From c870815ba32294a925313bcf55137695701dd105 Mon Sep 17 00:00:00 2001 From: DaMandal0rian Date: Thu, 23 Jan 2025 20:27:34 +0300 Subject: [PATCH] update the AWS terraform root module --- templates/terraform/aws/ec2/ami.tf | 20 - templates/terraform/aws/ec2/main.tf | 228 ++++++- templates/terraform/aws/ec2/outputs.tf | 461 ++++++------- templates/terraform/aws/ec2/variables.tf | 834 ++++++++++++----------- templates/terraform/aws/ec2/versions.tf | 12 +- 5 files changed, 882 insertions(+), 673 deletions(-) delete mode 100644 templates/terraform/aws/ec2/ami.tf diff --git a/templates/terraform/aws/ec2/ami.tf b/templates/terraform/aws/ec2/ami.tf deleted file mode 100644 index 57797dc0..00000000 --- a/templates/terraform/aws/ec2/ami.tf +++ /dev/null @@ -1,20 +0,0 @@ -data "aws_ami" "ubuntu_amd64" { - most_recent = true - - filter { - name = "name" - values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"] - } - - filter { - name = "virtualization-type" - values = ["hvm"] - } - - filter { - name = "architecture" - values = ["x86_64"] - } - - owners = ["099720109477"] -} diff --git a/templates/terraform/aws/ec2/main.tf b/templates/terraform/aws/ec2/main.tf index 3676aa67..749e67d4 100644 --- a/templates/terraform/aws/ec2/main.tf +++ b/templates/terraform/aws/ec2/main.tf @@ -1,11 +1,11 @@ data "aws_partition" "current" {} locals { - create = var.create + create = var.create && var.putin_khuylo - is_t_instance_type = can(regex("t[0-9]+\\.[a-z0-9]+", var.instance_type)) + is_t_instance_type = replace(var.instance_type, "/^t(2|3|3a|4g){1}\\..*$/", "1") == "1" ? true : false - ami = try(coalesce(data.aws_ami.ubuntu_amd64.image_id, try(nonsensitive(data.aws_ssm_parameter.this[0].value), null)), null) + ami = try(coalesce(var.ami, try(nonsensitive(data.aws_ssm_parameter.this[0].value), null)), null) } data "aws_ssm_parameter" "this" { @@ -14,15 +14,18 @@ data "aws_ssm_parameter" "this" { name = var.ami_ssm_parameter } -###################################### +################################################################################ # Instance -###################################### +################################################################################ resource "aws_instance" "this" { - count = local.create && var.ignore_ami_changes && !var.create_spot_instance ? 1 : 0 + count = local.create && !var.ignore_ami_changes && !var.create_spot_instance ? 1 : 0 ami = local.ami instance_type = var.instance_type + cpu_core_count = var.cpu_core_count + cpu_threads_per_core = var.cpu_threads_per_core + hibernation = var.hibernation user_data = var.user_data user_data_base64 = var.user_data_base64 @@ -187,24 +190,204 @@ resource "aws_instance" "this" { tags = merge({ "Name" = var.name }, var.instance_tags, var.tags) volume_tags = var.enable_volume_tags ? merge({ "Name" = var.name }, var.volume_tags) : null +} - lifecycle { +################################################################################ +# Instance - Ignore AMI Changes +################################################################################ + +resource "aws_instance" "ignore_ami" { + count = local.create && var.ignore_ami_changes && !var.create_spot_instance ? 1 : 0 + + ami = local.ami + instance_type = var.instance_type + cpu_core_count = var.cpu_core_count + cpu_threads_per_core = var.cpu_threads_per_core + hibernation = var.hibernation - ignore_changes = [ami, ipv6_address_count] + user_data = var.user_data + user_data_base64 = var.user_data_base64 + user_data_replace_on_change = var.user_data_replace_on_change + availability_zone = var.availability_zone + subnet_id = var.subnet_id + vpc_security_group_ids = var.vpc_security_group_ids + + key_name = var.key_name + monitoring = var.monitoring + get_password_data = var.get_password_data + iam_instance_profile = var.create_iam_instance_profile ? aws_iam_instance_profile.this[0].name : var.iam_instance_profile + + associate_public_ip_address = var.associate_public_ip_address + private_ip = var.private_ip + secondary_private_ips = var.secondary_private_ips + ipv6_address_count = var.ipv6_address_count + ipv6_addresses = var.ipv6_addresses + + ebs_optimized = var.ebs_optimized + + dynamic "cpu_options" { + for_each = length(var.cpu_options) > 0 ? [var.cpu_options] : [] + + content { + core_count = try(cpu_options.value.core_count, null) + threads_per_core = try(cpu_options.value.threads_per_core, null) + amd_sev_snp = try(cpu_options.value.amd_sev_snp, null) + } } -} + dynamic "capacity_reservation_specification" { + for_each = length(var.capacity_reservation_specification) > 0 ? [var.capacity_reservation_specification] : [] + + content { + capacity_reservation_preference = try(capacity_reservation_specification.value.capacity_reservation_preference, null) + + dynamic "capacity_reservation_target" { + for_each = try([capacity_reservation_specification.value.capacity_reservation_target], []) + + content { + capacity_reservation_id = try(capacity_reservation_target.value.capacity_reservation_id, null) + capacity_reservation_resource_group_arn = try(capacity_reservation_target.value.capacity_reservation_resource_group_arn, null) + } + } + } + } + + dynamic "root_block_device" { + for_each = var.root_block_device + + content { + delete_on_termination = try(root_block_device.value.delete_on_termination, null) + encrypted = try(root_block_device.value.encrypted, null) + iops = try(root_block_device.value.iops, null) + kms_key_id = lookup(root_block_device.value, "kms_key_id", null) + volume_size = try(root_block_device.value.volume_size, null) + volume_type = try(root_block_device.value.volume_type, null) + throughput = try(root_block_device.value.throughput, null) + tags = try(root_block_device.value.tags, null) + } + } + + dynamic "ebs_block_device" { + for_each = var.ebs_block_device + + content { + delete_on_termination = try(ebs_block_device.value.delete_on_termination, null) + device_name = ebs_block_device.value.device_name + encrypted = try(ebs_block_device.value.encrypted, null) + iops = try(ebs_block_device.value.iops, null) + kms_key_id = lookup(ebs_block_device.value, "kms_key_id", null) + snapshot_id = lookup(ebs_block_device.value, "snapshot_id", null) + volume_size = try(ebs_block_device.value.volume_size, null) + volume_type = try(ebs_block_device.value.volume_type, null) + throughput = try(ebs_block_device.value.throughput, null) + tags = try(ebs_block_device.value.tags, null) + } + } + + dynamic "ephemeral_block_device" { + for_each = var.ephemeral_block_device + + content { + device_name = ephemeral_block_device.value.device_name + no_device = try(ephemeral_block_device.value.no_device, null) + virtual_name = try(ephemeral_block_device.value.virtual_name, null) + } + } + + dynamic "metadata_options" { + for_each = length(var.metadata_options) > 0 ? [var.metadata_options] : [] + + content { + http_endpoint = try(metadata_options.value.http_endpoint, "enabled") + http_tokens = try(metadata_options.value.http_tokens, "optional") + http_put_response_hop_limit = try(metadata_options.value.http_put_response_hop_limit, 1) + instance_metadata_tags = try(metadata_options.value.instance_metadata_tags, null) + } + } + + dynamic "network_interface" { + for_each = var.network_interface + + content { + device_index = network_interface.value.device_index + network_interface_id = lookup(network_interface.value, "network_interface_id", null) + delete_on_termination = try(network_interface.value.delete_on_termination, false) + } + } + + dynamic "private_dns_name_options" { + for_each = length(var.private_dns_name_options) > 0 ? [var.private_dns_name_options] : [] + + content { + hostname_type = try(private_dns_name_options.value.hostname_type, null) + enable_resource_name_dns_a_record = try(private_dns_name_options.value.enable_resource_name_dns_a_record, null) + enable_resource_name_dns_aaaa_record = try(private_dns_name_options.value.enable_resource_name_dns_aaaa_record, null) + } + } + + dynamic "launch_template" { + for_each = length(var.launch_template) > 0 ? [var.launch_template] : [] + + content { + id = lookup(var.launch_template, "id", null) + name = lookup(var.launch_template, "name", null) + version = lookup(var.launch_template, "version", null) + } + } + + dynamic "maintenance_options" { + for_each = length(var.maintenance_options) > 0 ? [var.maintenance_options] : [] + + content { + auto_recovery = try(maintenance_options.value.auto_recovery, null) + } + } -###################################### + enclave_options { + enabled = var.enclave_options_enabled + } + + source_dest_check = length(var.network_interface) > 0 ? null : var.source_dest_check + disable_api_termination = var.disable_api_termination + disable_api_stop = var.disable_api_stop + instance_initiated_shutdown_behavior = var.instance_initiated_shutdown_behavior + placement_group = var.placement_group + tenancy = var.tenancy + host_id = var.host_id + + credit_specification { + cpu_credits = local.is_t_instance_type ? var.cpu_credits : null + } + + timeouts { + create = try(var.timeouts.create, null) + update = try(var.timeouts.update, null) + delete = try(var.timeouts.delete, null) + } + + tags = merge({ "Name" = var.name }, var.instance_tags, var.tags) + volume_tags = var.enable_volume_tags ? merge({ "Name" = var.name }, var.volume_tags) : null + + lifecycle { + ignore_changes = [ + ami + ] + } +} + +################################################################################ # Spot Instance -###################################### +################################################################################ resource "aws_spot_instance_request" "this" { count = local.create && var.create_spot_instance ? 1 : 0 - ami = data.aws_ami.ubuntu_amd64.image_id + ami = local.ami instance_type = var.instance_type + cpu_core_count = var.cpu_core_count + cpu_threads_per_core = var.cpu_threads_per_core + hibernation = var.hibernation user_data = var.user_data user_data_base64 = var.user_data_base64 @@ -361,9 +544,9 @@ resource "aws_spot_instance_request" "this" { volume_tags = var.enable_volume_tags ? merge({ "Name" = var.name }, var.volume_tags) : null } -###################################### +################################################################################ # IAM Role / Instance Profile -###################################### +################################################################################ locals { iam_role_name = try(coalesce(var.iam_role_name, var.name), "") @@ -420,3 +603,20 @@ resource "aws_iam_instance_profile" "this" { create_before_destroy = true } } + +################################################################################ +# Elastic IP +################################################################################ + +resource "aws_eip" "this" { + count = local.create && var.create_eip && !var.create_spot_instance ? 1 : 0 + + instance = try( + aws_instance.this[0].id, + aws_instance.ignore_ami[0].id, + ) + + domain = var.eip_domain + + tags = merge(var.tags, var.eip_tags) +} diff --git a/templates/terraform/aws/ec2/outputs.tf b/templates/terraform/aws/ec2/outputs.tf index 28772f45..3f57b650 100644 --- a/templates/terraform/aws/ec2/outputs.tf +++ b/templates/terraform/aws/ec2/outputs.tf @@ -1,231 +1,232 @@ output "id" { - description = "The ID of the instance" - value = try( - aws_instance.this[0].id, - aws_instance.ignore_ami[0].id, - aws_spot_instance_request.this[0].id, - null, - ) - } - - output "arn" { - description = "The ARN of the instance" - value = try( - aws_instance.this[0].arn, - aws_instance.ignore_ami[0].arn, - aws_spot_instance_request.this[0].arn, - null, - ) - } - - output "capacity_reservation_specification" { - description = "Capacity reservation specification of the instance" - value = try( - aws_instance.this[0].capacity_reservation_specification, - aws_instance.ignore_ami[0].capacity_reservation_specification, - aws_spot_instance_request.this[0].capacity_reservation_specification, - null, - ) - } - - output "instance_state" { - description = "The state of the instance" - value = try( - aws_instance.this[0].instance_state, - aws_instance.ignore_ami[0].instance_state, - aws_spot_instance_request.this[0].instance_state, - null, - ) - } - - output "outpost_arn" { - description = "The ARN of the Outpost the instance is assigned to" - value = try( - aws_instance.this[0].outpost_arn, - aws_instance.ignore_ami[0].outpost_arn, - aws_spot_instance_request.this[0].outpost_arn, - null, - ) - } - - output "password_data" { - description = "Base-64 encoded encrypted password data for the instance. Useful for getting the administrator password for instances running Microsoft Windows. This attribute is only exported if `get_password_data` is true" - value = try( - aws_instance.this[0].password_data, - aws_instance.ignore_ami[0].password_data, - aws_spot_instance_request.this[0].password_data, - null, - ) - } - - output "primary_network_interface_id" { - description = "The ID of the instance's primary network interface" - value = try( - aws_instance.this[0].primary_network_interface_id, - aws_instance.ignore_ami[0].primary_network_interface_id, - aws_spot_instance_request.this[0].primary_network_interface_id, - null, - ) - } - - output "private_dns" { - description = "The private DNS name assigned to the instance. Can only be used inside the Amazon EC2, and only available if you've enabled DNS hostnames for your VPC" - value = try( - aws_instance.this[0].private_dns, - aws_instance.ignore_ami[0].private_dns, - aws_spot_instance_request.this[0].private_dns, - null, - ) - } - - output "public_dns" { - description = "The public DNS name assigned to the instance. For EC2-VPC, this is only available if you've enabled DNS hostnames for your VPC" - value = try( - aws_instance.this[0].public_dns, - aws_instance.ignore_ami[0].public_dns, - aws_spot_instance_request.this[0].public_dns, - null, - ) - } - - output "public_ip" { - description = "The public IP address assigned to the instance, if applicable. NOTE: If you are using an aws_eip with your instance, you should refer to the EIP's address directly and not use `public_ip` as this field will change after the EIP is attached" - value = try( - aws_instance.this[0].public_ip, - aws_instance.ignore_ami[0].public_ip, - aws_spot_instance_request.this[0].public_ip, - null, - ) - } - - output "private_ip" { - description = "The private IP address assigned to the instance" - value = try( - aws_instance.this[0].private_ip, - aws_instance.ignore_ami[0].private_ip, - aws_spot_instance_request.this[0].private_ip, - null, - ) - } - - output "ipv6_addresses" { - description = "The IPv6 address assigned to the instance, if applicable" - value = try( - aws_instance.this[0].ipv6_addresses, - aws_instance.ignore_ami[0].ipv6_addresses, - aws_spot_instance_request.this[0].ipv6_addresses, - [], - ) - } - - output "tags_all" { - description = "A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block" - value = try( - aws_instance.this[0].tags_all, - aws_instance.ignore_ami[0].tags_all, - aws_spot_instance_request.this[0].tags_all, - {}, - ) - } - - output "spot_bid_status" { - description = "The current bid status of the Spot Instance Request" - value = try(aws_spot_instance_request.this[0].spot_bid_status, null) - } - - output "spot_request_state" { - description = "The current request state of the Spot Instance Request" - value = try(aws_spot_instance_request.this[0].spot_request_state, null) - } - - output "spot_instance_id" { - description = "The Instance ID (if any) that is currently fulfilling the Spot Instance request" - value = try(aws_spot_instance_request.this[0].spot_instance_id, null) - } - - output "ami" { - description = "AMI ID that was used to create the instance" - value = try( - aws_instance.this[0].ami, - aws_instance.ignore_ami[0].ami, - aws_spot_instance_request.this[0].ami, - null, - ) - } - - output "availability_zone" { - description = "The availability zone of the created instance" - value = try( - aws_instance.this[0].availability_zone, - aws_instance.ignore_ami[0].availability_zone, - aws_spot_instance_request.this[0].availability_zone, - null, - ) - } - - ###################################### - # IAM Role / Instance Profile - ###################################### - - output "iam_role_name" { - description = "The name of the IAM role" - value = try(aws_iam_role.this[0].name, null) - } - - output "iam_role_arn" { - description = "The Amazon Resource Name (ARN) specifying the IAM role" - value = try(aws_iam_role.this[0].arn, null) - } - - output "iam_role_unique_id" { - description = "Stable and unique string identifying the IAM role" - value = try(aws_iam_role.this[0].unique_id, null) - } - - output "iam_instance_profile_arn" { - description = "ARN assigned by AWS to the instance profile" - value = try(aws_iam_instance_profile.this[0].arn, null) - } - - output "iam_instance_profile_id" { - description = "Instance profile's ID" - value = try(aws_iam_instance_profile.this[0].id, null) - } - - output "iam_instance_profile_unique" { - description = "Stable and unique string identifying the IAM instance profile" - value = try(aws_iam_instance_profile.this[0].unique_id, null) - } - - ###################################### - # Block Devices - ###################################### - output "root_block_device" { - description = "Root block device information" - value = try( - aws_instance.this[0].root_block_device, - aws_instance.ignore_ami[0].root_block_device, - aws_spot_instance_request.this[0].root_block_device, - null - ) - } - - output "ebs_block_device" { - description = "EBS block device information" - value = try( - aws_instance.this[0].ebs_block_device, - aws_instance.ignore_ami[0].ebs_block_device, - aws_spot_instance_request.this[0].ebs_block_device, - null - ) - } - - output "ephemeral_block_device" { - description = "Ephemeral block device information" - value = try( - aws_instance.this[0].ephemeral_block_device, - aws_instance.ignore_ami[0].ephemeral_block_device, - aws_spot_instance_request.this[0].ephemeral_block_device, - null - ) - } + description = "The ID of the instance" + value = try( + aws_instance.this[0].id, + aws_instance.ignore_ami[0].id, + aws_spot_instance_request.this[0].id, + null, + ) +} + +output "arn" { + description = "The ARN of the instance" + value = try( + aws_instance.this[0].arn, + aws_instance.ignore_ami[0].arn, + aws_spot_instance_request.this[0].arn, + null, + ) +} + +output "capacity_reservation_specification" { + description = "Capacity reservation specification of the instance" + value = try( + aws_instance.this[0].capacity_reservation_specification, + aws_instance.ignore_ami[0].capacity_reservation_specification, + aws_spot_instance_request.this[0].capacity_reservation_specification, + null, + ) +} + +output "instance_state" { + description = "The state of the instance" + value = try( + aws_instance.this[0].instance_state, + aws_instance.ignore_ami[0].instance_state, + aws_spot_instance_request.this[0].instance_state, + null, + ) +} + +output "outpost_arn" { + description = "The ARN of the Outpost the instance is assigned to" + value = try( + aws_instance.this[0].outpost_arn, + aws_instance.ignore_ami[0].outpost_arn, + aws_spot_instance_request.this[0].outpost_arn, + null, + ) +} + +output "password_data" { + description = "Base-64 encoded encrypted password data for the instance. Useful for getting the administrator password for instances running Microsoft Windows. This attribute is only exported if `get_password_data` is true" + value = try( + aws_instance.this[0].password_data, + aws_instance.ignore_ami[0].password_data, + aws_spot_instance_request.this[0].password_data, + null, + ) +} + +output "primary_network_interface_id" { + description = "The ID of the instance's primary network interface" + value = try( + aws_instance.this[0].primary_network_interface_id, + aws_instance.ignore_ami[0].primary_network_interface_id, + aws_spot_instance_request.this[0].primary_network_interface_id, + null, + ) +} + +output "private_dns" { + description = "The private DNS name assigned to the instance. Can only be used inside the Amazon EC2, and only available if you've enabled DNS hostnames for your VPC" + value = try( + aws_instance.this[0].private_dns, + aws_instance.ignore_ami[0].private_dns, + aws_spot_instance_request.this[0].private_dns, + null, + ) +} + +output "public_dns" { + description = "The public DNS name assigned to the instance. For EC2-VPC, this is only available if you've enabled DNS hostnames for your VPC" + value = try( + aws_instance.this[0].public_dns, + aws_instance.ignore_ami[0].public_dns, + aws_spot_instance_request.this[0].public_dns, + null, + ) +} + +output "public_ip" { + description = "The public IP address assigned to the instance, if applicable." + value = try( + aws_eip.this[0].public_ip, + aws_instance.this[0].public_ip, + aws_instance.ignore_ami[0].public_ip, + aws_spot_instance_request.this[0].public_ip, + null, + ) +} + +output "private_ip" { + description = "The private IP address assigned to the instance" + value = try( + aws_instance.this[0].private_ip, + aws_instance.ignore_ami[0].private_ip, + aws_spot_instance_request.this[0].private_ip, + null, + ) +} + +output "ipv6_addresses" { + description = "The IPv6 address assigned to the instance, if applicable" + value = try( + aws_instance.this[0].ipv6_addresses, + aws_instance.ignore_ami[0].ipv6_addresses, + aws_spot_instance_request.this[0].ipv6_addresses, + [], + ) +} + +output "tags_all" { + description = "A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block" + value = try( + aws_instance.this[0].tags_all, + aws_instance.ignore_ami[0].tags_all, + aws_spot_instance_request.this[0].tags_all, + {}, + ) +} + +output "spot_bid_status" { + description = "The current bid status of the Spot Instance Request" + value = try(aws_spot_instance_request.this[0].spot_bid_status, null) +} + +output "spot_request_state" { + description = "The current request state of the Spot Instance Request" + value = try(aws_spot_instance_request.this[0].spot_request_state, null) +} + +output "spot_instance_id" { + description = "The Instance ID (if any) that is currently fulfilling the Spot Instance request" + value = try(aws_spot_instance_request.this[0].spot_instance_id, null) +} + +output "ami" { + description = "AMI ID that was used to create the instance" + value = try( + aws_instance.this[0].ami, + aws_instance.ignore_ami[0].ami, + aws_spot_instance_request.this[0].ami, + null, + ) +} + +output "availability_zone" { + description = "The availability zone of the created instance" + value = try( + aws_instance.this[0].availability_zone, + aws_instance.ignore_ami[0].availability_zone, + aws_spot_instance_request.this[0].availability_zone, + null, + ) +} + +################################################################################ +# IAM Role / Instance Profile +################################################################################ + +output "iam_role_name" { + description = "The name of the IAM role" + value = try(aws_iam_role.this[0].name, null) +} + +output "iam_role_arn" { + description = "The Amazon Resource Name (ARN) specifying the IAM role" + value = try(aws_iam_role.this[0].arn, null) +} + +output "iam_role_unique_id" { + description = "Stable and unique string identifying the IAM role" + value = try(aws_iam_role.this[0].unique_id, null) +} + +output "iam_instance_profile_arn" { + description = "ARN assigned by AWS to the instance profile" + value = try(aws_iam_instance_profile.this[0].arn, null) +} + +output "iam_instance_profile_id" { + description = "Instance profile's ID" + value = try(aws_iam_instance_profile.this[0].id, null) +} + +output "iam_instance_profile_unique" { + description = "Stable and unique string identifying the IAM instance profile" + value = try(aws_iam_instance_profile.this[0].unique_id, null) +} + +################################################################################ +# Block Devices +################################################################################ +output "root_block_device" { + description = "Root block device information" + value = try( + aws_instance.this[0].root_block_device, + aws_instance.ignore_ami[0].root_block_device, + aws_spot_instance_request.this[0].root_block_device, + null + ) +} + +output "ebs_block_device" { + description = "EBS block device information" + value = try( + aws_instance.this[0].ebs_block_device, + aws_instance.ignore_ami[0].ebs_block_device, + aws_spot_instance_request.this[0].ebs_block_device, + null + ) +} + +output "ephemeral_block_device" { + description = "Ephemeral block device information" + value = try( + aws_instance.this[0].ephemeral_block_device, + aws_instance.ignore_ami[0].ephemeral_block_device, + aws_spot_instance_request.this[0].ephemeral_block_device, + null + ) +} diff --git a/templates/terraform/aws/ec2/variables.tf b/templates/terraform/aws/ec2/variables.tf index e27435a6..38a1b5b2 100644 --- a/templates/terraform/aws/ec2/variables.tf +++ b/templates/terraform/aws/ec2/variables.tf @@ -1,404 +1,432 @@ variable "create" { - description = "Whether to create an instance" - type = bool - default = true - } - - variable "name" { - description = "Name to be used on EC2 instance created" - type = string - default = "" - } - - variable "ami_ssm_parameter" { - description = "SSM parameter name for the AMI ID. For Amazon Linux AMI SSM parameters see [reference](https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-public-parameters-ami.html)" - type = string - default = "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2" - } - - variable "ami" { - description = "ID of AMI to use for the instance" - type = string - default = null - } - - variable "ignore_ami_changes" { - description = "Whether changes to the AMI ID changes should be ignored by Terraform. Note - changing this value will result in the replacement of the instance" - type = bool - default = true - } - - variable "associate_public_ip_address" { - description = "Whether to associate a public IP address with an instance in a VPC" - type = bool - default = null - } - - variable "maintenance_options" { - description = "The maintenance options for the instance" - type = any - default = {} - } - - variable "availability_zone" { - description = "AZ to start the instance in" - type = string - default = null - } - - variable "capacity_reservation_specification" { - description = "Describes an instance's Capacity Reservation targeting option" - type = any - default = {} - } - - variable "cpu_credits" { - description = "The credit option for CPU usage (unlimited or standard)" - type = string - default = null - } - - variable "disable_api_termination" { - description = "If true, enables EC2 Instance Termination Protection" - type = bool - default = null - } - - variable "ebs_block_device" { - description = "Additional EBS block devices to attach to the instance" - type = list(any) - default = [] - } - - variable "ebs_optimized" { - description = "If true, the launched EC2 instance will be EBS-optimized" - type = bool - default = null - } - - variable "enclave_options_enabled" { - description = "Whether Nitro Enclaves will be enabled on the instance. Defaults to `false`" - type = bool - default = null - } - - variable "ephemeral_block_device" { - description = "Customize Ephemeral (also known as Instance Store) volumes on the instance" - type = list(map(string)) - default = [] - } - - variable "get_password_data" { - description = "If true, wait for password data to become available and retrieve it" - type = bool - default = null - } - - variable "host_id" { - description = "ID of a dedicated host that the instance will be assigned to. Use when an instance is to be launched on a specific dedicated host" - type = string - default = null - } - - variable "iam_instance_profile" { - description = "IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile" - type = string - default = null - } - - variable "instance_initiated_shutdown_behavior" { - description = "Shutdown behavior for the instance. Amazon defaults this to stop for EBS-backed instances and terminate for instance-store instances. Cannot be set on instance-store instance" # https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#Using_ChangingInstanceInitiatedShutdownBehavior - type = string - default = null - } - - variable "instance_type" { - description = "The type of instance to start" - type = string - default = "t3.micro" - } - - variable "instance_tags" { - description = "Additional tags for the instance" - type = map(string) - default = {} - } - - variable "ipv6_address_count" { - description = "A number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet" - type = number - default = null - } - - variable "ipv6_addresses" { - description = "Specify one or more IPv6 addresses from the range of the subnet to associate with the primary network interface" - type = list(string) - default = null - } - - variable "key_name" { - description = "Key name of the Key Pair to use for the instance; which can be managed using the `aws_key_pair` resource" - type = string - default = null - } - - variable "launch_template" { - description = "Specifies a Launch Template to configure the instance. Parameters configured on this resource will override the corresponding parameters in the Launch Template" - type = map(string) - default = {} - } - - variable "metadata_options" { - description = "Customize the metadata options of the instance" - type = map(string) - default = { - "http_endpoint" = "enabled" - "http_put_response_hop_limit" = 1 - "http_tokens" = "optional" - } - } - - variable "monitoring" { - description = "If true, the launched EC2 instance will have detailed monitoring enabled" - type = bool - default = null - } - - variable "network_interface" { - description = "Customize network interfaces to be attached at instance boot time" - type = list(map(string)) - default = [] - } - - variable "private_dns_name_options" { - description = "Customize the private DNS name options of the instance" - type = map(string) - default = {} - } - - variable "placement_group" { - description = "The Placement Group to start the instance in" - type = string - default = null - } - - variable "private_ip" { - description = "Private IP address to associate with the instance in a VPC" - type = string - default = null - } - - variable "root_block_device" { - description = "Customize details about the root block device of the instance. See Block Devices below for details" - type = list(any) - default = [] - } - - variable "secondary_private_ips" { - description = "A list of secondary private IPv4 addresses to assign to the instance's primary network interface (eth0) in a VPC. Can only be assigned to the primary network interface (eth0) attached at instance creation, not a pre-existing network interface i.e. referenced in a `network_interface block`" - type = list(string) - default = null - } - - variable "source_dest_check" { - description = "Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs" - type = bool - default = null - } - - variable "subnet_id" { - description = "The VPC Subnet ID to launch in" - type = string - default = null - } - - variable "tags" { - description = "A mapping of tags to assign to the resource" - type = map(string) - default = {} - } - - variable "tenancy" { - description = "The tenancy of the instance (if the instance is running in a VPC). Available values: default, dedicated, host" - type = string - default = null - } - - variable "user_data" { - description = "The user data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see user_data_base64 instead" - type = string - default = null - } - - variable "user_data_base64" { - description = "Can be used instead of user_data to pass base64-encoded binary data directly. Use this instead of user_data whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption" - type = string - default = null - } - - variable "user_data_replace_on_change" { - description = "When used in combination with user_data or user_data_base64 will trigger a destroy and recreate when set to true. Defaults to false if not set" - type = bool - default = null - } - - variable "volume_tags" { - description = "A mapping of tags to assign to the devices created by the instance at launch time" - type = map(string) - default = {} - } - - variable "enable_volume_tags" { - description = "Whether to enable volume tags (if enabled it conflicts with root_block_device tags)" - type = bool - default = true - } - - variable "vpc_security_group_ids" { - description = "A list of security group IDs to associate with" - type = list(string) - default = null - } - - variable "timeouts" { - description = "Define maximum timeout for creating, updating, and deleting EC2 instance resources" - type = map(string) - default = {} - } - - variable "cpu_options" { - description = "Defines CPU options to apply to the instance at launch time." - type = any - default = {} - } - - variable "cpu_core_count" { - description = "Sets the number of CPU cores for an instance" # This option is only supported on creation of instance type that support CPU Options https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html#cpu-options-supported-instances-values - type = number - default = null - } - - variable "cpu_threads_per_core" { - description = "Sets the number of CPU threads per core for an instance (has no effect unless cpu_core_count is also set)" - type = number - default = null - } - - # Spot instance request - variable "create_spot_instance" { - description = "Depicts if the instance is a spot instance" - type = bool - default = false - } - - variable "spot_price" { - description = "The maximum price to request on the spot market. Defaults to on-demand price" - type = string - default = null - } - - variable "spot_wait_for_fulfillment" { - description = "If set, Terraform will wait for the Spot Request to be fulfilled, and will throw an error if the timeout of 10m is reached" - type = bool - default = null - } - - variable "spot_type" { - description = "If set to one-time, after the instance is terminated, the spot request will be closed. Default `persistent`" - type = string - default = null - } - - variable "spot_launch_group" { - description = "A launch group is a group of spot instances that launch together and terminate together. If left empty instances are launched and terminated individually" - type = string - default = null - } - - variable "spot_block_duration_minutes" { - description = "The required duration for the Spot instances, in minutes. This value must be a multiple of 60 (60, 120, 180, 240, 300, or 360)" - type = number - default = null - } - - variable "spot_instance_interruption_behavior" { - description = "Indicates Spot instance behavior when it is interrupted. Valid values are `terminate`, `stop`, or `hibernate`" - type = string - default = null - } - - variable "spot_valid_until" { - description = "The end date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ)" - type = string - default = null - } - - variable "spot_valid_from" { - description = "The start date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ)" - type = string - default = null - } - - variable "disable_api_stop" { - description = "If true, enables EC2 Instance Stop Protection" - type = bool - default = null - - } - variable "putin_khuylo" { - description = "Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!" - type = bool - default = true - } - - ###################################### - # IAM Role / Instance Profile - ###################################### - - variable "create_iam_instance_profile" { - description = "Determines whether an IAM instance profile is created or to use an existing IAM instance profile" - type = bool - default = false - } - - variable "iam_role_name" { - description = "Name to use on IAM role created" - type = string - default = null - } - - variable "iam_role_use_name_prefix" { - description = "Determines whether the IAM role name (`iam_role_name` or `name`) is used as a prefix" - type = bool - default = true - } - - variable "iam_role_path" { - description = "IAM role path" - type = string - default = null - } - - variable "iam_role_description" { - description = "Description of the role" - type = string - default = null - } - - variable "iam_role_permissions_boundary" { - description = "ARN of the policy that is used to set the permissions boundary for the IAM role" - type = string - default = null - } - - variable "iam_role_policies" { - description = "Policies attached to the IAM role" - type = map(string) - default = {} - } - - variable "iam_role_tags" { - description = "A map of additional tags to add to the IAM role/profile created" - type = map(string) - default = {} - } + description = "Whether to create an instance" + type = bool + default = true +} + +variable "name" { + description = "Name to be used on EC2 instance created" + type = string + default = "" +} + +variable "ami_ssm_parameter" { + description = "SSM parameter name for the AMI ID. For Amazon Linux AMI SSM parameters see [reference](https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-public-parameters-ami.html)" + type = string + default = "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2" +} + +variable "ami" { + description = "ID of AMI to use for the instance" + type = string + default = null +} + +variable "ignore_ami_changes" { + description = "Whether changes to the AMI ID changes should be ignored by Terraform. Note - changing this value will result in the replacement of the instance" + type = bool + default = false +} + +variable "associate_public_ip_address" { + description = "Whether to associate a public IP address with an instance in a VPC" + type = bool + default = null +} + +variable "maintenance_options" { + description = "The maintenance options for the instance" + type = any + default = {} +} + +variable "availability_zone" { + description = "AZ to start the instance in" + type = string + default = null +} + +variable "capacity_reservation_specification" { + description = "Describes an instance's Capacity Reservation targeting option" + type = any + default = {} +} + +variable "cpu_credits" { + description = "The credit option for CPU usage (unlimited or standard)" + type = string + default = null +} + +variable "disable_api_termination" { + description = "If true, enables EC2 Instance Termination Protection" + type = bool + default = null +} + +variable "ebs_block_device" { + description = "Additional EBS block devices to attach to the instance" + type = list(any) + default = [] +} + +variable "ebs_optimized" { + description = "If true, the launched EC2 instance will be EBS-optimized" + type = bool + default = null +} + +variable "enclave_options_enabled" { + description = "Whether Nitro Enclaves will be enabled on the instance. Defaults to `false`" + type = bool + default = null +} + +variable "ephemeral_block_device" { + description = "Customize Ephemeral (also known as Instance Store) volumes on the instance" + type = list(map(string)) + default = [] +} + +variable "get_password_data" { + description = "If true, wait for password data to become available and retrieve it" + type = bool + default = null +} + +variable "hibernation" { + description = "If true, the launched EC2 instance will support hibernation" + type = bool + default = null +} + +variable "host_id" { + description = "ID of a dedicated host that the instance will be assigned to. Use when an instance is to be launched on a specific dedicated host" + type = string + default = null +} + +variable "iam_instance_profile" { + description = "IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile" + type = string + default = null +} + +variable "instance_initiated_shutdown_behavior" { + description = "Shutdown behavior for the instance. Amazon defaults this to stop for EBS-backed instances and terminate for instance-store instances. Cannot be set on instance-store instance" # https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#Using_ChangingInstanceInitiatedShutdownBehavior + type = string + default = null +} + +variable "instance_type" { + description = "The type of instance to start" + type = string + default = "t3.micro" +} + +variable "instance_tags" { + description = "Additional tags for the instance" + type = map(string) + default = {} +} + +variable "ipv6_address_count" { + description = "A number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet" + type = number + default = null +} + +variable "ipv6_addresses" { + description = "Specify one or more IPv6 addresses from the range of the subnet to associate with the primary network interface" + type = list(string) + default = null +} + +variable "key_name" { + description = "Key name of the Key Pair to use for the instance; which can be managed using the `aws_key_pair` resource" + type = string + default = null +} + +variable "launch_template" { + description = "Specifies a Launch Template to configure the instance. Parameters configured on this resource will override the corresponding parameters in the Launch Template" + type = map(string) + default = {} +} + +variable "metadata_options" { + description = "Customize the metadata options of the instance" + type = map(string) + default = { + "http_endpoint" = "enabled" + "http_put_response_hop_limit" = 1 + "http_tokens" = "optional" + } +} + +variable "monitoring" { + description = "If true, the launched EC2 instance will have detailed monitoring enabled" + type = bool + default = null +} + +variable "network_interface" { + description = "Customize network interfaces to be attached at instance boot time" + type = list(map(string)) + default = [] +} + +variable "private_dns_name_options" { + description = "Customize the private DNS name options of the instance" + type = map(string) + default = {} +} + +variable "placement_group" { + description = "The Placement Group to start the instance in" + type = string + default = null +} + +variable "private_ip" { + description = "Private IP address to associate with the instance in a VPC" + type = string + default = null +} + +variable "root_block_device" { + description = "Customize details about the root block device of the instance. See Block Devices below for details" + type = list(any) + default = [] +} + +variable "secondary_private_ips" { + description = "A list of secondary private IPv4 addresses to assign to the instance's primary network interface (eth0) in a VPC. Can only be assigned to the primary network interface (eth0) attached at instance creation, not a pre-existing network interface i.e. referenced in a `network_interface block`" + type = list(string) + default = null +} + +variable "source_dest_check" { + description = "Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs" + type = bool + default = null +} + +variable "subnet_id" { + description = "The VPC Subnet ID to launch in" + type = string + default = null +} + +variable "tags" { + description = "A mapping of tags to assign to the resource" + type = map(string) + default = {} +} + +variable "tenancy" { + description = "The tenancy of the instance (if the instance is running in a VPC). Available values: default, dedicated, host" + type = string + default = null +} + +variable "user_data" { + description = "The user data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see user_data_base64 instead" + type = string + default = null +} + +variable "user_data_base64" { + description = "Can be used instead of user_data to pass base64-encoded binary data directly. Use this instead of user_data whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption" + type = string + default = null +} + +variable "user_data_replace_on_change" { + description = "When used in combination with user_data or user_data_base64 will trigger a destroy and recreate when set to true. Defaults to false if not set" + type = bool + default = null +} + +variable "volume_tags" { + description = "A mapping of tags to assign to the devices created by the instance at launch time" + type = map(string) + default = {} +} + +variable "enable_volume_tags" { + description = "Whether to enable volume tags (if enabled it conflicts with root_block_device tags)" + type = bool + default = true +} + +variable "vpc_security_group_ids" { + description = "A list of security group IDs to associate with" + type = list(string) + default = null +} + +variable "timeouts" { + description = "Define maximum timeout for creating, updating, and deleting EC2 instance resources" + type = map(string) + default = {} +} + +variable "cpu_options" { + description = "Defines CPU options to apply to the instance at launch time." + type = any + default = {} +} + +variable "cpu_core_count" { + description = "Sets the number of CPU cores for an instance" # This option is only supported on creation of instance type that support CPU Options https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html#cpu-options-supported-instances-values + type = number + default = null +} + +variable "cpu_threads_per_core" { + description = "Sets the number of CPU threads per core for an instance (has no effect unless cpu_core_count is also set)" + type = number + default = null +} + +# Spot instance request +variable "create_spot_instance" { + description = "Depicts if the instance is a spot instance" + type = bool + default = false +} + +variable "spot_price" { + description = "The maximum price to request on the spot market. Defaults to on-demand price" + type = string + default = null +} + +variable "spot_wait_for_fulfillment" { + description = "If set, Terraform will wait for the Spot Request to be fulfilled, and will throw an error if the timeout of 10m is reached" + type = bool + default = null +} + +variable "spot_type" { + description = "If set to one-time, after the instance is terminated, the spot request will be closed. Default `persistent`" + type = string + default = null +} + +variable "spot_launch_group" { + description = "A launch group is a group of spot instances that launch together and terminate together. If left empty instances are launched and terminated individually" + type = string + default = null +} + +variable "spot_block_duration_minutes" { + description = "The required duration for the Spot instances, in minutes. This value must be a multiple of 60 (60, 120, 180, 240, 300, or 360)" + type = number + default = null +} + +variable "spot_instance_interruption_behavior" { + description = "Indicates Spot instance behavior when it is interrupted. Valid values are `terminate`, `stop`, or `hibernate`" + type = string + default = null +} + +variable "spot_valid_until" { + description = "The end date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ)" + type = string + default = null +} + +variable "spot_valid_from" { + description = "The start date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ)" + type = string + default = null +} + +variable "disable_api_stop" { + description = "If true, enables EC2 Instance Stop Protection" + type = bool + default = null + +} +variable "putin_khuylo" { + description = "Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!" + type = bool + default = true +} + +################################################################################ +# IAM Role / Instance Profile +################################################################################ + +variable "create_iam_instance_profile" { + description = "Determines whether an IAM instance profile is created or to use an existing IAM instance profile" + type = bool + default = false +} + +variable "iam_role_name" { + description = "Name to use on IAM role created" + type = string + default = null +} + +variable "iam_role_use_name_prefix" { + description = "Determines whether the IAM role name (`iam_role_name` or `name`) is used as a prefix" + type = bool + default = true +} + +variable "iam_role_path" { + description = "IAM role path" + type = string + default = null +} + +variable "iam_role_description" { + description = "Description of the role" + type = string + default = null +} + +variable "iam_role_permissions_boundary" { + description = "ARN of the policy that is used to set the permissions boundary for the IAM role" + type = string + default = null +} + +variable "iam_role_policies" { + description = "Policies attached to the IAM role" + type = map(string) + default = {} +} + +variable "iam_role_tags" { + description = "A map of additional tags to add to the IAM role/profile created" + type = map(string) + default = {} +} + +################################################################################ +# Elastic IP +################################################################################ + +variable "create_eip" { + description = "Determines whether a public EIP will be created and associated with the instance." + type = bool + default = false +} + +variable "eip_domain" { + description = "Indicates if this EIP is for use in VPC" + type = string + default = "vpc" +} + +variable "eip_tags" { + description = "A map of additional tags to add to the eip" + type = map(string) + default = {} +} diff --git a/templates/terraform/aws/ec2/versions.tf b/templates/terraform/aws/ec2/versions.tf index 334b1e98..fd4d1167 100644 --- a/templates/terraform/aws/ec2/versions.tf +++ b/templates/terraform/aws/ec2/versions.tf @@ -1,10 +1,10 @@ terraform { - required_version = ">= 1.5.7" + required_version = ">= 1.0" - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 5.20" - } + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 4.66" } } +}