Module: ec2-admin-server

Terraform Module for providing a server capable of running admin tasks. Use terraform-aws-ec2-admin-server to create and manage an admin instance.

Usage

Note: add ${var.ssh_key_pair} private key to the ssh agent.

Include this repository as a module in your existing terraform code:

module "admin_tier" {
  source                      = "git::https://github.com/cloudposse/terraform-aws-ec2-admin-server.git?ref=master"
  ssh_key_pair                = "${var.ssh_key_pair}"
  github_api_token            = "${var.github_api_token}"
  github_organization         = "${var.github_organization}"
  github_team                 = "${var.github_team}"
  instance_type               = "${var.instance_type}"
  vpc_id                      = "${var.vpc_id}"
  name                        = "admin"
  namespace                   = "${var.namespace}"
  stage                       = "${var.stage}"
  subnets                     = ["${var.subnets}"]
  zone_id                     = "${module.terraform-aws-route53-cluster-zone.zone_id}"
  security_groups             = ["${var.security_groups}"]
  allow_cidr_blocks           = ["${var.allow_cidr_blocks}"]
}

Module terraform-aws-route53-cluster-zone

Module terraform-aws-ec2-admin-server requires another module to be used additionally - terraform-aws-route53-cluster-zone.

terraform-aws-ec2-admin-server uses terraform-aws-route53-cluster-hostname to create a DNS record for created host. terraform-aws-route53-cluster-hostname module needs zone_id parameter as an input, and this parameter actually is an output from terraform-aws-route53-cluster-zone.

That is why terraform-aws-route53-cluster-zone should be implemented in root TF manifest when we need terraform-aws-ec2-admin-server.

This module depends on the next modules:

• terraform-null-label
• terraform-aws-ubuntu-github-authorized-keys-user-data
• terraform-aws-route53-cluster-hostname
• terraform-aws-route53-cluster-zone (not directly, but terraform-aws-route53-cluster-hostname need child zone_id)

It is necessary to run terraform get to download those modules.

Now reference the label when creating an instance (for example):

resource "aws_ami_from_instance" "example" {
  name               = "terraform-example"
  source_instance_id = "${module.admin_tier.id}"
}

Variables

Required Variables

github_api_token (any) required

GitHub API token

github_organization (any) required

GitHub organization name

github_team (any) required

GitHub team

ssh_key_pair (any) required

SSH key pair to be provisioned on instance

subnets (list(string)) required

List of VPC Subnet IDs where the instance may be launched

vpc_id (any) required

The ID of the VPC where the instance will be created

Optional Variables

allow_cidr_blocks (list(string)) optional

List of CIDR blocks to permit SSH access

Default value:

[
  "0.0.0.0/0"
]

dns_ttl (string) optional

The time for which a DNS resolver caches a response

Default value: "60"

ec2_ami (string) optional

By default it is an AMI provided by Amazon with Ubuntu 16.04

Default value: "ami-cd0f5cb6"

instance_type (string) optional

The type of instance that will be created (e.g. t2.micro)

Default value: "t2.micro"

security_groups (list(string)) optional

List of Security Group IDs permitted to connect to this instance

Default value: [ ]

zone_id (string) optional

Route53 DNS Zone id

Default value: ""

Context Variables

The following variables are defined in the context.tf file of this module and part of the terraform-null-label pattern.

name (any) required

The Name of the application or solution (e.g. bastion or portal)
Required: Yes

Default value: ``

namespace (any) required

Namespace (e.g. cp or cloudposse)
Required: Yes

Default value: ``

stage (any) required

Stage (e.g. prod, dev, staging)
Required: Yes

Default value: ``

attributes (list(string)) optional

Additional attributes (e.g. policy or role)
Required: No

Default value: [ ]

delimiter (string) optional

Delimiter to be used between name, namespace, stage, etc.
Required: No

Default value: "-"

tags (map(string)) optional

Additional tags (e.g. map('BusinessUnit','XYZ'))
Required: No

Default value: { }

Outputs

fqhn

DNS name (Fully Qualified Host Name) of creating instance

id

Disambiguated ID

public_ip

IPv4 Public IP

role

Name of AWS IAM Role associated with creating instance

security_group_ids

List of IDs of AWS Security Groups associated with creating instance

ssh_key_pair

Name of used AWS SSH key

Dependencies

Requirements

• terraform, version: >= 1.0
• aws, version: >= 5.0
• null, version: >= 2.0

Providers

• aws, version: >= 5.0

Modules

Name	Version	Source	Description
dns	0.13.0	cloudposse/route53-cluster-hostname/aws	n/a
instance	1.2.1	cloudposse/ec2-instance/aws	Use terraform-aws-ec2-instance module
label	0.25.0	cloudposse/label/null	n/a

Resources

The following resources are used by this module:

• aws_security_group.default (resource)
• aws_security_group_rule.egress (resource)
• aws_security_group_rule.ssh (resource)

Data Sources

The following data sources are used by this module: