/*
* REVVOPS EL2 EC2 LINUX LAUNCH V8.1
*
* CONFIGURATION VARIABLES AND SECURITY GROUP RULES
*
* Any variable can also be set upon command line invocation of the
* Terraform 'plan' and 'apply' subcommands using the following form:
*
* -var 'variable_name=value'
*
* and further via environment variables using the form:
*
* TF_VAR_variable_name=value
*
* Security group rules are included at the end of this file.
* Any additional rules should use the same security_group_id
* key value pair as these existing rules.
*
*/
variable "region" {
# Provide a value via the command line, an environment variable or
# uncomment and supply a value in the 'default =' line below:
description = "Region Code (Required)"
# default = ""
# Region Code
# US East N. Virginia us-east-1
# US East Ohio us-east-2
# US West N. California us-west-1
# US West Oregon us-west-2
# Africa Cape Town af-south-1
# Asia Pacific Hong Kong ap-east-1
# Asia Pacific Mumbai ap-south-1
# Asia Pacific Seoul ap-northeast-2
# Asia Pacific Singapore ap-southeast-1
# Asia Pacific Sydney ap-southeast-2
# Asia Pacific Tokyo ap-northeast-1
# Canada Central ca-central-1
# Europe Frankfurt eu-central-1
# Europe Ireland eu-west-1
# Europe London eu-west-2
# Europe Milan eu-south-1
# Europe Paris eu-west-3
# Europe Stockholm eu-north-1
# Middle East Bahrain me-south-1
# South America Sao Paulo sa-east-1
}
variable "access_key" {
# Provide a value via the command line, an environment variable or
# uncomment and supply a value in the 'default =' line below:
description = "IAM access key (Required)"
# default = ""
}
variable "secret_key" {
# Provide a value via the command line, an environment variable or
# uncomment and supply a value in the 'default =' line below:
description = "IAM secret key (Required)"
# default = ""
}
variable "instance_type" {
# For users without Free Tier eligible accounts, t2.nano offers lower rates
# than t2.micro with broad support across regions and availability zones.
# https://aws.amazon.com/ec2/pricing/on-demand/
# If linux_distro is set to either amazon2, centosstream8, debian9stretch, or
# debian10buster, you can try Graviton ARM64 based instance types like
# t4g.nano or t4g.micro to take advantage of AWS's promotional offer
# running until December 2021:
# https://aws.amazon.com/ec2/instance-types/t4/
description = "EC2 instance type"
default = "t2.micro"
}
variable "public_key" {
# To gain SSH access to your instance(s) specify the public key
# for which you hold the corresponding private key, like shown
# in this commented out example at the end of the variable block:
description = "EC2 instance SSH access public key"
default = ""
# default = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYgQjTP2RyabVG7eHaOKMTMHFcE2vfjg6CVSVaRXxtuKHC7JWGM6dNZ1F/hdBUYUQeeoFeTH4NeEZurOThv8PCPwfNEfO/uHyOnoXLfLrKU0ByDNYuhvl2fDIIGrhcfnBaAAjvEj/1B2d4iywxyH8lGmF2XUeAwr/VKnYXRzoiY7BghlLZgou1hVA5IT+U68yGZnQaUUZnOuWqj8xr85KPaeZr22N3FksgbTRcBtOQ2TfjLnUE7l7TmgPqbQX16Nab5GmOy3hI5rPg+hpMAT1rp5uqVM6d0tkSMBAp7DUh5blYh1TIF3w/ilj3lG0JToyxuKDpijmJxVsVTChR7n4T"
