resource "aws_instance" "example" {
  ami           = "ami-0157c3cc39a1c5cc0"
  instance_type = "t4g.large"
  subnet_id     = "subnet-0927ba1b06ccfe6c5"
  key_name      = aws_key_pair.this.key_name

  # IMDSv2 requirement
  dynamic "metadata_options" {
    for_each = var.disable_secure_idmsv2 == false ? { set_idmsv2 : true } : {}
    content {
      http_endpoint               = "enabled"
      http_tokens                 = "required"
      http_put_response_hop_limit = 2
    }
  }
  tags          = { Name : var.name }
}

resource "tls_private_key" "this" {
  algorithm = "ED25519"
}

resource "aws_key_pair" "this" {
  key_name   = "${var.name}-sshkey"
  public_key = tls_private_key.this.public_key_openssh
}