| algorithm |
Name of the algorithm to use when generating the private key. Currently-supported values are: RSA, ECDSA, ED25519. |
string |
"RSA" |
no |
| alias |
The display name of the alias. The name must start with the word alias followed by a forward slash. |
string |
"alias/ec2-test" |
no |
| allowed_ip |
List of allowed ip. |
list(any) |
[
"0.0.0.0/0"
] |
no |
| allowed_ports |
List of allowed ingress ports |
list(any) |
[
80,
443
] |
no |
| ami |
The AMI to use for the instance. |
string |
"" |
no |
| assign_eip_address |
Assign an Elastic IP address to the instance. |
bool |
true |
no |
| associate_public_ip_address |
Associate a public IP address with the instance. |
bool |
true |
no |
| availability_zone |
AZ to start the instance in |
string |
null |
no |
| capacity_reservation_specification |
Describes an instance's Capacity Reservation targeting option |
any |
{} |
no |
| cpu_core_count |
Sets the number of CPU cores for an instance. |
string |
null |
no |
| cpu_credits |
The credit option for CPU usage. Can be standard or unlimited. T3 instances are launched as unlimited by default. T2 instances are launched as standard by default. |
string |
"standard" |
no |
| cpu_options |
Defines CPU options to apply to the instance at launch time. |
any |
{} |
no |
| cpu_threads_per_core |
Sets the number of CPU threads per core for an instance (has no effect unless cpu_core_count is also set) |
number |
null |
no |
| customer_master_key_spec |
Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: SYMMETRIC_DEFAULT, RSA_2048, RSA_3072, RSA_4096, ECC_NIST_P256, ECC_NIST_P384, ECC_NIST_P521, or ECC_SECG_P256K1. Defaults to SYMMETRIC_DEFAULT. |
string |
"SYMMETRIC_DEFAULT" |
no |
| default_instance_enabled |
Flag to control the instance creation. |
bool |
true |
no |
| deletion_window_in_days |
Duration in days after which the key is deleted after destruction of the resource. |
number |
7 |
no |
| delimiter |
Delimiter to be used between organization, environment, name and attributes. |
string |
"-" |
no |
| disable_api_termination |
If true, enables EC2 Instance Termination Protection. |
bool |
false |
no |
| dns_enabled |
Flag to control the dns_enable. |
bool |
false |
no |
| dns_zone_id |
The Zone ID of Route53. |
string |
"Z1XJD7SSBKXLC1" |
no |
| ebs_block_device |
Additional EBS block devices to attach to the instance |
list(any) |
[] |
no |
| ebs_device_name |
Name of the EBS device to mount. |
list(string) |
[
"/dev/xvdb",
"/dev/xvdc",
"/dev/xvdd",
"/dev/xvde",
"/dev/xvdf",
"/dev/xvdg",
"/dev/xvdh",
"/dev/xvdi",
"/dev/xvdj",
"/dev/xvdk",
"/dev/xvdl",
"/dev/xvdm",
"/dev/xvdn",
"/dev/xvdo",
"/dev/xvdp",
"/dev/xvdq",
"/dev/xvdr",
"/dev/xvds",
"/dev/xvdt",
"/dev/xvdu",
"/dev/xvdv",
"/dev/xvdw",
"/dev/xvdx",
"/dev/xvdy",
"/dev/xvdz"
] |
no |
| ebs_iops |
Amount of provisioned IOPS. This must be set with a volume_type of io1. |
number |
0 |
no |
| ebs_optimized |
If true, the launched EC2 instance will be EBS-optimized. |
bool |
false |
no |
| ebs_volume_enabled |
Flag to control the ebs creation. |
bool |
false |
no |
| ebs_volume_size |
Size of the EBS volume in gigabytes. |
number |
30 |
no |
| ebs_volume_type |
The type of EBS volume. Can be standard, gp2 or io1. |
string |
"gp2" |
no |
| egress_ipv4_cidr_block |
List of CIDR blocks. Cannot be specified with source_security_group_id or self. |
list(string) |
[
"0.0.0.0/0"
] |
no |
| egress_ipv4_from_port |
Egress Start port (or ICMP type number if protocol is icmp or icmpv6). |
number |
0 |
no |
| egress_ipv4_protocol |
Protocol. If not icmp, icmpv6, tcp, udp, or all use the protocol number |
string |
"-1" |
no |
| egress_ipv4_to_port |
Egress end port (or ICMP code if protocol is icmp). |
number |
65535 |
no |
| egress_ipv6_cidr_block |
List of CIDR blocks. Cannot be specified with source_security_group_id or self. |
list(string) |
[
"::/0"
] |
no |
| egress_ipv6_from_port |
Egress Start port (or ICMP type number if protocol is icmp or icmpv6). |
number |
0 |
no |
| egress_ipv6_protocol |
Protocol. If not icmp, icmpv6, tcp, udp, or all use the protocol number |
string |
"-1" |
no |
| egress_ipv6_to_port |
Egress end port (or ICMP code if protocol is icmp). |
number |
65535 |
no |
| egress_rule |
Enable to create egress rule |
bool |
true |
no |
| enable |
Flag to control module creation. |
bool |
true |
no |
| enable_key_pair |
A boolean flag to enable/disable key pair. |
bool |
true |
no |
| enable_key_rotation |
Specifies whether key rotation is enabled. |
string |
true |
no |
| enable_security_group |
Enable default Security Group with only Egress traffic allowed. |
