xpk/terraform.aws-baseline-infra
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

UPD: removed ec2_default_tags module and replaced with ec2

Browse Source
This commit is contained in:
xpk 2024-05-31 20:37:39 +08:00
parent 2dc48ead66
commit 8f88d2da6f
Signed by: xpk
GPG Key ID: CD4FF6793F09AB86
9 changed files with 279 additions and 436 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
modules/compute/ec2/README.md
View File

@ -1,45 +1,78 @@
# ec2 module <!-- This readme file is generated with terraform-docs -->
This module deploys EC2 instance. ## Requirements
# Input | Name | Version |
Below is a sample config in the root module, which shows all of the inputs |------|---------|
``` | terraform | >= 1.3.0 |
module "deployer-ec2" { | aws | ~> 5.35.0 |
source = "../../../../whk1-bea-sys-ss-dev-codecommit-sharedmodules/Compute/ec2"
ami-id = data.aws_ami.al2-ami.id ## Providers
asso-eip = false
asso-public-ip = false
default-tags = local.default_tags
ebs-encrypted = true
instance-name = "whk1-bea-sys-ss-${var.environment}-test"
instance-type = "t3.micro"
key-name = aws_key_pair.deployer-sshkey.key_name
kms-key-id = var.kms-key-arn
root-volume-size = "15"
security-groups = [aws_security_group.deployer-sg.id]
subnet-id = var.subnet-id
instance-profile = "example-instanec-profile"
additional_tags = {
"AwsBackup" : "Daily14"
"ssm-patching" : "group1"
}
data-volumes = {
volume1 = {
size : "10"
type : "gp3"
}
}
}
```
# Outputs | Name | Version |
| Name | Value | |------|---------|
| - | - | | aws | ~> 5.35.0 |
| instance-id | Instance ID | | random | n/a |
| private-ip | Private IP of instance | | tls | n/a |
# Limitation ## Modules
Up to 26 data volumes can be attached to the ec2 instance. To attach even more volumes, please do it in
your root module
No modules.
## Resources
| Name | Type |
|------|------|
| [aws_ebs_volume.data-volumes](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ebs_volume) | resource |
| [aws_eip.ec2-eip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |
| [aws_instance.ec2-instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource |
| [aws_key_pair.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/key_pair) | resource |
| [aws_secretsmanager_secret.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |
| [aws_secretsmanager_secret_version.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
| [aws_volume_attachment.data-volume-attachments](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/volume_attachment) | resource |
| [random_id.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
| [tls_private_key.this](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
| [aws_default_tags.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/default_tags) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| additional-tags | Additional tags to be assigned on top of provider default tags. Useful for setting backup tags. | `map(string)` | n/a | yes |
| ami-id | Image id of EC2 instance | `string` | n/a | yes |
| asso-eip | Whether to associate Elastic IP | `bool` | n/a | yes |
| asso-public-ip | Whether to associate ephemeral public IP | `bool` | n/a | yes |
| create-ssh-key | Set true to create ssh key and store on secret manager | `bool` | `false` | no |
| data-volumes | Attach additional data volumes | <pre>map(object({<br> size = number<br> type = string<br> }))</pre> | n/a | yes |
| delete-on-termination | Whether to delete volumes on termination | `bool` | `true` | no |
| disable\_secure\_idmsv2 | If set to true, the insecure IDMSv1 will be used. | `bool` | `false` | no |
| ebs-encrypted | Whether to enable EBS encryption | `bool` | `true` | no |
| enable-detail-monitoring | Set true to enable detail monitoring | `bool` | `false` | no |
| enable-termination-protection | Whether to enable prevent accidential deletion of instance | `bool` | `false` | no |
| instance-name | Name of ec2 instance | `string` | n/a | yes |
| instance-profile | Ec2 instance profile name | `string` | `""` | no |
| instance-type | Instance type | `string` | n/a | yes |
| key-name | Instance ssh key name | `string` | `""` | no |
| kms-key-id | Disk encryption KMS key id | `string` | n/a | yes |
| private-ip | Specify private IP to be used on this instance | `string` | `null` | no |
| root-volume-size | Size of root volume | `number` | n/a | yes |
| root-volume-type | Root volume type | `string` | `"gp3"` | no |
| security-groups | List of security groups for Ec2 instance | `list(string)` | n/a | yes |
| spot-max-price | Max hourly price for spot instance. If greater than zero, spot instance will be used. | `number` | `0` | no |
| subnet-id | Id of subnet to deploy Ec2 instance to | `string` | n/a | yes |
| user-data | Ec2 user-data | `string` | `""` | no |
## Outputs
| Name | Description |
|------|-------------|
| ec2-id-ip | Ec2 instance id and private ip |
| elastic-ip | Ec2 instance EIP |
| instance-id | Ec2 instance id |
| private-ip | Ec2 instance private IP |
| public-ip | Ec2 instance ephemeral public IP |
| ssh-key-name | Ec2 instance ssh key name |
| ssh-key-secret-arn | Secretsmanager arn for ec2 instance ssh key |
---
## Authorship
This module was developed by xpk.

