add workflows, add versions.tf, rename some override tests, update docs, generate ssh keys in tests

Signed-off-by: matttrach <matttrach@gmail.com>
2023-08-10 23:34:51 -05:00 · 2023-08-10 23:34:51 -05:00 · 8844e8bde2
parent 11adefc2a0
commit 8844e8bde2
88 changed files with 1571 additions and 353 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@ -0,0 +1,2 @@
+# Rancher/k3s will be a suggested reviewer for all pull requests
+* @rancher/k3s
--- a/.github/workflows/e2e_tests.yaml
+++ b/.github/workflows/e2e_tests.yaml
@ -0,0 +1,52 @@
+name: 'Testing'
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  id-token: write
+  contents: read
+
+env:
+  AWS_REGION: us-west-1
+  AWS_ROLE: arn:aws:iam::270074865685:role/terraform-module-ci-test
+
+jobs:
+  terraform:
+    name: 'Terraform'
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v2
+      with:
+        role-to-assume: ${{env.AWS_ROLE}}
+        role-session-name: ${{github.job}}-${{github.run_id}}-${{github.run_number}}-${{github.run_attempt}}
+        aws-region: ${{env.AWS_REGION}}
+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v1
+      with:
+        terraform_version: 1.5.3
+        with_wrapper: false
+    - name: Terraform Init
+      run: cd examples/basic && terraform init -upgrade
+    - name: Terraform Plan
+      run: cd examples/basic && terraform init -upgrade && terraform plan
+
+  terratest:
+    name: 'Terratest'
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v2
+      with:
+        role-to-assume: ${{env.AWS_ROLE}}
+        role-session-name: ${{github.job}}-${{github.run_id}}-${{github.run_number}}-${{github.run_attempt}}
+        aws-region: ${{env.AWS_REGION}}
+    - name: Run Terratest
+      run: cd ./tests && go test -v -timeout=30m -parallel=50
--- a/.github/workflows/pr_tests.yaml
+++ b/.github/workflows/pr_tests.yaml
@ -0,0 +1,40 @@
+name: 'Testing'
+
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  terraform:
+    name: 'Terraform'
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v1
+      with:
+        terraform_version: 1.5.3
+        with_wrapper: false
+    - name: Init Basic
+      run: cd examples/basic && terraform init -upgrade
+    - name: Validate Basic
+      run: cd examples/basic && terraform validate
+
+  tflint:
+    name: 'TFLint'
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+    - uses: terraform-linters/setup-tflint@v3
+      name: Setup TFLint
+      with:
+        tflint_version: latest
+    - name: Show version
+      run: tflint --version
+    - name: Init TFLint
+      run: tflint --init
+    - name: Run TFLint
+      run: tflint -f compact
--- a/examples/basic/basic/README.md
+++ b/examples/basic/basic/README.md
@ -4,4 +4,3 @@ This example has been validated using [Terratest](https://terratest.gruntwork.io
 If you would like to test this example go to the ./tests directory and run the test with `go test basic_test.go`.

 This is an example of using this module to deploy a small sles15 server on AWS.
-Initial test run took 125.519s to complete.
--- a/examples/basic/basic/main.tf
+++ b/examples/basic/basic/main.tf
@ -0,0 +1,37 @@
+locals {
+  category       = "basic"
+  example        = "basic"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "sles-15"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.username
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}
+
+module "TestBasic" {
+  depends_on = [
+    module.aws_access,
+  ]
+  source                     = "../../../"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
+  server_type                = "small"
+  server_user                = local.username
+  server_ssh_key             = local.public_ssh_key
+  server_subnet_name         = "default"
+  server_security_group_name = module.aws_access.security_group.name
+}
--- a/examples/basic/basic/variables.tf
+++ b/examples/basic/basic/variables.tf
@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
--- a/examples/basic/basic/versions.tf
+++ b/examples/basic/basic/versions.tf
@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
--- a/examples/basic/main.tf
+++ b/examples/basic/main.tf
@ -1,12 +0,0 @@
-
-module "TestBasic" {
-  source                     = "../../"
-  image                      = "sles-15"
-  server_owner               = "terraform"
-  server_name                = "terraform-test-basic"
-  server_type                = "small"
-  server_user                = "testbasic"
-  server_ssh_key             = "ssh-abc yOur+key name@example.com"
-  server_subnet_name         = "subnet-123abc"
-  server_security_group_name = "sg-0123abc"
-}
--- a/examples/os/cis/README.md
+++ b/examples/os/cis/README.md
@ -4,6 +4,7 @@ This example has been validated using [Terratest](https://terratest.gruntwork.io
 If you would like to test this example go to the ./tests directory and run the test with `go test os_test.go` or `go test -v -run TestCis`.

