diff --git a/modules/compute/ec2/README.md b/modules/compute/ec2/README.md
index ce21816..0caa147 100644
--- a/modules/compute/ec2/README.md
+++ b/modules/compute/ec2/README.md
@@ -1,45 +1,78 @@
-# ec2 module
-This module deploys EC2 instance.
+
+## Requirements
-# Input
-Below is a sample config in the root module, which shows all of the inputs
-```
-module "deployer-ec2" {
- source = "../../../../whk1-bea-sys-ss-dev-codecommit-sharedmodules/Compute/ec2"
+| Name | Version |
+|------|---------|
+| terraform | >= 1.3.0 |
+| aws | ~> 5.35.0 |
- ami-id = data.aws_ami.al2-ami.id
- asso-eip = false
- asso-public-ip = false
- default-tags = local.default_tags
- ebs-encrypted = true
- instance-name = "whk1-bea-sys-ss-${var.environment}-test"
- instance-type = "t3.micro"
- key-name = aws_key_pair.deployer-sshkey.key_name
- kms-key-id = var.kms-key-arn
- root-volume-size = "15"
- security-groups = [aws_security_group.deployer-sg.id]
- subnet-id = var.subnet-id
- instance-profile = "example-instanec-profile"
- additional_tags = {
- "AwsBackup" : "Daily14"
- "ssm-patching" : "group1"
- }
- data-volumes = {
- volume1 = {
- size : "10"
- type : "gp3"
- }
- }
-}
-```
+## Providers
-# Outputs
-| Name | Value |
-| - | - |
-| instance-id | Instance ID |
-| private-ip | Private IP of instance |
+| Name | Version |
+|------|---------|
+| aws | ~> 5.35.0 |
+| random | n/a |
+| tls | n/a |
-# Limitation
-Up to 26 data volumes can be attached to the ec2 instance. To attach even more volumes, please do it in
-your root module
+## Modules
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_ebs_volume.data-volumes](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ebs_volume) | resource |
+| [aws_eip.ec2-eip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |
+| [aws_instance.ec2-instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource |
+| [aws_key_pair.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/key_pair) | resource |
+| [aws_secretsmanager_secret.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |
+| [aws_secretsmanager_secret_version.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
+| [aws_volume_attachment.data-volume-attachments](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/volume_attachment) | resource |
+| [random_id.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
+| [tls_private_key.this](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
+| [aws_default_tags.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/default_tags) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| additional-tags | Additional tags to be assigned on top of provider default tags. Useful for setting backup tags. | `map(string)` | n/a | yes |
+| ami-id | Image id of EC2 instance | `string` | n/a | yes |
+| asso-eip | Whether to associate Elastic IP | `bool` | n/a | yes |
+| asso-public-ip | Whether to associate ephemeral public IP | `bool` | n/a | yes |
+| create-ssh-key | Set true to create ssh key and store on secret manager | `bool` | `false` | no |
+| data-volumes | Attach additional data volumes | map(object({
size = number
type = string
})) | n/a | yes |
+| delete-on-termination | Whether to delete volumes on termination | `bool` | `true` | no |
+| disable\_secure\_idmsv2 | If set to true, the insecure IDMSv1 will be used. | `bool` | `false` | no |
+| ebs-encrypted | Whether to enable EBS encryption | `bool` | `true` | no |
+| enable-detail-monitoring | Set true to enable detail monitoring | `bool` | `false` | no |
+| enable-termination-protection | Whether to enable prevent accidential deletion of instance | `bool` | `false` | no |
+| instance-name | Name of ec2 instance | `string` | n/a | yes |
+| instance-profile | Ec2 instance profile name | `string` | `""` | no |
+| instance-type | Instance type | `string` | n/a | yes |
+| key-name | Instance ssh key name | `string` | `""` | no |
+| kms-key-id | Disk encryption KMS key id | `string` | n/a | yes |
+| private-ip | Specify private IP to be used on this instance | `string` | `null` | no |
+| root-volume-size | Size of root volume | `number` | n/a | yes |
+| root-volume-type | Root volume type | `string` | `"gp3"` | no |
+| security-groups | List of security groups for Ec2 instance | `list(string)` | n/a | yes |
+| spot-max-price | Max hourly price for spot instance. If greater than zero, spot instance will be used. | `number` | `0` | no |
+| subnet-id | Id of subnet to deploy Ec2 instance to | `string` | n/a | yes |
+| user-data | Ec2 user-data | `string` | `""` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| ec2-id-ip | Ec2 instance id and private ip |
+| elastic-ip | Ec2 instance EIP |
+| instance-id | Ec2 instance id |
+| private-ip | Ec2 instance private IP |
+| public-ip | Ec2 instance ephemeral public IP |
+| ssh-key-name | Ec2 instance ssh key name |
+| ssh-key-secret-arn | Secretsmanager arn for ec2 instance ssh key |
+
+---
+## Authorship
+This module was developed by xpk.