89
modules/compute/ec2/main.tf
View File

@ -4,7 +4,7 @@ resource "aws_instance" "ec2-instance" {
associate_public_ip_address = var.asso-public-ip associate_public_ip_address = var.asso-public-ip
// availability_zone = var.az // availability_zone = var.az
iam_instance_profile = var.instance-profile iam_instance_profile = var.instance-profile
key_name = var.key-name key_name = var.create-ssh-key ? aws_key_pair.this[0].key_name : var.key-name
private_ip = var.private-ip private_ip = var.private-ip
root_block_device { root_block_device {
encrypted = var.ebs-encrypted encrypted = var.ebs-encrypted
@ -16,32 +16,60 @@ resource "aws_instance" "ec2-instance" {
ebs_optimized = true ebs_optimized = true
subnet_id = var.subnet-id subnet_id = var.subnet-id
vpc_security_group_ids = var.security-groups vpc_security_group_ids = var.security-groups
tags = merge(var.additional_tags, var.default-tags,
{ Name = var.instance-name }
)
volume_tags = merge(var.additional_tags, var.default-tags,
{ Name = var.instance-name }
)
# IMDSv2 requirement # IMDSv2 requirement
metadata_options { dynamic "metadata_options" {
for_each = var.disable_secure_idmsv2 == false ? { set_idmsv2 : true } : {}
content {
http_endpoint = "enabled" http_endpoint = "enabled"
http_tokens = "required" http_tokens = "required"
http_put_response_hop_limit = 2 http_put_response_hop_limit = 2
} }
} }
# spot instance option
dynamic "instance_market_options" {
for_each = var.spot-max-price > 0 ? { use_spot : true } : {}
content {
market_type = "spot"
dynamic "spot_options" {
for_each = { use_spot : true }
content {
max_price = var.spot-max-price
}
}
}
}
disable_api_termination = var.enable-termination-protection
user_data = var.user-data
monitoring = var.enable-detail-monitoring
tags = merge(var.additional-tags, { "Name" : var.instance-name })
volume_tags = merge({ "Name" : "${var.instance-name}-root" }, data.aws_default_tags.this.tags)
# do not redeploy instance when a new ami is released
lifecycle {
ignore_changes = [ami]
}
}
resource "aws_ebs_volume" "data-volumes" { resource "aws_ebs_volume" "data-volumes" {
for_each = var.data-volumes for_each = var.data-volumes
availability_zone = aws_instance.ec2-instance.availability_zone availability_zone = aws_instance.ec2-instance.availability_zone
size = each.value["size"] size = each.value["size"]
type = each.value["type"] type = each.value["type"]
iops = try(each.value["iops"], null)
kms_key_id = aws_instance.ec2-instance.root_block_device[0].kms_key_id kms_key_id = aws_instance.ec2-instance.root_block_device[0].kms_key_id
encrypted = aws_instance.ec2-instance.root_block_device[0].encrypted encrypted = aws_instance.ec2-instance.root_block_device[0].encrypted
tags = merge(var.default-tags, { "Name" : "${var.instance-name}-${each.key}" }) tags = merge(
{ Name : "${var.instance-name}-${each.key}" },
data.aws_default_tags.this.tags
)
} }
locals { locals {
# limited to 26 volumes
a_to_z = split(",", "a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z") a_to_z = split(",", "a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z")
} }
@ -57,8 +85,41 @@ resource "aws_volume_attachment" "data-volume-attachments" {
resource "aws_eip" "ec2-eip" { resource "aws_eip" "ec2-eip" {
count = var.asso-eip ? 1 : 0 count = var.asso-eip ? 1 : 0
instance = aws_instance.ec2-instance.id instance = aws_instance.ec2-instance.id
vpc = true domain = "vpc"
tags = merge(var.default-tags, }
{ Name = var.instance-name }
) resource "tls_private_key" "this" {
count = var.create-ssh-key ? 1 : 0
algorithm = "ED25519"
}
resource "aws_key_pair" "this" {
count = var.create-ssh-key ? 1 : 0
key_name = "${var.instance-name}-sshkey"
public_key = tls_private_key.this[0].public_key_openssh
}
resource "random_id" "this" {
byte_length = 2
}
resource "aws_secretsmanager_secret" "this" {
count = var.create-ssh-key ? 1 : 0
name = "${var.instance-name}-sshkey-${random_id.this.dec}"
description = "Private key for ${aws_instance.ec2-instance.id}"
}
resource "aws_secretsmanager_secret_version" "this" {
count = var.create-ssh-key ? 1 : 0
secret_id = aws_secretsmanager_secret.this[0].id
secret_string = tls_private_key.this[0].private_key_openssh
}
data "aws_default_tags" "this" {
lifecycle {
postcondition {
condition = length(self.tags) >= 1
error_message = "Validation failed: Provider default_tags not set."
}
}
} }

