https://github.com/intel/terraform-intel-aws-vm/blob/main/variables.tf 230 | variables: 231 | name: 232 | ``` 233 | 234 | #### State - present (terraform apply) 235 | ```yaml 236 | - name: AWS VM Module 237 | community.general.terraform: 238 | project_path: '{{ terraform_module_download_path }}' 239 | state: present 240 | force_init: true 241 | complex_vars: true 242 | # for additional variables 243 | # https://github.com/intel/terraform-intel-aws-vm/blob/main/variables.tf 244 | variables: 245 | name: 246 | ``` 247 | 248 | 249 | #### State - absent (terraform destroy) 250 | ```yaml 251 | - name: AWS VM Module 252 | community.general.terraform: 253 | project_path: '{{ terraform_module_download_path }}' 254 | state: absent 255 | force_init: true 256 | complex_vars: true 257 | # for additional variables 258 | # https://github.com/intel/terraform-intel-aws-vm/blob/main/variables.tf 259 | variables: 260 | name: 261 | ``` 262 | ## See roles folder for complete examples 263 | 264 | | Role Name | 265 | |----------------------------------------------------------------------------------------------------------------------------------------| 266 | | [amazon_ec2_rhel_default_vpc](https://github.com/intel/ansible-intel-aws-vm/tree/main/roles/amazon_ec2_rhel_default_vpc) | 267 | | [amazon_linux_ec2_non_default_vpc](https://github.com/intel/ansible-intel-aws-vm/tree/main/roles/amazon_linux_ec2_non_default_vpc) | 268 | | [gen_ai_demo](https://github.com/intel/ansible-intel-aws-vm/tree/main/roles/gen_ai_demo) | 269 | 270 | 271 | Requirements 272 | ------------ 273 | | Name | Version | 274 | |-------------------------------------------------------------------------------------|----------| 275 | | [Terraform](#requirement\_terraform) | =1.5.7 | 276 | | [AWS](#requirement\_aws) | ~> 4.36.0 | 277 | | [Random](#requirement\_random) | ~>3.4.3 | 278 | | [Ansible Core](#requirement\_ansible\_core) | ~>2.14.2 | 279 | | [Ansible](#requirement\_ansible) | ~>7.2.0-1 | 280 | | [boto3](#requirement\_boto3) | ~>1.29.0 | 281 | | [botocore](#requirement\_botocore) | ~>1.32.0 | 282 | | [cryptography](#requirement\_cryptography) | ~>41.0.5 | 283 | 284 | Note: 285 | 1. Install requirements using `requirements.txt` and `requirements.yml`, Use below command: 286 | ```bash 287 | pip3 install -r requirements.txt 288 | ansible-galaxy install -r requirements.yml 289 | ``` 290 | 2. Above role requires `Terraform` as we are executing terraform module [terraform-intel-aws-vm]() using Ansible module called [community.general.terraform]() 291 | 292 | 293 | ## Inputs 294 | 295 | | Name | Description | Type | Default | Required | 296 | |------|-------------|------|---------|:--------:| 297 | | [ami](#input\_ami) | ID of AMI to use for the instance | `string` | `null` | no | 298 | | [ami\_ssm\_parameter](#input\_ami\_ssm\_parameter) | SSM parameter name for the AMI ID. For Amazon Linux AMI SSM parameters see [reference](https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-public-parameters-ami.html). To find the latest Windows AMI using Systems Manager, use this [reference](https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/finding-an-ami.html#finding-an-ami-parameter-store) | `string` | `"/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2"` | no | 299 | | [associate\_public\_ip\_address](#input\_associate\_public\_ip\_address) | Whether to associate a public IP address with an instance in a VPC | `bool` | `null` | no | 300 | | [availability\_zone](#input\_availability\_zone) | AZ to start the instance in | `string` | `null` | no | 301 | | [capacity\_reservation\_specification](#input\_capacity\_reservation\_specification) | Describes an instance's Capacity Reservation targeting option | `any` | `{}` | no | 302 | | [cpu\_core\_count](#input\_cpu\_core\_count) | Sets the number of CPU cores for an instance. | `number` | `null` | no | 303 | | [cpu\_credits](#input\_cpu\_credits) | The credit option for CPU usage (unlimited or standard) | `string` | `null` | no | 304 | | [cpu\_threads\_per\_core](#input\_cpu\_threads\_per\_core) | Sets the number of CPU threads