\ No newline at end of file
diff --git a/modules/compute/ec2/main.tf b/modules/compute/ec2/main.tf
index 3ef93b3..68b59e0 100644
--- a/modules/compute/ec2/main.tf
+++ b/modules/compute/ec2/main.tf
@@ -4,7 +4,7 @@ resource "aws_instance" "ec2-instance" {
associate_public_ip_address = var.asso-public-ip
// availability_zone = var.az
iam_instance_profile = var.instance-profile
- key_name = var.key-name
+ key_name = var.create-ssh-key ? aws_key_pair.this[0].key_name : var.key-name
private_ip = var.private-ip
root_block_device {
encrypted = var.ebs-encrypted
@@ -16,17 +16,42 @@ resource "aws_instance" "ec2-instance" {
ebs_optimized = true
subnet_id = var.subnet-id
vpc_security_group_ids = var.security-groups
- tags = merge(var.additional_tags, var.default-tags,
- { Name = var.instance-name }
- )
- volume_tags = merge(var.additional_tags, var.default-tags,
- { Name = var.instance-name }
- )
+
# IMDSv2 requirement
- metadata_options {
- http_endpoint = "enabled"
- http_tokens = "required"
- http_put_response_hop_limit = 2
+ dynamic "metadata_options" {
+ for_each = var.disable_secure_idmsv2 == false ? { set_idmsv2 : true } : {}
+ content {
+ http_endpoint = "enabled"
+ http_tokens = "required"
+ http_put_response_hop_limit = 2
+ }
+ }
+
+ # spot instance option
+ dynamic "instance_market_options" {
+ for_each = var.spot-max-price > 0 ? { use_spot : true } : {}
+ content {
+ market_type = "spot"
+
+ dynamic "spot_options" {
+ for_each = { use_spot : true }
+ content {
+ max_price = var.spot-max-price
+ }
+ }
+ }
+ }
+
+ disable_api_termination = var.enable-termination-protection
+ user_data = var.user-data
+ monitoring = var.enable-detail-monitoring
+
+ tags = merge(var.additional-tags, { "Name" : var.instance-name })
+ volume_tags = merge({ "Name" : "${var.instance-name}-root" }, data.aws_default_tags.this.tags)
+
+ # do not redeploy instance when a new ami is released
+ lifecycle {
+ ignore_changes = [ami]
}
}
@@ -35,19 +60,22 @@ resource "aws_ebs_volume" "data-volumes" {
availability_zone = aws_instance.ec2-instance.availability_zone
size = each.value["size"]
type = each.value["type"]
- kms_key_id = aws_instance.ec2-instance.root_block_device[0].kms_key_id
- encrypted = aws_instance.ec2-instance.root_block_device[0].encrypted
- tags = merge(var.default-tags, { "Name" : "${var.instance-name}-${each.key}" })
+ iops = try(each.value["iops"], null)
+ kms_key_id = aws_instance.ec2-instance.root_block_device[0].kms_key_id
+ encrypted = aws_instance.ec2-instance.root_block_device[0].encrypted
+ tags = merge(
+ { Name : "${var.instance-name}-${each.key}" },
+ data.aws_default_tags.this.tags
+ )
}
locals {
- # limited to 26 volumes
a_to_z = split(",", "a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z")
}
resource "aws_volume_attachment" "data-volume-attachments" {
- count = length(aws_ebs_volume.data-volumes)
+ count = length(aws_ebs_volume.data-volumes)
volume_id = [for v in aws_ebs_volume.data-volumes : v.id][count.index]
instance_id = aws_instance.ec2-instance.id
device_name = "/dev/xvda${element(local.a_to_z, count.index)}"
@@ -57,8 +85,41 @@ resource "aws_volume_attachment" "data-volume-attachments" {
resource "aws_eip" "ec2-eip" {
count = var.asso-eip ? 1 : 0
instance = aws_instance.ec2-instance.id
- vpc = true
