diff --git a/modules/compute/ec2_default_tags/README.md b/modules/compute/ec2_default_tags/README.md index 814e626..0caa147 100644 --- a/modules/compute/ec2_default_tags/README.md +++ b/modules/compute/ec2_default_tags/README.md @@ -4,13 +4,15 @@ | Name | Version | |------|---------| | terraform | >= 1.3.0 | -| aws | ~> 5.0.0 | +| aws | ~> 5.35.0 | ## Providers | Name | Version | |------|---------| -| aws | ~> 5.0.0 | +| aws | ~> 5.35.0 | +| random | n/a | +| tls | n/a | ## Modules @@ -23,7 +25,12 @@ No modules. | [aws_ebs_volume.data-volumes](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ebs_volume) | resource | | [aws_eip.ec2-eip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource | | [aws_instance.ec2-instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource | +| [aws_key_pair.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/key_pair) | resource | +| [aws_secretsmanager_secret.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource | +| [aws_secretsmanager_secret_version.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource | | [aws_volume_attachment.data-volume-attachments](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/volume_attachment) | resource | +| [random_id.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource | +| [tls_private_key.this](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource | | [aws_default_tags.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/default_tags) | data source | ## Inputs @@ -34,6 +41,7 @@ No modules. | ami-id | Image id of EC2 instance | `string` | n/a | yes | | asso-eip | Whether to associate Elastic IP | `bool` | n/a | yes | | asso-public-ip | Whether to associate ephemeral public IP | `bool` | n/a | yes | +| create-ssh-key | Set true to create ssh key and store on secret manager | `bool` | `false` | no | | data-volumes | Attach additional data volumes | 
map(object({
    size = number
    type = string
  }))
| n/a | yes | | delete-on-termination | Whether to delete volumes on termination | `bool` | `true` | no | | disable\_secure\_idmsv2 | If set to true, the insecure IDMSv1 will be used. | `bool` | `false` | no | @@ -57,10 +65,14 @@ No modules. | Name | Description | |------|-------------| -| ec2-id-ip | n/a | -| instance-id | n/a | -| private-ip | n/a | +| ec2-id-ip | Ec2 instance id and private ip | +| elastic-ip | Ec2 instance EIP | +| instance-id | Ec2 instance id | +| private-ip | Ec2 instance private IP | +| public-ip | Ec2 instance ephemeral public IP | +| ssh-key-name | Ec2 instance ssh key name | +| ssh-key-secret-arn | Secretsmanager arn for ec2 instance ssh key | --- ## Authorship -This module was developed by xpk. +This module was developed by xpk. \ No newline at end of file diff --git a/modules/compute/ec2_default_tags/main.tf b/modules/compute/ec2_default_tags/main.tf index e263314..68b59e0 100644 --- a/modules/compute/ec2_default_tags/main.tf +++ b/modules/compute/ec2_default_tags/main.tf @@ -4,7 +4,7 @@ resource "aws_instance" "ec2-instance" { associate_public_ip_address = var.asso-public-ip // availability_zone = var.az iam_instance_profile = var.instance-profile - key_name = var.key-name + key_name = var.create-ssh-key ? aws_key_pair.this[0].key_name : var.key-name private_ip = var.private-ip root_block_device { encrypted = var.ebs-encrypted @@ -88,15 +88,38 @@ resource "aws_eip" "ec2-eip" { domain = "vpc" } +resource "tls_private_key" "this" { + count = var.create-ssh-key ? 1 : 0 + algorithm = "ED25519" +} + +resource "aws_key_pair" "this" { + count = var.create-ssh-key ? 1 : 0 + key_name = "${var.instance-name}-sshkey" + public_key = tls_private_key.this[0].public_key_openssh +} + +resource "random_id" "this" { + byte_length = 2 +} + +resource "aws_secretsmanager_secret" "this" { + count = var.create-ssh-key ? 1 : 0 + name = "${var.instance-name}-sshkey-${random_id.this.dec}" + description = "Private key for ${aws_instance.ec2-instance.id}" +} + +resource "aws_secretsmanager_secret_version" "this" { + count = var.create-ssh-key ? 1 : 0 + secret_id = aws_secretsmanager_secret.this[0].id + secret_string = tls_private_key.this[0].private_key_openssh +} + data "aws_default_tags" "this" { lifecycle { postcondition { - # check default_tags size condition = length(self.tags) >= 1 - error_message = "Provider default_tags not set." - # to check for specific keys - # condition = alltrue([for t in ["CostCenter", "Owner", "Project", "Application", "DynamicAddressGroup", "Environment"] : contains(keys(self.tags), t)]) - # error_message = "Required tag(s) not set in provider default tags." + error_message = "Validation failed: Provider default_tags not set." } } } \ No newline at end of file diff --git a/modules/compute/ec2_default_tags/outputs.tf b/modules/compute/ec2_default_tags/outputs.tf index 8c6a9aa..086faa7 100644 --- a/modules/compute/ec2_default_tags/outputs.tf +++ b/modules/compute/ec2_default_tags/outputs.tf @@ -1,13 +1,37 @@ -output ec2-id-ip { +output "ec2-id-ip" { + description = "Ec2 instance id and private ip" value = { instance-id = aws_instance.ec2-instance.id - private-ip = aws_instance.ec2-instance.private_ip + private-ip = aws_instance.ec2-instance.private_ip } } -output instance-id { - value = aws_instance.ec2-instance.id + +output "instance-id" { + description = "Ec2 instance id" + value = aws_instance.ec2-instance.id } -output private-ip { - value = aws_instance.ec2-instance.private_ip +output "private-ip" { + description = "Ec2 instance private IP" + value = aws_instance.ec2-instance.private_ip +} + +output "ssh-key-name" { + description = "Ec2 instance ssh key name" + value = var.create-ssh-key ? aws_key_pair.this[0].key_name : var.key-name +} + +output "ssh-key-secret-arn" { + description = "Secretsmanager arn for ec2 instance ssh key" + value = var.create-ssh-key ? aws_secretsmanager_secret.this[0].arn : null +} + +output "elastic-ip" { + description = "Ec2 instance EIP" + value = var.asso-eip ? aws_eip.ec2-eip[0].public_ip : null +} + +output "public-ip" { + description = "Ec2 instance ephemeral public IP" + value = var.asso-public-ip ? aws_instance.ec2-instance.public_ip : null } \ No newline at end of file diff --git a/modules/compute/ec2_default_tags/provider.tf b/modules/compute/ec2_default_tags/provider.tf index cc97a42..a535735 100644 --- a/modules/compute/ec2_default_tags/provider.tf +++ b/modules/compute/ec2_default_tags/provider.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 5.32.0" + version = "~> 5.35.0" } } } diff --git a/modules/compute/ec2_default_tags/variable.tf b/modules/compute/ec2_default_tags/variable.tf index 73182c7..d13803e 100644 --- a/modules/compute/ec2_default_tags/variable.tf +++ b/modules/compute/ec2_default_tags/variable.tf @@ -95,8 +95,13 @@ variable "enable-detail-monitoring" { default = false description = "Set true to enable detail monitoring" } -variable spot-max-price { - type = number +variable "spot-max-price" { + type = number description = "Max hourly price for spot instance. If greater than zero, spot instance will be used." - default = 0 + default = 0 +} +variable "create-ssh-key" { + type = bool + default = false + description = "Set true to create ssh key and store on secret manager" } \ No newline at end of file