y0zg / terraform-aws-session-manager

Terraform module which creates Session Manager resources on AWS.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool


Terraform Actions Status Markdown Actions Status YAML Actions Status JSON Actions Status GitHub tag License

Terraform module which creates Session Manager resources on AWS.


Provision SSM Documents, EC2 Instances and Instance Profiles for Session Manager.

This module provides recommended settings:

  • No open inbound ports
  • Loggable session activity



module "session_manager" {
  source        = "git::https://github.com/tmknom/terraform-aws-session-manager.git?ref=tags/2.0.0"
  name          = "example"
  instance_type = "t2.micro"
  subnet_id     = var.subnet_id
  vpc_id        = var.vpc_id


module "session_manager" {
  source        = "git::https://github.com/tmknom/terraform-aws-session-manager.git?ref=tags/2.0.0"
  name          = "example"
  instance_type = "t2.micro"
  subnet_id     = var.subnet_id
  vpc_id        = var.vpc_id

  ssm_document_name             = "SSM-SessionManagerRunShell-for-example"
  s3_bucket_name                = var.s3_bucket_name
  s3_key_prefix                 = "prefix"
  s3_encryption_enabled         = false
  cloudwatch_log_group_name     = var.cloudwatch_log_group_name
  cloudwatch_encryption_enabled = false
  ami                           = var.ami
  vpc_security_group_ids        = var.vpc_security_group_ids
  iam_policy                    = var.iam_policy
  iam_path                      = "/service-role/"
  description                   = "This is example"

  tags = {
    Environment = "prod"



Name Version
terraform >= 0.12


Name Version
aws n/a


Name Description Type Default Required
instance_type The type of instance to start. string n/a yes
name The name of the Session Manager. string n/a yes
subnet_id The VPC Subnet ID to launch in. string n/a yes
vpc_id The VPC ID. string n/a yes
ami The AMI to use for the instance. string "" no
cloudwatch_encryption_enabled Specify true to indicate that encryption for CloudWatch Logs enabled. bool true no
cloudwatch_log_group_name The name of the log group. string "" no
description The description of the all resources. string "Managed by Terraform" no
iam_path Path in which to create the IAM Role and the IAM Policy. string "/" no
iam_policy The policy document. This is a JSON formatted string. string "" no
s3_bucket_name The name of the bucket. string "" no
s3_encryption_enabled Specify true to indicate that encryption for S3 Bucket enabled. bool true no
s3_key_prefix The prefix for the specified S3 bucket. string "" no
ssm_document_name The name of the document. string "SSM-SessionManagerRunShell" no
tags A mapping of tags to assign to all resources. map(string) {} no
user_data The user data to provide when launching the instance. string "" no
vpc_security_group_ids A list of security group IDs to associate with. list(string) [] no


Name Description
iam_instance_profile_arn The ARN assigned by AWS to the instance profile.
iam_instance_profile_create_date The creation timestamp of the instance profile.
iam_instance_profile_id The instance profile's ID.
iam_instance_profile_name The instance profile's name.
iam_instance_profile_path The path of the instance profile in IAM.
iam_instance_profile_role The role assigned to the instance profile.
iam_instance_profile_unique_id The unique ID assigned by AWS.
iam_policy_arn The ARN assigned by AWS to this IAM Policy.
iam_policy_description The description of the IAM Policy.
iam_policy_document The policy document of the IAM Policy.
iam_policy_id The IAM Policy's ID.
iam_policy_name The name of the IAM Policy.
iam_policy_path The path of the IAM Policy.
iam_role_arn The Amazon Resource Name (ARN) specifying the IAM Role.
iam_role_create_date The creation date of the IAM Role.
iam_role_description The description of the IAM Role.
iam_role_name The name of the IAM Role.
iam_role_unique_id The stable and unique string identifying the IAM Role.
instance_arn The ARN of the instance.
instance_availability_zone The availability zone of the instance.
instance_id The instance ID.
instance_key_name The key name of the instance.
instance_placement_group The placement group of the instance.
instance_primary_network_interface_id The ID of the instance's primary network interface.
instance_private_dns The private DNS name assigned to the instance.
instance_private_ip The private IP address assigned to the instance.
instance_security_groups The associated security groups.
instance_subnet_id The VPC subnet ID.
security_group_arn The ARN of the security group.
security_group_description The description of the security group.
security_group_egress The egress rules of the security group.
security_group_id The ID of the security group.
security_group_ingress The ingress rules of the security group.
security_group_name The name of the security group.
security_group_owner_id The owner ID of the security group.
security_group_vpc_id The VPC ID of the security group.
ssm_document_default_version The default version of the document.
ssm_document_description The description of the document.
ssm_document_hash The sha1 or sha256 of the document content.
ssm_document_hash_type The hashing algorithm used when hashing the content.
ssm_document_latest_version The latest version of the document.
ssm_document_owner The AWS user account of the person who created the document.
ssm_document_parameter The parameters that are available to this document.
ssm_document_platform_types A list of OS platforms compatible with this SSM document.
ssm_document_schema_version The schema version of the document.
ssm_document_status The current status of the document.


Development Requirements

Configure environment variables

export AWS_DEFAULT_REGION=ap-northeast-1


git clone git@github.com:tmknom/terraform-aws-session-manager.git
cd terraform-aws-session-manager
make install

Makefile targets

apply-complete                 Run terraform apply examples/complete
apply-minimal                  Run terraform apply examples/minimal
check-format                   Check format code
clean                          Clean .terraform
destroy-complete               Run terraform destroy examples/complete
destroy-minimal                Run terraform destroy examples/minimal
diff                           Word diff
docs                           Generate docs
format                         Format code
help                           Show help
install                        Install requirements
lint                           Lint code
plan-complete                  Run terraform plan examples/complete
plan-minimal                   Run terraform plan examples/minimal
release                        Release GitHub and Terraform Module Registry
start-session                  Start session to example
upgrade                        Upgrade makefile

Releasing new versions

Bump VERSION file, and run make release.

Terraform Module Registry


Apache 2 Licensed. See LICENSE for full details.


Terraform module which creates Session Manager resources on AWS.

License:Apache License 2.0


Language:HCL 89.8%Language:Makefile 10.2%