 This is an example of using this module to deploy a small sles15 server using the CIS approved image on AWS.
-WARNING! This image requires a subscription and will cost a bit extra.

-Initial test run took 219.320s
+WARNING! This image requires a subscription and will cost a bit extra.
+The only way I could find to subscribe was to login to the EC2 console and apply here: 
+https://aws.amazon.com/marketplace/seller-profile?id=dfa1e6a8-0b7b-4d35-a59c-ce272caee4fc&ref_=beagle
--- a/examples/os/cis/main.tf
+++ b/examples/os/cis/main.tf
@ -1,11 +1,37 @@
-module "TestCis" {
-  source                     = "../../../"
-  image                      = "sles-15-cis"
-  server_owner               = "terraform"
-  server_name                = "test-cis"
-  server_type                = "small"
-  server_user                = "terraform"
-  server_ssh_key             = "ssh-abc yOur+key name@example.com"
-  server_subnet_name         = "tf-test"
-  server_security_group_name = "tf-test"
+locals {
+  category       = "os"
+  example        = "cis"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "sles-15-cis"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of time troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.username
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}
+
+module "TestCis" {
+  depends_on = [
+    module.aws_access,
+  ]
+  source                     = "../../../"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
+  server_type                = "small"
+  server_user                = local.username
+  server_ssh_key             = local.public_ssh_key
+  server_subnet_name         = "default"
+  server_security_group_name = module.aws_access.security_group.name
 }
--- a/examples/os/cis/variables.tf
+++ b/examples/os/cis/variables.tf
@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
--- a/examples/os/cis/versions.tf
+++ b/examples/os/cis/versions.tf
@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
--- a/examples/os/rhel8/main.tf
+++ b/examples/os/rhel8/main.tf
@ -1,12 +1,37 @@
+locals {
+  category       = "os"
+  example        = "rhel8"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "rhel-8"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of time troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.username
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}

 module "TestRhel8" {
+  depends_on = [
+    module.aws_access,
+  ]
  source                     = "../../../"
-  image                      = "rhel-8"
-  server_owner               = "terraform"
-  server_name                = "test"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
  server_type                = "small"
-  server_user                = "terraform"
-  server_ssh_key             = "ssh-ed25519 public+ssh+key test@example.com"
-  server_subnet_name         = "terraform"
-  server_security_group_name = "terraform"
-}
+  server_user                = local.username
+  server_ssh_key             = local.public_ssh_key
+  server_subnet_name         = "default"
+  server_security_group_name = module.aws_access.security_group.name
+}
--- a/examples/os/rhel8/variables.tf
+++ b/examples/os/rhel8/variables.tf
@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
--- a/examples/os/rhel8/versions.tf
+++ b/examples/os/rhel8/versions.tf
@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
--- a/examples/os/rocky8/main.tf
+++ b/examples/os/rocky8/main.tf
@ -1,12 +1,37 @@
+locals {
+  category       = "os"
+  example        = "rocky8"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "rocky-8"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of time troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.username
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}

