clouddrove · h1manshu98 · Aug 12, 2025
@@ -0,0 +1,78 @@
+######################################
+# LOCALS
+######################################
+locals {
+  # Map for Amazon Linux AMI patterns
+  ami_name_map = {
+    al1    = "amzn-ami-*"
+    al2    = "amzn2-ami-hvm-*"
+    al2023 = "al2023-ami-*"
+  }
+
+  # Map for AMI owner IDs
+  ami_owner_map = {
+    al1    = "591542846629" # Amazon
+    al2    = "137112412989" # Amazon
+    al2023 = "137112412989" # Amazon
+  }
+}
+
+######################################
+# Amazon (ARM, AMD)
+######################################
+data "aws_ami" "amazon" {
+  count       = var.instance_configuration.ami.type != "ubuntu" ? 1 : 0
+  most_recent = true
+  owners      = [local.ami_owner_map[var.instance_configuration.ami.type]]
+
+  filter {
+    name   = "name"
+    values = [local.ami_name_map[var.instance_configuration.ami.type]]
+  }
+
+  filter {
+    name   = "architecture"
+    values = [var.instance_configuration.ami.architecture]
+  }
+
+  filter {
+    name   = "root-device-type"
+    values = ["ebs"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+}
+
+######################################
+# Ubuntu (ARM, AMD)
+######################################
+data "aws_ami" "ubuntu" {
+  count       = var.instance_configuration.ami.type == "ubuntu" ? 1 : 0
+  most_recent = true
+  owners      = ["099720109477"] # Canonical
+
+  filter {
+    name = "name"
+    values = [
+      "${var.instance_configuration.ami.type}/images/*${var.instance_configuration.ami.version == null ? "22.04" : var.instance_configuration.ami.version}*"
+    ]
+  }
+
+  filter {
+    name   = "architecture"
+    values = [var.instance_configuration.ami.architecture]
+  }
+
+  filter {
+    name   = "root-device-type"
+    values = ["ebs"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+}
@@ -2,12 +2,13 @@
 ## Provider block added, Use the Amazon Web Services (AWS) provider to interact with the many resources supported by AWS.
 ####----------------------------------------------------------------------------------
 provider "aws" {
-  region = "us-west-1"
+  region = local.region
 }
 
 locals {
   environment = "test-app"
   label_order = ["name", "environment"]
+  region      = "us-east-1"
 }
 
 ####----------------------------------------------------------------------------------
@@ -31,7 +32,7 @@ module "public_subnets" {
   name               = "public-subnet"
   environment        = local.environment
   label_order        = local.label_order
-  availability_zones = ["us-west-1b", "us-west-1c"]
+  availability_zones = ["${local.region}b", "${local.region}c"]
   vpc_id             = module.vpc.vpc_id
   cidr_block         = module.vpc.vpc_cidr_block
   type               = "public"
@@ -86,16 +87,17 @@ module "ec2" {
   ## Below A security group controls the traffic that is allowed to reach and leave the resources that it is associated with.
   ##----------------------------------------------------------------------------------
   #tfsec:aws-ec2-no-public-ingress-sgr
-  vpc_id            = module.vpc.vpc_id
-  ssh_allowed_ip    = ["0.0.0.0/0"]
-  ssh_allowed_ports = [22]
-  #Instance
+  vpc_id = module.vpc.vpc_id
+
   instance_count = 1
   instance_configuration = {
-    ami           = "ami-0f8e81a3da6e2510a"
-    instance_type = "t4g.small"
-
-    #Root Volume
+    ami = {
+      type         = "ubuntu" # -- valid values are - al1, al2, al2023, ubuntu
+      architecture = "x86_64" # -- valid values are - arm64 or x86_64
+      version      = "22.04"  # Only required if type = ubuntu. Defaults to 22.04, valid values are - 20.04, 22.04, 23.04
+      region       = local.region
+    }
+    instance_type = "t3.small"
     root_block_device = [
       {
         volume_type           = "gp3"
@@ -116,15 +118,11 @@ module "ec2" {
   #IAM
   iam_instance_profile = module.iam-role.name
 
-
-
   #EBS Volume
   ebs_volume_enabled = true
   ebs_volume_type    = "gp3"
   ebs_volume_size    = 30
 
   #Tags
   instance_tags = { "snapshot" = true }
-
-
 }
@@ -15,15 +15,6 @@ locals {
   ebs_iops = var.ebs_volume_type == "io1" || var.ebs_volume_type == "io2" || var.ebs_volume_type == "gp3" ? var.ebs_iops : 0
 }
 
-data "aws_ami" "ubuntu" {
-  most_recent = "true"
-  filter {
-    name   = "name"
-    values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
-  }
-  owners = ["099720109477"]
-}
-
 ##----------------------------------------------------------------------------------
 ## resource for generating or importing an SSH public key file into AWS.
 ##----------------------------------------------------------------------------------
@@ -148,7 +139,7 @@ data "aws_iam_policy_document" "kms" {
 #tfsec:ignore:aws-ec2-enforce-http-token-imds
 resource "aws_instance" "default" {
   count                                = var.enable && var.default_instance_enabled ? var.instance_count : 0
-  ami                                  = var.instance_configuration.ami == "" ? data.aws_ami.ubuntu.id : var.instance_configuration.ami
+  ami                                  = var.instance_configuration.ami.type == "ubuntu" ? data.aws_ami.ubuntu[0].id : data.aws_ami.amazon[0].id
   ebs_optimized                        = var.instance_configuration.ebs_optimized
   instance_type                        = var.instance_configuration.instance_type
   key_name                             = var.key_name == "" ? join("", aws_key_pair.default[*].key_name) : var.key_name
@@ -381,7 +372,7 @@ resource "aws_spot_instance_request" "default" {
   valid_from                     = var.spot_configuration.valid_from
 
   # Instance configuration
-  ami                                  = var.instance_configuration.ami == "" ? data.aws_ami.ubuntu.id : var.instance_configuration.ami
+  ami                                  = var.instance_configuration.ami.type == "ubuntu" ? data.aws_ami.ubuntu[0].id : data.aws_ami.amazon[0].id
   ebs_optimized                        = var.instance_configuration.ebs_optimized
   instance_type                        = var.instance_configuration.instance_type
   key_name                             = var.key_name == "" ? join("", aws_key_pair.default[*].key_name) : var.key_name

@@ -59,7 +59,12 @@ variable "enable" {
 variable "instance_configuration" {
   description = "Configuration options for the EC2 instance"
   type = object({
-    ami                                  = optional(string, "")
+    ami = optional(object({
+      type         = string           # al1, al2, al2023, ubuntu
+      version      = optional(string) # Only for ubuntu
+      architecture = string           # arm64 or x86_64
+      region       = string
+    }), null)
     ebs_optimized                        = optional(bool, false)
     instance_type                        = string
     monitoring                           = optional(bool, false)