X EC2 (or 1 ASG X:X); X external volumes; X network interfaces; KMS key for volumes; Key pair
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
Julien Cabillot 93b4c915ce
chore: bump pre-commit hooks to fix jenkins test
2 周前
examples fix: fixes rebase 2 个月前
.gitignore tech: updates .gitignore 7 个月前
.pre-commit-config.yaml chore: bump pre-commit hooks to fix jenkins test 2 周前
CHANGELOG.md chore: bump pre-commit hooks to fix jenkins test 2 周前
Jenkinsfile test: unlocks tests 2 个月前
LICENSE fix: output KMS key ID when it is created by the module 6 个月前
README.md fix: makes sure KMS grant is only created when needed 2 个月前
autoscaling_groups.tf refactor: removes depends on 2 个月前
data.tf feat (BREAKING): upgrades to support Terraform 0.13 properly 2 个月前
ec2.tf refactor: Split resources into more digestable, smaller files 2 个月前
kms.tf fix: makes sure KMS grant is only created when needed 2 个月前
main.tf refactor: Split resources into more digestable, smaller files 2 个月前
network_interfaces.tf refactor: Split resources into more digestable, smaller files 2 个月前
outputs.tf fix: changes outputs for EIP to get information in NIC instead of EiPs 2 个月前
variables.tf fix: makes sure KMS grant is only created when needed 2 个月前
versions.tf feat (BREAKING): upgrades to support Terraform 0.13 properly 2 个月前
volumes.tf fix: creates a KMS grant when KMS and ASG is used, to allow ASG to use the key for decrypting volumes 2 个月前

README.md

Terraform module: Virtual Machine (EC2, AutoScaling Group)

This module have the following features, they are all optional:

  • EC2 instance or one AutoScaling Group with X capacity.
  • X extra volumes, encrypted by default, with optional KMS key.
  • X extra network interfaces attached to the EC2 instance.
  • A Key Pair.
  • An Instance Profile.
  • Elastic IPS for the instance and/or for specific extra network interfaces.

To create multiple instances, use count.

Limitations

  • AWS does not handle external volumes with AutoScaling Groups. Because of this, if an AutoScaling Group with one or more EBS volume is destroy, the EBS volumes would be preserved, resulting in phantom volumes (unseen by Terraform). That’s why every extra volumes within an AutoScaling group will always be destroyed by using this module (delete_on_termination = true).
  • Same kind of resources will share the same tags. It’s not possible to assign tag to a specific EIP, as specific volume or a specific network interface.
  • Since Terraform 0.13 and modules count, this module will not automatically balance instances in multiple subnets, except when using AutoScaling Group. Also, the SSH Key Pair, KMS key and Instance Profile are not managed as before: if you use count, these resources will be created multiple times. See examples to learn how to reuse them.

Notes

To install pre-commit hooks: pre-commit install. It will automatically validate, fmt and update README.md for you.

The variable root_block_device_delete_on_termination set to false is not tested because it will create resources that will persist a terraform build. Therefore until we find a more permanent solution for this we do NOT test this feature.