 module "TestRocky8" {
+  depends_on = [
+    module.aws_access,
+  ]
  source                     = "../../../"
-  image                      = "rocky-8"
-  server_owner               = "terraform"
-  server_name                = "test"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
  server_type                = "small"
-  server_user                = "terraform"
-  server_ssh_key             = "ssh-ed25519 your+publicSSHkey test@example.com"
-  server_subnet_name         = "test"
-  server_security_group_name = "test"
+  server_user                = local.username
+  server_ssh_key             = local.public_ssh_key
+  server_subnet_name         = "default"
+  server_security_group_name = module.aws_access.security_group.name
 }
--- a/examples/os/rocky8/variables.tf
+++ b/examples/os/rocky8/variables.tf
@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
--- a/examples/os/rocky8/versions.tf
+++ b/examples/os/rocky8/versions.tf
@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
--- a/examples/os/sles15/main.tf
+++ b/examples/os/sles15/main.tf
@ -1,11 +1,37 @@
-module "TestSles15" {
-  source                     = "../../../"
-  image                      = "sles-15"
-  server_owner               = "terraform"
-  server_name                = "test"
-  server_type                = "small"
-  server_user                = "terraform"
-  server_ssh_key             = "ssh-ed25519 your+publicSSHkey test@example.com"
-  server_subnet_name         = "test"
-  server_security_group_name = "test"
+locals {
+  category       = "os"
+  example        = "sles15"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "sles-15"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of time troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.username
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}
+
+module "TestSles15" {
+  depends_on = [
+    module.aws_access,
+  ]
+  source                     = "../../../"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
+  server_type                = "small"
+  server_user                = local.username
+  server_ssh_key             = local.public_ssh_key
+  server_subnet_name         = "default"
+  server_security_group_name = module.aws_access.security_group.name
 }
--- a/examples/os/sles15/variables.tf
+++ b/examples/os/sles15/variables.tf
@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
--- a/examples/os/sles15/versions.tf
+++ b/examples/os/sles15/versions.tf
@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
--- a/examples/os/ubuntu20/main.tf
+++ b/examples/os/ubuntu20/main.tf
@ -1,11 +1,36 @@
-module "TestUbuntu20" {
-  source                     = "../../../"
-  image                      = "ubuntu-20"
-  server_owner               = "terraform"
-  server_name                = "test"
-  server_type                = "small"
-  server_user                = "terraform"
-  server_ssh_key             = "ssh-ed25519 your+publicSSHkey test@example.com"
-  server_subnet_name         = "test"
-  server_security_group_name = "test"
+locals {
+  category       = "os"
+  example        = "ubuntu20"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "ubuntu-20"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of time troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.username
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}
+
+module "TestUbuntu20" {
+  depends_on = [
+    module.aws_access,
+  ]
+  source                     = "../../../"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
+  server_type                = "small"
+  server_user                = local.username
+  server_ssh_key             = local.public_ssh_key
+  server_subnet_name         = "default"
+  server_security_group_name = module.aws_access.security_group.name
 }
--- a/examples/os/ubuntu20/variables.tf
+++ b/examples/os/ubuntu20/variables.tf
@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
--- a/examples/os/ubuntu20/versions.tf
+++ b/examples/os/ubuntu20/versions.tf
@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
--- a/examples/os/ubuntu22/main.tf
+++ b/examples/os/ubuntu22/main.tf
@ -1,11 +1,37 @@
-module "TestUbuntu22" {
-  source                     = "../../../"
-  image                      = "ubuntu-22"
-  server_owner               = "terraform"
-  server_name                = "test"
-  server_type                = "small"
-  server_user                = "terraform"
-  server_ssh_key             = "ssh-ed25519 your+publicSSHkey test@example.com"
-  server_subnet_name         = "test"
-  server_security_group_name = "test"
+locals {
+  category       = "os"
+  example        = "ubuntu22"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "ubuntu-22"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of time troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.username
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}
+
+module "TestUbuntu22" {
+  depends_on = [
+    module.aws_access,
+  ]
+  source                     = "../../../"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
+  server_type                = "small"
+  server_user                = local.username
+  server_ssh_key             = local.public_ssh_key
+  server_subnet_name         = "default"
+  server_security_group_name = module.aws_access.security_group.name
 }
--- a/examples/os/ubuntu22/variables.tf
+++ b/examples/os/ubuntu22/variables.tf
@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
--- a/examples/os/ubuntu22/versions.tf
+++ b/examples/os/ubuntu22/versions.tf
@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
--- a/examples/overrides/image_only/outputs.tf
+++ b/examples/overrides/image_only/outputs.tf
@ -1,21 +0,0 @@
-output "private_ip" {
-  value = module.TestImageOnly.private_ip
-}
-output "public_ip" {
-  value = module.TestImageOnly.public_ip
-}
-output "id" {
-  value = module.TestImageOnly.id
-}
-output "ami" {
-  value = module.TestImageOnly.ami
-}
-output "ram" {
-  value = module.TestImageOnly.ram
-}
-output "cpu" {
-  value = module.TestImageOnly.cpu
-}
-output "storage" {
-  value = module.TestImageOnly.storage
-}
--- a/examples/overrides/select_image/README.md
+++ b/examples/overrides/select_image/README.md
@ -6,3 +6,6 @@ If you would like to test this example go to the ./tests/overrides directory and
 This is an example of using this module to select information rather than creating anything.
 This will select the image from the image types and retrieve information about it.
 Please see ./image/types.tf for more information on the opinionated image selection this module provides.
+
+
+NOTE: This module does not create images, it may select them or skip them (potentially requiring the user to provide more information), but it won't create them.
--- a/examples/overrides/select_image/main.tf
+++ b/examples/overrides/select_image/main.tf
@ -1,4 +1,4 @@
-module "TestImageOnly" {
+module "TestSelectImage" {
  source = "../../../"
  image  = "sles-15"
 }
--- a/examples/overrides/select_image/outputs.tf
+++ b/examples/overrides/select_image/outputs.tf
@ -0,0 +1,21 @@
+output "private_ip" {
+  value = module.TestSelectImage.private_ip
+}
+output "public_ip" {
+  value = module.TestSelectImage.public_ip
+}
+output "id" {
+  value = module.TestSelectImage.id
+}
+output "ami" {
+  value = module.TestSelectImage.ami
+}
+output "ram" {
+  value = module.TestSelectImage.ram
+}
+output "cpu" {
+  value = module.TestSelectImage.cpu
+}
+output "storage" {
+  value = module.TestSelectImage.storage
+}
--- a/examples/overrides/select_image/versions.tf
+++ b/examples/overrides/select_image/versions.tf
@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+  }
+}
--- a/examples/overrides/select_only/README.md
+++ b/examples/overrides/select_only/README.md
@ -1,6 +0,0 @@
-# Select Only Example
-
-This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform.
-If you would like to test this example go to the ./tests directory and run the test with `go test overrides_test.go` or `go test -v -run TestSelectOnly`.
-
-This is an example of using this module to select and image and server without deploying anything.
--- a/examples/overrides/select_only/main.tf
+++ b/examples/overrides/select_only/main.tf
@ -1,6 +0,0 @@
-
-module "TestSelectOnly" {
-  source    = "../../../"
-  image_id  = "ami-yourtestami"  # this must be an AMI in your region
-  server_id = "i-yourtestserver" # this must be an instance in your region
-}
--- a/examples/overrides/select_only/outputs.tf
+++ b/examples/overrides/select_only/outputs.tf
@ -1,21 +0,0 @@
-output "private_ip" {
-  value = module.TestSelectOnly.private_ip
-}
-output "public_ip" {
-  value = module.TestSelectOnly.public_ip
-}
-output "id" {
-  value = module.TestSelectOnly.id
-}
-output "ami" {
-  value = module.TestSelectOnly.ami
-}
-output "ram" {
-  value = module.TestSelectOnly.ram
-}
-output "cpu" {
-  value = module.TestSelectOnly.cpu
-}
-output "storage" {
-  value = module.TestSelectOnly.storage
-}
--- a/examples/overrides/select_server/README.md
+++ b/examples/overrides/select_server/README.md
@ -0,0 +1,13 @@
+# Select Only Example
+
+This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform.
+If you would like to test this example go to the ./tests directory and run the test with `go test overrides_test.go` or `go test -v -run TestSelectOnly`.
+
+This is an example of using this module to select an image and server without deploying anything.
+
+WARNING! Server values override image values in outputs.
+This means that if you select both an image and a server, and the image is not the one that the server uses, then you will not get the image information you selected.
+Accurate server information is the top priority for this module, so it will give you the image information related to the server selected.
+That makes this example somewhat useless in practice, but it exercises both paths, so we use it in testing.
+
+In most use cases you will want to either select only an image and get the image information, or select only a server to get the server information (including the image that the server is using).
--- a/examples/overrides/select_server/main.tf
+++ b/examples/overrides/select_server/main.tf
@ -0,0 +1,5 @@
+module "TestSelectServer" {
+  source    = "../../../"
+  image_id  = "ami-09b2a1e33ce552e68" # this must be an image in your region, it should be the image used to create the server_id
+  server_id = "i-05d05c6c07c007054"   # this must be an instance in your region
+}
--- a/examples/overrides/select_server/outputs.tf
+++ b/examples/overrides/select_server/outputs.tf
@ -0,0 +1,21 @@
+output "private_ip" {
+  value = module.TestSelectServer.private_ip
+}
+output "public_ip" {
+  value = module.TestSelectServer.public_ip
+}
+output "id" {
+  value = module.TestSelectServer.id
+}
+output "ami" {
+  value = module.TestSelectServer.ami
+}
+output "ram" {
+  value = module.TestSelectServer.ram
+}
+output "cpu" {
+  value = module.TestSelectServer.cpu
+}
+output "storage" {
+  value = module.TestSelectServer.storage
+}
--- a/examples/overrides/select_server/versions.tf
+++ b/examples/overrides/select_server/versions.tf
@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
--- a/examples/overrides/server_only/README.md
+++ b/examples/overrides/server_only/README.md
@ -4,3 +4,5 @@ This example has been validated using [Terratest](https://terratest.gruntwork.io
 If you would like to test this example go to the ./tests directory and run the test with `go test overrides_test.go` or `go test -v -run TestServerOnly`.

 This is an example of using this module to deploy a small sles15 server, specifying the ami to use.
+If you specify an image_id, you must also specify the admin_group and initial_user.
+These are used to login to the server for the first time and set up a new user as specified by "username".
--- a/examples/overrides/server_only/main.tf
+++ b/examples/overrides/server_only/main.tf
@ -1,14 +1,38 @@

+locals {
+  category       = "overrides"
+  example        = "server-only"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "ami-09b2a1e33ce552e68" # this must be an AMI in your region
+  public_ssh_key = var.key                 # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name            # A lot of time troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.username
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}
+
 module "TestServerOnly" {
+  depends_on                 = [module.aws_access]
  source                     = "../../../"
-  image_id                   = "ami-09b2a1e33ce552e68" # this must be an AMI in your region
-  image_admin_group          = "admin"
-  image_initial_user         = "ubuntu"
-  server_owner               = "terraform"
-  server_name                = "test-server-only"
+  image_id                   = local.image # if you specify an image_id, you must also specify the admin_group and initial_user
+  image_admin_group          = "wheel"     # if you specify an image_id, you must also specify the admin_group and initial_user
+  image_initial_user         = "ec2-user"  # if you specify an image_id, you must also specify the admin_group and initial_user
+  server_owner               = local.email
+  server_name                = local.name
  server_type                = "small"
-  server_user                = "terraform"
-  server_ssh_key             = "ssh-ed25519 your+public+ssh+key you@example.com"
+  server_user                = local.username
+  server_ssh_key             = local.public_ssh_key
  server_subnet_name         = "default"
-  server_security_group_name = "default"
+  server_security_group_name = module.aws_access.security_group.name
 }
--- a/examples/overrides/server_only/variables.tf
+++ b/examples/overrides/server_only/variables.tf
@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
--- a/examples/overrides/server_only/versions.tf
+++ b/examples/overrides/server_only/versions.tf
@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
--- a/examples/region/useast1/main.tf
+++ b/examples/region/useast1/main.tf
@ -1,16 +1,39 @@
-
 provider "aws" {
  region = "us-east-1"
 }

-module "TestUsEast1" {
-  source                     = "../../../"
-  image                      = "sles-15"
-  server_owner               = "terraform"
-  server_name                = "test"
-  server_type                = "small"
-  server_user                = "terraform"
-  server_ssh_key             = "ssh-ed25519 your+publicSSHkey test@example.com"
-  server_subnet_name         = "test"
-  server_security_group_name = "test"
+locals {
+  category       = "region"
+  example        = "useast1"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "sles-15"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.username
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}
+
+module "TestUseast1" {
+  depends_on                 = [module.aws_access]
+  source                     = "../../../"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
+  server_type                = "small"
+  server_user                = local.username
+  server_ssh_key             = local.public_ssh_key
+  server_subnet_name         = "default"
+  server_security_group_name = module.aws_access.security_group.name
 }
--- a/examples/region/useast1/variables.tf
+++ b/examples/region/useast1/variables.tf
@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
--- a/examples/region/useast1/versions.tf
+++ b/examples/region/useast1/versions.tf
@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
--- a/examples/region/useast2/main.tf
+++ b/examples/region/useast2/main.tf
@ -1,16 +1,39 @@
-
 provider "aws" {
  region = "us-east-2"
 }

-module "TestUsEast2" {
-  source                     = "../../../"
-  image                      = "sles-15"
-  server_owner               = "terraform"
-  server_name                = "test"
-  server_type                = "small"
-  server_user                = "terraform"
-  server_ssh_key             = "ssh-ed25519 your+publicSSHkey test@example.com"
-  server_subnet_name         = "test"
-  server_security_group_name = "test"
+locals {
+  category       = "region"
+  example        = "useast2"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "sles-15"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.username
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}
+
+module "TestUseast2" {
+  depends_on                 = [module.aws_access]
+  source                     = "../../../"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
+  server_type                = "small"
+  server_user                = local.username
+  server_ssh_key             = local.public_ssh_key
+  server_subnet_name         = "default"
+  server_security_group_name = module.aws_access.security_group.name
 }
--- a/examples/region/useast2/variables.tf
+++ b/examples/region/useast2/variables.tf
@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
--- a/examples/region/useast2/versions.tf
+++ b/examples/region/useast2/versions.tf
@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
--- a/examples/region/uswest1/main.tf
+++ b/examples/region/uswest1/main.tf
@ -1,16 +1,39 @@
-
 provider "aws" {
  region = "us-west-1"
 }

-module "TestUsWest1" {
-  source                     = "../../../"
-  image                      = "sles-15"
-  server_owner               = "terraform"
-  server_name                = "test"
-  server_type                = "small"
-  server_user                = "terraform"
-  server_ssh_key             = "ssh-ed25519 your+publicSSHkey test@example.com"
-  server_subnet_name         = "test"
-  server_security_group_name = "test"
+locals {
+  category       = "region"
+  example        = "uswest1"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "sles-15"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.username
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}
+
+module "TestUswest1" {
+  depends_on                 = [module.aws_access]
+  source                     = "../../../"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
+  server_type                = "small"
+  server_user                = local.username
+  server_ssh_key             = local.public_ssh_key
+  server_subnet_name         = "default"
+  server_security_group_name = module.aws_access.security_group.name
 }
--- a/examples/region/uswest1/variables.tf
+++ b/examples/region/uswest1/variables.tf
@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
--- a/examples/region/uswest1/versions.tf
+++ b/examples/region/uswest1/versions.tf
@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
--- a/examples/region/uswest2/main.tf
+++ b/examples/region/uswest2/main.tf
@ -1,16 +1,39 @@
-
 provider "aws" {
  region = "us-west-2"
 }

