Skip to content

AWS EC2 Autorecover Terraform module for Rackspace customers

License

Notifications You must be signed in to change notification settings

rackspace-infrastructure-automation/aws-terraform-ec2_autorecovery

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

aws-terraform-ec2_autorecovery

This module creates one or more autorecovery instances.

Basic Usage

module "ar" {
  source = "git@github.com:rackspace-infrastructure-automation/aws-terraform-ec2_autorecovery//?ref=v0.12.18"

  ec2_os          = "amazon2"
  subnets         = module.vpc.private_subnets
  name            = "my_ar_instance"
  security_groups = [module.sg.private_web_security_group_id]
}

Full working references are available at examples Note When using an existing EBS snapshot you can not use the encryption variable. The encryption must be set at the snapshot level._

Other TF Modules Used

Using aws-terraform-cloudwatch_alarm to create the following CloudWatch Alarms:

  • status_check_failed_system_alarm_ticket
  • status_check_failed_instance_alarm_reboot
  • status_check_failed_system_alarm_recover
  • status_check_failed_instance_alarm_ticket
  • cpu_alarm_high

Terraform 0.12 upgrade

Several changes were required while adding terraform 0.12 compatibility. The following changes should
made when upgrading from a previous release to version 0.12.0 or higher.

Module variables

The following module variables were updated to better meet current Rackspace style guides:

  • security_group_list -> security_groups
  • resource_name -> name
  • additional_tags -> tags

The following variables are no longer neccessary and were removed

  • additional_ssm_bootstrap_step_count
  • install_scaleft_agent

New variable ssm_bootstrap_list was added to allow setting the SSM association steps using objects instead of strings, allowing easier linting and formatting of these lines. The additional_ssm_bootstrap_list variable will continue to work, but will be deprecated in a future release.

Requirements

Name Version
terraform >= 1.0.0

Providers

Name Version
aws n/a

Modules

Name Source Version
cpu_alarm_high git@github.com:rackspace-infrastructure-automation/aws-terraform-cloudwatch_alarm//?ref=v0.12.6
status_check_failed_instance_alarm_ticket git@github.com:rackspace-infrastructure-automation/aws-terraform-cloudwatch_alarm//?ref=v0.12.6
status_check_failed_system_alarm_ticket git@github.com:rackspace-infrastructure-automation/aws-terraform-cloudwatch_alarm//?ref=v0.12.6

Resources

Name
aws_ami
aws_caller_identity
aws_cloudwatch_log_group
aws_cloudwatch_metric_alarm
aws_eip_association
aws_iam_instance_profile
aws_iam_policy
aws_iam_policy_document
aws_iam_role
aws_iam_role_policy_attachment
aws_instance
aws_region
aws_route53_record
aws_ssm_association
aws_ssm_document
aws_ssm_parameter

Inputs

Name Description Type Default Required
additional_ssm_bootstrap_list A list of maps consisting of main step actions, to be appended to SSM associations. Please see usage.tf.example in this repo for examples.