- tags = merge(var.default-tags,
- { Name = var.instance-name }
- )
+ domain = "vpc"
+}
+
+resource "tls_private_key" "this" {
+ count = var.create-ssh-key ? 1 : 0
+ algorithm = "ED25519"
+}
+
+resource "aws_key_pair" "this" {
+ count = var.create-ssh-key ? 1 : 0
+ key_name = "${var.instance-name}-sshkey"
+ public_key = tls_private_key.this[0].public_key_openssh
+}
+
+resource "random_id" "this" {
+ byte_length = 2
+}
+
+resource "aws_secretsmanager_secret" "this" {
+ count = var.create-ssh-key ? 1 : 0
+ name = "${var.instance-name}-sshkey-${random_id.this.dec}"
+ description = "Private key for ${aws_instance.ec2-instance.id}"
+}
+
+resource "aws_secretsmanager_secret_version" "this" {
+ count = var.create-ssh-key ? 1 : 0
+ secret_id = aws_secretsmanager_secret.this[0].id
+ secret_string = tls_private_key.this[0].private_key_openssh
+}
+
+data "aws_default_tags" "this" {
+ lifecycle {
+ postcondition {
+ condition = length(self.tags) >= 1
+ error_message = "Validation failed: Provider default_tags not set."
+ }
+ }
}
\ No newline at end of file
diff --git a/modules/compute/ec2/outputs.tf b/modules/compute/ec2/outputs.tf
index 8c6a9aa..086faa7 100644
--- a/modules/compute/ec2/outputs.tf
+++ b/modules/compute/ec2/outputs.tf
@@ -1,13 +1,37 @@
-output ec2-id-ip {
+output "ec2-id-ip" {
+ description = "Ec2 instance id and private ip"
value = {
instance-id = aws_instance.ec2-instance.id
- private-ip = aws_instance.ec2-instance.private_ip
+ private-ip = aws_instance.ec2-instance.private_ip
}
}
-output instance-id {
- value = aws_instance.ec2-instance.id
+
+output "instance-id" {
+ description = "Ec2 instance id"
+ value = aws_instance.ec2-instance.id
}
-output private-ip {
- value = aws_instance.ec2-instance.private_ip
+output "private-ip" {
+ description = "Ec2 instance private IP"
+ value = aws_instance.ec2-instance.private_ip
+}
+
+output "ssh-key-name" {
+ description = "Ec2 instance ssh key name"
+ value = var.create-ssh-key ? aws_key_pair.this[0].key_name : var.key-name
+}
+
+output "ssh-key-secret-arn" {
+ description = "Secretsmanager arn for ec2 instance ssh key"
+ value = var.create-ssh-key ? aws_secretsmanager_secret.this[0].arn : null
+}
+
+output "elastic-ip" {
+ description = "Ec2 instance EIP"
+ value = var.asso-eip ? aws_eip.ec2-eip[0].public_ip : null
+}
+
+output "public-ip" {
+ description = "Ec2 instance ephemeral public IP"
+ value = var.asso-public-ip ? aws_instance.ec2-instance.public_ip : null
}
\ No newline at end of file
diff --git a/modules/compute/ec2_default_tags/provider.tf b/modules/compute/ec2/provider.tf
similarity index 100%
rename from modules/compute/ec2_default_tags/provider.tf
rename to modules/compute/ec2/provider.tf
diff --git a/modules/compute/ec2/variable.tf b/modules/compute/ec2/variable.tf
index bf75f01..d13803e 100644
--- a/modules/compute/ec2/variable.tf
+++ b/modules/compute/ec2/variable.tf
@@ -1,35 +1,107 @@
-variable "instance-type" {}
-variable "ami-id" {}
-variable "asso-public-ip" {}
-// variable az {}
+variable "instance-type" {
+ type = string
+ description = "Instance type"
+}
+variable "ami-id" {
+ type = string
+ description = "Image id of EC2 instance"
+}
+variable "asso-public-ip" {
+ type = bool
+ description = "Whether to associate ephemeral public IP"
+}