-module "TestUsWest2" {
-  source                     = "../../../"
-  image                      = "sles-15"
-  server_owner               = "terraform"
-  server_name                = "test"
-  server_type                = "small"
-  server_user                = "terraform"
-  server_ssh_key             = "ssh-ed25519 your+publicSSHkey test@example.com"
-  server_subnet_name         = "test"
-  server_security_group_name = "test"
+locals {
+  category       = "region"
+  example        = "uswest2"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "sles-15"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "test"
+  subnet_name         = "test"
+  security_group_name = local.username
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}
+
+module "TestUswest2" {
+  depends_on                 = [module.aws_access]
+  source                     = "../../../"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
+  server_type                = "small"
+  server_user                = local.username
+  server_ssh_key             = local.public_ssh_key
+  server_subnet_name         = "test"
+  server_security_group_name = module.aws_access.security_group.name
 }
--- a/examples/region/uswest2/variables.tf
+++ b/examples/region/uswest2/variables.tf
@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
--- a/examples/region/uswest2/versions.tf
+++ b/examples/region/uswest2/versions.tf
@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
--- a/examples/size/large/README.md
+++ b/examples/size/large/README.md
@ -4,5 +4,3 @@ This example has been validated using [Terratest](https://terratest.gruntwork.io
 If you would like to test this example go to the ./tests directory and run the test with `go test size_test.go` or `go test -v -run TestLarge`.

 This is an example of using this module to deploy a large sles15 server.
-
-Initial test run took 133.759s
--- a/examples/size/large/main.tf
+++ b/examples/size/large/main.tf
@ -1,11 +1,36 @@
-module "TestLarge" {
-  source                     = "../../../"
-  image                      = "sles-15"
-  server_owner               = "terraform"
-  server_name                = "test-large"
-  server_type                = "large"
-  server_user                = "terraform"
-  server_ssh_key             = "ssh-ed25519 your+publicSSHkey you@example.com"
-  server_subnet_name         = "tf-test"
-  server_security_group_name = "tf-test"
+locals {
+  category       = "size"
+  example        = "large"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "sles-15"
+  size           = "large"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.username
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}
+
+module "TestLarge" {
+  depends_on                 = [module.aws_access]
+  source                     = "../../../"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
+  server_type                = local.size
+  server_user                = local.username
+  server_ssh_key             = local.public_ssh_key
+  server_subnet_name         = "default"
+  server_security_group_name = module.aws_access.security_group.name
 }
--- a/examples/size/large/variables.tf
+++ b/examples/size/large/variables.tf
@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
--- a/examples/size/large/versions.tf
+++ b/examples/size/large/versions.tf
@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
--- a/examples/size/medium/README.md
+++ b/examples/size/medium/README.md
@ -4,5 +4,3 @@ This example has been validated using [Terratest](https://terratest.gruntwork.io
 If you would like to test this example go to the ./tests directory and run the test with `go test size_test.go` or `go test -v -run TestMedium`.

 This is an example of using this module to deploy a med sles15 server.
-
-Initial test run took 156.378s
--- a/examples/size/medium/main.tf
+++ b/examples/size/medium/main.tf
@ -1,11 +1,36 @@
-module "TestMedium" {
-  source                     = "../../../"
-  image                      = "sles-15"
-  server_owner               = "terraform"
-  server_name                = "test-medium"
-  server_type                = "medium"
-  server_user                = "testmedium"
-  server_ssh_key             = "ssh-ed25519 your+publicSSHkey you@example.com"
-  server_subnet_name         = "tf-test"
-  server_security_group_name = "tf-test"
+locals {
+  category       = "size"
+  example        = "medium"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "sles-15"
+  size           = "medium"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.username
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}
+
+module "TestMedium" {
+  depends_on                 = [module.aws_access]
+  source                     = "../../../"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
+  server_type                = local.size
+  server_user                = local.username
+  server_ssh_key             = local.public_ssh_key
+  server_subnet_name         = "default"
+  server_security_group_name = module.aws_access.security_group.name
 }
--- a/examples/size/medium/variables.tf
+++ b/examples/size/medium/variables.tf
@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
--- a/examples/size/medium/versions.tf
+++ b/examples/size/medium/versions.tf
@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
--- a/examples/size/small/README.md
+++ b/examples/size/small/README.md
@ -2,7 +2,3 @@

