ec2_on_demand_instances
Description
The Provose ec2_on_demand_instances module enables the creation and deployment of Amazon EC2 instances.
The phrase “On Demand” means these are regular ol’ AWS instances that are billed at the same price per-second. This is in contrast to Spot instances–where the price can fluctuate over time–or Reserved Instances–which are partially or completely purchased upfront.
If you are looking to deploy the same application across multiple services–perhaps behind an HTTP load balancer–you might find it handier to use the containers module instead.
Examples
module "myproject" {
source = "github.com/provose/provose?ref=v3.0.0"
provose_config = {
authentication = {
aws = {
region = "us-east-1"
}
}
name = "myproject"
internal_root_domain = "example-internal.com"
internal_subdomain = "production"
}
ec2_on_demand_instances = {
my-instance-name = {
instances = {
instance_type = "t3.micro"
# Create and name keys pairs in the AWS console. You can attach
# one key pair to an instance on creation, but then you can add
# more SSH keys via the user's ~/.ssh/authorized_keys file.
key_name = "james_laptop"
}
public = {
# Open port 22 for public SSH access.
tcp = [22]
}
vpc = {
# Open ports 80 and 443 to run HTTP and HTTPS servers only
# available in the VPC.
tcp = [80, 443]
}
}
}
}
Inputs
-
instances– Required. This object contains various meta-settings about the AWS instance.-
instance_type– Required. The instance type. -
ami_id– Required. The ID of the Amazon Machine Image (AMI) to deploy for this instance. -
instance_count– Optional. The number of instances to deploy. This defaults to 1. If you deploy one instance namedbob, then it will be namedbobin the AWS console and Provose creates a DNS record for your internal subdomain namedbob. If you setinstance_countto be greater than one, then the instances will bebob-1,bob-2, and so forth. -
key_name– Optional. The name of the AWS key pair. -
availability_zone– Optional. Set this to a specific Availability Zone in your AWS Region if you have a preference for what availability zone to deploy your instance in. -
bash_user_data– Optional. This is a user data script–a Bash script that will be run on the EC2 instance’s creation. This script will not be rerun when the instance reboots. Provose currently does not support the cloud-init standard for user data.
-
-
public– Optional. This is a grouping for network settings for the public Internet.-
tcpOptional. This is a list of TCP ports to open to the public Internet. -
udpOptional. This is a list of UDP ports to open to the public Internet.
-
-
vpc– Optional. This is a grouping for network settings only within the Virtual Private Cloud (VPC) that Provose creates. -
secrets– Optional. This is a list of AWS Secrets Manager secret names that this EC2 instance should have access to. This setting only configures access. You have to fetch the secrets yourself in your application with the AWS API. The secrets key in thecontainersmodule goes a step further and loads your secrets as environment variables. -
associate_public_ip_address– Optional. Defaults totrue, which provisions a public IPv4 address for this instance. However, it will not be possible to make inbound requests to the instance using this IP address unless you also choose to open TCP ports with thepublic.tcpkey or the UDP ports with thepublic.udpkey. The public IP address that AWS gives this instance should be considered temporary. If you want a more permanent IP address, you should provision an Elastic IP and assign it to this instance. -
vpc_security_group_ids– Optional. This key is for adding additional, custom security groups in addition to what Provose sets up from thepublicandvpckeys. You may want to add a custom security group with a more specific CIDR. -
root_block_device– Optional These are optional settings about the Elastic Block Storage (EBS) volume that stores the root filesystem for this EC2 instance.-
volume_size_gb– Required. This is the size of the root EBS volume in gigabytes. -
volume_type– Optional. This is the type of EBS volume. Values can be either"standard","gp2","io1","sc1", or"st1", with"standard"being the default. -
delete_on_termination– Optional. This defaults totrue, which deletes the EBS volume if the instance is terminated. Set this tofalseto keep the root EBS volume in your account after instance termination. -
encrypted– Optional. Set this totrueto encrypt the EBS volume. This value isfalseby default. -
kms_key_id– Optional. This is the Amazon Resource Name (ARN) for the custom AWS Key Management Service (KMS) key that you would like to use to encrypt the drive.
-
-
s3_buckets– Optional. This is a mapping of S3 buckets to the classes of permissions available to the instances. The four classes of permissions available arelist,get,put, anddelete, and the values for each one istrueorfalse. To use this configuration, place thes3_bucketskey inside a block that defines an instance. Below is an example of how to give an EC2 instance access to two buckets–one withlistandgetpermissions, and another withgetanddeletepermissions.
s3_buckets = {
"some-bucket-name.example-internal.com" = {
permissions = {
list = true
get = true
put = false
delete = false
}
}
"another-bucket.com" = {
permissions = {
list = false
get = true
put = false
delete = true
}
}
}
Outputs
-
ec2_on_demand_instances.aws_security_group.ec2_on_demand_instances– A map with a key for every instance and every value is a Terraformaws_security_grouptype. -
ec2_on_demand_instances.aws_instance.ec2_on_demand_instances– A map with the keys as the names of the on-demand instances–dashed with a number if we set theinstances.instance_countparameter to be greater than 1. Each value is a Terraformaws_instancetype. -
ec2_on_demand_instances.aws_route53_record.ec2_on_demand_instances– This is a mapping from the names EC2 On-Demand instances to theaws_route53_recordresource that describes the DNS records internal to the VPC.