Requirements

Name Version
terraform >= 0.13
aws >= 3.1.0, < 4.0.0
null ~> 2.1

Providers

Name Version
aws >= 3.1.0, < 4.0.0
null ~> 2.1

Inputs

Name Description Type Default Required
ami AMI to use for the EC2 instance (or the launch template). Default: latest AWS linux AMI - CAREFUL: when using the default, the AMI ID could get updated, thus triggering a destroy/recreate of your instances. Besides testing, it's recommended to set a value. any null no
associate_public_ip_address Whether or not to associate a public ip address for the EC2 instance (or launch template) main network interface. bool false no
autoscaling_group_default_cooldown The amount of time, in seconds, after a scaling activity completes before another scaling activity can start. number -1 no
autoscaling_group_desired_capacity Number of instances to immediately launch in the AutoScaling Group. If not specified, defaults to var.autoscaling_group_min_size. number null no
autoscaling_group_enabled_metrics A list of metrics to collect. The allowed values are GroupDesiredCapacity, GroupInServiceCapacity, GroupPendingCapacity, GroupMinSize, GroupMaxSize, GroupInServiceInstances, GroupPendingInstances, GroupStandbyInstances, GroupStandbyCapacity, GroupTerminatingCapacity, GroupTerminatingInstances, GroupTotalCapacity and GroupTotalInstances. set(string) [] no
autoscaling_group_health_check_grace_period Time (in seconds) after instance comes into service before checking health. number -1 no
autoscaling_group_health_check_type Controls how health checking is done on EC2 level or on ELB level. When using a load balancer ELB is recommended. string null no
autoscaling_group_max_instance_lifetime The maximum amount of time, in seconds, that an instance can be in service, values must be either equal to 0 or between 604800 and 31536000 seconds. number 0 no
autoscaling_group_max_size The maximum size of the AutoScaling Group. number 1 no
autoscaling_group_metrics_granularity The granularity to associate with the metrics to collect. The only valid value is 1Minute. Default is 1Minute. string null no
autoscaling_group_min_elb_capacity Setting this causes Terraform to wait for this number of instances from this autoscaling group to show up healthy in the ELB only on creation. Updates will not wait on ELB instance number changes. See documentation. number null no
autoscaling_group_min_size The minimum size of the AutoScaling Group. number 1 no
autoscaling_group_name The name of the AutoScaling Group. By default generated by Terraform. string "" no
autoscaling_group_subnet_ids IDs of the subnets to be used by the AutoScaling Group. If empty, all the default subnets of the current region will be used. This must have as many elements as the count: var.autoscaling_group_subnet_ids_count. list(string)
[
““
]
no
autoscaling_group_subnet_ids_count How many subnets IDs to be used by the AutoScaling Group in the var.autoscaling_group_subnet_ids. If the value is “0”, default subnets will be used. Cannot be computed automatically from other variables in Terraform 0.13.X. number 0 no
autoscaling_group_suspended_processes A list of processes to suspend for the AutoScaling Group. The allowed values are Launch, Terminate, HealthCheck, ReplaceUnhealthy, AZRebalance, AlarmNotification, ScheduledActions, AddToLoadBalancer. Note that if you suspend either the Launch or Terminate process types, it can prevent your autoscaling group from functioning properly. set(string) [] no
autoscaling_group_tags Tags specific to the AutoScaling Group. Will be merged with var.tags. map {} no
autoscaling_group_target_group_arns A list of aws_alb_target_group ARNs, for use with Application or Network Load Balancing. list(string) [] no
autoscaling_group_termination_policies A list of policies to decide how the instances in the auto scale group should be terminated. The allowed values are OldestInstance, NewestInstance, OldestLaunchConfiguration, ClosestToNextInstanceHour, OldestLaunchTemplate, AllocationStrategy, Default. list(string) [] no
autoscaling_group_wait_for_capacity_timeout A maximum duration that Terraform should wait for ASG instances to be healthy before timing out. Setting this to ‘0’ causes Terraform to skip all Capacity Waiting behavior. string null no
autoscaling_group_wait_for_elb_capacity Setting this will cause Terraform to wait for exactly this number of healthy instances from this autoscaling group in all attached load balancers on both create and update operations. (Takes precedence over var.min_elb_capacity behavior.). number null no
autoscaling_schedule_count How many AutoScaling Schedule actions to create on the AutoScaling Group. Ignored if var.use_autoscaling_group is false. number 0 no