per core for an instance (has no effect unless cpu\_core\_count is also set). | `number` | `null` | no | 305 | | [create](#input\_create) | Whether to create an instance | `bool` | `true` | no | 306 | | [create\_iam\_instance\_profile](#input\_create\_iam\_instance\_profile) | Determines whether an IAM instance profile is created or to use an existing IAM instance profile | `bool` | `false` | no | 307 | | [create\_spot\_instance](#input\_create\_spot\_instance) | Depicts if the instance is a spot instance | `bool` | `false` | no | 308 | | [disable\_api\_stop](#input\_disable\_api\_stop) | If true, enables EC2 Instance Stop Protection. | `bool` | `null` | no | 309 | | [disable\_api\_termination](#input\_disable\_api\_termination) | If true, enables EC2 Instance Termination Protection | `bool` | `null` | no | 310 | | [ebs\_block\_device](#input\_ebs\_block\_device) | Additional EBS block devices to attach to the instance | `list(map(string))` | `[]` | no | 311 | | [ebs\_optimized](#input\_ebs\_optimized) | If true, the launched EC2 instance will be EBS-optimized | `bool` | `null` | no | 312 | | [enable\_volume\_tags](#input\_enable\_volume\_tags) | Whether to enable volume tags (if enabled it conflicts with root\_block\_device tags) | `bool` | `true` | no | 313 | | [enclave\_options\_enabled](#input\_enclave\_options\_enabled) | Whether Nitro Enclaves will be enabled on the instance. Defaults to `false` | `bool` | `null` | no | 314 | | [ephemeral\_block\_device](#input\_ephemeral\_block\_device) | Customize Ephemeral (also known as Instance Store) volumes on the instance | `list(map(string))` | `[]` | no | 315 | | [get\_password\_data](#input\_get\_password\_data) | If true, wait for password data to become available and retrieve it. | `bool` | `null` | no | 316 | | [hibernation](#input\_hibernation) | If true, the launched EC2 instance will support hibernation | `bool` | `null` | no | 317 | | [host\_id](#input\_host\_id) | ID of a dedicated host that the instance will be assigned to. Use when an instance is to be launched on a specific dedicated host | `string` | `null` | no | 318 | | [iam\_instance\_profile](#input\_iam\_instance\_profile) | IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile | `string` | `null` | no | 319 | | [iam\_role\_description](#input\_iam\_role\_description) | Description of the role | `string` | `null` | no | 320 | | [iam\_role\_name](#input\_iam\_role\_name) | Name to use on IAM role created | `string` | `null` | no | 321 | | [iam\_role\_path](#input\_iam\_role\_path) | IAM role path | `string` | `null` | no | 322 | | [iam\_role\_permissions\_boundary](#input\_iam\_role\_permissions\_boundary) | ARN of the policy that is used to set the permissions boundary for the IAM role | `string` | `null` | no | 323 | | [iam\_role\_policies](#input\_iam\_role\_policies) | Policies attached to the IAM role | `map(string)` | `{}` | no | 324 | | [iam\_role\_tags](#input\_iam\_role\_tags) | A map of additional tags to add to the IAM role/profile created | `map(string)` | `{}` | no | 325 | | [iam\_role\_use\_name\_prefix](#input\_iam\_role\_use\_name\_prefix) | Determines whether the IAM role name (`iam_role_name` or `name`) is used as a prefix | `bool` | `true` | no | 326 | | [instance\_initiated\_shutdown\_behavior](#input\_instance\_initiated\_shutdown\_behavior) | Shutdown behavior for the instance. Amazon defaults this to stop for EBS-backed instances and terminate for instance-store instances. Cannot be set on instance-store instance | `string` | `null` | no | 327 | | [instance\_type](#input\_instance\_type) | Instance SKU, see comments above for guidance | `string` | `"m7i.large"` | no | 328 | | [ipv6\_address\_count](#input\_ipv6\_address\_count) | A number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet | `number` | `null` | no | 329 | | [ipv6\_addresses](#input\_ipv6\_addresses) | Specify one or more IPv6 addresses from the range of the subnet to associate with the primary network interface | `list(string)` | `null` | no | 330 | | [key\_name](#input\_key\_name) | Key name of the Key Pair