cmd-tf-aws-ec2
Summary
This module is used to build pet EC2 instances. It currently supports the following features:
- EC2 instance creation
- Create/Attach a Security Group
- Create/Attach an IAM Role (Only simple Action/Resource based policies are supported by Create. If you need more advanced features like Conditions you can create the role externally and attach it to the instance)
- Create/Attach an Elastic IP
- Create/Attach an EC2 KeyPair (Private Key is stored in SSM)
- AutoRecovery Cloudwatch Alarms with SNS support
- Tags
Additional EBS Volumes
To attach additional EBS volumes the ebs_block_devices
variable is used. It uses a custom object syntax which cannot be enforced by object() due to it having optional parameters.
The following parameters are supported:
- device_name (Required)
- type (Optional)
- size (Optional)
- encrypted (Optional)
- iops (Optional)
- snapshot_id (Optional)
- kms_key_id (Optional)
ebs_block_devices = [
{
device_name = "/dev/sdf"
type = "gp2"
size = 5
encrypted = true
},
{
device_name = "/dev/sdg"
type = "gp2"
size = 10
encrypted = true
}
]
Tags
There are 3 ways to apply tags with this module. This is primarily to allow the different use cases of AWS Backup.
The tags merge in the following order. The right most value is what is used when a duplicate key is defined at multiple levels
tags <- instance/volume_tags <- instance_name
tags
is used when you dont need to set specific backup tags on the instance/ebs volumes. It applies to all resources created by the module.
volume_tags
is use to apply specific tags only to the ebs volumes. Useful if you are using AWS Backup with EBS snapshots
instance_tags
is used to apply specific tags only to the ec2 instance. Useful if you are using AWS Backup with EC2 AMI backups.
Requirements
The following requirements are needed by this module:
-
terraform (>= 0.12.6)
-
aws (>= 3.24.0)
Providers
The following providers are used by this module:
-
aws (>= 3.24.0)
-
tls
Required Inputs
The following input variables are required:
ami_id
Description: EC2 ami id to create the instance from
Type: string
instance_name
Description: EC2 instance name
Type: string
subnet_id
Description: Subnet ID to deploy the instance to
Type: string
vpc_id
Description: VPC ID to deploy the instance to
Type: string
Optional Inputs
The following input variables are optional (have default values):
additional_security_group_ids
Description: List of additional security groups to attach to the EC2 instance
Type: list(string)
Default: []
associate_public_ip_address
Description: Associate a public ip address with the instance
Type: bool
Default: false
attached_iam_role_name
Description: Existing IAM role name to attach. Ensure you set create_iam_role to false if you are using this.
Type: string
Default: ""
cloudwatch_sns_topic_arn
Description: ARN of the SNS topic that will recieve Cloudwatch alarm notifications
Type: string
Default: ""
create_eip
Description: Create an Elastic IP for the instance. If you want to attach an existing EIP use eip_allocation_id instead.
Type: bool
Default: false
create_iam_role
Description: Create an IAM role and attach it to the instance
Type: bool
Default: false
create_instance_profile
Description: Create an IAM instance profile
Type: bool
Default: true
create_keypair
Description: Create an EC2 keypair for the instance. The private key will be uploaded to SSM Parameter Store as an SecureString. Be aware that using this option will result in the private key being stored in the Terraform statefile which may not be appropriate in all organisations.
Type: bool
Default: false
create_security_group
Description: Create a security group with the instance and apply the rules from ingress/egress_security_group_rules
Type: bool
Default: true
custom_iam_role_name
Description: Override the autogenerated IAM role name
Type: string
Default: ""
custom_instance_profile_name
Description: Override the autogenerated instance profile name
Type: string
Default: ""
custom_security_group_name
Description: Override the autogenerated security group name
Type: string
Default: ""
ebs_block_devices
Description: Additional EBS block device configuration. See https://www.terraform.io/docs/providers/aws/r/instance.html#block-devices
Type: list(map(string))
Default: []
ebs_optimized
Description: Enable EBS Optimization
Type: bool
Default: false
egress_security_group_rules
Description: List of maps of egress aws_security_group_rules(excluding type) to attach to the created security group. See https://www.terraform.io/docs/providers/aws/r/security_group_rule.html
Type: any
Default:
[
{
"cidr_blocks": [
"0.0.0.0/0"
],
"from_port": 0,
"protocol": "-1",
"to_port": 0
}
]
eip_allocation_id
Description: Allocation ID for an existing EIP
Type: string
Default: ""
enable_detailed_monitoring
Description: Enable EC2 detailed monitoring. Additional costs apply
Type: bool
Default: false
enable_ec2_autorecovery
Description: Automatically create Cloudwatch alarms that will recover/reboot the instnace on status check failure
Type: bool
Default: true
enable_source_dest_check
Description: Enable Source/Destination check
Type: bool
Default: true
enable_termination_protection
Description: Enable termination protection to prevent the EC2 instance from being destroyed
Type: bool
Default: false
iam_policy
Description: List of iam statements to attach to the created IAM role
Type: any
Default: []
iam_policy_attachment
Description: List of existing iam policies to attach to the created IAM role
Type: list(string)
Default: []
ingress_security_group_rules
Description: List of maps of ingress aws_security_group_rule(excluding type) to attach to the created security group. See https://www.terraform.io/docs/providers/aws/r/security_group_rule.html
Type: any
Default: []
instance_tags
Description: Map of tags to apply to the ec2 instance
Type: map(string)
Default: {}
instance_type
Description: EC2 instance type to use
Type: string
Default: "t3.medium"
keypair_name
Description: The name of an existing keypair
Type: string
Default: ""
metadata_options
Description: Metadata Options. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#metadata-options
Type: map(string)
Default: {}
network_interfaces
Description: Custom network interface configuration. See https://www.terraform.io/docs/providers/aws/r/instance.html#network-interfaces
Type: list(map(string))
Default: []
private_ip
Description: Specify the IP of the private interface rather than relying on DHCP
Type: string
Default: ""
root_block_device
Description: Root block device configuration. See https://www.terraform.io/docs/providers/aws/r/instance.html#block-devices
Type: map(string)
Default: {}
tags
Description: Map of tags to apply to all created resources
Type: map(string)
Default: {}
user_data
Description: Userdata for the EC2 instance to run on startup
Type: string
Default: ""
volume_tags
Description: Map of tags to apply to ebs volumes
Type: map(string)
Default: {}
Outputs
The following outputs are exported:
instance_id
Description: n/a