UPD: updates from upstream

modules/compute/ec2_default_tags/README.md

@@ -4,13 +4,15 @@
 | Name | Version |
 |------|---------|
 | terraform | >= 1.3.0 |
-| aws | ~> 5.0.0 |
+| aws | ~> 5.35.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| aws | ~> 5.0.0 |
+| aws | ~> 5.35.0 |
+| random | n/a |
+| tls | n/a |
 
 ## Modules
 
@@ -23,7 +25,12 @@ No modules.
 | [aws_ebs_volume.data-volumes](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ebs_volume) | resource |
 | [aws_eip.ec2-eip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |
 | [aws_instance.ec2-instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource |
+| [aws_key_pair.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/key_pair) | resource |
+| [aws_secretsmanager_secret.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |
+| [aws_secretsmanager_secret_version.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
 | [aws_volume_attachment.data-volume-attachments](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/volume_attachment) | resource |
+| [random_id.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
+| [tls_private_key.this](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
 | [aws_default_tags.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/default_tags) | data source |
 
 ## Inputs
@@ -34,6 +41,7 @@ No modules.
 | ami-id | Image id of EC2 instance | `string` | n/a | yes |
 | asso-eip | Whether to associate Elastic IP | `bool` | n/a | yes |
 | asso-public-ip | Whether to associate ephemeral public IP | `bool` | n/a | yes |
+| create-ssh-key | Set true to create ssh key and store on secret manager | `bool` | `false` | no |
 | data-volumes | Attach additional data volumes | <pre>map(object({<br>    size = number<br>    type = string<br>  }))</pre> | n/a | yes |
 | delete-on-termination | Whether to delete volumes on termination | `bool` | `true` | no |
 | disable\_secure\_idmsv2 | If set to true, the insecure IDMSv1 will be used. | `bool` | `false` | no |
@@ -57,9 +65,13 @@ No modules.
 
 | Name | Description |
 |------|-------------|
-| ec2-id-ip | n/a |
-| instance-id | n/a |
-| private-ip | n/a |
+| ec2-id-ip | Ec2 instance id and private ip |
+| elastic-ip | Ec2 instance EIP |
+| instance-id | Ec2 instance id |
+| private-ip | Ec2 instance private IP |
+| public-ip | Ec2 instance ephemeral public IP |
+| ssh-key-name | Ec2 instance ssh key name |
+| ssh-key-secret-arn | Secretsmanager arn for ec2 instance ssh key |
  
 ---
 ## Authorship

modules/compute/ec2_default_tags/main.tf

@@ -4,7 +4,7 @@ resource "aws_instance" "ec2-instance" {
   associate_public_ip_address = var.asso-public-ip
   // availability_zone = var.az
   iam_instance_profile = var.instance-profile
-  key_name             = var.key-name
+  key_name             = var.create-ssh-key ? aws_key_pair.this[0].key_name : var.key-name
   private_ip           = var.private-ip
   root_block_device {
     encrypted             = var.ebs-encrypted
@@ -88,15 +88,38 @@ resource "aws_eip" "ec2-eip" {
   domain   = "vpc"
 }
 
+resource "tls_private_key" "this" {
+  count     = var.create-ssh-key ? 1 : 0
+  algorithm = "ED25519"
+}
+
+resource "aws_key_pair" "this" {
+  count      = var.create-ssh-key ? 1 : 0
+  key_name   = "${var.instance-name}-sshkey"
+  public_key = tls_private_key.this[0].public_key_openssh
+}
+
+resource "random_id" "this" {
+  byte_length = 2
+}
+
+resource "aws_secretsmanager_secret" "this" {
+  count       = var.create-ssh-key ? 1 : 0
+  name        = "${var.instance-name}-sshkey-${random_id.this.dec}"
+  description = "Private key for ${aws_instance.ec2-instance.id}"
+}
+
+resource "aws_secretsmanager_secret_version" "this" {
+  count         = var.create-ssh-key ? 1 : 0
+  secret_id     = aws_secretsmanager_secret.this[0].id
+  secret_string = tls_private_key.this[0].private_key_openssh
+}
+
 data "aws_default_tags" "this" {
   lifecycle {
     postcondition {
-      # check default_tags size
       condition     = length(self.tags) >= 1
-      error_message = "Provider default_tags not set."
-      # to check for specific keys
-      # condition     = alltrue([for t in ["CostCenter", "Owner", "Project", "Application", "DynamicAddressGroup", "Environment"] : contains(keys(self.tags), t)])
-      # error_message = "Required tag(s) not set in provider default tags."
+      error_message = "Validation failed: Provider default_tags not set."
     }
   }
 }

modules/compute/ec2_default_tags/outputs.tf

@@ -1,13 +1,37 @@
-output ec2-id-ip {
+output "ec2-id-ip" {
+  description = "Ec2 instance id and private ip"
   value = {
     instance-id = aws_instance.ec2-instance.id
     private-ip  = aws_instance.ec2-instance.private_ip
   }
 }
-output instance-id {
+
+output "instance-id" {
+  description = "Ec2 instance id"
   value       = aws_instance.ec2-instance.id
 }
 
-output private-ip {
+output "private-ip" {
+  description = "Ec2 instance private IP"
   value       = aws_instance.ec2-instance.private_ip
 }
+
+output "ssh-key-name" {
+  description = "Ec2 instance ssh key name"
+  value       = var.create-ssh-key ? aws_key_pair.this[0].key_name : var.key-name
+}
+
+output "ssh-key-secret-arn" {
+  description = "Secretsmanager arn for ec2 instance ssh key"
+  value       = var.create-ssh-key ? aws_secretsmanager_secret.this[0].arn : null
+}
+
+output "elastic-ip" {
+  description = "Ec2 instance EIP"
+  value       = var.asso-eip ? aws_eip.ec2-eip[0].public_ip : null
+}
+
+output "public-ip" {
+  description = "Ec2 instance ephemeral public IP"
+  value       = var.asso-public-ip ? aws_instance.ec2-instance.public_ip : null
+}

modules/compute/ec2_default_tags/provider.tf

@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 5.32.0"
+      version = "~> 5.35.0"
     }
   }
 }

modules/compute/ec2_default_tags/variable.tf

@@ -95,8 +95,13 @@ variable "enable-detail-monitoring" {
   default     = false
   description = "Set true to enable detail monitoring"
 }
-variable spot-max-price {
+variable "spot-max-price" {
   type        = number
   description = "Max hourly price for spot instance. If greater than zero, spot instance will be used."
   default     = 0
 }
+variable "create-ssh-key" {
+  type        = bool
+  default     = false
+  description = "Set true to create ssh key and store on secret manager"
+}