UPD: updates from upstream

This commit is contained in:
xpk 2024-02-05 17:43:56 +08:00
parent 1d743725cd
commit 8096205acf
Signed by: xpk
GPG Key ID: CD4FF6793F09AB86
5 changed files with 86 additions and 22 deletions

View File

@ -4,13 +4,15 @@
| Name | Version |
|------|---------|
| terraform | >= 1.3.0 |
| aws | ~> 5.0.0 |
| aws | ~> 5.35.0 |
## Providers
| Name | Version |
|------|---------|
| aws | ~> 5.0.0 |
| aws | ~> 5.35.0 |
| random | n/a |
| tls | n/a |
## Modules
@ -23,7 +25,12 @@ No modules.
| [aws_ebs_volume.data-volumes](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ebs_volume) | resource |
| [aws_eip.ec2-eip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |
| [aws_instance.ec2-instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource |
| [aws_key_pair.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/key_pair) | resource |
| [aws_secretsmanager_secret.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |
| [aws_secretsmanager_secret_version.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
| [aws_volume_attachment.data-volume-attachments](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/volume_attachment) | resource |
| [random_id.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
| [tls_private_key.this](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
| [aws_default_tags.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/default_tags) | data source |
## Inputs
@ -34,6 +41,7 @@ No modules.
| ami-id | Image id of EC2 instance | `string` | n/a | yes |
| asso-eip | Whether to associate Elastic IP | `bool` | n/a | yes |
| asso-public-ip | Whether to associate ephemeral public IP | `bool` | n/a | yes |
| create-ssh-key | Set true to create ssh key and store on secret manager | `bool` | `false` | no |
| data-volumes | Attach additional data volumes | <pre>map(object({<br> size = number<br> type = string<br> }))</pre> | n/a | yes |
| delete-on-termination | Whether to delete volumes on termination | `bool` | `true` | no |
| disable\_secure\_idmsv2 | If set to true, the insecure IDMSv1 will be used. | `bool` | `false` | no |
@ -57,9 +65,13 @@ No modules.
| Name | Description |
|------|-------------|
| ec2-id-ip | n/a |
| instance-id | n/a |
| private-ip | n/a |
| ec2-id-ip | Ec2 instance id and private ip |
| elastic-ip | Ec2 instance EIP |
| instance-id | Ec2 instance id |
| private-ip | Ec2 instance private IP |
| public-ip | Ec2 instance ephemeral public IP |
| ssh-key-name | Ec2 instance ssh key name |
| ssh-key-secret-arn | Secretsmanager arn for ec2 instance ssh key |
---
## Authorship

View File

@ -4,7 +4,7 @@ resource "aws_instance" "ec2-instance" {
associate_public_ip_address = var.asso-public-ip
// availability_zone = var.az
iam_instance_profile = var.instance-profile
key_name = var.key-name
key_name = var.create-ssh-key ? aws_key_pair.this[0].key_name : var.key-name
private_ip = var.private-ip
root_block_device {
encrypted = var.ebs-encrypted
@ -88,15 +88,38 @@ resource "aws_eip" "ec2-eip" {
domain = "vpc"
}
resource "tls_private_key" "this" {
count = var.create-ssh-key ? 1 : 0
algorithm = "ED25519"
}
resource "aws_key_pair" "this" {
count = var.create-ssh-key ? 1 : 0
key_name = "${var.instance-name}-sshkey"
public_key = tls_private_key.this[0].public_key_openssh
}
resource "random_id" "this" {
byte_length = 2
}
resource "aws_secretsmanager_secret" "this" {
count = var.create-ssh-key ? 1 : 0
name = "${var.instance-name}-sshkey-${random_id.this.dec}"
description = "Private key for ${aws_instance.ec2-instance.id}"
}
resource "aws_secretsmanager_secret_version" "this" {
count = var.create-ssh-key ? 1 : 0
secret_id = aws_secretsmanager_secret.this[0].id
secret_string = tls_private_key.this[0].private_key_openssh
}
data "aws_default_tags" "this" {
lifecycle {
postcondition {
# check default_tags size
condition = length(self.tags) >= 1
error_message = "Provider default_tags not set."
# to check for specific keys
# condition = alltrue([for t in ["CostCenter", "Owner", "Project", "Application", "DynamicAddressGroup", "Environment"] : contains(keys(self.tags), t)])
# error_message = "Required tag(s) not set in provider default tags."
error_message = "Validation failed: Provider default_tags not set."
}
}
}

View File

@ -1,13 +1,37 @@
output ec2-id-ip {
output "ec2-id-ip" {
description = "Ec2 instance id and private ip"
value = {
instance-id = aws_instance.ec2-instance.id
private-ip = aws_instance.ec2-instance.private_ip
private-ip = aws_instance.ec2-instance.private_ip
}
}
output instance-id {
value = aws_instance.ec2-instance.id
output "instance-id" {
description = "Ec2 instance id"
value = aws_instance.ec2-instance.id
}
output private-ip {
value = aws_instance.ec2-instance.private_ip
output "private-ip" {
description = "Ec2 instance private IP"
value = aws_instance.ec2-instance.private_ip
}
output "ssh-key-name" {
description = "Ec2 instance ssh key name"
value = var.create-ssh-key ? aws_key_pair.this[0].key_name : var.key-name
}
output "ssh-key-secret-arn" {
description = "Secretsmanager arn for ec2 instance ssh key"
value = var.create-ssh-key ? aws_secretsmanager_secret.this[0].arn : null
}
output "elastic-ip" {
description = "Ec2 instance EIP"
value = var.asso-eip ? aws_eip.ec2-eip[0].public_ip : null
}
output "public-ip" {
description = "Ec2 instance ephemeral public IP"
value = var.asso-public-ip ? aws_instance.ec2-instance.public_ip : null
}

View File

@ -4,7 +4,7 @@ terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.32.0"
version = "~> 5.35.0"
}
}
}

View File

@ -95,8 +95,13 @@ variable "enable-detail-monitoring" {
default = false
description = "Set true to enable detail monitoring"
}
variable spot-max-price {
type = number
variable "spot-max-price" {
type = number
description = "Max hourly price for spot instance. If greater than zero, spot instance will be used."
default = 0
default = 0
}
variable "create-ssh-key" {
type = bool
default = false
description = "Set true to create ssh key and store on secret manager"
}