Terraform module which creates an EC2 instance on AWS.
The MIT License (MIT)
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
Source: <https://opensource.org/licenses/MIT>
See LICENSE for full details.
| Name | Version |
|---|---|
| terraform | >= 1.0 |
| aws | ~> 5.0 |
No modules.
| Name | Type |
|---|---|
| aws_eip_association.this | resource |
| aws_instance.this | resource |
| aws_volume_attachment.this | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| ami | ID of AMI to use for the instance. | string |
null |
no |
| assign_eip_address | Assign an Elastic IP address to the instance. NOTE: elastic ip must already exist. | bool |
false |
no |
| associate_public_ip_address | Whether to associate a public IP address with an instance in a VPC. | bool |
null |
no |
| attach_ebs_volumes | Additional existing EBS block devices to connect to the instance. | list(any) |
[] |
no |
| availability_zone | AZ to start the instance in. | string |
null |
no |
| cpu_credits | The credit option for CPU usage. Available options: unlimited or standard. |
string |
null |
no |
| disable_api_stop | If true, enables EC2 Instance Stop Protection. | bool |
null |
no |
| disable_api_termination | If true, enables EC2 Instance Termination Protection. | bool |
null |
no |
| ebs_block_device | Additional EBS block devices to attach to the instance. | list(any) |
[] |
no |
| ebs_optimized | If true, the launched EC2 instance will be EBS-optimized. | bool |
null |
no |
| eip_adress_allocation_id | ID for existing Elastic IP. Allowed only when assign_eip_address is set to true. |
string |
null |
no |
| enable_volume_tags | Whether to enable volume tags (if enabled it conflicts with root_block_device tags). |
bool |
true |
no |
| enclave_options_enabled | Whether Nitro Enclaves will be enabled on the instance. Defaults to false. |
bool |
null |
no |
| ephemeral_block_device | Customize Ephemeral (also known as Instance Store) volumes on the instance. | list(map(string)) |
[] |
no |
| get_password_data | If true, wait for password data to become available and retrieve it. | bool |
null |
no |
| hibernation | If true, the launched EC2 instance will support hibernation. | bool |
null |
no |
| host_id | ID of a dedicated host that the instance will be assigned to. Use when an instance is to be launched on a specific dedicated host. | string |
null |
no |
| iam_instance_profile | IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile. | string |
null |
no |
| instance_initiated_shutdown_behavior | Shutdown behavior for the instance. Amazon defaults this to stop for EBS-backed instances and terminate for instance-store instances. Cannot be set on instance-store instance. Please visit https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#Using_ChangingInstanceInitiatedShutdownBehavior. |
string |
null |
no |
| instance_tags | Additional tags for the instance. | map(string) |
{} |
no |
| instance_type | The type of instance to start. | string |
"t3.micro" |
no |
| ipv6_address_count | A number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet. | number |
null |
no |
| ipv6_addresses | Specify one or more IPv6 addresses from the range of the subnet to associate with the primary network interface. | list(string) |
null |
no |
| key_name | Key name of the Key Pair to use for the instance; which can be managed using the aws_key_pair resource. |
string |
null |
no |
| launch_template | Specifies a Launch Template to configure the instance. Parameters configured on this resource will override the corresponding parameters in the Launch Template. | map(string) |
{} |
no |
| maintenance_options | The maintenance options for the instance. | any |
{} |
no |
| metadata_options | Customize the metadata options of the instance. | map(string) |
{ |
no |
| monitoring | If true, the launched EC2 instance will have detailed monitoring enabled. | bool |
null |
no |
| name | Name to be used on EC2 instance created. | string |
"" |
no |
| network_interface | Customize network interfaces to be attached at instance boot time. | list(map(string)) |
[] |
no |
| placement_group | The Placement Group to start the instance in. | string |
null |
no |
| private_ip | Private IP address to associate with the instance in a VPC. | string |
null |
no |
| root_block_device | Customize details about the root block device of the instance. See Block Devices below for details. | list(any) |
[] |
no |
| secondary_private_ips | A list of secondary private IPv4 addresses to assign to the instance's primary network interface (eth0) in a VPC. Can only be assigned to the primary network interface (eth0) attached at instance creation, not a pre-existing network interface i.e. referenced in a network_interface block. |
list(string) |
null |
no |
| source_dest_check | Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. | bool |
null |
no |
| subnet_id | The VPC Subnet ID to launch in. | string |
null |
no |
| tags | A mapping of tags to assign to the resource. | map(string) |
{} |
no |
| tenancy | The tenancy of the instance (if the instance is running in a VPC). Available values: default, dedicated, host |
string |
null |
no |
| timeouts | Define maximum timeout for creating, updating, and deleting EC2 instance resources. | map(string) |
{} |
no |
| user_data | The user data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see user_data_base64 instead. |
string |
null |
no |
| user_data_base64 | Can be used instead of user_data to pass base64-encoded binary data directly. Use this instead of user_data whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption. |
string |
null |
no |
| user_data_replace_on_change | When used in combination with user_data or user_data_base64 will trigger a destroy and recreate when set to true.Defaults to false if not set. |
bool |
null |
no |
| volume_tags | A mapping of tags to assign to the devices created by the instance at launch time. | map(string) |
{} |
no |
| vpc_security_group_ids | A list of security group IDs to associate with. | list(string) |
null |
no |
| Name | Description |
|---|---|
| ami | AMI ID that was used to create the instance. |
| arn | The ARN of the instance. |
| availability_zone | The availability zone of the created instance. |
| id | The ID of the instance. |
| ipv6_addresses | The IPv6 address assigned to the instance, if applicable. |
| primary_network_interface_id | The ID of the instance's primary network interface. |
| private_dns | The private DNS name assigned to the instance. Can only be used inside the Amazon EC2, and only available if you've enabled DNS hostnames for your VPC. |
| private_ip | The private IP address assigned to the instance. |
| public_dns | The public DNS name assigned to the instance. For EC2-VPC, this is only available if you've enabled DNS hostnames for your VPC. |
| public_ip | The public IP address assigned to the instance, if applicable. NOTE: If you are using an aws_eip with your instance, you should refer to the EIP's address directly and not use public_ip as this field will change after the EIP is attached. |
| root_block_device | Root block device information. |
data "aws_availability_zones" "available" {}
locals {
vpc_cidr = "10.0.0.0/16"
azs = slice(data.aws_availability_zones.available.names, 0, 3)
instance_type = "t3.micro"
ami_id = "ami-0f845a2bba44d24b2"
}
module "app_prod_bastion_label" {
source = "cloudposse/label/null"
version = "v0.25.0"
namespace = "app"
stage = "prod"
name = "bastion"
attributes = ["public"]
delimiter = "-"
tags = {
"BusinessUnit" = "XYZ",
"Snapshot" = "true"
}
}
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "v5.1.2"
name = join(module.app_prod_bastion_label.delimiter, [module.app_prod_bastion_label.stage, module.app_prod_bastion_label.name, var.name, "vpc"])
cidr = local.vpc_cidr
azs = local.azs
private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)]
tags = module.app_prod_bastion_label.tags
}
module "security_group" {
source = "terraform-aws-modules/security-group/aws"
version = "~> 4.0"
name = join(module.app_prod_bastion_label.delimiter, [module.app_prod_bastion_label.stage, module.app_prod_bastion_label.name, var.name, "sg"])
description = "Security group for example usage with EC2 instance"
vpc_id = module.vpc.vpc_id
ingress_cidr_blocks = ["0.0.0.0/0"]
ingress_rules = ["http-80-tcp", "all-icmp"]
egress_rules = ["all-all"]
tags = module.app_prod_bastion_label.tags
}
module "ec2_instance" {
source = "../../"
name = join(module.app_prod_bastion_label.delimiter, [module.app_prod_bastion_label.stage, module.app_prod_bastion_label.name, var.name])
ami = local.ami_id
instance_type = local.instance_type
subnet_id = element(module.vpc.private_subnets, 0)
vpc_security_group_ids = [module.security_group.security_group_id]
associate_public_ip_address = true
enable_volume_tags = false
root_block_device = [
{
encrypted = true
volume_type = "gp3"
throughput = 200
volume_size = 50
tags = {
Name = "my-root-block"
}
},
]
ebs_block_device = [
{
device_name = "/dev/sdf"
volume_type = "gp3"
volume_size = 5
throughput = 200
encrypted = false
tags = {
MountPoint = "/mnt/data"
}
}
]
tags = module.app_prod_bastion_label.tags
}