 This example has been validated using [Terratest](https://terratest.gruntwork.io/), a Go sdk and test suite for Terraform.
 If you would like to test this example go to the ./tests directory and run the test with `go test size_test.go` or `go test -v -run TestSmall`.
-
-This is an example of using this module to deploy a small sles15 server.
-
-Initial test run took 138.855s
--- a/examples/size/small/main.tf
+++ b/examples/size/small/main.tf
@ -1,11 +1,36 @@
-module "TestSmall" {
-  source                     = "../../../"
-  image                      = "sles-15"
-  server_owner               = "terraform"
-  server_name                = "test-small"
-  server_type                = "small"
-  server_user                = "testsmall"
-  server_ssh_key             = "ssh-abc yOur+public+key name@example.com"
-  server_subnet_name         = "my-subnet"
-  server_security_group_name = "my-security-group"
-}
+locals {
+  category       = "size"
+  example        = "small"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "sles-15"
+  size           = "small"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.username
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}
+
+module "TestSmall" {
+  depends_on                 = [module.aws_access]
+  source                     = "../../../"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
+  server_type                = local.size
+  server_user                = local.username
+  server_ssh_key             = local.public_ssh_key
+  server_subnet_name         = "default"
+  server_security_group_name = module.aws_access.security_group.name
+}
--- a/examples/size/small/variables.tf
+++ b/examples/size/small/variables.tf
@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
--- a/examples/size/small/versions.tf
+++ b/examples/size/small/versions.tf
@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
--- a/examples/size/xl/README.md
+++ b/examples/size/xl/README.md
@ -4,5 +4,3 @@ This example has been validated using [Terratest](https://terratest.gruntwork.io
 If you would like to test this example go to the ./tests directory and run the test with `go test size_test.go` or `go test -v -run TestXl`.

 This is an example of using this module to deploy an xl sles15 server.
-
-Initial test run took 160.765s
--- a/examples/size/xl/main.tf
+++ b/examples/size/xl/main.tf
@ -1,11 +1,36 @@
-module "TestXl" {
-  source                   = "../../../"
-  image                    = "sles-15"
-  server_owner             = "terraform"
-  server_name              = "test-xl"
-  server_type              = "xl"
-  server_user              = "terraform"
-  server_ssh_key           = "ssh-abc yOur+key name@example.com"
-  server_subnet_id         = "tf-test"
-  server_security_group_id = "tf-test"
+locals {
+  category       = "size"
+  example        = "xl"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "sles-15"
+  size           = "xl"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.username
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}
+
+module "TestXl" {
+  depends_on                 = [module.aws_access]
+  source                     = "../../../"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
+  server_type                = local.size
+  server_user                = local.username
+  server_ssh_key             = local.public_ssh_key
+  server_subnet_name         = "default"
+  server_security_group_name = module.aws_access.security_group.name
 }
--- a/examples/size/xl/variables.tf
+++ b/examples/size/xl/variables.tf
@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
--- a/examples/size/xl/versions.tf
+++ b/examples/size/xl/versions.tf
@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
--- a/examples/size/xxl/README.md
+++ b/examples/size/xxl/README.md
@ -4,5 +4,3 @@ This example has been validated using [Terratest](https://terratest.gruntwork.io
 If you would like to test this example go to the ./tests directory and run the test with `go test size_test.go` or `go test -v -run TestXxl`.

