Skip to content

Ec2 instance

Modules

Name Source Version
ec2_instance terraform-aws-modules/ec2-instance/aws 5.7.1
instance_role terraform-aws-modules/iam/aws//modules/iam-assumable-role 5.54.1
security_group terraform-aws-modules/security-group/aws// 5.2.0

Inputs

Name Description Type Default Required
ami AMI to use for the bastion host string null no
create Flag to determine if resources should be created. bool false no
ebs_block_device Additional EBS block devices to attach to the instance list(any) [] no
iam_role_policies Policies to attach to the IAM role for the instance. list(string) 
[
  "DEF"
]
 no
inline_policy_statements Inline policy statements for the EC2 instance's IAM role. 
list(object({
    sid       = string
    effect    = string
    actions   = list(string)
    resources = list(string)
  }))
 [] no
instance_type Instance type for the bastion host string "t3.micro" no
metadata_options Customize the metadata options of the instance map(string) 
{
  "http_endpoint": "enabled",
  "http_put_response_hop_limit": 1,
  "http_tokens": "required"
}
 no
name Name of the bastion instance. string n/a yes
name_prefix Prefix for resource names. string n/a yes
record DNS record to create for the bastion host 
object({
    name                 = string
    public_or_private_ip = string # "public" or "private"
    zone = object({
      name         = string
      private_zone = bool
    })
  })
 null no
subnet_id The ID of the subnet where the bastion instance will be deployed. string n/a yes
user_data The user data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see user_data_base64 instead string null no
user_data_base64 Can be used instead of user_data to pass base64-encoded binary data directly. Use this instead of user_data whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption string null no
user_data_replace_on_change When used in combination with user_data or user_data_base64 will trigger a destroy and recreate when set to true. Defaults to false if not set bool null no
vpc_id VPC ID where the bastion instance will be deployed. string n/a yes
vpc_security_group_ids List of security group IDs to associate with the bastion instance. list(string) n/a yes

Outputs

Name Description
ec2_instance The EC2 instance created by the module
role The IAM role associated with the EC2 instance
security_group The security group associated with the EC2 instance