Skip to content

pbsc/terraform-aws-ec2-instance

 
 

Repository files navigation

AWS EC2 Instance Terraform module

Terraform module which creates EC2 instance(s) on AWS.

These types of resources are supported:

Usage

module "ec2_cluster" {
  source                 = "terraform-aws-modules/ec2-instance/aws"
  version                = "1.12.0"

  name                   = "my-cluster"
  instance_count         = 5

  ami                    = "ami-ebd02392"
  instance_type          = "t2.micro"
  key_name               = "user1"
  monitoring             = true
  vpc_security_group_ids = ["sg-12345678"]
  subnet_id              = "subnet-eddcdzz4"

  tags = {
    Terraform = "true"
    Environment = "dev"
  }
  # Use Chef
  chef_role              = "my_role" # Only one role per instance is supported, as required by our in-house standards
  chef_organization      = "my_org"
  chef_environment       = "_default"
  chef_user              = "my_user"
  chef_user_key          = "${data.aws_s3_bucket_object.chef_user_pem_key.body}" # Using a restricted S3 bucket is highly recommended
  chef_secret_key        = "${data.aws_s3_bucket_object.chef_encrypted_data_bag_secret.body}"
  default_system_user    = "centos"
  ssh_private_key        = "${tls_private_key.default.private_key_pem}"  # Or use S3 again

  # Directives to allow Chef to contact nodes via the Bastion. Omit directives when connecting directly
  bastion_host           = "${element(module.bastion.public_ip, 0)}"
  bastion_user           = "centos"
  bastion_private_key    = "${tls_private_key.default.private_key_pem}"
  allocate_eip           = true # use an elastic IP?
}

Examples

Make an encrypted AMI for use

This module does not support encrypted AMI's out of the box however it is easy enough for you to generate one for use

This example creates an encrypted image from the latest ubuntu 16.04 base image.

resource "aws_ami_copy" "ubuntu-xenial-encrypted-ami" {
  name              = "ubuntu-xenial-encrypted-ami"
  description       = "An encrypted root ami based off ${data.aws_ami.ubuntu-xenial.id}"
  source_ami_id     = "${data.aws_ami.ubuntu-xenial.id}"
  source_ami_region = "eu-west-2"
  encrypted         = "true"

  tags {
    Name = "ubuntu-xenial-encrypted-ami"
  }
}

data "aws_ami" "encrypted-ami" {
  most_recent = true

  filter {
    name   = "name"
    values = ["ubuntu-xenial-encrypted"]
  }

  owners = ["self"]
}

data "aws_ami" "ubuntu-xenial" {
  most_recent = true

  filter {
    name   = "name"
    values = ["ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-*"]
  }

  owners      = ["099720109477"]
}

Notes

  • network_interface can't be specified together with associate_public_ip_address, which makes network_interface not configurable using this module at the moment
  • Changes in ebs_block_device argument will be ignored. Use aws_volume_attachment resource to attach and detach volumes from AWS EC2 instances. See this example.

Inputs

Name Description Type Default Required
allocate_eip If true, the instances will each have an EIP allocated and associated and the EIP's value will be outputed by the module instead of a normal public IP boolean false yes
ami ID of AMI to use for the instance string - yes
associate_public_ip_address If true, the EC2 instance will have associated public IP address string false no
cpu_credits The credit option for CPU usage (unlimited or standard) string standard no
disable_api_termination If true, enables EC2 Instance Termination Protection string false no
ebs_block_device Additional EBS block devices to attach to the instance string <list> no
ebs_optimized If true, the launched EC2 instance will be EBS-optimized string false no
ephemeral_block_device Customize Ephemeral (also known as Instance Store) volumes on the instance string <list> no
iam_instance_profile The IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile. string `` no
instance_count Number of instances to launch string 1 no
instance_initiated_shutdown_behavior Shutdown behavior for the instance string `` no
instance_type The type of instance to start string - yes
ipv6_address_count A number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet. string 0 no
ipv6_addresses Specify one or more IPv6 addresses from the range of the subnet to associate with the primary network interface string <list> no
key_name The key name to use for the instance string `` no
monitoring If true, the launched EC2 instance will have detailed monitoring enabled string false no
name Name to be used on all resources as prefix string - yes
network_interface Customize network interfaces to be attached at instance boot time string <list> no
placement_group The Placement Group to start the instance in string `` no
private_ip Private IP address to associate with the instance in a VPC string `` no
root_block_device Customize details about the root block device of the instance. See Block Devices below for details string <list> no
source_dest_check Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. string true no
subnet_id The VPC Subnet ID to launch in string - yes
tags A mapping of tags to assign to the resource string <map> no
tenancy The tenancy of the instance (if the instance is running in a VPC). Available values: default, dedicated, host. string default no
user_data The user data to provide when launching the instance string `` no
volume_tags A mapping of tags to assign to the devices created by the instance at launch time string <map> no
vpc_security_group_ids A list of security group IDs to associate with list - yes

Outputs

Name Description
availability_zone List of availability zones of instances
credit_specification List of credit specification of instances
id List of IDs of instances
key_name List of key names of instances
network_interface_id List of IDs of the network interface of instances
primary_network_interface_id List of IDs of the primary network interface of instances
private_dns List of private DNS names assigned to the instances. Can only be used inside the Amazon EC2, and only available if you've enabled DNS hostnames for your VPC
private_ip List of private IP addresses assigned to the instances
public_dns List of public DNS names assigned to the instances. For EC2-VPC, this is only available if you've enabled DNS hostnames for your VPC
public_ip List of public IP addresses assigned to the instances, if applicable
security_groups List of associated security groups of instances
subnet_id List of IDs of VPC subnets of instances
tags List of tags of instances
vpc_security_group_ids List of associated security groups of instances, if running in non-default VPC

Authors

Module managed by Anton Babenko.

License

Apache 2 Licensed. See LICENSE for full details.

Packages

No packages published

Languages

  • HCL 100.0%