variable "instance-profile" {
- type = string
- default = ""
+ type = string
+ default = ""
+ description = "Ec2 instance profile name"
+}
+variable "key-name" {
+ type = string
+ description = "Instance ssh key name"
+ default = ""
+}
+variable "ebs-encrypted" {
+ type = bool
+ default = true
+ description = "Whether to enable EBS encryption"
+}
+variable "root-volume-size" {
+ type = number
+ description = "Size of root volume"
}
-variable "key-name" {}
-variable "ebs-encrypted" {}
-variable "root-volume-size" {}
variable "root-volume-type" {
- type = string
- default = "gp3"
+ type = string
+ default = "gp3"
+ description = "Root volume type"
+}
+variable "kms-key-id" {
+ type = string
+ description = "Disk encryption KMS key id"
}
-variable "kms-key-id" {}
variable "delete-on-termination" {
- type = bool
- default = true
+ type = bool
+ default = true
+ description = "Whether to delete volumes on termination"
+}
+variable "subnet-id" {
+ type = string
+ description = "Id of subnet to deploy Ec2 instance to"
}
-variable "subnet-id" {}
variable "security-groups" {
- type = list(any)
+ type = list(string)
+ description = "List of security groups for Ec2 instance"
+}
+variable "instance-name" {
+ type = string
+ description = "Name of ec2 instance"
}
-variable "instance-name" {}
-variable "additional_tags" {}
variable "asso-eip" {
- type = bool
+ type = bool
+ description = "Whether to associate Elastic IP"
+}
+variable "data-volumes" {
+ type = map(object({
+ size = number
+ type = string
+ }))
+ description = "Attach additional data volumes"
}
-variable "default-tags" {}
-variable "data-volumes" {}
variable "private-ip" {
- type = string
- default = null
+ type = string
+ default = null
+ description = "Specify private IP to be used on this instance"
+}
+variable "additional-tags" {
+ type = map(string)
+ description = "Additional tags to be assigned on top of provider default tags. Useful for setting backup tags."
+}
+variable "disable_secure_idmsv2" {
+ type = bool
+ default = false
+ description = "If set to true, the insecure IDMSv1 will be used."
+}
+variable "enable-termination-protection" {
+ type = bool
+ default = false
+ description = "Whether to enable prevent accidential deletion of instance"
+}
+variable "user-data" {
+ type = string
+ default = ""
+ description = "Ec2 user-data"
+}
+variable "enable-detail-monitoring" {
+ type = bool
+ default = false
+ description = "Set true to enable detail monitoring"
+}
+variable "spot-max-price" {
+ type = number
+ description = "Max hourly price for spot instance. If greater than zero, spot instance will be used."
+ default = 0
+}
+variable "create-ssh-key" {
+ type = bool
+ default = false
+ description = "Set true to create ssh key and store on secret manager"
}
\ No newline at end of file
diff --git a/modules/compute/ec2_default_tags/README.md b/modules/compute/ec2_default_tags/README.md
deleted file mode 100644
index 0caa147..0000000
--- a/modules/compute/ec2_default_tags/README.md
+++ /dev/null
@@ -1,78 +0,0 @@
-
-## Requirements
-
-| Name | Version |
-|------|---------|
-| terraform | >= 1.3.0 |
-| aws | ~> 5.35.0 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| aws | ~> 5.35.0 |
-| random | n/a |
-| tls | n/a |
-
-## Modules
-
-No modules.