autoscaling_schedule_desired_capacities Number of instances that should run in the AutoScaling Schedule actions. Set to -1 if you don't want to change the desired capacity at the scheduled time. Ignored if var.use_autoscaling_group or var.autoscaling_schedule_enable is false. list(number)
[
0
]
no
autoscaling_schedule_end_times Time for the AutoScaling Schedule actions to stop, in YYYY-MM-DDThh:mm:ssZ format in UTC/GMT only (for example, 2022-06-01T00:00:00Z ). If you try to schedule your action in the past, Auto Scaling returns an error message. Ignored if var.use_autoscaling_group or var.autoscaling_schedule_enable is false. list(string)
[
null
]
no
autoscaling_schedule_max_sizes The maximum sizes for the AutoScaling Schedule actions. Set to -1 if you don't want to change the maximum size at the scheduled time. Ignored if var.use_autoscaling_group or var.autoscaling_schedule_enable is false. list(number)
[
0
]
no
autoscaling_schedule_min_sizes The minimum sizes for the AutoScaling Schedule actions. Set to -1 if you don't want to change the minimum size at the scheduled time. Ignored if var.use_autoscaling_group or var.autoscaling_schedule_enable is false. list(number)
[
0
]
no
autoscaling_schedule_name Name of the AutoScaling Schedule actions. Will be suffixed by numerical digits if var.use_num_suffix is true. If var.use_num_suffix is false maximum one Schedule must be created as name must be unique. Ignored if var.use_autoscaling_group or var.autoscaling_schedule_enable is false. string "asg-schedule" no
autoscaling_schedule_recurrences Times when recurring future AutoScaling Schedule actions will start. Start time is specified by the user following the Unix cron syntax format. Ignored if var.use_autoscaling_group or var.autoscaling_schedule_enable is false. list(string)
[
null
]
no
autoscaling_schedule_start_times Time for the AutoScaling Schedule actions to start, in YYYY-MM-DDThh:mm:ssZ format in UTC/GMT only (for example, 2021-06-01T00:00:00Z ). Defaults to the next minute. If you try to schedule your action in the past, Auto Scaling returns an error message. Ignored if var.use_autoscaling_group or var.autoscaling_schedule_enable is false. list(string)
[
null
]
no
cpu_core_count Sets the number of CPU cores for an instance (or launch template). This option is only supported on creation of instance type that support CPU Options CPU Cores and Threads Per CPU Core Per Instance Type - specifying this option for unsupported instance types will return an error from the EC2 API. number null no
cpu_credits The credit option for CPU usage. Can be standard or unlimited. For T type instances. T3 instances are launched as unlimited by default. T2 instances are launched as standard by default. string null no
cpu_threads_per_core If set to to 1, hyperthreading is disabled on the launched instance (or launch template). Defaults to 2 if not set. See Optimizing CPU Options for more information (has no effect unless var.cpu_core_count is also set). number null no
disable_api_termination If true, enables EC2 Instance (or launch template) termination protection. This is NOT recommended as it will prevent Terraform to destroy and block your pipeline. bool false no
ebs_optimized If true, the launched EC2 instance (or launch template) will be EBS-optimized. Note that if this is not set on an instance type that is optimized by default then this will show as disabled but if the instance type is optimized by default then there is no need to set this and there is no effect to disabling it. bool null no
ec2_external_primary_network_interface_id ID of the primary Network Interface to be attached to EC2 instance. This value must be given if var.ec2_primary_network_interface_create is false. string null no
ec2_ipv4_addresses Specify one or more IPv4 addresses from the range of the subnet to associate with the primary network interface. list(string) [] no
ec2_ipv6_addresses Specify one or more IPv6 addresses from the range of the subnet to associate with the primary network interface. list(string) [] no
ec2_network_interface_tags Tags of the primary Network Interface of the EC2 instance. Will be merged with var.tags. map {} no
ec2_primary_network_interface_create Whether or not to create a primary Network Interface to be attached to EC2 instance. Ignored if var.use_autoscaling_group is true. If false, a value for var.ec2_external_primary_network_interface_id will be expected. bool true no
ec2_source_dest_check Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. bool true no
ec2_subnet_id Subnet ID where to provision all the instance. Can be used instead or along with var.subnet_ids. any null no
ec2_use_default_subnet Whether or not to use the VPC default subnet instead of var.ec2_subnet_id. Cannot be computed from var.ec2_subnet_id automatically in Terraform 0.13. bool true no
ec2_volume_name Name (tag:Name) of the root block device of the instance. string "root-volume" no