to use for the instance; which can be managed using the `aws_key_pair` resource | `string` | `null` | no | 331 | | [launch\_template](#input\_launch\_template) | Specifies a Launch Template to configure the instance. Parameters configured on this resource will override the corresponding parameters in the Launch Template | `map(string)` | `null` | no | 332 | | [metadata\_options](#input\_metadata\_options) | Customize the metadata options of the instance | `map(string)` | `{}` | no | 333 | | [monitoring](#input\_monitoring) | If true, the launched EC2 instance will have detailed monitoring enabled | `bool` | `false` | no | 334 | | [name](#input\_name) | Name to be used on EC2 instance created | `string` | `""` | no | 335 | | [network\_interface](#input\_network\_interface) | Customize network interfaces to be attached at instance boot time | `list(map(string))` | `[]` | no | 336 | | [placement\_group](#input\_placement\_group) | The Placement Group to start the instance in | `string` | `null` | no | 337 | | [private\_ip](#input\_private\_ip) | Private IP address to associate with the instance in a VPC | `string` | `null` | no | 338 | | [root\_block\_device](#input\_root\_block\_device) | Customize details about the root block device of the instance. See Block Devices below for details | `list(any)` | `[]` | no | 339 | | [secondary\_private\_ips](#input\_secondary\_private\_ips) | A list of secondary private IPv4 addresses to assign to the instance's primary network interface (eth0) in a VPC. Can only be assigned to the primary network interface (eth0) attached at instance creation, not a pre-existing network interface i.e. referenced in a `network_interface block` | `list(string)` | `null` | no | 340 | | [source\_dest\_check](#input\_source\_dest\_check) | Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. | `bool` | `true` | no | 341 | | [spot\_block\_duration\_minutes](#input\_spot\_block\_duration\_minutes) | The required duration for the Spot instances, in minutes. This value must be a multiple of 60 (60, 120, 180, 240, 300, or 360) | `number` | `null` | no | 342 | | [spot\_instance\_interruption\_behavior](#input\_spot\_instance\_interruption\_behavior) | Indicates Spot instance behavior when it is interrupted. Valid values are `terminate`, `stop`, or `hibernate` | `string` | `"terminate"` | no | 343 | | [spot\_instance\_type](#input\_spot\_instance\_type) | If set to one-time, after the instance is terminated, the spot request will be closed. Default `persistent` | `string` | `"one-time"` | no | 344 | | [spot\_launch\_group](#input\_spot\_launch\_group) | A launch group is a group of spot instances that launch together and terminate together. If left empty instances are launched and terminated individually | `string` | `null` | no | 345 | | [spot\_price](#input\_spot\_price) | The maximum price to request on the spot market. Defaults to on-demand price | `string` | `null` | no | 346 | | [spot\_valid\_from](#input\_spot\_valid\_from) | The start date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ) | `string` | `null` | no | 347 | | [spot\_valid\_until](#input\_spot\_valid\_until) | The end date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ) | `string` | `null` | no | 348 | | [spot\_wait\_for\_fulfillment](#input\_spot\_wait\_for\_fulfillment) | If set, Terraform will wait for the Spot Request to be fulfilled, and will throw an error if the timeout of 10m is reached | `bool` | `null` | no | 349 | | [subnet\_id](#input\_subnet\_id) | The VPC Subnet ID to launch in | `string` | `null` | no | 350 | | [tags](#input\_tags) | A mapping of tags to assign to the resource | `map(string)` | `{}` | no | 351 | | [tenancy](#input\_tenancy) | The tenancy of the instance (if the instance is running in a VPC). Available values: default, dedicated, host. | `string` | `null` | no | 352 | | [timeouts](#input\_timeouts) | Define maximum timeout for creating, updating, and deleting EC2 instance resources | `map(string)` | `{}` | no | 353 | | [user\_data](#input\_user\_data) | The user data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see