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_ebs_volume.data-volumes](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ebs_volume) | resource |
-| [aws_eip.ec2-eip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |
-| [aws_instance.ec2-instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource |
-| [aws_key_pair.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/key_pair) | resource |
-| [aws_secretsmanager_secret.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |
-| [aws_secretsmanager_secret_version.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
-| [aws_volume_attachment.data-volume-attachments](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/volume_attachment) | resource |
-| [random_id.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
-| [tls_private_key.this](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
-| [aws_default_tags.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/default_tags) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| additional-tags | Additional tags to be assigned on top of provider default tags. Useful for setting backup tags. | `map(string)` | n/a | yes |
-| ami-id | Image id of EC2 instance | `string` | n/a | yes |
-| asso-eip | Whether to associate Elastic IP | `bool` | n/a | yes |
-| asso-public-ip | Whether to associate ephemeral public IP | `bool` | n/a | yes |
-| create-ssh-key | Set true to create ssh key and store on secret manager | `bool` | `false` | no |
-| data-volumes | Attach additional data volumes | map(object({
size = number
type = string
})) | n/a | yes |
-| delete-on-termination | Whether to delete volumes on termination | `bool` | `true` | no |
-| disable\_secure\_idmsv2 | If set to true, the insecure IDMSv1 will be used. | `bool` | `false` | no |
-| ebs-encrypted | Whether to enable EBS encryption | `bool` | `true` | no |
-| enable-detail-monitoring | Set true to enable detail monitoring | `bool` | `false` | no |
-| enable-termination-protection | Whether to enable prevent accidential deletion of instance | `bool` | `false` | no |
-| instance-name | Name of ec2 instance | `string` | n/a | yes |
-| instance-profile | Ec2 instance profile name | `string` | `""` | no |
-| instance-type | Instance type | `string` | n/a | yes |
-| key-name | Instance ssh key name | `string` | `""` | no |
-| kms-key-id | Disk encryption KMS key id | `string` | n/a | yes |
-| private-ip | Specify private IP to be used on this instance | `string` | `null` | no |
-| root-volume-size | Size of root volume | `number` | n/a | yes |
-| root-volume-type | Root volume type | `string` | `"gp3"` | no |
-| security-groups | List of security groups for Ec2 instance | `list(string)` | n/a | yes |
-| spot-max-price | Max hourly price for spot instance. If greater than zero, spot instance will be used. | `number` | `0` | no |
-| subnet-id | Id of subnet to deploy Ec2 instance to | `string` | n/a | yes |
-| user-data | Ec2 user-data | `string` | `""` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| ec2-id-ip | Ec2 instance id and private ip |
-| elastic-ip | Ec2 instance EIP |
-| instance-id | Ec2 instance id |
-| private-ip | Ec2 instance private IP |
-| public-ip | Ec2 instance ephemeral public IP |
-| ssh-key-name | Ec2 instance ssh key name |
-| ssh-key-secret-arn | Secretsmanager arn for ec2 instance ssh key |
-
----
-## Authorship
-This module was developed by xpk.