bool |
true |
no |
| enclave_options_enabled |
Whether Nitro Enclaves will be enabled on the instance. Defaults to false |
bool |
null |
no |
| environment |
Environment (e.g. prod, dev, staging). |
string |
"" |
no |
| ephemeral_block_device |
Customize Ephemeral (also known as Instance Store) volumes on the instance. |
list(any) |
[] |
no |
| get_password_data |
If true, wait for password data to become available and retrieve it |
bool |
null |
no |
| hibernation |
hibernate an instance, Amazon EC2 signals the operating system to perform hibernation. |
bool |
false |
no |
| host_id |
The Id of a dedicated host that the instance will be assigned to. Use when an instance is to be launched on a specific dedicated host. |
string |
null |
no |
| hostname |
DNS records to create. |
string |
"ec2" |
no |
| iam_instance_profile |
The IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile. |
string |
null |
no |
| instance_count |
Number of instances to launch. |
number |
0 |
no |
| instance_initiated_shutdown_behavior |
(Optional) Shutdown behavior for the instance. Amazon defaults this to stop for EBS-backed instances and terminate for instance-store instances. Cannot be set on instance-store instances. See Shutdown Behavior for more information. |
string |
"stop" |
no |
| instance_metadata_tags_enabled |
Whether the metadata tag is available. Valid values include enabled or disabled. Defaults to enabled. |
string |
"disabled" |
no |
| instance_profile_enabled |
Flag to control the instance profile creation. |
bool |
true |
no |
| instance_tags |
Instance tags. |
map(any) |
{} |
no |
| instance_type |
The type of instance to start. Updates to this field will trigger a stop/start of the EC2 instance. |
string |
n/a |
yes |
| ipv6_address_count |
Number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet. |
number |
null |
no |
| ipv6_addresses |
List of IPv6 addresses from the range of the subnet to associate with the primary network interface. |
list(any) |
null |
no |
| is_enabled |
Specifies whether the key is enabled. |
bool |
true |
no |
| is_external |
enable to udated existing security Group |
bool |
false |
no |
| key_name |
Key name of the Key Pair to use for the instance; which can be managed using the aws_key_pair resource. |
string |
"" |
no |
| key_usage |
Specifies the intended use of the key. Defaults to ENCRYPT_DECRYPT, and only symmetric encryption and decryption are supported. |
string |
"ENCRYPT_DECRYPT" |
no |
| kms_description |
The description of the key as viewed in AWS console. |
string |
"Parameter Store KMS master key" |
no |
| kms_key_enabled |
Specifies whether the kms is enabled or disabled. |
bool |
true |
no |
| kms_key_id |
The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. Can be specified only if at_rest_encryption_enabled = true. |
string |
"" |
no |
| kms_multi_region |
Indicates whether the KMS key is a multi-Region (true) or regional (false) key. |
bool |
false |
no |
| label_order |
Label order, e.g. name,application. |
list(any) |
[
"name",
"environment"
] |
no |
| launch_template |
Specifies a Launch Template to configure the instance. Parameters configured on this resource will override the corresponding parameters in the Launch Template |
map(string) |
{} |
no |
| managedby |
ManagedBy, eg 'CloudDrove'. |
string |
"[email protected]" |
no |
| metadata_http_endpoint_enabled |
Whether the metadata service is available. Valid values include enabled or disabled. Defaults to enabled. |
string |
"enabled" |
no |
| metadata_http_put_response_hop_limit |
The desired HTTP PUT response hop limit (between 1 and 64) for instance metadata requests. |
number |
2 |
no |
| metadata_http_tokens_required |
Whether or not the metadata service requires session tokens, also referred to as Instance Metadata Service Version 2 (IMDSv2). Valid values include optional or required. Defaults to optional. |
string |
"optional" |
no |
| monitoring |
If true, the launched EC2 instance will have detailed monitoring enabled. (Available since v0.6.0). |
bool |
false |
no |
| multi_attach_enabled |
Specifies whether to enable Amazon EBS Multi-Attach. Multi-Attach is supported on io1 and io2 volumes. |
bool |
false |
no |
| name |
Name (e.g. app or cluster). |
string |
"" |
no |
| network_interface |
Customize network interfaces to be attached at instance boot time |
list(map(string)) |
[] |
no |
| placement_group |
The Placement Group to start the instance in. |
string |
"" |
no |
| private_ip |
Private IP address to associate with the instance in a VPC |
string |