user\_data\_base64 instead. | `string` | `null` | no | 354 | | [user\_data\_base64](#input\_user\_data\_base64) | Can be used instead of user\_data to pass base64-encoded binary data directly. Use this instead of user\_data whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption. | `string` | `null` | no | 355 | | [user\_data\_replace\_on\_change](#input\_user\_data\_replace\_on\_change) | When used in combination with user\_data or user\_data\_base64 will trigger a destroy and recreate when set to true. Defaults to false if not set. | `bool` | `false` | no | 356 | | [volume\_tags](#input\_volume\_tags) | A mapping of tags to assign to the devices created by the instance at launch time | `map(string)` | `{}` | no | 357 | | [vpc\_security\_group\_ids](#input\_vpc\_security\_group\_ids) | A list of security group IDs to associate with | `list(string)` | `null` | no | 358 | 359 | ## Outputs 360 | 361 | | Name | Description | 362 | |------|-------------| 363 | | [arn](#output\_arn) | The ARN of the instance | 364 | | [capacity\_reservation\_specification](#output\_capacity\_reservation\_specification) | Capacity reservation specification of the instance | 365 | | [iam\_instance\_profile\_arn](#output\_iam\_instance\_profile\_arn) | ARN assigned by AWS to the instance profile | 366 | | [iam\_instance\_profile\_id](#output\_iam\_instance\_profile\_id) | Instance profile's ID | 367 | | [iam\_instance\_profile\_unique](#output\_iam\_instance\_profile\_unique) | Stable and unique string identifying the IAM instance profile | 368 | | [iam\_role\_arn](#output\_iam\_role\_arn) | The Amazon Resource Name (ARN) specifying the IAM role | 369 | | [iam\_role\_name](#output\_iam\_role\_name) | The name of the IAM role | 370 | | [iam\_role\_unique\_id](#output\_iam\_role\_unique\_id) | Stable and unique string identifying the IAM role | 371 | | [id](#output\_id) | The ID of the instance | 372 | | [instance\_state](#output\_instance\_state) | The state of the instance. One of: `pending`, `running`, `shutting-down`, `terminated`, `stopping`, `stopped` | 373 | | [ipv6\_addresses](#output\_ipv6\_addresses) | The IPv6 address assigned to the instance, if applicable. | 374 | | [outpost\_arn](#output\_outpost\_arn) | The ARN of the Outpost the instance is assigned to | 375 | | [password\_data](#output\_password\_data) | Base-64 encoded encrypted password data for the instance. Useful for getting the administrator password for instances running Microsoft Windows. This attribute is only exported if `get_password_data` is true | 376 | | [primary\_network\_interface\_id](#output\_primary\_network\_interface\_id) | The ID of the instance's primary network interface | 377 | | [private\_dns](#output\_private\_dns) | The private DNS name assigned to the instance. Can only be used inside the Amazon EC2, and only available if you've enabled DNS hostnames for your VPC | 378 | | [private\_ip](#output\_private\_ip) | The private IP address assigned to the instance. | 379 | | [public\_dns](#output\_public\_dns) | The public DNS name assigned to the instance. For EC2-VPC, this is only available if you've enabled DNS hostnames for your VPC | 380 | | [public\_ip](#output\_public\_ip) | The public IP address assigned to the instance, if applicable. NOTE: If you are using an aws\_eip with your instance, you should refer to the EIP's address directly and not use `public_ip` as this field will change after the EIP is attached | 381 | | [spot\_bid\_status](#output\_spot\_bid\_status) | The current bid status of the Spot Instance Request | 382 | | [spot\_instance\_id](#output\_spot\_instance\_id) | The Instance ID (if any) that is currently fulfilling the Spot Instance request | 383 | | [spot\_request\_state](#output\_spot\_request\_state) | The current request state of the Spot Instance Request | 384 | | [tags\_all](#output\_tags\_all) | A map of tags assigned to the resource, including those inherited from the provider default\_tags configuration block | 385 | 386 | --------------------------------------------------------------------------------