\ No newline at end of file
diff --git a/modules/compute/ec2_default_tags/main.tf b/modules/compute/ec2_default_tags/main.tf
deleted file mode 100644
index 68b59e0..0000000
--- a/modules/compute/ec2_default_tags/main.tf
+++ /dev/null
@@ -1,125 +0,0 @@
-resource "aws_instance" "ec2-instance" {
- ami = var.ami-id
- instance_type = var.instance-type
- associate_public_ip_address = var.asso-public-ip
- // availability_zone = var.az
- iam_instance_profile = var.instance-profile
- key_name = var.create-ssh-key ? aws_key_pair.this[0].key_name : var.key-name
- private_ip = var.private-ip
- root_block_device {
- encrypted = var.ebs-encrypted
- volume_size = var.root-volume-size
- volume_type = var.root-volume-type
- kms_key_id = var.kms-key-id
- delete_on_termination = var.delete-on-termination
- }
- ebs_optimized = true
- subnet_id = var.subnet-id
- vpc_security_group_ids = var.security-groups
-
- # IMDSv2 requirement
- dynamic "metadata_options" {
- for_each = var.disable_secure_idmsv2 == false ? { set_idmsv2 : true } : {}
- content {
- http_endpoint = "enabled"
- http_tokens = "required"
- http_put_response_hop_limit = 2
- }
- }
-
- # spot instance option
- dynamic "instance_market_options" {
- for_each = var.spot-max-price > 0 ? { use_spot : true } : {}
- content {
- market_type = "spot"
-
- dynamic "spot_options" {
- for_each = { use_spot : true }
- content {
- max_price = var.spot-max-price
- }
- }
- }
- }
-
- disable_api_termination = var.enable-termination-protection
- user_data = var.user-data
- monitoring = var.enable-detail-monitoring
-
- tags = merge(var.additional-tags, { "Name" : var.instance-name })
- volume_tags = merge({ "Name" : "${var.instance-name}-root" }, data.aws_default_tags.this.tags)
-
- # do not redeploy instance when a new ami is released
- lifecycle {
- ignore_changes = [ami]
- }
-}
-
-resource "aws_ebs_volume" "data-volumes" {
- for_each = var.data-volumes
- availability_zone = aws_instance.ec2-instance.availability_zone
- size = each.value["size"]
- type = each.value["type"]
- iops = try(each.value["iops"], null)
- kms_key_id = aws_instance.ec2-instance.root_block_device[0].kms_key_id
- encrypted = aws_instance.ec2-instance.root_block_device[0].encrypted
- tags = merge(
- { Name : "${var.instance-name}-${each.key}" },
- data.aws_default_tags.this.tags
- )
-}
-
-locals {
- a_to_z = split(",", "a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z")
-}
-
-
-resource "aws_volume_attachment" "data-volume-attachments" {
- count = length(aws_ebs_volume.data-volumes)
- volume_id = [for v in aws_ebs_volume.data-volumes : v.id][count.index]
- instance_id = aws_instance.ec2-instance.id
- device_name = "/dev/xvda${element(local.a_to_z, count.index)}"
-}
-
-
-resource "aws_eip" "ec2-eip" {
- count = var.asso-eip ? 1 : 0
- instance = aws_instance.ec2-instance.id
- domain = "vpc"
-}
-
-resource "tls_private_key" "this" {
- count = var.create-ssh-key ? 1 : 0
- algorithm = "ED25519"
-}
-
-resource "aws_key_pair" "this" {
- count = var.create-ssh-key ? 1 : 0
- key_name = "${var.instance-name}-sshkey"
- public_key = tls_private_key.this[0].public_key_openssh
-}
-
-resource "random_id" "this" {
- byte_length = 2
-}
-
-resource "aws_secretsmanager_secret" "this" {
- count = var.create-ssh-key ? 1 : 0
- name = "${var.instance-name}-sshkey-${random_id.this.dec}"
- description = "Private key for ${aws_instance.ec2-instance.id}"
-}
-
-resource "aws_secretsmanager_secret_version" "this" {
- count = var.create-ssh-key ? 1 : 0
- secret_id = aws_secretsmanager_secret.this[0].id
- secret_string = tls_private_key.this[0].private_key_openssh
-}
-
-data "aws_default_tags" "this" {
- lifecycle {
- postcondition {
- condition = length(self.tags) >= 1
- error_message = "Validation failed: Provider default_tags not set."