30
modules/compute/ec2/outputs.tf
View File

@ -1,13 +1,37 @@
output ec2-id-ip { output "ec2-id-ip" {
description = "Ec2 instance id and private ip"
value = { value = {
instance-id = aws_instance.ec2-instance.id instance-id = aws_instance.ec2-instance.id
private-ip = aws_instance.ec2-instance.private_ip private-ip = aws_instance.ec2-instance.private_ip
} }
} }
output instance-id {
output "instance-id" {
description = "Ec2 instance id"
value = aws_instance.ec2-instance.id value = aws_instance.ec2-instance.id
} }
output private-ip { output "private-ip" {
description = "Ec2 instance private IP"
value = aws_instance.ec2-instance.private_ip value = aws_instance.ec2-instance.private_ip
} }
output "ssh-key-name" {
description = "Ec2 instance ssh key name"
value = var.create-ssh-key ? aws_key_pair.this[0].key_name : var.key-name
}
output "ssh-key-secret-arn" {
description = "Secretsmanager arn for ec2 instance ssh key"
value = var.create-ssh-key ? aws_secretsmanager_secret.this[0].arn : null
}
output "elastic-ip" {
description = "Ec2 instance EIP"
value = var.asso-eip ? aws_eip.ec2-eip[0].public_ip : null
}
output "public-ip" {
description = "Ec2 instance ephemeral public IP"
value = var.asso-public-ip ? aws_instance.ec2-instance.public_ip : null
}

0
modules/compute/ec2_default_tags/provider.tf → modules/compute/ec2/provider.tf
View File

100
modules/compute/ec2/variable.tf
View File

@ -1,35 +1,107 @@
variable "instance-type" {} variable "instance-type" {
variable "ami-id" {} type = string
variable "asso-public-ip" {} description = "Instance type"
// variable az {} }
variable "ami-id" {
type = string
description = "Image id of EC2 instance"
}
variable "asso-public-ip" {
type = bool
description = "Whether to associate ephemeral public IP"
}
variable "instance-profile" { variable "instance-profile" {
type = string type = string
default = "" default = ""
description = "Ec2 instance profile name"
}
variable "key-name" {
type = string
description = "Instance ssh key name"
default = ""
}
variable "ebs-encrypted" {
type = bool
default = true
description = "Whether to enable EBS encryption"
}
variable "root-volume-size" {
type = number
description = "Size of root volume"
} }
variable "key-name" {}
variable "ebs-encrypted" {}
variable "root-volume-size" {}
variable "root-volume-type" { variable "root-volume-type" {
type = string type = string
default = "gp3" default = "gp3"
description = "Root volume type"
}
variable "kms-key-id" {
type = string
description = "Disk encryption KMS key id"
} }
variable "kms-key-id" {}
variable "delete-on-termination" { variable "delete-on-termination" {
type = bool type = bool
default = true default = true
description = "Whether to delete volumes on termination"
}
variable "subnet-id" {
type = string
description = "Id of subnet to deploy Ec2 instance to"
} }
variable "subnet-id" {}
variable "security-groups" { variable "security-groups" {
type = list(any) type = list(string)
description = "List of security groups for Ec2 instance"
}
variable "instance-name" {
type = string
description = "Name of ec2 instance"
} }
variable "instance-name" {}
variable "additional_tags" {}
variable "asso-eip" { variable "asso-eip" {
type = bool type = bool
description = "Whether to associate Elastic IP"
}
variable "data-volumes" {
type = map(object({
size = number
type = string
}))
description = "Attach additional data volumes"
} }
variable "default-tags" {}
variable "data-volumes" {}
variable "private-ip" { variable "private-ip" {
type = string type = string
default = null default = null
description = "Specify private IP to be used on this instance"
}
variable "additional-tags" {
type = map(string)
description = "Additional tags to be assigned on top of provider default tags. Useful for setting backup tags."
}
variable "disable_secure_idmsv2" {
type = bool
default = false
description = "If set to true, the insecure IDMSv1 will be used."
}
variable "enable-termination-protection" {
type = bool
default = false
description = "Whether to enable prevent accidential deletion of instance"
}
variable "user-data" {
type = string
default = ""
description = "Ec2 user-data"
}
variable "enable-detail-monitoring" {
type = bool
default = false
description = "Set true to enable detail monitoring"
}
variable "spot-max-price" {
type = number
description = "Max hourly price for spot instance. If greater than zero, spot instance will be used."
default = 0
}
variable "create-ssh-key" {
type = bool
default = false
description = "Set true to create ssh key and store on secret manager"
} }

78
modules/compute/ec2_default_tags/README.md
View File

@ -1,78 +0,0 @@
<!-- This readme file is generated with terraform-docs -->
## Requirements
| Name | Version |
|------|---------|
| terraform | >= 1.3.0 |
| aws | ~> 5.35.0 |
## Providers
| Name | Version |
|------|---------|
| aws | ~> 5.35.0 |
| random | n/a |
| tls | n/a |
## Modules
No modules.
## Resources
| Name | Type |
|------|------|
| [aws_ebs_volume.data-volumes](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ebs_volume) | resource |
| [aws_eip.ec2-eip](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |
| [aws_instance.ec2-instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource |
| [aws_key_pair.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/key_pair) | resource |
| [aws_secretsmanager_secret.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |
| [aws_secretsmanager_secret_version.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
| [aws_volume_attachment.data-volume-attachments](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/volume_attachment) | resource |
| [random_id.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
| [tls_private_key.this](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
| [aws_default_tags.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/default_tags) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| additional-tags | Additional tags to be assigned on top of provider default tags. Useful for setting backup tags. | `map(string)` | n/a | yes |
| ami-id | Image id of EC2 instance | `string` | n/a | yes |
| asso-eip | Whether to associate Elastic IP | `bool` | n/a | yes |
| asso-public-ip | Whether to associate ephemeral public IP | `bool` | n/a | yes |
| create-ssh-key | Set true to create ssh key and store on secret manager | `bool` | `false` | no |
| data-volumes | Attach additional data volumes | <pre>map(object({<br> size = number<br> type = string<br> }))</pre> | n/a | yes |
| delete-on-termination | Whether to delete volumes on termination | `bool` | `true` | no |
| disable\_secure\_idmsv2 | If set to true, the insecure IDMSv1 will be used. | `bool` | `false` | no |
| ebs-encrypted | Whether to enable EBS encryption | `bool` | `true` | no |
| enable-detail-monitoring | Set true to enable detail monitoring | `bool` | `false` | no |
| enable-termination-protection | Whether to enable prevent accidential deletion of instance | `bool` | `false` | no |
| instance-name | Name of ec2 instance | `string` | n/a | yes |
| instance-profile | Ec2 instance profile name | `string` | `""` | no |
| instance-type | Instance type | `string` | n/a | yes |
| key-name | Instance ssh key name | `string` | `""` | no |
| kms-key-id | Disk encryption KMS key id | `string` | n/a | yes |
| private-ip | Specify private IP to be used on this instance | `string` | `null` | no |
| root-volume-size | Size of root volume | `number` | n/a | yes |
| root-volume-type | Root volume type | `string` | `"gp3"` | no |
| security-groups | List of security groups for Ec2 instance | `list(string)` | n/a | yes |
| spot-max-price | Max hourly price for spot instance. If greater than zero, spot instance will be used. | `number` | `0` | no |
| subnet-id | Id of subnet to deploy Ec2 instance to | `string` | n/a | yes |
| user-data | Ec2 user-data | `string` | `""` | no |
## Outputs
| Name | Description |
|------|-------------|
| ec2-id-ip | Ec2 instance id and private ip |
| elastic-ip | Ec2 instance EIP |
| instance-id | Ec2 instance id |
| private-ip | Ec2 instance private IP |
| public-ip | Ec2 instance ephemeral public IP |
| ssh-key-name | Ec2 instance ssh key name |
| ssh-key-secret-arn | Secretsmanager arn for ec2 instance ssh key |
---
## Authorship
This module was developed by xpk.

125
modules/compute/ec2_default_tags/main.tf
View File

@ -1,125 +0,0 @@
resource "aws_instance" "ec2-instance" {
ami = var.ami-id
instance_type = var.instance-type
associate_public_ip_address = var.asso-public-ip
// availability_zone = var.az
iam_instance_profile = var.instance-profile
key_name = var.create-ssh-key ? aws_key_pair.this[0].key_name : var.key-name
private_ip = var.private-ip
root_block_device {
encrypted = var.ebs-encrypted
volume_size = var.root-volume-size
volume_type = var.root-volume-type
kms_key_id = var.kms-key-id
delete_on_termination = var.delete-on-termination
}
ebs_optimized = true
subnet_id = var.subnet-id
vpc_security_group_ids = var.security-groups
# IMDSv2 requirement
dynamic "metadata_options" {
for_each = var.disable_secure_idmsv2 == false ? { set_idmsv2 : true } : {}
content {
http_endpoint = "enabled"
http_tokens = "required"
http_put_response_hop_limit = 2
}
}
# spot instance option
dynamic "instance_market_options" {
for_each = var.spot-max-price > 0 ? { use_spot : true } : {}
content {
market_type = "spot"
dynamic "spot_options" {
for_each = { use_spot : true }
content {
max_price = var.spot-max-price
}
}
}
}
disable_api_termination = var.enable-termination-protection
user_data = var.user-data
monitoring = var.enable-detail-monitoring
tags = merge(var.additional-tags, { "Name" : var.instance-name })
volume_tags = merge({ "Name" : "${var.instance-name}-root" }, data.aws_default_tags.this.tags)
# do not redeploy instance when a new ami is released
lifecycle {
ignore_changes = [ami]
}
}
resource "aws_ebs_volume" "data-volumes" {
for_each = var.data-volumes
availability_zone = aws_instance.ec2-instance.availability_zone
size = each.value["size"]
type = each.value["type"]
iops = try(each.value["iops"], null)
kms_key_id = aws_instance.ec2-instance.root_block_device[0].kms_key_id
encrypted = aws_instance.ec2-instance.root_block_device[0].encrypted
tags = merge(
{ Name : "${var.instance-name}-${each.key}" },
data.aws_default_tags.this.tags
)
}
locals {
a_to_z = split(",", "a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z")
}
resource "aws_volume_attachment" "data-volume-attachments" {
count = length(aws_ebs_volume.data-volumes)
volume_id = [for v in aws_ebs_volume.data-volumes : v.id][count.index]
instance_id = aws_instance.ec2-instance.id
device_name = "/dev/xvda${element(local.a_to_z, count.index)}"
}
resource "aws_eip" "ec2-eip" {
count = var.asso-eip ? 1 : 0
instance = aws_instance.ec2-instance.id
domain = "vpc"
}
resource "tls_private_key" "this" {
count = var.create-ssh-key ? 1 : 0
algorithm = "ED25519"
}
resource "aws_key_pair" "this" {
count = var.create-ssh-key ? 1 : 0
key_name = "${var.instance-name}-sshkey"
public_key = tls_private_key.this[0].public_key_openssh
}
resource "random_id" "this" {
byte_length = 2
}
resource "aws_secretsmanager_secret" "this" {
count = var.create-ssh-key ? 1 : 0
name = "${var.instance-name}-sshkey-${random_id.this.dec}"
description = "Private key for ${aws_instance.ec2-instance.id}"
}
resource "aws_secretsmanager_secret_version" "this" {
count = var.create-ssh-key ? 1 : 0
secret_id = aws_secretsmanager_secret.this[0].id
secret_string = tls_private_key.this[0].private_key_openssh
}
data "aws_default_tags" "this" {
lifecycle {
postcondition {
condition = length(self.tags) >= 1
error_message = "Validation failed: Provider default_tags not set."
}
}
}

37
modules/compute/ec2_default_tags/outputs.tf
View File

@ -1,37 +0,0 @@
output "ec2-id-ip" {
description = "Ec2 instance id and private ip"
value = {
instance-id = aws_instance.ec2-instance.id
private-ip = aws_instance.ec2-instance.private_ip
}
}
output "instance-id" {
description = "Ec2 instance id"
value = aws_instance.ec2-instance.id
}
output "private-ip" {
description = "Ec2 instance private IP"
value = aws_instance.ec2-instance.private_ip
}
output "ssh-key-name" {
description = "Ec2 instance ssh key name"
value = var.create-ssh-key ? aws_key_pair.this[0].key_name : var.key-name
}
output "ssh-key-secret-arn" {
description = "Secretsmanager arn for ec2 instance ssh key"
value = var.create-ssh-key ? aws_secretsmanager_secret.this[0].arn : null
}
output "elastic-ip" {
description = "Ec2 instance EIP"
value = var.asso-eip ? aws_eip.ec2-eip[0].public_ip : null
}
output "public-ip" {
description = "Ec2 instance ephemeral public IP"
value = var.asso-public-ip ? aws_instance.ec2-instance.public_ip : null
}

107
modules/compute/ec2_default_tags/variable.tf
View File

@ -1,107 +0,0 @@
variable "instance-type" {
type = string
description = "Instance type"
}
variable "ami-id" {
type = string
description = "Image id of EC2 instance"
}
variable "asso-public-ip" {
type = bool
description = "Whether to associate ephemeral public IP"
}
variable "instance-profile" {
type = string
default = ""
description = "Ec2 instance profile name"
}
variable "key-name" {
type = string
description = "Instance ssh key name"
default = ""
}
variable "ebs-encrypted" {
type = bool
default = true
description = "Whether to enable EBS encryption"
}
variable "root-volume-size" {
type = number
description = "Size of root volume"
}
variable "root-volume-type" {
type = string
default = "gp3"
description = "Root volume type"
}
variable "kms-key-id" {
type = string
description = "Disk encryption KMS key id"
}
variable "delete-on-termination" {
type = bool
default = true
description = "Whether to delete volumes on termination"
}
variable "subnet-id" {
type = string
description = "Id of subnet to deploy Ec2 instance to"
}
variable "security-groups" {
type = list(string)
description = "List of security groups for Ec2 instance"
}
variable "instance-name" {
type = string
description = "Name of ec2 instance"
}
variable "asso-eip" {
type = bool
description = "Whether to associate Elastic IP"
}
variable "data-volumes" {
type = map(object({
size = number
type = string
}))
description = "Attach additional data volumes"
}
variable "private-ip" {
type = string
default = null
description = "Specify private IP to be used on this instance"
}
variable "additional-tags" {
type = map(string)
description = "Additional tags to be assigned on top of provider default tags. Useful for setting backup tags."
}
variable "disable_secure_idmsv2" {
type = bool
default = false
description = "If set to true, the insecure IDMSv1 will be used."
}
variable "enable-termination-protection" {
type = bool
default = false
description = "Whether to enable prevent accidential deletion of instance"
}
variable "user-data" {
type = string
default = ""
description = "Ec2 user-data"
}
variable "enable-detail-monitoring" {
type = bool
default = false
description = "Set true to enable detail monitoring"
}
variable "spot-max-price" {
type = number
description = "Max hourly price for spot instance. If greater than zero, spot instance will be used."
default = 0
}
variable "create-ssh-key" {
type = bool
default = false
description = "Set true to create ssh key and store on secret manager"
}