AWS EC2 Instance Terraform module
Upstream version 6.4.0
0 controls from Registry requirements
Terraform Module Source
registry.compliance.tf/terraform-aws-modules/ec2-instance/aws83 unique
| Name | Type | Default | Description |
|---|---|---|---|
| Optional | |||
ami | string | null | ID of AMI to use for the instance |
ami_ssm_parameter | string | "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64" | SSM parameter name for the AMI ID. For Amazon Linux AMI SSM parameters see [reference](https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-public-parameters-ami.html) |
associate_public_ip_address | bool | null | Whether to associate a public IP address with an instance in a VPC |
availability_zone | string | null | AZ to start the instance in |
capacity_reservation_specification | object({...}) | null | Describes an instance's Capacity Reservation targeting option |
cpu_credits | string | null | The credit option for CPU usage (unlimited or standard) |
cpu_options | object({...}) | null | Defines CPU options to apply to the instance at launch time. |
create | bool | true | Whether to create an instance |
create_eip | bool | false | Determines whether a public EIP will be created and associated with the instance. |
create_iam_instance_profile | bool | false | Determines whether an IAM instance profile is created or to use an existing IAM instance profile |
create_security_group | bool | true | Determines whether a security group will be created |
create_spot_instance | bool | false | Depicts if the instance is a spot instance |
disable_api_stop | bool | null | If true, enables EC2 Instance Stop Protection |
disable_api_termination | bool | null | If true, enables EC2 Instance Termination Protection |
ebs_optimized | bool | null | If true, the launched EC2 instance will be EBS-optimized |
ebs_volumes | map({...}) | null | Additional EBS volumes to attach to the instance |
eip_domain | string | "vpc" | Indicates if this EIP is for use in VPC |
eip_tags | map(string) | {} | A map of additional tags to add to the eip |
enable_primary_ipv6 | bool | null | Whether to assign a primary IPv6 Global Unicast Address (GUA) to the instance when launched in a dual-stack or IPv6-only subnet |
enable_volume_tags | bool | true | Whether to enable volume tags (if enabled it conflicts with root_block_device tags) |
enclave_options_enabled | bool | null | Whether Nitro Enclaves will be enabled on the instance. Defaults to `false` |
ephemeral_block_device | map({...}) | null | Customize Ephemeral (also known as Instance Store) volumes on the instance |
force_destroy | bool | null | Destroys instance even if `disable_api_termination` or `disable_api_stop` is set to true. Once this parameter is set to true, a successful terraform apply run before a destroy is required to update this value in the resource state. Without a successful terraform apply after this parameter is set, this flag will have no effect. If setting this field in the same operation that would require replacing the instance or destroying the instance, this flag will not work. Additionally when importing an instance, a successful terraform apply is required to set this value in state before it will take effect on a destroy operation. |
get_password_data | bool | null | If true, wait for password data to become available and retrieve it |
hibernation | bool | null | If true, the launched EC2 instance will support hibernation |
host_id | string | null | ID of a dedicated host that the instance will be assigned to. Use when an instance is to be launched on a specific dedicated host |
host_resource_group_arn | string | null | ARN of the host resource group in which to launch the instances. If you specify an ARN, omit the `tenancy` parameter or set it to `host` |
iam_instance_profile | string | null | IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile |
iam_role_description | string | null | Description of the role |
iam_role_name | string | null | Name to use on IAM role created |
iam_role_path | string | null | IAM role path |
iam_role_permissions_boundary | string | null | ARN of the policy that is used to set the permissions boundary for the IAM role |
iam_role_policies | map(string) | {} | Policies attached to the IAM role |
iam_role_tags | map(string) | {} | A map of additional tags to add to the IAM role/profile created |
iam_role_use_name_prefix | bool | true | Determines whether the IAM role name (`iam_role_name` or `name`) is used as a prefix |
ignore_ami_changes | bool | false | Whether changes to the AMI ID changes should be ignored by Terraform. Note - changing this value will result in the replacement of the instance |
instance_initiated_shutdown_behavior | string | null | Shutdown behavior for the instance. Amazon defaults this to stop for EBS-backed instances and terminate for instance-store instances. Cannot be set on instance-store instance |
instance_market_options | object({...}) | null | The market (purchasing) option for the instance. If set, overrides the `create_spot_instance` variable |
instance_tags | map(string) | {} | Additional tags for the instance |
instance_type | string | "t3.micro" | The type of instance to start |
ipv6_address_count | number | null | A number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet |
ipv6_addresses | list(string) | null | Specify one or more IPv6 addresses from the range of the subnet to associate with the primary network interface |
key_name | string | null | Key name of the Key Pair to use for the instance; which can be managed using the `aws_key_pair` resource |
launch_template | object({...}) | null | Specifies a Launch Template to configure the instance. Parameters configured on this resource will override the corresponding parameters in the Launch Template |
maintenance_options | object({...}) | null | The maintenance options for the instance |
metadata_options | object({...}) | {...} | Customize the metadata options of the instance |
monitoring | bool | null | If true, the launched EC2 instance will have detailed monitoring enabled |
name | string | "" | Name to be used on EC2 instance created |
network_interface | map({...}) | null | Customize network interfaces to be attached at instance boot time |
placement_group | string | null | The Placement Group to start the instance in |
placement_group_id | string | null | Placement Group ID to start the instance in |
placement_partition_number | number | null | Number of the partition the instance is in. Valid only if the `aws_placement_group` resource's `strategy` argument is set to `partition` |
private_dns_name_options | object({...}) | null | Customize the private DNS name options of the instance |
private_ip | string | null | Private IP address to associate with the instance in a VPC |
putin_khuylo | bool | true | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! |
region | string | null | Region where the resource(s) will be managed. Defaults to the Region set in the provider configuration |
root_block_device | object({...}) | null | Customize details about the root block device of the instance. See Block Devices below for details |
secondary_network_interface | map({...}) | null | Customize secondary network interfaces to be attached to the EC2 instance |
secondary_private_ips | list(string) | null | A list of secondary private IPv4 addresses to assign to the instance's primary network interface (eth0) in a VPC. Can only be assigned to the primary network interface (eth0) attached at instance creation, not a pre-existing network interface i.e. referenced in a `network_interface block` |
security_group_description | string | null | Description of the security group |
security_group_egress_rules | map({...}) | {...} | Egress rules to add to the security group |
security_group_ingress_rules | map({...}) | null | Ingress rules to add to the security group |
security_group_name | string | null | Name to use on security group created |
security_group_tags | map(string) | {} | A map of additional tags to add to the security group created |
security_group_use_name_prefix | bool | true | Determines whether the security group name (`security_group_name` or `name`) is used as a prefix |
security_group_vpc_id | string | null | VPC ID to create the security group in. If not set, the security group will be created in the default VPC |
source_dest_check | bool | null | Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs |
spot_instance_interruption_behavior | string | null | Indicates Spot instance behavior when it is interrupted. Valid values are `terminate`, `stop`, or `hibernate` |
spot_launch_group | string | null | A launch group is a group of spot instances that launch together and terminate together. If left empty instances are launched and terminated individually |
spot_price | string | null | The maximum price to request on the spot market. Defaults to on-demand price |
spot_type | string | null | If set to one-time, after the instance is terminated, the spot request will be closed. Default `persistent` |
spot_valid_from | string | null | The start date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ) |
spot_valid_until | string | null | The end date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ) |
spot_wait_for_fulfillment | bool | null | If set, Terraform will wait for the Spot Request to be fulfilled, and will throw an error if the timeout of 10m is reached |
subnet_id | string | null | The VPC Subnet ID to launch in |
tags | map(string) | {} | A mapping of tags to assign to the resource |
tenancy | string | null | The tenancy of the instance (if the instance is running in a VPC). Available values: default, dedicated, host |
timeouts | object({...}) | null | Define maximum timeout for creating, updating, and deleting EC2 instance resources |
user_data | string | null | The user data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see user_data_base64 instead |
user_data_base64 | string | null | Can be used instead of user_data to pass base64-encoded binary data directly. Use this instead of user_data whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption |
user_data_replace_on_change | bool | null | When used in combination with user_data or user_data_base64 will trigger a destroy and recreate when set to true. Defaults to false if not set |
volume_tags | map(string) | {} | A mapping of tags to assign to the devices created by the instance at launch time |
vpc_security_group_ids | list(string) | [] | A list of security group IDs to associate with |