Skip to content

Commit

Permalink
Merge pull request #6 from clouddrove/VOT-2
Browse files Browse the repository at this point in the history
enable encryption with EBS
  • Loading branch information
Sohan Yadav authored Apr 28, 2020
2 parents 6a360c1 + 0dc2a97 commit cfebd60
Show file tree
Hide file tree
Showing 10 changed files with 308 additions and 85 deletions.
114 changes: 45 additions & 69 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@
<hr>


We eat, drink, sleep and most importantly love **DevOps**. We are working towards stratergies for standardizing architecture while ensuring security for the infrastructure. We are strong believer of the philosophy <b>Bigger problems are always solved by breaking them into smaller manageable problems</b>. Resonating with microservices architecture, it is considered best-practice to run database, cluster, storage in smaller <b>connected yet manageable pieces</b> within the infrastructure.
We eat, drink, sleep and most importantly love **DevOps**. We are working towards strategies for standardizing architecture while ensuring security for the infrastructure. We are strong believer of the philosophy <b>Bigger problems are always solved by breaking them into smaller manageable problems</b>. Resonating with microservices architecture, it is considered best-practice to run database, cluster, storage in smaller <b>connected yet manageable pieces</b> within the infrastructure.

This module is basically combination of [Terraform open source](https://www.terraform.io/) and includes automatation tests and examples. It also helps to create and improve your infrastructure with minimalistic code instead of maintaining the whole infrastructure code yourself.

Expand Down Expand Up @@ -68,19 +68,18 @@ This module has a few dependencies:
**IMPORTANT:** Since the `master` branch used in `source` varies based on new modifications, we suggest that you use the release versions [here](https://github.com/clouddrove/terraform-aws-ec2/releases).


### Simple Example
Here is an example of how you can use this module in your inventory structure:
Here is examples of how you can use this module in your inventory structure:
### Basic Example
```hcl
module "ec2" {
source = "git::https://github.com/clouddrove/terraform-aws-ec2.git?ref=tags/0.12.5"
source = "git::https://github.com/clouddrove/terraform-aws-ec2.git?ref=tags/0.12.7"
name = "ec2-instance"
application = "clouddrove"
environment = "test"
label_order = ["environment", "application", "name"]
instance_count = 2
ami = "ami-08d658f84a6d84a80"
instance_type = "t2.nano"
key_name = module.keypair.name
monitoring = false
tenancy = "default"
vpc_security_group_ids_list = [module.ssh.security_group_ids, module.http-https.security_group_ids]
Expand All @@ -100,81 +99,58 @@ Here is an example of how you can use this module in your inventory structure:
}
```

### Secure Example
```hcl
module "ec2" {
source = "git::https://github.com/clouddrove/terraform-aws-ec2.git?ref=tags/0.12.7"
name = "ec2-instance"
application = "clouddrove"
environment = "test"
label_order = ["environment", "application", "name"]
instance_count = 2
ami = "ami-08d658f84a6d84a80"
instance_type = "t2.nano"
monitoring = false
tenancy = "default"
vpc_security_group_ids_list = [module.ssh.security_group_ids, module.http-https.security_group_ids]
subnet_ids = tolist(module.public_subnets.public_subnet_id)
assign_eip_address = true
associate_public_ip_address = true
instance_profile_enabled = true
iam_instance_profile = module.iam-role.name
disk_size = 8
ebs_optimized = false
ebs_volume_enabled = true
ebs_volume_type = "gp2"
ebs_volume_size = 30
encrypted = true
kms_key_id = module.kms_key.key_arn
instance_tags = { "snapshot" = true }
dns_zone_id = "Z1XJD7SSBKXLC1"
hostname = "ec2"
}
```





## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|:----:|:-----:|:-----:|
| ami | The AMI to use for the instance. | string | - | yes |
| application | Application (e.g. `cd` or `clouddrove`). | string | `` | no |
| assign_eip_address | Assign an Elastic IP address to the instance. | bool | `false` | no |
| associate_public_ip_address | Associate a public IP address with the instance. | bool | `true` | no |
| attributes | Additional attributes (e.g. `1`). | list | `<list>` | no |
| availability_zone | Availability Zone the instance is launched in. If not set, will be launched in the first AZ of the region. | list | `<list>` | no |
| cpu_core_count | Sets the number of CPU cores for an instance. | string | `` | no |
| cpu_credits | The credit option for CPU usage. Can be `standard` or `unlimited`. T3 instances are launched as unlimited by default. T2 instances are launched as standard by default. | string | `standard` | no |
| delimiter | Delimiter to be used between `organization`, `environment`, `name` and `attributes`. | string | `-` | no |
| disable_api_termination | If true, enables EC2 Instance Termination Protection. | bool | `false` | no |
| disk_size | Size of the root volume in gigabytes. | number | `8` | no |
| dns_enabled | Flag to control the dns_enable. | bool | `false` | no |
| dns_zone_id | The Zone ID of Route53. | string | `` | no |
| ebs_block_device | Additional EBS block devices to attach to the instance. | list | `<list>` | no |
| ebs_device_name | Name of the EBS device to mount. | list(string) | `<list>` | no |
| ebs_iops | Amount of provisioned IOPS. This must be set with a volume_type of io1. | number | `0` | no |
| ebs_optimized | If true, the launched EC2 instance will be EBS-optimized. | bool | `false` | no |
| ebs_volume_enabled | Flag to control the ebs creation. | bool | `false` | no |
| ebs_volume_size | Size of the EBS volume in gigabytes. | number | `30` | no |
| ebs_volume_type | The type of EBS volume. Can be standard, gp2 or io1. | string | `gp2` | no |
| environment | Environment (e.g. `prod`, `dev`, `staging`). | string | `` | no |
| ephemeral_block_device | Customize Ephemeral (also known as Instance Store) volumes on the instance. | list | `<list>` | no |
| host_id | The Id of a dedicated host that the instance will be assigned to. Use when an instance is to be launched on a specific dedicated host. | string | `` | no |
| hostname | DNS records to create. | string | `` | no |
| iam_instance_profile | The IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile. | string | `` | no |
| instance_count | Number of instances to launch. | number | `1` | no |
| instance_enabled | Flag to control the instance creation. | bool | `true` | no |
| instance_initiated_shutdown_behavior | Shutdown behavior for the instance. | string | `` | no |
| instance_profile_enabled | Flag to control the instance profile creation. | bool | `false` | no |
| instance_tags | Instance tags. | map | `<map>` | no |
| instance_type | The type of instance to start. Updates to this field will trigger a stop/start of the EC2 instance. | string | - | yes |
| ipv6_address_count | Number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet. | number | `0` | no |
| ipv6_addresses | List of IPv6 addresses from the range of the subnet to associate with the primary network interface. | list | `<list>` | no |
| key_name | The key name to use for the instance. | string | `` | no |
| label_order | Label order, e.g. `name`,`application`. | list | `<list>` | no |
| managedby | ManagedBy, eg 'CloudDrove' or 'AnmolNagpal'. | string | `[email protected]` | no |
| monitoring | If true, the launched EC2 instance will have detailed monitoring enabled. (Available since v0.6.0). | bool | `false` | no |
| name | Name (e.g. `app` or `cluster`). | string | `` | no |
| network_interface | Customize network interfaces to be attached at instance boot time. | list(map(string)) | `<list>` | no |
| placement_group | The Placement Group to start the instance in. | string | `` | no |
| root_block_device | Customize details about the root block device of the instance. See Block Devices below for details. | list | `<list>` | no |
| source_dest_check | Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. | bool | `true` | no |
| subnet | VPC Subnet ID the instance is launched in. | string | `` | no |
| subnet_ids | A list of VPC Subnet IDs to launch in. | list(string) | `<list>` | no |
| tags | Additional tags (e.g. map(`BusinessUnit`,`XYZ`). | map | `<map>` | no |
| tenancy | The tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. The host tenancy is not supported for the import-instance command. | string | `` | no |
| ttl | The TTL of the record to add to the DNS zone to complete certificate validation. | string | `300` | no |
| type | Type of DNS records to create. | string | `CNAME` | no |
| user_data | The Base64-encoded user data to provide when launching the instances. | string | `` | no |
| vpc_security_group_ids_list | A list of security group IDs to associate with. | list(string) | `<list>` | no |

## Outputs

| Name | Description |
|------|-------------|
| arn | The ARN of the instance. |
| az | The availability zone of the instance. |
| instance_count | The count of instances. |
| instance_id | The instance ID. |
| ipv6_addresses | A list of assigned IPv6 addresses. |
| key_name | The key name of the instance. |
| placement_group | The placement group of the instance. |
| private_ip | Private IP of instance. |
| public_ip | Public IP of instance (or EIP). |
| subnet_id | The EC2 subnet ID. |
| vpc_security_group_ids | The associated security groups in non-default VPC. |
| instance\_count | The count of instances. |
| instance\_id | The instance ID. |
| ipv6\_addresses | A list of assigned IPv6 addresses. |
| key\_name | The key name of the instance. |
| placement\_group | The placement group of the instance. |
| private\_ip | Private IP of instance. |
| public\_ip | Public IP of instance \(or EIP\). |
| subnet\_id | The EC2 subnet ID. |
| vpc\_security\_group\_ids | The associated security groups in non-default VPC. |



