Module: ec2-admin-server
Terraform Module for providing a server capable of running admin tasks. Use terraform-aws-ec2-admin-server
to create and manage an admin instance.
Usage
Note: add ${var.ssh_key_pair}
private key to the ssh agent
.
Include this repository as a module in your existing terraform code:
module "admin_tier" {
source = "git::https://github.com/cloudposse/terraform-aws-ec2-admin-server.git?ref=master"
ssh_key_pair = "${var.ssh_key_pair}"
github_api_token = "${var.github_api_token}"
github_organization = "${var.github_organization}"
github_team = "${var.github_team}"
instance_type = "${var.instance_type}"
vpc_id = "${var.vpc_id}"
name = "admin"
namespace = "${var.namespace}"
stage = "${var.stage}"
subnets = ["${var.subnets}"]
zone_id = "${module.terraform-aws-route53-cluster-zone.zone_id}"
security_groups = ["${var.security_groups}"]
allow_cidr_blocks = ["${var.allow_cidr_blocks}"]
}
Module terraform-aws-route53-cluster-zone
Module terraform-aws-ec2-admin-server
requires another module to be used additionally - terraform-aws-route53-cluster-zone
.
terraform-aws-ec2-admin-server
uses terraform-aws-route53-cluster-hostname
to create a DNS record for created host. terraform-aws-route53-cluster-hostname
module needs zone_id
parameter as an input, and this parameter actually is an output from terraform-aws-route53-cluster-zone
.
That is why terraform-aws-route53-cluster-zone
should be implemented in root
TF manifest when we need terraform-aws-ec2-admin-server
.
This module depends on the next modules:
- terraform-null-label
- terraform-aws-ubuntu-github-authorized-keys-user-data
- terraform-aws-route53-cluster-hostname
- terraform-aws-route53-cluster-zone (not directly, but
terraform-aws-route53-cluster-hostname
need childzone_id
)
It is necessary to run terraform get
to download those modules.
Now reference the label when creating an instance (for example):
resource "aws_ami_from_instance" "example" {
name = "terraform-example"
source_instance_id = "${module.admin_tier.id}"
}
Requirements
Name | Version |
---|---|
terraform | >= 1.0 |
aws | >= 5.0 |
null | >= 2.0 |
Providers
Name | Version |
---|---|
aws | >= 5.0 |
Modules
Name | Source | Version |
---|---|---|
dns | cloudposse/route53-cluster-hostname/aws | 0.13.0 |
instance | cloudposse/ec2-instance/aws | 1.2.1 |
label | cloudposse/label/null | 0.25.0 |
Resources
Name | Type |
---|---|
aws_security_group.default | resource |
aws_security_group_rule.egress | resource |
aws_security_group_rule.ssh | resource |
Inputs
Name | Description | Type | Default | Required |
---|---|---|---|---|
allow_cidr_blocks | List of CIDR blocks to permit SSH access | list(string) |
| no |
attributes | Additional attributes (e.g. policy or role ) | list(string) | [] | no |
delimiter | Delimiter to be used between name , namespace , stage , etc. | string | "-" | no |
dns_ttl | The time for which a DNS resolver caches a response | string | "60" | no |
ec2_ami | By default it is an AMI provided by Amazon with Ubuntu 16.04 | string | "ami-cd0f5cb6" | no |
github_api_token | GitHub API token | any | n/a | yes |
github_organization | GitHub organization name | any | n/a | yes |
github_team | GitHub team | any | n/a | yes |
instance_type | The type of instance that will be created (e.g. t2.micro ) | string | "t2.micro" | no |
name | The Name of the application or solution (e.g. bastion or portal ) | any | n/a | yes |
namespace | Namespace (e.g. cp or cloudposse ) | any | n/a | yes |
security_groups | List of Security Group IDs permitted to connect to this instance | list(string) | [] | no |
ssh_key_pair | SSH key pair to be provisioned on instance | any | n/a | yes |
stage | Stage (e.g. prod , dev , staging ) | any | n/a | yes |
subnets | List of VPC Subnet IDs where the instance may be launched | list(string) | n/a | yes |
tags | Additional tags (e.g. map('BusinessUnit','XYZ') ) | map(string) | {} | no |
vpc_id | The ID of the VPC where the instance will be created | any | n/a | yes |
zone_id | Route53 DNS Zone id | string | "" | no |
Outputs
Name | Description |
---|---|
fqhn | DNS name (Fully Qualified Host Name) of creating instance |
id | Disambiguated ID |
public_ip | IPv4 Public IP |
role | Name of AWS IAM Role associated with creating instance |
security_group_ids | List of IDs of AWS Security Groups associated with creating instance |
ssh_key_pair | Name of used AWS SSH key |