ec2_volume_tags Tags of the root volume of the instance. Will be merged with var.tags. map {} no
ephemeral_block_devices Customize Ephemeral (also known as Instance Store) volumes on the EC2 instance (or launch template):
* device_name (required, string): The name of the block device to mount on the instance.
* virtual_name (optional, string): The Instance Store Device Name (e.g. “ephemeral0”).
* no_device (optional, string): Suppresses the specified device included in the AMI's block device mapping.
list [] no
extra_network_interface_count How many extra network interface to create for the EC2 instance. This has no influence on the primary Network Interface. Ignored if var.use_autoscaling_group is true. number 0 no
extra_network_interface_eips_count How many extra Network Interfaces will have a public Elastic IP. Should be the exact number of trues in the var.extra_network_interface_eips_enabled list. Ignored if var.use_autoscaling_group is true. number 0 no
extra_network_interface_eips_enabled List of boolean that indicates whether or not the extra Network Interface should have an Elastic IP or not. To disable/enable the EIP for specific NICs, use false/true respectively of the order of extra Network Interfaces. Should have as many trues as the number define in var.extra_network_interface_eips_count. Ignored if var.use_autoscaling_group is true. list(bool) [] no
extra_network_interface_name Name (tag:Name) of the extra Network Interfaces for the EC2 instance. Will be suffixed by numerical digits if var.use_num_suffix is true, otherwise all extra Network Interfaces will have the same name. string "nic" no
extra_network_interface_num_suffix_offset The starting point of the numerical suffix for extra Network Interfaces for the EC2 instance. Will combine with var.num_suffix_offset. An offset of 1 here and var.num_suffix_offset of 2 would mean var.extra_network_interface_name suffix starts at 4. Default value is 1 to let the primary Network Interface have the starting suffix. number 1 no
extra_network_interface_private_ips List of lists containing private IPs to assign to the extra Network Interfaces for the EC2 instance. Each list must correspond to an extra Network Interface, in order. list(list(string))
[
null
]
no
extra_network_interface_private_ips_counts Number of secondary private IPs to assign to the ENI. The total number of private IPs will be 1 + private_ips_count, as a primary private IP will be assigned to an ENI by default. Make sure you have as many element in the list as ENIs times the number of instances. list(number)
[
null
]
no
extra_network_interface_security_group_count How many Security Groups to attach per extra Network Interface. Must be the number of element of var.extra_network_interface_security_group_ids. This cannot be computed automatically in Terraform 0.13. number 0 no
extra_network_interface_security_group_ids List of Security Group IDs to assign to the extra Network Interfaces for the EC2 instance. All extra Network Interfaces will have the same Security Groups. If not specified, all ENI will have the default Security Group of the VPC. list(string) null no
extra_network_interface_source_dest_checks Whether or not to enable source destination checking for the extra Network Interfaces for the EC2 instance. Default to true. list(bool)
[
null
]
no
extra_network_interface_tags Tags for the extra Network Interfaces for the EC2 instance. Will be merged with var.tags. These tags will be shared among all extra ENIs. map {} no
extra_volume_count Number of extra volumes to create for the EC2 instance (or the launch template). number 0 no
extra_volume_device_names Device names for the extra volumes to attached to the EC2 instance (or the launch template). list(string)
[
“/dev/xvdf1"
]
no
extra_volume_name Name (tag:Name) of the extra volumes to create. Will be suffixed by numerical digits if var.use_num_suffix is true. Otherwise, all the extra volumes will share the same name. string "vol" no
extra_volume_sizes Size of the extra volumes for the EC2 instance (or launch template). list(number)
[
1
]
no
extra_volume_tags Tags shared by all the extra volumes of the instance or all the volumes of a launch template. Will be merged with var.tags. map {} no
extra_volume_types The volume types of extra volumes to attach to the EC2 instance (or launch template). Can be standard, gp2, io1, sc1 or st1 (Default: standard). list(string)
[
“gp2"
]
no
host_id The Id of a dedicated host that the instance will be assigned to. Use when an instance (or launch template) is to be launched on a specific dedicated host. string null no
iam_instance_profile_create Whether or not to create an Instance Profile (with its IAM Role) for the EC2 instance (or launch template). If false, you can use var.iam_instance_profile_name to use an external IAM Instance Profile. bool false no
iam_instance_profile_iam_role_description Description of the IAM Role to be used by the Instance Profile. Ignored if var.iam_instance_profile_create is false. string "Instance Profile Role" no
iam_instance_profile_iam_role_name Name of the IAM Role to be used by the Instance Profile. If omitted, Terraform will assign a random, unique name. Ignored if var.iam_instance_profile_create is false. string null no
iam_instance_profile_iam_role_policy_arns ARNs of the IAM Policies to be applied to the IAM Role of the Instance Profile. Ignored if var.iam_instance_profile_create is false. list(string) [] no
iam_instance_profile_iam_role_policy_count How many IAM Policy ARNs there are in var.iam_instance_profile_iam_role_policy_arns. This value cannot be computed automatically in Terraform 0.13. number 0 no
iam_instance_profile_iam_role_tags Tags to be used for the Instance Profile Role. Will be merged with var.tags. Ignored if var.iam_instance_profile_create is false. map {} no
iam_instance_profile_name The IAM profile's name for the EC2 instance (or launch template). If var.iam_instance_profile_create is true and this is null, Terraform will assign a random, unique name. If var.iam_instance_profile_create is false this value should be the name of an external IAM Instance Profile (keep it null to disable Instance Profile altogether). string null no
iam_instance_profile_path Path in which to create the Instance Profile for the EC2 instance (or launch template). Instance Profile IAM Role will share the same path. Ignored if var.iam_instance_profile_create is false. any null no
instance_initiated_shutdown_behavior Shutdown behavior for the EC2 instance (or launch template). Amazon defaults this to stop for EBS-backed instances and terminate for instance-store instances. Cannot be set on instance-store instances. string null no
instance_tags Tags that will be shared with all the instances (or instances launched by the AutoScaling Group). Will be merged with var.tags. map {} no
instance_type The type of instance (or launch template) to start. Updates to this field will trigger a stop/start of the EC2 instance, except with launch template. string "t3.nano" no
ipv4_address_count A number of IPv4 addresses to associate with the primary network interface of the EC2 instance (or launch template). The total number of private IPs will be 1 + var.ipv4_address_count, as a primary private IP will be assigned to an ENI by default. number 0 no
key_pair_create Whether or not to create a key pair. If false, use var.key_pair_name to inject an external key pair. bool false no
key_pair_name The name for the key pair. If this is not empty and var.key_pair_create = false, this name will be used as an external key pair. If you don't want any key pair, set this to null. string null no
key_pair_public_key The public key material. Ignored if var.key_pair_create is false. string null no
key_pair_tags Tags specific for the key pair. Will be merged with var.tags. Ignored if var.key_pair_create is false. map {} no
launch_template_ipv6_address_count A number of IPv6 addresses to associate with the primary network interface of the launch template. number 0 no
launch_template_name The name of the launch template. If you leave this blank, Terraform will auto-generate a unique name. string "" no
launch_template_tags Tags to be used by the launch template. Will be merge with var.tags. map {} no
monitoring If true, the launched EC2 instance (or launch template) will have detailed monitoring enabled: 1 minute granularity instead of 5 minutes. Incurs additional costs. bool false no
name Name (tag:Name) of the instance(s) themselves, whether or not AutoScaling group is used. string "ec2" no
num_suffix_digits Number of significant digits to append to multiple same resources of the module. For example, a var.num_suffix_digits of 3 would produce -001, -002… suffixes. Ignored if var.use_num_suffix is false. number 2 no
num_suffix_offset The starting point of the numerical suffix. An offset of 1 would mean resources suffixes will starts at 2. Ignored if var.use_num_suffix is false. number 0 no
placement_group ID of the Placement Group to start the EC2 instance (or launch template) in. string null no
prefix Prefix to be added to with all resource's names of the module. Prefix is mainly used for tests and should remain empty in normal circumstances. string "" no
primary_network_interface_name Name (tag:Name) of the primary network interface to be attached to the EC2 instance (or launch template). string "nic" no
root_block_device_delete_on_termination Whether or not to delete the root block device on termination. It's is strongly discouraged to set this to false: only change this value if you have no other choice as this will leave a volume that will not be managed by terraform (even if the tag says it does) and you may end up building up costs. bool true no
root_block_device_encrypted Customize details about the root block device of the EC2 instance (or launch template) root volume: enables EBS encryption on the volume. Cannot be used with snapshot_id. Must be configured to perform drift detection. bool true no
root_block_device_iops The amount of provisioned IOPS. This must be set when var.root_block_device_volume_type is io1. number null no
root_block_device_volume_device Device name of the root volume of the AMI. Only used for Launch Template. This value cannot be found by the AWS Terraform provider from the AMI ID alone. If this value is wrong, Terraform will create an extra volume, failing to setup root volume correctly. Can be /dev/sda1 or /dev/xdva. string "/dev/xvda" no
root_block_device_volume_size Customize details about the root block device of the instance or launch template root volume: The size of the volume in gibibytes (GiB). number 8 no
root_block_device_volume_type Customize details about the root block device of the instance or launch template root volume: The type of volume. Can be standard, gp2, io1, sc1 or st1. (Default: gp2). string null no
tags Tags to be used for all this module resources. Will be merged with specific tags for each kind of resource. map {} no
tenancy The tenancy of the EC2 instance (if the instance or launch template will be running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. The host tenancy is not supported for the import-instance command. any null no
use_autoscaling_group Whether or not to create an AutoScaling Group instead of an EC2 instance. If true, use look at autoscaling_group prefixed variables. bool false no
use_num_suffix Whether or not to append numerical suffix when multiple same resources need to be created like extra EBS volumes. bool true no
user_data The user data to provide when launching the EC2 instance (or launch template). string null no
volume_kms_key_alias Alias of the KMS key used to encrypt the root and extra volumes of the EC2 instance (or launch template). Do not prefix this value with alias/ nor with a /. string "default/ec2" no
volume_kms_key_arn ARN of an external KMS key used to encrypt the root and extra volumes. To be used when var.volume_kms_key_create is set to false (if true, this ARN will be ignored). If this value is not null, also set var.volume_kms_key_external_exist to true. string null no
volume_kms_key_create Whether or not to create a KMS key to be used for root and extra volumes. If set to false, you can specify a var.volume_kms_key_arn as an external KMS key to use instead. If this value is false and var.volume_kms_key_arn empty, the default AWS KMS key for volumes will be used. bool false no
volume_kms_key_customer_master_key_spec Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports for the KMS key to be used for volumes. Valid values: SYMMETRIC_DEFAULT, RSA_2048, RSA_3072, RSA_4096, ECC_NIST_P256, ECC_NIST_P384, ECC_NIST_P521, or ECC_SECG_P256K1. Defaults to SYMMETRIC_DEFAULT. string null no
volume_kms_key_external_exist Whether or not var.volume_kms_key_arn is empty. Cannot be computed automatically in Terraform 0.13. bool false no
volume_kms_key_name Name (tag:Name) for the KMS key to be used for root and extra volumes of the EC2 instance (or launch template). string "kms-for-vol" no
volume_kms_key_policy A valid policy JSON document for the KMS key to be used for root and extra volumes of the EC2 instance (or launch template). This document can give or restrict accesses for the key. string null no
volume_kms_key_tags Tags for the KMS key to be used for root and extra volumes. Will be merge with var.tags. map {} no
vpc_security_group_ids List of security group IDs to associate with the main ENI of the EC2 instance (or launch template). If not defined, default the VPC security group will be used. list(string) null no

Outputs

Name Description
autoscaling_group_arn n/a
autoscaling_group_id n/a
availability_zones n/a
ec2_arn n/a
ec2_id n/a
ec2_primary_network_interface_id n/a
ec2_private_dns n/a
ec2_private_ip n/a
ec2_public_dns n/a
ec2_public_ip n/a
eip_ids n/a
eip_network_interface_ids n/a
eip_public_dns n/a
eip_public_ips n/a
extra_volume_arns n/a
extra_volume_ids n/a
iam_instance_profile_arn n/a
iam_instance_profile_iam_role_arn n/a
iam_instance_profile_iam_role_id n/a
iam_instance_profile_iam_role_unique_id n/a
iam_instance_profile_id n/a
iam_instance_profile_unique_id n/a
key_pair_fingerprint n/a
key_pair_id n/a
key_pair_name n/a
kms_key_id n/a
launch_template_arn n/a
launch_template_default_version n/a
launch_template_id n/a
launch_template_latest_version n/a
network_interface_eips n/a
network_interface_ids n/a
network_interface_mac_addresses n/a
network_interface_private_dns_names n/a
network_interface_private_ips n/a
subnet_ids n/a