- }
- }
-}
\ No newline at end of file
diff --git a/modules/compute/ec2_default_tags/outputs.tf b/modules/compute/ec2_default_tags/outputs.tf
deleted file mode 100644
index 086faa7..0000000
--- a/modules/compute/ec2_default_tags/outputs.tf
+++ /dev/null
@@ -1,37 +0,0 @@
-output "ec2-id-ip" {
- description = "Ec2 instance id and private ip"
- value = {
- instance-id = aws_instance.ec2-instance.id
- private-ip = aws_instance.ec2-instance.private_ip
- }
-}
-
-output "instance-id" {
- description = "Ec2 instance id"
- value = aws_instance.ec2-instance.id
-}
-
-output "private-ip" {
- description = "Ec2 instance private IP"
- value = aws_instance.ec2-instance.private_ip
-}
-
-output "ssh-key-name" {
- description = "Ec2 instance ssh key name"
- value = var.create-ssh-key ? aws_key_pair.this[0].key_name : var.key-name
-}
-
-output "ssh-key-secret-arn" {
- description = "Secretsmanager arn for ec2 instance ssh key"
- value = var.create-ssh-key ? aws_secretsmanager_secret.this[0].arn : null
-}
-
-output "elastic-ip" {
- description = "Ec2 instance EIP"
- value = var.asso-eip ? aws_eip.ec2-eip[0].public_ip : null
-}
-
-output "public-ip" {
- description = "Ec2 instance ephemeral public IP"
- value = var.asso-public-ip ? aws_instance.ec2-instance.public_ip : null
-}
\ No newline at end of file
diff --git a/modules/compute/ec2_default_tags/variable.tf b/modules/compute/ec2_default_tags/variable.tf
deleted file mode 100644
index d13803e..0000000
--- a/modules/compute/ec2_default_tags/variable.tf
+++ /dev/null
@@ -1,107 +0,0 @@
-variable "instance-type" {
- type = string
- description = "Instance type"
-}
-variable "ami-id" {
- type = string
- description = "Image id of EC2 instance"
-}
-variable "asso-public-ip" {
- type = bool
- description = "Whether to associate ephemeral public IP"
-}
-variable "instance-profile" {
- type = string
- default = ""
- description = "Ec2 instance profile name"
-}
-variable "key-name" {
- type = string
- description = "Instance ssh key name"
- default = ""
-}
-variable "ebs-encrypted" {
- type = bool
- default = true
- description = "Whether to enable EBS encryption"
-}
-variable "root-volume-size" {
- type = number
- description = "Size of root volume"
-}
-variable "root-volume-type" {
- type = string
- default = "gp3"
- description = "Root volume type"
-}
-variable "kms-key-id" {
- type = string
- description = "Disk encryption KMS key id"
-}
-variable "delete-on-termination" {
- type = bool
- default = true
- description = "Whether to delete volumes on termination"
-}
-variable "subnet-id" {
- type = string
- description = "Id of subnet to deploy Ec2 instance to"
-}
-variable "security-groups" {
- type = list(string)
- description = "List of security groups for Ec2 instance"
-}
-variable "instance-name" {
- type = string
- description = "Name of ec2 instance"
-}
-variable "asso-eip" {
- type = bool
- description = "Whether to associate Elastic IP"
-}
-variable "data-volumes" {
- type = map(object({
- size = number
- type = string
- }))
- description = "Attach additional data volumes"
-}
-variable "private-ip" {
- type = string
- default = null
- description = "Specify private IP to be used on this instance"
-}
-variable "additional-tags" {
- type = map(string)
- description = "Additional tags to be assigned on top of provider default tags. Useful for setting backup tags."
-}
-variable "disable_secure_idmsv2" {
- type = bool
- default = false
- description = "If set to true, the insecure IDMSv1 will be used."
-}
-variable "enable-termination-protection" {
- type = bool
- default = false
- description = "Whether to enable prevent accidential deletion of instance"
-}
-variable "user-data" {
- type = string
- default = ""
- description = "Ec2 user-data"
-}
-variable "enable-detail-monitoring" {
- type = bool
- default = false
- description = "Set true to enable detail monitoring"
-}
-variable "spot-max-price" {
- type = number
- description = "Max hourly price for spot instance. If greater than zero, spot instance will be used."
- default = 0
-}
-variable "create-ssh-key" {
- type = bool
- default = false
- description = "Set true to create ssh key and store on secret manager"
-}
\ No newline at end of file