null |
no |
| protocol |
The protocol. If not icmp, tcp, udp, or all use the. |
string |
"tcp" |
no |
| public_key |
Name (e.g. ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQ). |
string |
"" |
no |
| repository |
Terraform current module repo |
string |
"https://github.com/clouddrove/terraform-aws-ec2" |
no |
| root_block_device |
Customize details about the root block device of the instance. See Block Devices below for details. |
list(any) |
[] |
no |
| rsa_bits |
When algorithm is RSA, the size of the generated RSA key, in bits (default: 2048). |
number |
4096 |
no |
| secondary_private_ips |
A list of secondary private IPv4 addresses to assign to the instance's primary network interface (eth0) in a VPC. Can only be assigned to the primary network interface (eth0) attached at instance creation, not a pre-existing network interface i.e. referenced in a network_interface block |
list(string) |
null |
no |
| sg_description |
The security group description. |
string |
"Instance default security group (only egress access is allowed)." |
no |
| sg_egress_description |
Description of the egress and ingress rule |
string |
"Description of the rule." |
no |
| sg_egress_ipv6_description |
Description of the egress_ipv6 rule |
string |
"Description of the rule." |
no |
| sg_ids |
of the security group id. |
list(any) |
[] |
no |
| sg_ingress_description |
Description of the ingress rule |
string |
"Description of the ingress rule use elasticache." |
no |
| source_dest_check |
Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. |
bool |
true |
no |
| spot_block_duration_minutes |
The required duration for the Spot instances, in minutes. This value must be a multiple of 60 (60, 120, 180, 240, 300, or 360) |
number |
null |
no |
| spot_instance_count |
Number of instances to launch. |
number |
0 |
no |
| spot_instance_enabled |
Flag to control the instance creation. |
bool |
true |
no |
| spot_instance_interruption_behavior |
Indicates Spot instance behavior when it is interrupted. Valid values are terminate, stop, or hibernate |
string |
null |
no |
| spot_instance_tags |
Instance tags. |
map(any) |
{} |
no |
| spot_launch_group |
A launch group is a group of spot instances that launch together and terminate together. If left empty instances are launched and terminated individually |
string |
null |
no |
| spot_price |
The maximum price to request on the spot market. Defaults to on-demand price |
string |
null |
no |
| spot_type |
If set to one-time, after the instance is terminated, the spot request will be closed. Default persistent |
string |
null |
no |
| spot_valid_from |
The start date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ) |
string |
null |
no |
| spot_valid_until |
The end date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ) |
string |
null |
no |
| spot_wait_for_fulfillment |
If set, Terraform will wait for the Spot Request to be fulfilled, and will throw an error if the timeout of 10m is reached |
bool |
false |
no |
| ssh_allowed_ip |
List of allowed ip. |
list(any) |
[] |
no |
| ssh_allowed_ports |
List of allowed ingress ports |
list(any) |
[] |
no |
| ssh_protocol |
The protocol. If not icmp, tcp, udp, or all use the. |
string |
"tcp" |
no |
| ssh_sg_ingress_description |
Description of the ingress rule |
string |
"Description of the ingress rule use elasticache." |
no |
| subnet_ids |
A list of VPC Subnet IDs to launch in. |
list(string) |
[] |
no |
| tags |
Additional tags (e.g. map(BusinessUnit,XYZ). |
map(any) |
{} |
no |
| tenancy |
The tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. The host tenancy is not supported for the import-instance command. |
string |
"default" |
no |
| timeouts |
Define maximum timeout for creating, updating, and deleting EC2 instance resources |
map(string) |
{} |
no |
| ttl |
The TTL of the record to add to the DNS zone to complete certificate validation. |
string |
"300" |
no |
| type |
Type of DNS records to create. |
string |
"CNAME" |
no |
| user_data |
(Optional) A string of the desired User Data for the ec2. |
string |
"" |
no |
| user_data_base64 |
Can be used instead of user_data to pass base64-encoded binary data directly. Use this instead of user_data whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption |
string |
null |
no |
| user_data_replace_on_change |
When used in combination with user_data or user_data_base64 will trigger a destroy and recreate when set to true. Defaults to false if not set |
bool |
null |
no |
| vpc_id |
The ID of the VPC that the instance security group belongs to. |
string |
"" |
no |