~devops/el2_vars.tf

Edit the contents of the file el2_vars.tf  shown as needed:


/*
 *  REVVOPS EL2 EC2 LINUX LAUNCH V8.1
 *
 *  CONFIGURATION VARIABLES AND SECURITY GROUP RULES 
 *
 *  Any variable can also be set upon command line invocation of the
 *  Terraform 'plan' and 'apply' subcommands using the following form:
 *
 *  -var 'variable_name=value'
 *
 *  and further via environment variables using the form:
 *
 *  TF_VAR_variable_name=value
 *
 *  Security group rules are included at the end of this file.
 *  Any additional rules should use the same security_group_id 
 *  key value pair as these existing rules.
 *  
 */

variable "region" {

  # Provide a value via the command line, an environment variable or
  # uncomment and supply a value in the 'default =' line below:

  description = "Region Code (Required)"
# default = ""

  #                               Region Code
  # US East        N. Virginia    us-east-1
  # US East        Ohio           us-east-2
  # US West        N. California  us-west-1
  # US West        Oregon         us-west-2
  # Africa         Cape Town      af-south-1
  # Asia Pacific   Hong Kong      ap-east-1
  # Asia Pacific   Mumbai         ap-south-1
  # Asia Pacific   Seoul          ap-northeast-2
  # Asia Pacific   Singapore      ap-southeast-1
  # Asia Pacific   Sydney         ap-southeast-2
  # Asia Pacific   Tokyo          ap-northeast-1
  # Canada         Central        ca-central-1
  # Europe         Frankfurt      eu-central-1
  # Europe         Ireland        eu-west-1
  # Europe         London         eu-west-2
  # Europe         Milan          eu-south-1
  # Europe         Paris          eu-west-3
  # Europe         Stockholm      eu-north-1
  # Middle East    Bahrain        me-south-1
  # South America  Sao Paulo      sa-east-1 
}

variable "access_key" {

  # Provide a value via the command line, an environment variable or
  # uncomment and supply a value in the 'default =' line below:

  description = "IAM access key (Required)"
# default = ""
}

variable "secret_key" {

  # Provide a value via the command line, an environment variable or
  # uncomment and supply a value in the 'default =' line below:

  description = "IAM secret key (Required)"
# default = ""
}

variable "instance_type" {

  # For users without Free Tier eligible accounts, t2.nano offers lower rates
  # than t2.micro with broad support across regions and availability zones. 
  # https://aws.amazon.com/ec2/pricing/on-demand/ 

  # If linux_distro is set to either amazon2, centosstream8, debian9stretch, or
  # debian10buster, you can try Graviton ARM64 based instance types like
  # t4g.nano or t4g.micro to take advantage of AWS's promotional offer
  # running until December 2021: 

  # https://aws.amazon.com/ec2/instance-types/t4/

  description = "EC2 instance type"
  default = "t2.micro"
}

variable "public_key" {

  # To gain SSH access to your instance(s) specify the public key
  # for which you hold the corresponding private key, like shown
  # in this commented out example at the end of the variable block:

  description = "EC2 instance SSH access public key"
  default = ""

# default = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYgQjTP2RyabVG7eHaOKMTMHFcE2vfjg6CVSVaRXxtuKHC7JWGM6dNZ1F/hdBUYUQeeoFeTH4NeEZurOThv8PCPwfNEfO/uHyOnoXLfLrKU0ByDNYuhvl2fDIIGrhcfnBaAAjvEj/1B2d4iywxyH8lGmF2XUeAwr/VKnYXRzoiY7BghlLZgou1hVA5IT+U68yGZnQaUUZnOuWqj8xr85KPaeZr22N3FksgbTRcBtOQ2TfjLnUE7l7TmgPqbQX16Nab5GmOy3hI5rPg+hpMAT1rp5uqVM6d0tkSMBAp7DUh5blYh1TIF3w/ilj3lG0JToyxuKDpijmJxVsVTChR7n4T"
}

variable "ami" {

  # If you don't need EL2 to automatically select the region specific AMI id
  # corresponding to the latest release to AWS of 16 different Linux versions
  # from 8 distributions, you can specify your own AMI id here. Any supplied
  # value will take precedence over the value of linux_distro, so you don't
  # need to set linux_distro in such case.

  description = "Region specific AMI id"
  default = ""
}

variable "az" {

  # This variable is only effective if variable vpc_subnet_id below is not supplied
  # (which is the default case), i.e. it will be ignored if vpc_subnet_id is supplied
  # with a non null value. Specifying a value of 0 creates a modulo distribution
  # of EC2 instances across the set of included availability zones; which is partially
  # determined by the value of variable az_all_states below. A modulo distribution
  # would for example result in 3 instances each in zones a, b and c if 9 instances
  # were requested and there were 3 available AZs. It would result in 3 instances each
  # in zones a and b and 2 in zone c if 8 instances were requested with the same AZs
  # situation.  In most cases az_all_states should be left with the default value of
  # false, so that the set of AZs that are used for the distribution of instances or
  # a single instance is formed only from AZs that are known to be available.

  description = "0, or the targeted availability zone; 1 for a, 2 for b, and so on"
  default = 1
}

variable "az_all_states" {

  # False means only available availability zones (AZs) form the set of included
  # AZs that variable az can target. True means all AZs form the set of included
  # AZs that variable az can target, regardless of whether they're in an available
  # state or not. Thus, using a value of true implies a risk that your targeted AZ
  # may not be available. AWS does not release data on how likely a scenario that
  # could be. Anecdotal 'information' suggests it's extremely unlikely. Note that
  # AWS documentation states that "The number and mapping of Availability Zones
  # per Region may vary between AWS accounts.", so for a given region, an AZ
  # designated as 'a' in one of your AWS accounts, may not correspond to AZ 'a'
  # in some other account of yours or someone else's.

  description = "False means only available AZs form the set of included AZs"
  default = false
}

variable "vpc_subnet_id" {

  # This could be any VPC subnet id; that of the default subnet of an
  # availability zone of the default VPC, or a custom subnet of the
  # default VPC or a subnet of a custom VPC.

  description = "VPC subnet id of the subnet to launch your instance(s) in"
  default = ""
}

variable "linux_distro" {

  # Use the string values below to automatially select the latest AMI in your
  # specified region for any of these Linux versions:

  # amazon2
  # trusty
  # xenial
  # centos6
  # centos7
  # centos7cpe
  # centos8cpe
  # centosstream8
  # debian8jessie
  # debian9stretch
  # debian10buster
  # redhat6
  # redhat7
  # redhat8
  # suse12
  # suse15

  description = "Data source switch values for different Linux versions"
  default = "amazon2"
}

variable "instances" {

  description = "Number of EC2 instances to launch"
  default = 1
}

variable "instances_tag_base_name" {

  description = "Prefix string to form tag, appended by zero indexed ordinal"
  default = "REVVOPS-EL2-INSTANCE-"
}

variable "placement_group_strategy" {

  # EC2 instance placement group stategy can be either 'cluster', 'partition',
  # or 'spread', as described in the AWS documentation. Use those words as
  # string values to select them here, or leave as the default null string,
  # which indicates no placement group strategy will be used.

  # https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html

  description = "EC2 instance(s) placement group stategy"
  default = ""
}

variable "placement_group_name" {

  description = "EC2 instances placement group name"
  default = "REVVOPS-EL2-PG"
}

variable "understand_costs" {

  # With the default value of false, EL2 assumes that setting instances to a
  # value greater than the value of instances_safety_threshold is a mistake and
  # prevents the launch - of any instances. Setting this value to true will
  # confirm the number of instances you've requested to launch is correct
  # and intentional, so will allow the launch, even though instances is greater
  # than instances_safety_threshold. Use understand_costs and
  # instances_safety_threshold together to set the right level of risk
  # protection against launch accidents for your project.

  description = "User costs understanding confirmation safety flag"
  default = false
}

variable "instances_safety_threshold" {

  # The number of instances above which understand_costs must be set to true
  # to allow launch. For HPC and 'serious' instance types especially, this
  # becomes useful to prevent costly launch accidents. Once a mistake is made
  # the only way out of it is to make a grovelling apology to AWS billing
  # support on the phone. If everyone ran 'terraform plan' all the time and
  # checked the output or actually saved the plan for a subsequent 'terraform
  # apply', mistakes would be less common, but in the heat of real DevOps things
  # are not always done that way.

  description = "Number of instances launch mistake prevention threshold"
  default = 3
}

variable "interpolative_provisioning" {

  # This allows the user to provision all launched instances at once via a
  # single provisioning template file using any or all of Perl, Python, Ruby,
  # Bash / other shells or other interpreted programming language systems
  # supported by the target instance(s). Additionally, Ansible and Salt
  # configuration management tools may be used. Provisioning can be performed
  # on a per instance basis, supporting unique provisioning requirements for
  # each instance (including supporting unique programming language and CM
  # tooling requirements for each instance). The standard interpolations
  # accessible by the provisioning template include the zero indexed launch
  # number assigned to each launched instance by Terraform, the number of
  # instances requested to be launched and your own arbitrary data supplied
  # in the interpolative_provisioning_user_data variable below. The template
  # can be supplied by Revvops or can be implemented yourself, contact us for
  # more information. This variable should only be set to true if you have
  # access to a Revvops EL2 EC2Pro compatible provisioning template.

  description = "Embedded multi paradigm per instance interpolative provisioning"
  default = "false"
}

variable "interpolative_provisioning_user_data" {

  description = "Augments the supported EL2 interpolations with your own data"
  default = "My arbitrary data"
}

variable "cloudinit" {

  # If set to true the provisioning definition should be placed in YAML format
  # in cloudinit.yml, or in cloudinit.sh as a shellscript with a shebang to 
  # indicate the appropriate shell interpreter to use on the target instance.
  # Mixed use of cloudinit.yml and cloudinit.sh can be used, if for example
  # it is easier to implement some of the provisioning requirements in one
  # format and the rest in the other.

  description = "Enables or disables Canonical's cloud-init provisioning system"
  default = false
}

variable "basic_provisioning" {

  # This provides a basic mechanism for bootstrapping, post boot initialization
  # and setting up of intances. Whilst not a substitute for proper CM tooling,
  # based on what's available on the target instance, you don't have to just
  # stick to Bash shell scripts, as for example Python or Perl source could be
  # written with the correct shebang at the start of the here document. This
  # provisioning mechanism does not support interpolation of Terraform
  # configuration data outside of the here document.

  description = "The EC2 user data field"

  default = <<-EOF
  #!/bin/bash
  echo "A Revvops EL2 Production" > /tmp/el2_basic_provisioning
  <<EOF
}

variable "user_security_group" {

  # If supplying your own security group for use with your instance(s), its
  # id or name should be specified here, otherwise EL2 creates a security
  # group for your instance(s) based on the rules you supply at the end
  # of this file (actually they can be placed anywhere in this file). 
  # So to use that functionality leave this variable set to its default
  # null string value and supply your own rules in the same way as the
  # examples shown below. If vpc_subnet_id is set to the default null
  # string, any security group you supply here must be specified by its
  # tag name, but if vpc_subnet_id is not null, specify your security
  # group here by its id.

  description = "Id or name of a security group existing prior to applying EL2"
  default = ""
}

# The following security group rules may be used individually or in combination,
# either modified or as is. Uncomment the C programming language style comments
# or comment out as approriate. If supplying your own rules, make sure they have
# the security_group_id key set to the same value used here and use the same
# variable interpolation syntax i.e. the security_group_id line should be
# identical.

/* ALLow ALL INBOUND TRAFFIC TO INSTANCES */ /*
resource "aws_security_group_rule" "allow_all_inbound" {

  security_group_id = "${aws_security_group.el2_base.id}"

  type              = "ingress"
  from_port         = 0
  to_port           = 0
  protocol          = "-1"
  cidr_blocks       = ["0.0.0.0/0"]
} */

/* ALLOW ALL OUTBOUND TRAFFIC FROM INSTANCES */ /*
resource "aws_security_group_rule" "allow_all_outbound" {

  security_group_id = "${aws_security_group.el2_base.id}"

  type              = "egress"
  from_port         = 0
  to_port           = 0
  protocol          = "-1"
  cidr_blocks       = ["0.0.0.0/0"]
} */

/* ALLOW INBOUND HTTP TO INSTANCES ON THE STANDARD HTTP PORT */ /*
resource "aws_security_group_rule" "allow_http_inbound" {

  security_group_id = "${aws_security_group.el2_base.id}"

  type              = "ingress"
  protocol          = "tcp"
  from_port         = 80
  to_port           = 80
  cidr_blocks       = ["0.0.0.0/0"]
} */

/* ALLOW INBOUND SSH TO INSTANCES ON THE STANDARD SSH PORT */
resource "aws_security_group_rule" "allow_ssh_inbound" {

  security_group_id = "${aws_security_group.el2_base.id}"

  type              = "ingress"
  protocol          = "tcp"
  from_port         = 22
  to_port           = 22
  cidr_blocks       = ["0.0.0.0/0"]
}


/* ALLOW INBOUND PING (ECHO REQUEST) TO INSTANCES */
resource "aws_security_group_rule" "allow_ping_inbound" {

  security_group_id = "${aws_security_group.el2_base.id}"

  type              = "ingress"
  protocol          = "icmp"
  from_port         = 8 #echo request, icmp type number
  to_port           = 0 #              icmp code number
  cidr_blocks       = ["0.0.0.0/0"]
}