Expand Down Expand Up @@ -207,4 +183,4 @@ At [CloudDrove][website], we offer expert guidance, implementation support and s
[linkedin]: https://cpco.io/linkedin
[twitter]: https://twitter.com/clouddrove/
[email]: https://clouddrove.com/contact-us.html
[terraform_modules]: https://github.com/clouddrove?utf8=%E2%9C%93&q=terraform-&type=&language=
[terraform_modules]: https://github.com/clouddrove?utf8=%E2%9C%93&q=terraform-&type=&language=
39 changes: 35 additions & 4 deletions README.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -32,19 +32,18 @@ include:

# How to use this project
usage : |-
### Simple Example
Here is an example of how you can use this module in your inventory structure:
Here is examples of how you can use this module in your inventory structure:
### Basic Example
```hcl
module "ec2" {
source = "git::https://github.com/clouddrove/terraform-aws-ec2.git?ref=tags/0.12.5"
source = "git::https://github.com/clouddrove/terraform-aws-ec2.git?ref=tags/0.12.7"
name = "ec2-instance"
application = "clouddrove"
environment = "test"
label_order = ["environment", "application", "name"]
instance_count = 2
ami = "ami-08d658f84a6d84a80"
instance_type = "t2.nano"
key_name = module.keypair.name
monitoring = false
tenancy = "default"
vpc_security_group_ids_list = [module.ssh.security_group_ids, module.http-https.security_group_ids]
Expand All @@ -62,4 +61,36 @@ usage : |-
dns_zone_id = "Z1XJD7SSBKXLC1"
hostname = "ec2"
}
```
### Secure Example
```hcl
module "ec2" {
source = "git::https://github.com/clouddrove/terraform-aws-ec2.git?ref=tags/0.12.7"
name = "ec2-instance"
application = "clouddrove"
environment = "test"
label_order = ["environment", "application", "name"]
instance_count = 2
ami = "ami-08d658f84a6d84a80"
instance_type = "t2.nano"
monitoring = false
tenancy = "default"
vpc_security_group_ids_list = [module.ssh.security_group_ids, module.http-https.security_group_ids]
subnet_ids = tolist(module.public_subnets.public_subnet_id)
assign_eip_address = true
associate_public_ip_address = true
instance_profile_enabled = true
iam_instance_profile = module.iam-role.name
disk_size = 8
ebs_optimized = false
ebs_volume_enabled = true
ebs_volume_type = "gp2"
ebs_volume_size = 30
encrypted = true
kms_key_id = module.kms_key.key_arn
instance_tags = { "snapshot" = true }
dns_zone_id = "Z1XJD7SSBKXLC1"
hostname = "ec2"
}
```
21 changes: 10 additions & 11 deletions _example/example.tf → _example/basic_example/example.tf
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ module "ssh" {
label_order = ["environment", "application", "name"]

vpc_id = module.vpc.vpc_id
allowed_ip = [module.vpc.vpc_cidr_block]
allowed_ip = [module.vpc.vpc_cidr_block, "0.0.0.0/0"]
allowed_ports = [22]
}

Expand Down Expand Up @@ -91,20 +91,20 @@ data "aws_iam_policy_document" "iam-policy" {
}
}


module "ec2" {
source = "./../"
source = "./../../"

name = "ec2-instance"
application = "clouddrove"
environment = "test"
label_order = ["environment", "application", "name"]

instance_count = 2
ami = "ami-08d658f84a6d84a80"
instance_type = "t2.nano"
monitoring = false
tenancy = "default"

instance_count = 2
ami = "ami-08d658f84a6d84a80"
instance_type = "t2.nano"
monitoring = false
tenancy = "default"
vpc_security_group_ids_list = [module.ssh.security_group_ids, module.http-https.security_group_ids]
subnet_ids = tolist(module.public_subnets.public_subnet_id)

Expand All @@ -121,7 +121,6 @@ module "ec2" {
ebs_volume_size = 30

instance_tags = { "snapshot" = true }

dns_zone_id = "Z1XJD7SSBKXLC1"
hostname = "ec2"
dns_zone_id = "Z1XJD7SSBKXLC1"
hostname = "ec2"
}
File renamed without changes.
Loading

0 comments on commit cfebd60

Please sign in to comment.