Skip to content
This repository has been archived by the owner on Jun 10, 2024. It is now read-only.

cmdlabs/cmd-tf-aws-ec2

BranchesTags

Repository files navigation

cmd-tf-aws-ec2

Summary

This module is used to build pet EC2 instances. It currently supports the following features:

  • EC2 instance creation
  • Create/Attach a Security Group
  • Create/Attach an IAM Role (Only simple Action/Resource based policies are supported by Create. If you need more advanced features like Conditions you can create the role externally and attach it to the instance)
  • Create/Attach an Elastic IP
  • Create/Attach an EC2 KeyPair (Private Key is stored in SSM Paramater Store)
  • AutoRecovery Cloudwatch Alarms with SNS support
  • Tags

Additional EBS Volumes

To attach additional EBS volumes the ebs_block_devices variable is used. It uses a custom object syntax which cannot be enforced by object() due to it having optional parameters.

The following parameters are supported:

  • device_name (Required)
  • type (Optional)
  • size (Optional)
  • encrypted (Optional)
  • iops (Optional)
  • snapshot_id (Optional)
  • kms_key_id (Optional)
ebs_block_devices = [
  {
     device_name = "/dev/sdf"
     type        = "gp3"
     size        = 5
     encrypted   = true
   },
   {
     device_name = "/dev/sdg"
     type        = "gp3"
     size        = 10
     encrypted   = true
   }
]

Tags

There are 3 ways to apply tags with this module. This is primarily to allow the different use cases of AWS Backup.

The tags merge in the following order. The right most value is what is used when a duplicate key is defined at multiple levels tags <- instance/volume_tags <- instance_name

tags is used when you dont need to set specific backup tags on the instance/ebs volumes. It applies to all resources created by the module.

volume_tags is use to apply specific tags only to the ebs volumes. Useful if you are using AWS Backup with EBS snapshots

instance_tags is used to apply specific tags only to the ec2 instance. Useful if you are using AWS Backup with EC2 AMI backups.

Requirements

The following requirements are needed by this module:

  • terraform (>= 1.3.0)

  • aws (>= 3.75.0)

Providers

The following providers are used by this module:

  • aws (>= 3.75.0)

  • tls (>= 3.4.0)

Required Inputs

The following input variables are required:

ami_id

Description: EC2 ami id to create the instance from

Type: string

instance_name

Description: EC2 instance name

Type: string

subnet_id

Description: Subnet ID to deploy the instance to

Type: string

vpc_id

Description: VPC ID to deploy the instance to

Type: string

Optional Inputs

The following input variables are optional (have default values):

additional_security_group_ids

Description: List of additional security groups to attach to the EC2 instance

Type: list(string)

Default: []

associate_public_ip_address

Description: Associate a public ip address with the instance

Type: bool

Default: false

attached_iam_role_name

Description: Existing IAM role name to attach. Ensure you set create_iam_role to false if you are using this.

Type: string

Default: ""

cloudwatch_sns_topic_arn

Description: ARN of the SNS topic that will recieve Cloudwatch alarm notifications

Type: string

Default: ""

create_eip

Description: Create an Elastic IP for the instance. If you want to attach an existing EIP use eip_allocation_id instead.

Type: bool

Default: false

create_iam_role

Description: Create an IAM role and attach it to the instance

Type: bool

Default: false

create_instance_profile

Description: Create an IAM instance profile

Type: bool

Default: true

create_keypair

Description: Create an EC2 keypair for the instance. The private key will be uploaded to SSM Parameter Store as an SecureString. Be aware that using this option will result in the private key being stored in the Terraform statefile which may not be appropriate in all organisations.

Type: bool

Default: false

create_security_group

Description: Create a security group with the instance and apply the rules from ingress/egress_security_group_rules

Type: bool

Default: true

custom_iam_role_name

Description: Override the autogenerated IAM role name

Type: string

Default: ""

custom_instance_profile_name

Description: Override the autogenerated instance profile name

Type: string

Default: ""

custom_security_group_name

Description: Override the autogenerated security group name

Type: string

Default: ""

ebs_block_devices

Description: Additional EBS block device configuration. See https://www.terraform.io/docs/providers/aws/r/instance.html#block-devices

Type: list(map(string))

Default: []

ebs_optimized

Description: Enable EBS Optimization

Type: bool

Default: false

egress_security_group_rules

Description: List of maps of egress aws_security_group_rules(excluding type) to attach to the created security group. See https://www.terraform.io/docs/providers/aws/r/security_group_rule.html

Type: any

Default:

[
  {
    "cidr_blocks": [
      "0.0.0.0/0"
    ],
    "from_port": 0,
    "protocol": "-1",
    "to_port": 0
  }
]

eip_allocation_id

Description: Allocation ID for an existing EIP

Type: string

Default: ""

enable_detailed_monitoring

Description: Enable EC2 detailed monitoring. Additional costs apply

Type: bool

Default: false

enable_ec2_autorecovery

Description: Automatically create Cloudwatch alarms that will recover/reboot the instnace on status check failure

Type: bool

Default: true

enable_source_dest_check

Description: Enable Source/Destination check

Type: bool

Default: true

enable_termination_protection

Description: Enable termination protection to prevent the EC2 instance from being destroyed

Type: bool

Default: false

iam_policy

Description: List of iam statements to attach to the created IAM role

Type: any

Default: []

iam_policy_attachment

Description: List of existing iam policies to attach to the created IAM role

Type: list(string)

Default: []

ingress_security_group_rules

Description: List of maps of ingress aws_security_group_rule(excluding type) to attach to the created security group. See https://www.terraform.io/docs/providers/aws/r/security_group_rule.html

Type: any

Default: []

instance_tags

Description: Map of tags to apply to the ec2 instance

Type: map(string)

Default: {}

instance_type

Description: EC2 instance type to use

Type: string

Default: "t3.medium"

keypair_name

Description: The name of an existing keypair

Type: string

Default: ""

metadata_options

Description: Metadata Options. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#metadata-options

Type: map(string)

Default: {}

network_interfaces

Description: Custom network interface configuration. See https://www.terraform.io/docs/providers/aws/r/instance.html#network-interfaces

Type: list(map(string))

Default: []

private_ip

Description: Specify the IP of the private interface rather than relying on DHCP

Type: string

Default: ""

root_block_device

Description: Root block device configuration. See https://www.terraform.io/docs/providers/aws/r/instance.html#block-devices

Type: map(string)

Default: {}

tags

Description: Map of tags to apply to all created resources

Type: map(string)

Default: {}

user_data

Description: Userdata for the EC2 instance to run on startup

Type: string

Default: ""

volume_tags

Description: Map of tags to apply to ebs volumes

Type: map(string)

Default: {}

Outputs

The following outputs are exported:

instance_id

Description: n/a

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

4 watching

Forks

2 forks
Report repository

Releases

12 tags

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages