Terraform Module for provisioning a general purpose EC2 host.
Included features:
- Automatically create a Security Group
- Option to switch EIP attachment
- Assume Role capability
IMPORTANT: The master branch is used in source just as an example. In your code, do not pin to master because there may be breaking changes between releases.
Instead pin to the release tag (e.g. ?ref=tags/x.y.z) of one of our latest releases.
Note: add ${var.ssh_key_pair} private key to the ssh agent.
Include this repository as a module in your existing terraform code.
module "keypair-ssm" {
source = "git@github.com:PicPay/ops-terraform-keypair-ssm.git?ref=master../ops-terraform-keypair-ssm"
key_name = "testeec2"
}
module "instance" {
source = "git::https://github.com/PicPay/module-terraform-ec2.git?ref=master"
ssh_key_pair = module.keypair-ssm.key_name
availability_zone = "us-east-1d"
vpc_id = data.aws_vpc.default.id
subnet = element(tolist(data.aws_subnet_ids.private.ids), 0)
application = "docker"
environment = "lab"
name = "ec2_teste"
squad = "InfraCore"
costcenter = "1462"
tribe = "Infra Cloud"
}module "kafka_instance" {
source = "git::https://github.com/PicPay/module-terraform-ec2.git?ref=master"
ssh_key_pair = module.keypair-ssm.key_name
availability_zone = "us-east-1d"
vpc_id = data.aws_vpc.default.id
subnet = element(tolist(data.aws_subnet_ids.private.ids), 0)
application = "docker"
environment = "lab"
name = "ec2_teste"
squad = "InfraCore"
costcenter = "1462"
tribe = "Infra Cloud"
associate_public_ip_address = true
additional_ips_count = 1
ebs_volume_count = 2
allowed_ports = [22, 80, 443]
}| Name | Version |
|---|---|
| terraform | >= 0.12.0 |
| aws | >= 2.0 |
| null | >= 2.0 |
| Name | Version |
|---|---|
| aws | >= 2.0 |
| null | >= 2.0 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| additional_ips_count | Count of additional EIPs | number |
0 |
no |
| additional_tag_map | Additional tags for appending to tags_as_list_of_maps. Not added to tags. |
map(string) |
{} |
no |
| allowed_ports | List of allowed ingress TCP ports | list(number) |
[] |
no |
| allowed_ports_udp | List of allowed ingress UDP ports | list(number) |
[] |
no |
| ami | The AMI to use for the instance. By default it is the AMI provided by Amazon with Ubuntu 16.04 | string |
"" |
no |
| ami_owner | Owner of the given AMI (ignored if ami unset) |
string |
"" |
no |
| applying_period | The period in seconds over which the specified statistic is applied | number |
60 |
no |
| assign_eip_address | Assign an Elastic IP address to the instance | bool |
true |
no |
| associate_public_ip_address | Associate a public IP address with the instance | bool |
true |
no |
| attributes | Additional attributes (e.g. 1) |
list(string) |
[] |
no |
| availability_zone | Availability Zone the instance is launched in. If not set, will be launched in the first AZ of the region | string |
"" |
no |
| comparison_operator | The arithmetic operation to use when comparing the specified Statistic and Threshold. Possible values are: GreaterThanOrEqualToThreshold, GreaterThanThreshold, LessThanThreshold, LessThanOrEqualToThreshold. | string |
"GreaterThanOrEqualToThreshold" |
no |
| context | Single object for setting entire context at once. See description of individual variables for details. Leave string and numeric variables as null to use default value.Individual variable settings (non-null) override settings in context object, except for attributes, tags, and additional_tag_map, which are merged. |
object({ |
{ |
no |
| create_default_security_group | Create default Security Group with only Egress traffic allowed | bool |
true |
no |
| default_alarm_action | Default alarm action | string |
"action/actions/AWS_EC2.InstanceId.Reboot/1.0" |
no |
| delete_on_termination | Whether the volume should be destroyed on instance termination | bool |
true |
no |
| delimiter | Delimiter to be used between namespace, environment, stage, name and attributes.Defaults to - (hyphen). Set to "" to use no delimiter at all. |
string |
null |
no |
| disable_api_termination | Enable EC2 Instance Termination Protection | bool |
false |
no |
| ebs_device_name | Name of the EBS device to mount | list(string) |
[ |
no |
| ebs_iops | Amount of provisioned IOPS. This must be set with a volume_type of io1 | number |
0 |
no |
| ebs_optimized | Launched EC2 instance will be EBS-optimized | bool |
false |
no |
| ebs_volume_count | Count of EBS volumes that will be attached to the instance | number |
0 |
no |
| ebs_volume_size | Size of the EBS volume in gigabytes | number |
10 |
no |
| ebs_volume_type | The type of EBS volume. Can be standard, gp2 or io1 | string |
"gp2" |
no |
| enabled | Set to false to prevent the module from creating any resources | bool |
null |
no |
| environment | Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT' | string |
null |
no |
| evaluation_periods | The number of periods over which data is compared to the specified threshold. | number |
5 |
no |
| id_length_limit | Limit id to this many characters.Set to 0 for unlimited length.Set to null for default, which is 0.Does not affect id_full. |
number |
null |
no |
| instance_profile | A pre-defined profile to attach to the instance (default is to build our own) | string |
"" |
no |
| instance_type | The type of the instance | string |
"t2.micro" |
no |
| ipv6_address_count | Number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet (-1 to use subnet default) | number |
0 |
no |
| ipv6_addresses | List of IPv6 addresses from the range of the subnet to associate with the primary network interface | list(string) |
[] |
no |
| label_order | The naming order of the id output and Name tag. Defaults to ["namespace", "environment", "stage", "name", "attributes"]. You can omit any of the 5 elements, but at least one must be present. |
list(string) |
null |
no |
| metric_name | The name for the alarm's associated metric. Allowed values can be found in https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/ec2-metricscollected.html | string |
"StatusCheckFailed_Instance" |
no |
| metric_namespace | The namespace for the alarm's associated metric. Allowed values can be found in https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/aws-namespaces.html | string |
"AWS/EC2" |
no |
| metric_threshold | The value against which the specified statistic is compared | number |
1 |
no |
| monitoring | Launched EC2 instance will have detailed monitoring enabled | bool |
true |
no |
| name | Solution name, e.g. 'app' or 'jenkins' | string |
null |
no |
| namespace | Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp' | string |
null |
no |
| permissions_boundary_arn | Policy ARN to attach to instance role as a permissions boundary | string |
"" |
no |
| private_ip | Private IP address to associate with the instance in the VPC | string |
"" |
no |
| regex_replace_chars | Regex to replace chars with empty string in namespace, environment, stage and name.If not set, "/[^a-zA-Z0-9-]/" is used to remove all characters other than hyphens, letters and digits. |
string |
null |
no |
| region | AWS Region the instance is launched in | string |
"" |
no |
| root_iops | Amount of provisioned IOPS. This must be set if root_volume_type is set to io1 |
number |
0 |
no |
| root_volume_size | Size of the root volume in gigabytes | number |
10 |
no |
| root_volume_type | Type of root volume. Can be standard, gp2 or io1 | string |
"gp2" |
no |
| security_groups | List of Security Group IDs allowed to connect to the instance | list(string) |
[] |
no |
| source_dest_check | Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs | bool |
true |
no |
| ssh_key_pair | SSH key pair to be provisioned on the instance | string |
n/a | yes |
| stage | Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release' | string |
null |
no |
| statistic_level | The statistic to apply to the alarm's associated metric. Allowed values are: SampleCount, Average, Sum, Minimum, Maximum | string |
"Maximum" |
no |
| subnet | VPC Subnet ID the instance is launched in | string |
n/a | yes |
| tags | Additional tags (e.g. map('BusinessUnit','XYZ') |
map(string) |
{} |
no |
| user_data | Instance user data. Do not pass gzip-compressed data via this argument | string |
"" |
no |
| squad | Squad, e.g. 'infracore', 'p2p', 'card', for more check squad list | string |
null |
yes |
| bu | bu, e.g. The default value is 'picpay' | string |
picpay |
no |
| costcenter | costcenter, A number for the cost center, check cost center list | string |
null |
yes |
| tribe | tribe, A tribe name, check tribe name list list | string |
null |
yes |
| terraform | to know if the resource was created with terraform | string |
true |
no |
| tags | Additional tags (e.g. map('BusinessUnit','XYZ') |
map(string) |
{} |
no |
| vpc_id | The ID of the VPC that the instance security group belongs to | string |
n/a | yes |
| welcome_message | Welcome message | string |
"" |
no |
| Name | Description |
|---|---|
| additional_eni_ids | Map of ENI to EIP |
| alarm | CloudWatch Alarm ID |
| ebs_ids | IDs of EBSs |
| id | Disambiguated ID of the instance |
| instance_profile | Name of the instance's profile (either built or supplied) |
| name | Instance name |
| primary_network_interface_id | ID of the instance's primary network interface |
| private_dns | Private DNS of instance |
| private_ip | Private IP of instance |
| public_dns | Public DNS of instance (or DNS of EIP) |
| public_ip | Public IP of instance (or EIP) |
| role | Name of AWS IAM Role associated with the instance |
| security_group_ids | IDs on the AWS Security Groups associated with the instance |
| ssh_key_pair | Name of the SSH key pair provisioned on the instance |