Skip to main content

Module: ec2-admin-server

Terraform Module for providing a server capable of running admin tasks. Use terraform-aws-ec2-admin-server to create and manage an admin instance.

Usage

Note: add ${var.ssh_key_pair} private key to the ssh agent.

Include this repository as a module in your existing terraform code:

module "admin_tier" {
  source                      = "git::https://github.com/cloudposse/terraform-aws-ec2-admin-server.git?ref=master"
  ssh_key_pair                = "${var.ssh_key_pair}"
  github_api_token            = "${var.github_api_token}"
  github_organization         = "${var.github_organization}"
  github_team                 = "${var.github_team}"
  instance_type               = "${var.instance_type}"
  vpc_id                      = "${var.vpc_id}"
  name                        = "admin"
  namespace                   = "${var.namespace}"
  stage                       = "${var.stage}"
  subnets                     = ["${var.subnets}"]
  zone_id                     = "${module.terraform-aws-route53-cluster-zone.zone_id}"
  security_groups             = ["${var.security_groups}"]
  allow_cidr_blocks           = ["${var.allow_cidr_blocks}"]
}

Module terraform-aws-route53-cluster-zone

Module terraform-aws-ec2-admin-server requires another module to be used additionally - terraform-aws-route53-cluster-zone.

terraform-aws-ec2-admin-server uses terraform-aws-route53-cluster-hostname to create a DNS record for created host. terraform-aws-route53-cluster-hostname module needs zone_id parameter as an input, and this parameter actually is an output from terraform-aws-route53-cluster-zone.

That is why terraform-aws-route53-cluster-zone should be implemented in root TF manifest when we need terraform-aws-ec2-admin-server.

This module depends on the next modules:

It is necessary to run terraform get to download those modules.

Now reference the label when creating an instance (for example):

resource "aws_ami_from_instance" "example" {
  name               = "terraform-example"
  source_instance_id = "${module.admin_tier.id}"
}

Requirements

NameVersion
terraform>= 1.0
aws>= 5.0
null>= 2.0

Providers

NameVersion
aws>= 5.0

Modules

NameSourceVersion
dnscloudposse/route53-cluster-hostname/aws0.13.0
instancecloudposse/ec2-instance/aws1.2.1
labelcloudposse/label/null0.25.0

Resources

NameType
aws_security_group.defaultresource
aws_security_group_rule.egressresource
aws_security_group_rule.sshresource

Inputs

NameDescriptionTypeDefaultRequired
allow_cidr_blocksList of CIDR blocks to permit SSH accesslist(string)
[
  "0.0.0.0/0"
]
no
attributesAdditional attributes (e.g. policy or role)list(string)[]no
delimiterDelimiter to be used between name, namespace, stage, etc.string"-"no
dns_ttlThe time for which a DNS resolver caches a responsestring"60"no
ec2_amiBy default it is an AMI provided by Amazon with Ubuntu 16.04string"ami-cd0f5cb6"no
github_api_tokenGitHub API tokenanyn/ayes
github_organizationGitHub organization nameanyn/ayes
github_teamGitHub teamanyn/ayes
instance_typeThe type of instance that will be created (e.g. t2.micro)string"t2.micro"no
nameThe Name of the application or solution (e.g. bastion or portal)anyn/ayes
namespaceNamespace (e.g. cp or cloudposse)anyn/ayes
security_groupsList of Security Group IDs permitted to connect to this instancelist(string)[]no
ssh_key_pairSSH key pair to be provisioned on instanceanyn/ayes
stageStage (e.g. prod, dev, staging)anyn/ayes
subnetsList of VPC Subnet IDs where the instance may be launchedlist(string)n/ayes
tagsAdditional tags (e.g. map('BusinessUnit','XYZ'))map(string){}no
vpc_idThe ID of the VPC where the instance will be createdanyn/ayes
zone_idRoute53 DNS Zone idstring""no

Outputs

NameDescription
fqhnDNS name (Fully Qualified Host Name) of creating instance
idDisambiguated ID
public_ipIPv4 Public IP
roleName of AWS IAM Role associated with creating instance
security_group_idsList of IDs of AWS Security Groups associated with creating instance
ssh_key_pairName of used AWS SSH key