(DEPRECATED) This variable will be removed in future releases in favor of the ssm_bootstrap_list variable.
list(map(string)) [] no
backup_tag_value Value of the 'Backup' tag, used to assign to the AWS Backup configuration string "False" no
cloudwatch_log_retention The number of days to retain Cloudwatch Logs for this instance. number 30 no
create_internal_route53 Toggle for creation of internal Route 53 records for instannces. bool false no
creation_policy_timeout Time to wait for the number of signals for the creation policy. H/M/S Hours/Minutes/Seconds string "20m" no
custom_cw_agent_config_ssm_param SSM Parameter Store name that contains a custom CloudWatch agent configuration that you would like to use as an alternative to the default provided. string "" no
cw_cpu_high_evaluations The number of periods over which data is compared to the specified threshold. number 15 no
cw_cpu_high_operator Math operator used by CloudWatch for alarms and triggers. string "GreaterThanThreshold" no
cw_cpu_high_period Time the specified statistic is applied. Must be in seconds that is also a multiple of 60. number 60 no
cw_cpu_high_threshold The value against which the specified statistic is compared. number 90 no
detailed_monitoring Enable Detailed Monitoring? true or false bool true no
disable_api_termination Specifies that an instance should not be able to be deleted via the API. true or false. This option must be toggled to false to allow Terraform to destroy the resource. bool false no
ebs_volume_tags (Optional) A mapping of tags to assign to the devices created by the instance at launch time. map(string) {} no
ec2_os Intended Operating System/Distribution of Instance. Valid inputs are amazon2, centos7, rhel7, rhel8, ubuntu18, ubuntu20, windows2012r2, windows2016, windows2019 string n/a yes
eip_allocation_id_count A count of supplied eip allocation IDs in variable eip_allocation_id_list number 0 no
eip_allocation_id_list A list of Allocation IDs of the EIPs you want to associate with the instance(s). This is one per instance. e.g. if you specify 2 for instance_count then you must supply two allocation ids here. list(string) [] no
enable_ebs_optimization Use EBS Optimized? true or false bool false no
enable_recovery_alarms Boolean parameter controlling if auto-recovery alarms should be created. Recovery actions are not supported on all instance types and AMIs, especially those with ephemeral storage. This parameter should be set to false for those cases. bool true no
encrypt_primary_ebs_volume Encrypt root EBS Volume? true or false bool false no
encrypt_primary_ebs_volume_kms_id If encrypt_primary_ebs_volume is true you can optionally provide a KMS CMK ARN. string "" no
encrypt_secondary_ebs_volume Encrypt secondary EBS Volume? true or false bool false no
encrypt_secondary_ebs_volume_kms_id If encrypt_secondary_ebs_volume is true you can optionally provide a KMS CMK ARN. string "" no
environment Application environment for which this network is being created. Preferred value are Development, Integration, PreProduction, Production, QA, Staging, or Test string "Development" no
final_userdata_commands Commands to be given at the end of userdata for an instance. This should generally not include bootstrapping or ssm install. string "" no
image_id The AMI ID to be used to build the EC2 Instance. If not provided, an AMI ID will be queried with an OS specified in variable ec2_os. string "" no
initial_userdata_commands Commands to be given at the start of userdata for an instance. This should generally not include bootstrapping or ssm install. string "" no
install_codedeploy_agent Install codedeploy agent on instance(s)? true or false bool false no
install_nfs Install NFS service on instance(s)? true or false bool false no
instance_count Number of identical instances to deploy number 1 no
instance_profile_override Optionally provide an instance profile. Any override profile should contain the permissions required for Rackspace support tooling to continue to function if required. bool false no
instance_profile_override_name Provide an instance profile name. Any override profile should contain the permissions required for Rackspace support tooling to continue to function if required. To use this set instance_profile_override to true. string "" no
instance_role_managed_policy_arn_count The number of policy ARNs provided/set in variable 'instance_role_managed_policy_arns' number 0 no
instance_role_managed_policy_arns List of IAM policy ARNs for the InstanceRole IAM role. IAM ARNs can be found within the Policies section of the AWS IAM console. e.g. ['arn:aws:iam::aws:policy/AmazonEC2FullAccess', 'arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore', 'arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetRole'] list(string) [] no
instance_type EC2 Instance Type e.g. 't2.micro' string "t2.micro" no
internal_zone_id The Route53 Internal Hosted Zone ID string "" no
internal_zone_name TLD for Internal Hosted Zone string "" no
key_pair Name of an existing EC2 KeyPair to enable SSH access to the instances. string "" no
metadata_http_endpoint Whether the metadata service is available. Valid values include enabled or disabled. string "enabled" no
metadata_http_put_response_hop_limit Desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel. Valid values are integer from 1 to 64 number 1 no
metadata_http_tokens Whether or not the metadata service requires session tokens, also referred to as Instance Metadata Service Version 2 (IMDSv2). Valid values include optional or required. string "optional" no
metadata_instance_metadata_tags Enables or disables access to instance tags from the instance metadata service. Valid values include enabled or disabled string "disabled" no
name Name to be used for the provisioned EC2 instance(s) and other resources provisioned in this module string n/a yes
notification_topic SNS Topic ARN to notify if there are any alarms string "" no
perform_ssm_inventory_tag Determines whether Instance is tracked via System Manager Inventory. bool true no
primary_ebs_volume_iops Iops value required for use with io1 EBS volumes. This value should be 3 times the EBS volume size number 0 no
primary_ebs_volume_size EBS Volume Size in GB number 60 no
primary_ebs_volume_type EBS Volume Type. e.g. gp2, io1, st1, sc1 string "gp2" no
private_ip_address A list of static private IP addresses to be configured on the instance. This IP should be in the assigned subnet and if the instance is replaced, a new IP would need to be assigned. If used, one private IP needs to be provided per instance. list(string) [] no
provide_custom_cw_agent_config Set to true if a custom cloudwatch agent configuration has been provided in variable custom_cw_agent_config_ssm_param. bool false no
rackspace_managed Boolean parameter controlling if instance will be fully managed by Rackspace support teams, created CloudWatch alarms that generate tickets, and utilize Rackspace managed SSM documents. bool true no
secondary_ebs_volume_existing_id The Snapshot ID of an existing EBS volume you want to use for the secondary volume. i.e. snap-0ad8580e3ac34a9f1 string "" no
secondary_ebs_volume_iops Iops value required for use with io1 EBS volumes. This value should be 3 times the EBS volume size number 0 no
secondary_ebs_volume_size EBS Volume Size in GB string "" no
secondary_ebs_volume_type EBS Volume Type. e.g. gp2, io1, st1, sc1 string "gp2" no
security_groups A list of security group IDs to assign to this resource. e.g. ['sg-00e88e6a', 'sg-0943cd61', 'sg-2f46c847'] list(string) n/a yes
ssm_association_refresh_rate A cron or rate pattern to define the SSM Association refresh schedule, defaulting to once per day. See https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-cron.html for more details. Schedule can be disabled by providing an empty string. string "rate(1 day)" no
ssm_bootstrap_list A list of objects consisting of actions, to be appended to SSM associations. Please see usage.tf.example in this repo for examples. any [] no
ssm_patching_group Group ID to be used by System Manager for Patching. This is the value to be used for tag 'Patch Group' string "" no
subnets Subnet ID(s) for EC2 Instance(s). If multiple are provided, instances will be distributed amongst them. list(string) [] no
t2_unlimited_mode Determines whether to enable the T2 Unlimited feature. Only applicable on instance classes that support burstable CPU. string "standard" no
tags A map of tags to apply to all resources. map(string) {} no
tenancy The placement tenancy for EC2 devices. e.g. host, default, dedicated string "default" no

Outputs

Name Description
ar_image_id Image ID used for EC2 provisioning
ar_instance_az_list List of resulting Instance availability zones
ar_instance_id_list List of resulting Instance IDs
ar_instance_ip_list List of resulting Instance IP addresses
ar_instance_r53_name_list List of resulting Route 53 internal records