From 692fa931035a47eb6ebe32fbe97fa7fae6fde613 Mon Sep 17 00:00:00 2001 From: David Goodell Date: Tue, 8 Aug 2023 14:17:22 -0400 Subject: [PATCH] Allow specifying KMS Key for root volume --- README.md | 9 +++++---- main.tf | 1 + variables.tf | 8 ++++++++ 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 38fc659..113045b 100644 --- a/README.md +++ b/README.md @@ -56,8 +56,8 @@ module "ec2-pet" { | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 2.45.0 | -| [tls](#provider\_tls) | >= 3.1.0 | +| [aws](#provider\_aws) | 3.38.0 | +| [tls](#provider\_tls) | 3.1.0 | ## Modules @@ -101,14 +101,15 @@ No modules. | [instance\_ip](#input\_instance\_ip) | Private IP to assign to the instance, if desired. | `string` | `null` | no | | [instance\_type](#input\_instance\_type) | AWS Instance type, i.e. t3.small. | `string` | n/a | yes | | [name](#input\_name) | Moniker to apply to all resources in the module. | `string` | n/a | yes | -| [route53\_record](#input\_route53\_record) | Route53 record to point to EC2 instance. | `string` | n/a | yes | -| [route53\_zone\_id](#input\_route53\_zone\_id) | Route53 zone ID for the route53\_record. | `string` | n/a | yes | +| [route53\_record](#input\_route53\_record) | Route53 record to point to EC2 instance. | `string` | `""` | no | +| [route53\_zone\_id](#input\_route53\_zone\_id) | Route53 zone ID for the route53\_record. | `string` | `""` | no | | [security\_groups](#input\_security\_groups) | Security Group IDs to attach to the instance. | `list(string)` | n/a | yes | | [ssm\_access\_arn](#input\_ssm\_access\_arn) | Whether or not to associate a pre-created IAM managed policy to allow SSM access to the instance. | `string` | `""` | no | | [subnet\_id](#input\_subnet\_id) | ID of the subnet in which to create the instance. | `string` | n/a | yes | | [tags](#input\_tags) | User-Defined tags. | `map(string)` | `{}` | no | | [userdata\_script](#input\_userdata\_script) | Userdata script to execute when provisioning the instance. | `string` | `null` | no | | [volume\_iops](#input\_volume\_iops) | IOPS to allocate to the instance's base drive. Only applicable when volume\_type is io1, io2 or gp3. | `number` | `null` | no | +| [volume\_kms\_key\_id](#input\_volume\_kms\_key\_id) | ID of the KMS Key to attach to the Root EBS volume | `string` | `null` | no | | [volume\_size](#input\_volume\_size) | Size of the attached volume for this instance. | `number` | n/a | yes | | [volume\_throughput](#input\_volume\_throughput) | Value in MiB/s for throughput on instance volume. Only applicable when volume\_type is gp3. | `number` | `null` | no | | [volume\_type](#input\_volume\_type) | Type of storage for the instance attached volume. | `string` | n/a | yes | diff --git a/main.tf b/main.tf index d3389e6..e7ae763 100644 --- a/main.tf +++ b/main.tf @@ -233,6 +233,7 @@ resource "aws_instance" "instance" { delete_on_termination = true encrypted = true iops = var.volume_iops + kms_key_id = var.volume_kms_key_id throughput = var.volume_throughput volume_size = var.volume_size volume_type = var.volume_type diff --git a/variables.tf b/variables.tf index e5fe3ee..c052c75 100644 --- a/variables.tf +++ b/variables.tf @@ -80,11 +80,13 @@ variable "create_ssm" { } variable "route53_record" { + default = "" description = "Route53 record to point to EC2 instance." type = string } variable "route53_zone_id" { + default = "" description = "Route53 zone ID for the route53_record." type = string } @@ -107,6 +109,12 @@ variable "volume_iops" { type = number } +variable "volume_kms_key_id" { + default = null + description = "ID of the KMS Key to attach to the Root EBS volume" + type = string +} + variable "volume_size" { description = "Size of the attached volume for this instance." type = number