From f9e708fbe01945294135a3f10397ccfa037a5edd Mon Sep 17 00:00:00 2001 From: Jordan Severance Date: Mon, 10 Mar 2025 10:32:25 -0700 Subject: [PATCH 1/3] SCE-345 - key pair creation, default IAM instance profile --- examples/customizations/main.tf | 17 +++++++++++++++++ examples/customizations/versions.tf | 14 ++++++++++++++ key-pair.tf | 6 ++++++ main.tf | 6 +++--- variables.tf | 2 +- 5 files changed, 41 insertions(+), 4 deletions(-) create mode 100644 examples/customizations/main.tf create mode 100644 examples/customizations/versions.tf create mode 100644 key-pair.tf diff --git a/examples/customizations/main.tf b/examples/customizations/main.tf new file mode 100644 index 0000000..2c4d5ca --- /dev/null +++ b/examples/customizations/main.tf @@ -0,0 +1,17 @@ +module "instance" { + source = "../../" + + name = "example name" + instance_type = "r5.large" + ami = "ami-04426a869f59d0d45" + key_name = "example_key" + vpc_security_group_ids = ["sg-07b4edce8a1a6eb24"] + subnet_id = "subnet-067f45f707b2dc297" + root_block_device = [ + { + encrypted = true + kms_key_id = "arn:aws:kms:us-east-1:521938783116:key/e3203821-6efd-4848-9a8c-50a9990e06cd" + } + ] +} + diff --git a/examples/customizations/versions.tf b/examples/customizations/versions.tf new file mode 100644 index 0000000..db7a12c --- /dev/null +++ b/examples/customizations/versions.tf @@ -0,0 +1,14 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.66" + } + } +} + +provider "aws" { + region = "us-east-1" +} \ No newline at end of file diff --git a/key-pair.tf b/key-pair.tf new file mode 100644 index 0000000..26e82bc --- /dev/null +++ b/key-pair.tf @@ -0,0 +1,6 @@ +module "key-pair" { + source = "app.terraform.io/sccm/key-pair-creation/aws" + version = "0.0.1" + + key_pair_name = var.key_name +} diff --git a/main.tf b/main.tf index 749e67d..051ea89 100644 --- a/main.tf +++ b/main.tf @@ -35,7 +35,7 @@ resource "aws_instance" "this" { subnet_id = var.subnet_id vpc_security_group_ids = var.vpc_security_group_ids - key_name = var.key_name + key_name = module.key-pair.key_pair_name monitoring = var.monitoring get_password_data = var.get_password_data iam_instance_profile = var.create_iam_instance_profile ? aws_iam_instance_profile.this[0].name : var.iam_instance_profile @@ -213,7 +213,7 @@ resource "aws_instance" "ignore_ami" { subnet_id = var.subnet_id vpc_security_group_ids = var.vpc_security_group_ids - key_name = var.key_name + key_name = module.key-pair.key_pair_name monitoring = var.monitoring get_password_data = var.get_password_data iam_instance_profile = var.create_iam_instance_profile ? aws_iam_instance_profile.this[0].name : var.iam_instance_profile @@ -397,7 +397,7 @@ resource "aws_spot_instance_request" "this" { subnet_id = var.subnet_id vpc_security_group_ids = var.vpc_security_group_ids - key_name = var.key_name + key_name = module.key-pair.key_pair_name monitoring = var.monitoring get_password_data = var.get_password_data iam_instance_profile = var.create_iam_instance_profile ? aws_iam_instance_profile.this[0].name : var.iam_instance_profile diff --git a/variables.tf b/variables.tf index 38a1b5b..91d9918 100644 --- a/variables.tf +++ b/variables.tf @@ -109,7 +109,7 @@ variable "host_id" { variable "iam_instance_profile" { description = "IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile" type = string - default = null + default = "EC2DefaultProfile" } variable "instance_initiated_shutdown_behavior" { From c59b3236a338ab2e8b7ad7da008268d64c8b09b8 Mon Sep 17 00:00:00 2001 From: Jordan Severance Date: Mon, 10 Mar 2025 13:05:47 -0700 Subject: [PATCH 2/3] SCE-345 - Standardized name format, AMI OS lookup function update README remove unneeded file --- README.md | 16 +++++++++---- data.tf | 35 +++++++++++++++++++++++++++ examples/customizations/README.md | 30 +++++++++++++++++++++++ examples/customizations/main.tf | 7 +++--- locals.tf | 40 +++++++++++++++++++++++++++++++ main.tf | 30 ++++++----------------- variables.tf | 36 +++++++++++++++++++++++++--- 7 files changed, 161 insertions(+), 33 deletions(-) create mode 100644 data.tf create mode 100644 examples/customizations/README.md create mode 100644 locals.tf diff --git a/README.md b/README.md index e3ee700..ca4e1a7 100644 --- a/README.md +++ b/README.md @@ -173,7 +173,9 @@ The following combinations are supported to conditionally create resources: ## Modules -No modules. +| Name | Source | Version | +|------|--------|---------| +| [key-pair](#module\_key-pair) | app.terraform.io/sccm/key-pair-creation/aws | 0.0.1 | ## Resources @@ -186,6 +188,8 @@ No modules. | [aws_instance.ignore_ami](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource | | [aws_instance.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource | | [aws_spot_instance_request.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/spot_instance_request) | resource | +| [aws_ami.selected](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source | +| [aws_ami.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source | | [aws_iam_policy_document.assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source | | [aws_ssm_parameter.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source | @@ -195,7 +199,9 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [ami](#input\_ami) | ID of AMI to use for the instance | `string` | `null` | no | +| [ami\_os](#input\_ami\_os) | value | `string` | `"override"` | no | | [ami\_ssm\_parameter](#input\_ami\_ssm\_parameter) | SSM parameter name for the AMI ID. For Amazon Linux AMI SSM parameters see [reference](https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-public-parameters-ami.html) | `string` | `"/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2"` | no | +| [application](#input\_application) | Identifier to be added to the resources created which represents the application they belong to | `string` | n/a | yes | | [associate\_public\_ip\_address](#input\_associate\_public\_ip\_address) | Whether to associate a public IP address with an instance in a VPC | `bool` | `null` | no | | [availability\_zone](#input\_availability\_zone) | AZ to start the instance in | `string` | `null` | no | | [capacity\_reservation\_specification](#input\_capacity\_reservation\_specification) | Describes an instance's Capacity Reservation targeting option | `any` | `{}` | no | @@ -215,11 +221,12 @@ No modules. | [eip\_tags](#input\_eip\_tags) | A map of additional tags to add to the eip | `map(string)` | `{}` | no | | [enable\_volume\_tags](#input\_enable\_volume\_tags) | Whether to enable volume tags (if enabled it conflicts with root\_block\_device tags) | `bool` | `true` | no | | [enclave\_options\_enabled](#input\_enclave\_options\_enabled) | Whether Nitro Enclaves will be enabled on the instance. Defaults to `false` | `bool` | `null` | no | +| [environment](#input\_environment) | Application environment (dev, qa, stg, uat, prod) | `string` | n/a | yes | | [ephemeral\_block\_device](#input\_ephemeral\_block\_device) | Customize Ephemeral (also known as Instance Store) volumes on the instance | `list(map(string))` | `[]` | no | | [get\_password\_data](#input\_get\_password\_data) | If true, wait for password data to become available and retrieve it | `bool` | `null` | no | | [hibernation](#input\_hibernation) | If true, the launched EC2 instance will support hibernation | `bool` | `null` | no | | [host\_id](#input\_host\_id) | ID of a dedicated host that the instance will be assigned to. Use when an instance is to be launched on a specific dedicated host | `string` | `null` | no | -| [iam\_instance\_profile](#input\_iam\_instance\_profile) | IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile | `string` | `null` | no | +| [iam\_instance\_profile](#input\_iam\_instance\_profile) | IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile | `string` | `"EC2DefaultProfile"` | no | | [iam\_role\_description](#input\_iam\_role\_description) | Description of the role | `string` | `null` | no | | [iam\_role\_name](#input\_iam\_role\_name) | Name to use on IAM role created | `string` | `null` | no | | [iam\_role\_path](#input\_iam\_role\_path) | IAM role path | `string` | `null` | no | @@ -229,6 +236,7 @@ No modules. | [iam\_role\_use\_name\_prefix](#input\_iam\_role\_use\_name\_prefix) | Determines whether the IAM role name (`iam_role_name` or `name`) is used as a prefix | `bool` | `true` | no | | [ignore\_ami\_changes](#input\_ignore\_ami\_changes) | Whether changes to the AMI ID changes should be ignored by Terraform. Note - changing this value will result in the replacement of the instance | `bool` | `false` | no | | [instance\_initiated\_shutdown\_behavior](#input\_instance\_initiated\_shutdown\_behavior) | Shutdown behavior for the instance. Amazon defaults this to stop for EBS-backed instances and terminate for instance-store instances. Cannot be set on instance-store instance | `string` | `null` | no | +| [instance\_number](#input\_instance\_number) | This is an identifier, not a count | `string` | `"01"` | no | | [instance\_tags](#input\_instance\_tags) | Additional tags for the instance | `map(string)` | `{}` | no | | [instance\_type](#input\_instance\_type) | The type of instance to start | `string` | `"t3.micro"` | no | | [ipv6\_address\_count](#input\_ipv6\_address\_count) | A number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet | `number` | `null` | no | @@ -238,13 +246,13 @@ No modules. | [maintenance\_options](#input\_maintenance\_options) | The maintenance options for the instance | `any` | `{}` | no | | [metadata\_options](#input\_metadata\_options) | Customize the metadata options of the instance | `map(string)` | 
{
  "http_endpoint": "enabled",
  "http_put_response_hop_limit": 1,
  "http_tokens": "optional"
}
| no | | [monitoring](#input\_monitoring) | If true, the launched EC2 instance will have detailed monitoring enabled | `bool` | `null` | no | -| [name](#input\_name) | Name to be used on EC2 instance created | `string` | `""` | no | | [network\_interface](#input\_network\_interface) | Customize network interfaces to be attached at instance boot time | `list(map(string))` | `[]` | no | +| [org](#input\_org) | n/a | `string` | `"sccm"` | no | | [placement\_group](#input\_placement\_group) | The Placement Group to start the instance in | `string` | `null` | no | | [private\_dns\_name\_options](#input\_private\_dns\_name\_options) | Customize the private DNS name options of the instance | `map(string)` | `{}` | no | | [private\_ip](#input\_private\_ip) | Private IP address to associate with the instance in a VPC | `string` | `null` | no | | [putin\_khuylo](#input\_putin\_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no | -| [root\_block\_device](#input\_root\_block\_device) | Customize details about the root block device of the instance. See [Block Devices](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#ebs-ephemeral-and-root-block-devices) for details | `list(any)` | `[]` | no | +| [root\_block\_device](#input\_root\_block\_device) | Customize details about the root block device of the instance. See Block Devices below for details | `list(any)` | `[]` | no | | [secondary\_private\_ips](#input\_secondary\_private\_ips) | A list of secondary private IPv4 addresses to assign to the instance's primary network interface (eth0) in a VPC. Can only be assigned to the primary network interface (eth0) attached at instance creation, not a pre-existing network interface i.e. referenced in a `network_interface block` | `list(string)` | `null` | no | | [source\_dest\_check](#input\_source\_dest\_check) | Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs | `bool` | `null` | no | | [spot\_block\_duration\_minutes](#input\_spot\_block\_duration\_minutes) | The required duration for the Spot instances, in minutes. This value must be a multiple of 60 (60, 120, 180, 240, 300, or 360) | `number` | `null` | no | diff --git a/data.tf b/data.tf new file mode 100644 index 0000000..3cd0159 --- /dev/null +++ b/data.tf @@ -0,0 +1,35 @@ +data "aws_ami" "this" { + count = var.ami == null ? 0 : 1 + filter { + name = "image-id" + values = [var.ami] + } +} + +data "aws_partition" "current" {} + +data "aws_ssm_parameter" "this" { + count = local.create && var.ami == null ? 1 : 0 + + name = var.ami_ssm_parameter +} + +data "aws_ami" "selected" { + count = var.ami_os != "override" ? 1 : 0 + + most_recent = true + owners = ["amazon"] + filter { + name = "name" + values = [local.os_search] + } + filter { + name = "root-device-type" + values = ["ebs"] + } + + filter { + name = "virtualization-type" + values = ["hvm"] + } +} \ No newline at end of file diff --git a/examples/customizations/README.md b/examples/customizations/README.md new file mode 100644 index 0000000..8af4a04 --- /dev/null +++ b/examples/customizations/README.md @@ -0,0 +1,30 @@ + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.0 | +| [aws](#requirement\_aws) | >= 4.66 | + +## Providers + +No providers. + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [instance](#module\_instance) | ../../ | n/a | + +## Resources + +No resources. + +## Inputs + +No inputs. + +## Outputs + +No outputs. + \ No newline at end of file diff --git a/examples/customizations/main.tf b/examples/customizations/main.tf index 2c4d5ca..5d51e2e 100644 --- a/examples/customizations/main.tf +++ b/examples/customizations/main.tf @@ -1,9 +1,10 @@ module "instance" { - source = "../../" + source = "../../" - name = "example name" + application = "exampleapp" + environment = "dev" + ami_os = "Amazon_Linux" instance_type = "r5.large" - ami = "ami-04426a869f59d0d45" key_name = "example_key" vpc_security_group_ids = ["sg-07b4edce8a1a6eb24"] subnet_id = "subnet-067f45f707b2dc297" diff --git a/locals.tf b/locals.tf new file mode 100644 index 0000000..a12e712 --- /dev/null +++ b/locals.tf @@ -0,0 +1,40 @@ +locals { + create = var.create && var.putin_khuylo + is_t_instance_type = replace(var.instance_type, "/^t(2|3|3a|4g){1}\\..*$/", "1") == "1" ? true : false + ami = try(coalesce(var.ami, try(data.aws_ami.selected[0].id, null), try(nonsensitive(data.aws_ssm_parameter.this[0].value), null)), null) + name = "${var.org}_${var.application}_${local.os_abv}_${var.instance_number}${local.env_abv}" + windows_instance = var.ami != null && var.ami_os == "override" ? (data.aws_ami.this[0].platform != "" ? "WIN" : "LX") : "ovr" + env_abv = lookup( + { + dev = "D", + qa = "Q", + stg = "S", + uat = "U", + prod = "P" + }, + var.environment, + var.environment + ) + os_abv = lookup( + { + Windows = "WIN", + Amazon_Linux = "AL", + RHEL = "RHEL", + Ubuntu = "UB", + override = local.windows_instance + }, + var.ami_os, + var.ami_os + ) + os_search = lookup( + { + Windows = "Windows_Server-2025-English-Full-Base-*" + Amazon_Linux = "amzn2-ami-kernel-5.10-hvm-*", + RHEL = "RHEL-9.5.0_HVM-*", + Ubuntu = "ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-server-*", + override = "" + }, + var.ami_os + ) +} + diff --git a/main.tf b/main.tf index 051ea89..31f29ec 100644 --- a/main.tf +++ b/main.tf @@ -1,19 +1,3 @@ -data "aws_partition" "current" {} - -locals { - create = var.create && var.putin_khuylo - - is_t_instance_type = replace(var.instance_type, "/^t(2|3|3a|4g){1}\\..*$/", "1") == "1" ? true : false - - ami = try(coalesce(var.ami, try(nonsensitive(data.aws_ssm_parameter.this[0].value), null)), null) -} - -data "aws_ssm_parameter" "this" { - count = local.create && var.ami == null ? 1 : 0 - - name = var.ami_ssm_parameter -} - ################################################################################ # Instance ################################################################################ @@ -188,8 +172,8 @@ resource "aws_instance" "this" { delete = try(var.timeouts.delete, null) } - tags = merge({ "Name" = var.name }, var.instance_tags, var.tags) - volume_tags = var.enable_volume_tags ? merge({ "Name" = var.name }, var.volume_tags) : null + tags = merge({ "Name" = local.name }, var.instance_tags, var.tags) + volume_tags = var.enable_volume_tags ? merge({ "Name" = local.name }, var.volume_tags) : null } ################################################################################ @@ -366,8 +350,8 @@ resource "aws_instance" "ignore_ami" { delete = try(var.timeouts.delete, null) } - tags = merge({ "Name" = var.name }, var.instance_tags, var.tags) - volume_tags = var.enable_volume_tags ? merge({ "Name" = var.name }, var.volume_tags) : null + tags = merge({ "Name" = local.name }, var.instance_tags, var.tags) + volume_tags = var.enable_volume_tags ? merge({ "Name" = local.name }, var.volume_tags) : null lifecycle { ignore_changes = [ @@ -540,8 +524,8 @@ resource "aws_spot_instance_request" "this" { delete = try(var.timeouts.delete, null) } - tags = merge({ "Name" = var.name }, var.instance_tags, var.tags) - volume_tags = var.enable_volume_tags ? merge({ "Name" = var.name }, var.volume_tags) : null + tags = merge({ "Name" = local.name }, var.instance_tags, var.tags) + volume_tags = var.enable_volume_tags ? merge({ "Name" = local.name }, var.volume_tags) : null } ################################################################################ @@ -549,7 +533,7 @@ resource "aws_spot_instance_request" "this" { ################################################################################ locals { - iam_role_name = try(coalesce(var.iam_role_name, var.name), "") + iam_role_name = try(coalesce(var.iam_role_name, local.name), "") } data "aws_iam_policy_document" "assume_role_policy" { diff --git a/variables.tf b/variables.tf index 91d9918..d4f39b1 100644 --- a/variables.tf +++ b/variables.tf @@ -4,10 +4,29 @@ variable "create" { default = true } -variable "name" { - description = "Name to be used on EC2 instance created" +variable "instance_number" { type = string - default = "" + default = "01" + description = "This is an identifier, not a count" +} + +variable "org" { + type = string + default = "sccm" +} + +variable "application" { + description = "Identifier to be added to the resources created which represents the application they belong to" + type = string +} + +variable "environment" { + type = string + description = "Application environment (dev, qa, stg, uat, prod)" + validation { + condition = contains(["dev", "qa", "stg", "uat", "prod"], var.environment) + error_message = "Valid values for environment: dev, qa, stg, uat, prod" + } } variable "ami_ssm_parameter" { @@ -16,6 +35,16 @@ variable "ami_ssm_parameter" { default = "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2" } +variable "ami_os" { + description = "value" + type = string + default = "override" + validation { + condition = contains(["Windows", "Amazon_Linux", "RHEL", "Ubuntu", "override"], var.ami_os) + error_message = "Valid values for ami_os: Windows, Amazon_Linux, RHEL, Ubuntu, override. If you select override, provide a value for ami variable" + } +} + variable "ami" { description = "ID of AMI to use for the instance" type = string @@ -430,3 +459,4 @@ variable "eip_tags" { type = map(string) default = {} } + From 17276533cf4f92617f7ba11a41dcd027e5c1c920 Mon Sep 17 00:00:00 2001 From: jmaguire Date: Tue, 11 Mar 2025 12:42:57 -0400 Subject: [PATCH 3/3] Update key-pair module call to use latest version. --- README.md | 177 +--------------------------------------------------- key-pair.tf | 2 +- 2 files changed, 2 insertions(+), 177 deletions(-) diff --git a/README.md b/README.md index ca4e1a7..b9342ca 100644 --- a/README.md +++ b/README.md @@ -1,163 +1,3 @@ -# AWS EC2 Instance Terraform module - -Terraform module which creates an EC2 instance on AWS. - -[![SWUbanner](https://raw.githubusercontent.com/vshymanskyy/StandWithUkraine/main/banner2-direct.svg)](https://github.com/vshymanskyy/StandWithUkraine/blob/main/docs/README.md) - -## Usage - -### Single EC2 Instance - -```hcl -module "ec2_instance" { - source = "terraform-aws-modules/ec2-instance/aws" - - name = "single-instance" - - instance_type = "t2.micro" - key_name = "user1" - monitoring = true - vpc_security_group_ids = ["sg-12345678"] - subnet_id = "subnet-eddcdzz4" - - tags = { - Terraform = "true" - Environment = "dev" - } -} -``` - -### Multiple EC2 Instance - -```hcl -module "ec2_instance" { - source = "terraform-aws-modules/ec2-instance/aws" - - for_each = toset(["one", "two", "three"]) - - name = "instance-${each.key}" - - instance_type = "t2.micro" - key_name = "user1" - monitoring = true - vpc_security_group_ids = ["sg-12345678"] - subnet_id = "subnet-eddcdzz4" - - tags = { - Terraform = "true" - Environment = "dev" - } -} -``` - -### Spot EC2 Instance - -```hcl -module "ec2_instance" { - source = "terraform-aws-modules/ec2-instance/aws" - - name = "spot-instance" - - create_spot_instance = true - spot_price = "0.60" - spot_type = "persistent" - - instance_type = "t2.micro" - key_name = "user1" - monitoring = true - vpc_security_group_ids = ["sg-12345678"] - subnet_id = "subnet-eddcdzz4" - - tags = { - Terraform = "true" - Environment = "dev" - } -} -``` - -## Module wrappers - -Users of this Terraform module can create multiple similar resources by using [`for_each` meta-argument within `module` block](https://www.terraform.io/language/meta-arguments/for_each) which became available in Terraform 0.13. - -Users of Terragrunt can achieve similar results by using modules provided in the [wrappers](https://github.com/terraform-aws-modules/terraform-aws-ec2-instance/tree/master/wrappers) directory, if they prefer to reduce amount of configuration files. - -## Examples - -- [Complete EC2 instance](https://github.com/terraform-aws-modules/terraform-aws-ec2-instance/tree/master/examples/complete) -- [EC2 instance w/ private network access via Session Manager](https://github.com/terraform-aws-modules/terraform-aws-ec2-instance/tree/master/examples/session-manager) -- [EC2 instance with EBS volume attachment](https://github.com/terraform-aws-modules/terraform-aws-ec2-instance/tree/master/examples/volume-attachment) - -## Make an encrypted AMI for use - -This module does not support encrypted AMI's out of the box however it is easy enough for you to generate one for use - -This example creates an encrypted image from the latest ubuntu 16.04 base image. - -```hcl -provider "aws" { - region = "us-west-2" -} - -data "aws_ami" "ubuntu" { - most_recent = true - owners = ["679593333241"] - - filter { - name = "name" - values = ["ubuntu-minimal/images/hvm-ssd/ubuntu-focal-20.04-*"] - } - - filter { - name = "virtualization-type" - values = ["hvm"] - } -} - -resource "aws_ami_copy" "ubuntu_encrypted_ami" { - name = "ubuntu-encrypted-ami" - description = "An encrypted root ami based off ${data.aws_ami.ubuntu.id}" - source_ami_id = data.aws_ami.ubuntu.id - source_ami_region = "eu-west-2" - encrypted = true - - tags = { Name = "ubuntu-encrypted-ami" } -} - -data "aws_ami" "encrypted-ami" { - most_recent = true - - filter { - name = "name" - values = [aws_ami_copy.ubuntu_encrypted_ami.id] - } - - owners = ["self"] -} -``` - -## Conditional creation - -The following combinations are supported to conditionally create resources: - -- Disable resource creation (no resources created): - -```hcl - create = false -``` - -- Create spot instance: - -```hcl - create_spot_instance = true -``` - -## Notes - -- `network_interface` can't be specified together with `vpc_security_group_ids`, `associate_public_ip_address`, `subnet_id`. See [complete example](https://github.com/terraform-aws-modules/terraform-aws-ec2-instance/tree/master/examples/complete) for details. -- Changes in `ebs_block_device` argument will be ignored. Use [aws_volume_attachment](https://www.terraform.io/docs/providers/aws/r/volume_attachment.html) resource to attach and detach volumes from AWS EC2 instances. See [this example](https://github.com/terraform-aws-modules/terraform-aws-ec2-instance/tree/master/examples/volume-attachment). -- In regards to spot instances, you must grant the `AWSServiceRoleForEC2Spot` service-linked role access to any custom KMS keys, otherwise your spot request and instances will fail with `bad parameters`. You can see more details about why the request failed by using the awscli and `aws ec2 describe-spot-instance-requests` - - ## Requirements | Name | Version | @@ -175,7 +15,7 @@ The following combinations are supported to conditionally create resources: | Name | Source | Version | |------|--------|---------| -| [key-pair](#module\_key-pair) | app.terraform.io/sccm/key-pair-creation/aws | 0.0.1 | +| [key-pair](#module\_key-pair) | app.terraform.io/sccm/key-pair-creation/aws | 0.0.4 | ## Resources @@ -304,18 +144,3 @@ The following combinations are supported to conditionally create resources: | [spot\_instance\_id](#output\_spot\_instance\_id) | The Instance ID (if any) that is currently fulfilling the Spot Instance request | | [spot\_request\_state](#output\_spot\_request\_state) | The current request state of the Spot Instance Request | | [tags\_all](#output\_tags\_all) | A map of tags assigned to the resource, including those inherited from the provider default\_tags configuration block | - - -## Authors - -Module is maintained by [Anton Babenko](https://github.com/antonbabenko) with help from [these awesome contributors](https://github.com/terraform-aws-modules/terraform-aws-ec2-instance/graphs/contributors). - -## License - -Apache 2 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-ec2-instance/tree/master/LICENSE) for full details. - -## Additional information for users from Russia and Belarus - -* Russia has [illegally annexed Crimea in 2014](https://en.wikipedia.org/wiki/Annexation_of_Crimea_by_the_Russian_Federation) and [brought the war in Donbas](https://en.wikipedia.org/wiki/War_in_Donbas) followed by [full-scale invasion of Ukraine in 2022](https://en.wikipedia.org/wiki/2022_Russian_invasion_of_Ukraine). -* Russia has brought sorrow and devastations to millions of Ukrainians, killed hundreds of innocent people, damaged thousands of buildings, and forced several million people to flee. -* [Putin khuylo!](https://en.wikipedia.org/wiki/Putin_khuylo!) diff --git a/key-pair.tf b/key-pair.tf index 26e82bc..bee2610 100644 --- a/key-pair.tf +++ b/key-pair.tf @@ -1,6 +1,6 @@ module "key-pair" { source = "app.terraform.io/sccm/key-pair-creation/aws" - version = "0.0.1" + version = "0.0.4" key_pair_name = var.key_name }