From 18e556385251088bce0a0a7dffbd75bd997a548f Mon Sep 17 00:00:00 2001
From: Peng Yin <peng.yin@blinkhealth.com>
Date: Wed, 21 Oct 2020 00:16:25 -0700
Subject: [PATCH] Add option to skip ec2 profile credentials (#27)

* Add option to skip ec2 profile credentials

* Updated README.md

Co-authored-by: actions-bot <58130806+actions-bot@users.noreply.github.com>
---
 README.md         | 1 +
 accepter.tf       | 5 +++--
 docs/terraform.md | 1 +
 requester.tf      | 5 +++--
 variables.tf      | 6 ++++++
 5 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 94a3277..13ec6a1 100644
--- a/README.md
+++ b/README.md
@@ -328,6 +328,7 @@ Available targets:
 | requester\_subnet\_tags | Only add peer routes to requester VPC route tables of subnets matching these tags | `map(string)` | `{}` | no |
 | requester\_vpc\_id | Requester VPC ID filter | `string` | `""` | no |
 | requester\_vpc\_tags | Requester VPC Tags filter | `map(string)` | `{}` | no |
+| skip\_metadata\_api\_check | Don't use the credentials of EC2 instance profile | `bool` | `false` | no |
 | stage | Stage (e.g. `prod`, `dev`, `staging`) | `string` | n/a | yes |
 | tags | Additional tags (e.g. `{"BusinessUnit" = "XYZ"`) | `map(string)` | `{}` | no |
 
diff --git a/accepter.tf b/accepter.tf
index ea16213..b82a5c5 100644
--- a/accepter.tf
+++ b/accepter.tf
@@ -1,7 +1,8 @@
 # Accepter's credentials
 provider "aws" {
-  alias  = "accepter"
-  region = var.accepter_region
+  alias                   = "accepter"
+  region                  = var.accepter_region
+  skip_metadata_api_check = var.skip_metadata_api_check
 
   dynamic "assume_role" {
     for_each = var.accepter_aws_assume_role_arn != "" ? ["true"] : []
diff --git a/docs/terraform.md b/docs/terraform.md
index 78a727c..30d067a 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -36,6 +36,7 @@
 | requester\_subnet\_tags | Only add peer routes to requester VPC route tables of subnets matching these tags | `map(string)` | `{}` | no |
 | requester\_vpc\_id | Requester VPC ID filter | `string` | `""` | no |
 | requester\_vpc\_tags | Requester VPC Tags filter | `map(string)` | `{}` | no |
+| skip\_metadata\_api\_check | Don't use the credentials of EC2 instance profile | `bool` | `false` | no |
 | stage | Stage (e.g. `prod`, `dev`, `staging`) | `string` | n/a | yes |
 | tags | Additional tags (e.g. `{"BusinessUnit" = "XYZ"`) | `map(string)` | `{}` | no |
 
diff --git a/requester.tf b/requester.tf
index 8198b2b..7aaf6ff 100644
--- a/requester.tf
+++ b/requester.tf
@@ -34,8 +34,9 @@ variable "requester_allow_remote_vpc_dns_resolution" {
 
 # Requestors's credentials
 provider "aws" {
-  alias  = "requester"
-  region = var.requester_region
+  alias                   = "requester"
+  region                  = var.requester_region
+  skip_metadata_api_check = var.skip_metadata_api_check
 
   dynamic "assume_role" {
     for_each = var.requester_aws_assume_role_arn != "" ? ["true"] : []
diff --git a/variables.tf b/variables.tf
index fe4a157..85ee2fd 100644
--- a/variables.tf
+++ b/variables.tf
@@ -76,3 +76,9 @@ variable "accepter_allow_remote_vpc_dns_resolution" {
   default     = true
   description = "Allow accepter VPC to resolve public DNS hostnames to private IP addresses when queried from instances in the requester VPC"
 }
+
+variable "skip_metadata_api_check" {
+  type        = bool
+  default     = false
+  description = "Don't use the credentials of EC2 instance profile"
+}