}
variable "ami" {
# If you don't need EL2 to automatically select the region specific AMI id
# corresponding to the latest release to AWS of 16 different Linux versions
# from 8 distributions, you can specify your own AMI id here. Any supplied
# value will take precedence over the value of linux_distro, so you don't
# need to set linux_distro in such case.
description = "Region specific AMI id"
default = ""
}
variable "az" {
# This variable is only effective if variable vpc_subnet_id below is not supplied
# (which is the default case), i.e. it will be ignored if vpc_subnet_id is supplied
# with a non null value. Specifying a value of 0 creates a modulo distribution
# of EC2 instances across the set of included availability zones; which is partially
# determined by the value of variable az_all_states below. A modulo distribution
# would for example result in 3 instances each in zones a, b and c if 9 instances
# were requested and there were 3 available AZs. It would result in 3 instances each
# in zones a and b and 2 in zone c if 8 instances were requested with the same AZs
# situation. In most cases az_all_states should be left with the default value of
# false, so that the set of AZs that are used for the distribution of instances or
# a single instance is formed only from AZs that are known to be available.
description = "0, or the targeted availability zone; 1 for a, 2 for b, and so on"
default = 1
}
variable "az_all_states" {
# False means only available availability zones (AZs) form the set of included
# AZs that variable az can target. True means all AZs form the set of included
# AZs that variable az can target, regardless of whether they're in an available
# state or not. Thus, using a value of true implies a risk that your targeted AZ
# may not be available. AWS does not release data on how likely a scenario that
# could be. Anecdotal 'information' suggests it's extremely unlikely. Note that
# AWS documentation states that "The number and mapping of Availability Zones
# per Region may vary between AWS accounts.", so for a given region, an AZ
# designated as 'a' in one of your AWS accounts, may not correspond to AZ 'a'
# in some other account of yours or someone else's.
description = "False means only available AZs form the set of included AZs"
default = false
}
variable "vpc_subnet_id" {
# This could be any VPC subnet id; that of the default subnet of an
# availability zone of the default VPC, or a custom subnet of the
# default VPC or a subnet of a custom VPC.
description = "VPC subnet id of the subnet to launch your instance(s) in"
default = ""
}
variable "linux_distro" {
# Use the string values below to automatially select the latest AMI in your
# specified region for any of these Linux versions:
# amazon2
# trusty
# xenial
# centos6
# centos7
# centos7cpe
# centos8cpe
# centosstream8
# debian8jessie
# debian9stretch
# debian10buster
# redhat6
# redhat7
# redhat8
# suse12
# suse15
description = "Data source switch values for different Linux versions"
default = "amazon2"
}
variable "instances" {
description = "Number of EC2 instances to launch"
default = 1
}
variable "instances_tag_base_name" {
description = "Prefix string to form tag, appended by zero indexed ordinal"
default = "REVVOPS-EL2-INSTANCE-"
}
variable "placement_group_strategy" {
# EC2 instance placement group stategy can be either 'cluster', 'partition',
# or 'spread', as described in the AWS documentation. Use those words as
# string values to select them here, or leave as the default null string,
# which indicates no placement group strategy will be used.
# https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html
description = "EC2 instance(s) placement group stategy"
default = ""
}
variable "placement_group_name" {
description = "EC2 instances placement group name"
default = "REVVOPS-EL2-PG"
}
variable "understand_costs" {
# With the default value of false, EL2 assumes that setting instances to a
# value greater than the value of instances_safety_threshold is a mistake and
# prevents the launch - of any instances. Setting this value to true will
# confirm the number of instances you've requested to launch is correct
# and intentional, so will allow the launch, even though instances is greater
# than instances_safety_threshold. Use understand_costs and
# instances_safety_threshold together to set the right level of risk
# protection against launch accidents for your project.
description = "User costs understanding confirmation safety flag"
default = false
}
variable "instances_safety_threshold" {
# The number of instances above which understand_costs must be set to true
# to allow launch. For HPC and 'serious' instance types especially, this
# becomes useful to prevent costly launch accidents. Once a mistake is made
# the only way out of it is to make a grovelling apology to AWS billing
# support on the phone. If everyone ran 'terraform plan' all the time and
# checked the output or actually saved the plan for a subsequent 'terraform
# apply', mistakes would be less common, but in the heat of real DevOps things
# are not always done that way.
description = "Number of instances launch mistake prevention threshold"
default = 3
}
variable "interpolative_provisioning" {
# This allows the user to provision all launched instances at once via a
# single provisioning template file using any or all of Perl, Python, Ruby,
# Bash / other shells or other interpreted programming language systems
# supported by the target instance(s). Additionally, Ansible and Salt
# configuration management tools may be used. Provisioning can be performed
# on a per instance basis, supporting unique provisioning requirements for
# each instance (including supporting unique programming language and CM
# tooling requirements for each instance). The standard interpolations
# accessible by the provisioning template include the zero indexed launch
# number assigned to each launched instance by Terraform, the number of
# instances requested to be launched and your own arbitrary data supplied
# in the interpolative_provisioning_user_data variable below. The template
# can be supplied by Revvops or can be implemented yourself, contact us for
# more information. This variable should only be set to true if you have
# access to a Revvops EL2 EC2Pro compatible provisioning template.
description = "Embedded multi paradigm per instance interpolative provisioning"
default = "false"
}
variable "interpolative_provisioning_user_data" {
description = "Augments the supported EL2 interpolations with your own data"
default = "My arbitrary data"
}
variable "cloudinit" {
# If set to true the provisioning definition should be placed in YAML format
# in cloudinit.yml, or in cloudinit.sh as a shellscript with a shebang to
# indicate the appropriate shell interpreter to use on the target instance.
# Mixed use of cloudinit.yml and cloudinit.sh can be used, if for example
# it is easier to implement some of the provisioning requirements in one
# format and the rest in the other.
description = "Enables or disables Canonical's cloud-init provisioning system"
default = false
}
variable "basic_provisioning" {
# This provides a basic mechanism for bootstrapping, post boot initialization
# and setting up of intances. Whilst not a substitute for proper CM tooling,
# based on what's available on the target instance, you don't have to just
# stick to Bash shell scripts, as for example Python or Perl source could be
# written with the correct shebang at the start of the here document. This
# provisioning mechanism does not support interpolation of Terraform
# configuration data outside of the here document.
description = "The EC2 user data field"
default = <<-EOF
#!/bin/bash
echo "A Revvops EL2 Production" > /tmp/el2_basic_provisioning
<<EOF
}
variable "user_security_group" {
# If supplying your own security group for use with your instance(s), its
# id or name should be specified here, otherwise EL2 creates a security
# group for your instance(s) based on the rules you supply at the end
# of this file (actually they can be placed anywhere in this file).
# So to use that functionality leave this variable set to its default
# null string value and supply your own rules in the same way as the
# examples shown below. If vpc_subnet_id is set to the default null
# string, any security group you supply here must be specified by its
# tag name, but if vpc_subnet_id is not null, specify your security
# group here by its id.
description = "Id or name of a security group existing prior to applying EL2"
default = ""
}
# The following security group rules may be used individually or in combination,
# either modified or as is. Uncomment the C programming language style comments
# or comment out as approriate. If supplying your own rules, make sure they have
# the security_group_id key set to the same value used here and use the same
# variable interpolation syntax i.e. the security_group_id line should be
# identical.
/* ALLow ALL INBOUND TRAFFIC TO INSTANCES */ /*
resource "aws_security_group_rule" "allow_all_inbound" {
security_group_id = "${aws_security_group.el2_base.id}"
type = "ingress"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
} */
/* ALLOW ALL OUTBOUND TRAFFIC FROM INSTANCES */ /*
resource "aws_security_group_rule" "allow_all_outbound" {
security_group_id = "${aws_security_group.el2_base.id}"
type = "egress"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
} */
/* ALLOW INBOUND HTTP TO INSTANCES ON THE STANDARD HTTP PORT */ /*
resource "aws_security_group_rule" "allow_http_inbound" {
security_group_id = "${aws_security_group.el2_base.id}"
type = "ingress"
protocol = "tcp"
from_port = 80
to_port = 80
cidr_blocks = ["0.0.0.0/0"]
} */
/* ALLOW INBOUND SSH TO INSTANCES ON THE STANDARD SSH PORT */
resource "aws_security_group_rule" "allow_ssh_inbound" {
security_group_id = "${aws_security_group.el2_base.id}"
type = "ingress"
protocol = "tcp"
from_port = 22
to_port = 22
cidr_blocks = ["0.0.0.0/0"]
}
/* ALLOW INBOUND PING (ECHO REQUEST) TO INSTANCES */
resource "aws_security_group_rule" "allow_ping_inbound" {
security_group_id = "${aws_security_group.el2_base.id}"
type = "ingress"
protocol = "icmp"
from_port = 8 #echo request, icmp type number
to_port = 0 # icmp code number
cidr_blocks = ["0.0.0.0/0"]
}