 This is an example of using this module to deploy an extra extra large sles15 server.
-
-Initial test run took 200.771s
--- a/examples/size/xxl/main.tf
+++ b/examples/size/xxl/main.tf
@ -1,11 +1,36 @@
-module "TestXxl" {
-  source                     = "../../../"
-  image                      = "sles-15"
-  server_owner               = "terraform"
-  server_name                = "test-xxl"
-  server_type                = "xxl"
-  server_user                = "terraform"
-  server_ssh_key             = "ssh-ed25519 your+publicSSHkey you@example.com"
-  server_subnet_name         = "tf-test"
-  server_security_group_name = "tf-test"
+locals {
+  category       = "size"
+  example        = "xxl"
+  email          = "terraform-ci@suse.com"
+  name           = "terraform-aws-server-test-${local.category}-${local.example}"
+  username       = "terraform-ci"
+  image          = "sles-15"
+  size           = "xxl"
+  public_ssh_key = var.key      # I don't normally recommend this, but it allows tests to supply their own key
+  key_name       = var.key_name # A lot of troubleshooting during critical times can be saved by hard coding variables in root modules
+  # root modules should be secured properly (including the state), and should represent your running infrastructure
+}
+
+# selecting the vpc, subnet, and ssh key pair, generating a security group specific to the runner
+module "aws_access" {
+  source              = "github.com/rancher/terraform-aws-access"
+  owner               = local.email
+  vpc_name            = "default"
+  subnet_name         = "default"
+  security_group_name = local.username
+  security_group_type = "specific"
+  ssh_key_name        = local.key_name
+}
+
+module "TestXxl" {
+  depends_on                 = [module.aws_access]
+  source                     = "../../../"
+  image                      = local.image
+  server_owner               = local.email
+  server_name                = local.name
+  server_type                = local.size
+  server_user                = local.username
+  server_ssh_key             = local.public_ssh_key
+  server_subnet_name         = "default"
+  server_security_group_name = module.aws_access.security_group.name
 }
--- a/examples/size/xxl/variables.tf
+++ b/examples/size/xxl/variables.tf
@ -0,0 +1,8 @@
+variable "key" {
+  type    = string
+  default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ4HmZ/KHZ/8KsvYlz6wqpoWoOaH1edHId2aK6niqKIw terraform-ci@suse.com"
+}
+variable "key_name" {
+  type    = string
+  default = "terraform-ci"
+}
--- a/examples/size/xxl/versions.tf
+++ b/examples/size/xxl/versions.tf
@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
--- a/flake.lock
+++ b/flake.lock
@ -1,12 +1,15 @@
 {
  "nodes": {
    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
      "locked": {
-        "lastModified": 1676283394,
-        "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
+        "lastModified": 1689068808,
+        "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
+        "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
        "type": "github"
      },
      "original": {
@ -17,11 +20,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1676487294,
-        "narHash": "sha256-fbD0tVsowxAUXwfw2C9EdEAH8UEJNsCm0zJcfkJy3Pg=",
+        "lastModified": 1691625043,
+        "narHash": "sha256-IiiOwgRTQm9W1QHe8qme7qYxDbAT2MYxbIJMfPEltN0=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "63b5955814db30d2e2ff7157aaa5665b502ed2f4",
+        "rev": "3d6ebeb283be256f008541ce2b089eb5fb0e4e01",
        "type": "github"
      },
      "original": {
@ -36,6 +39,21 @@
        "flake-utils": "flake-utils",
        "nixpkgs": "nixpkgs"
      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
    }
  },
  "root": "root",
--- a/main.tf
+++ b/main.tf
@ -13,12 +13,14 @@ locals {
  server_security_group_name = var.server_security_group_name
  server_subnet_name         = var.server_subnet_name

+  select_image  = (local.image_id != "" ? true : false)
+  select_server = (local.server_id != "" ? true : false)
+
  skip_server = ((local.server_id == "" && local.server_name == "") ? true : false)
-  skip_image  = (local.image_id != "" ? true : false)
 }

+# image module can't be skipped, but it can select an image based on the image_id rather than the image variable
 module "image" {
-  count        = local.skip_image ? 0 : 1
  source       = "./modules/image"
  id           = local.image_id
  type         = local.image_type
@ -27,7 +29,7 @@ module "image" {
 }

 module "server" {
-  count = local.skip_server ? 0 : 1
+  count = (local.skip_server ? 0 : 1)
  depends_on = [
    module.image
  ]
@ -37,9 +39,9 @@ module "server" {
  owner              = local.server_owner
  type               = local.server_type
  user               = local.server_user
-  image_id           = (local.skip_image ? local.image_id : module.image[0].id)
-  image_admin_group  = (local.skip_image ? local.image_admin_group : module.image[0].admin_group)
-  image_initial_user = (local.skip_image ? local.image_initial_user : module.image[0].initial_user)
+  image_id           = module.image.id
+  image_admin_group  = module.image.admin_group
+  image_initial_user = module.image.initial_user
  ssh_key            = local.server_ssh_key
  security_group     = local.server_security_group_name
  subnet             = local.server_subnet_name
--- a/modules/image/versions.tf
+++ b/modules/image/versions.tf
@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
--- a/modules/server/versions.tf
+++ b/modules/server/versions.tf
@ -0,0 +1,19 @@
+terraform {
+  required_version = ">= 1.2.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.4"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    # NOTE: this is only required for the examples
+    # this is used by the aws_access module
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+  }
+}
--- a/outputs.tf
+++ b/outputs.tf
@ -8,7 +8,7 @@ output "id" {
  value = (local.skip_server ? "" : module.server[0].id)
 }
 output "ami" {
-  value = (local.skip_server ? (local.skip_image ? local.image_id : module.image[0].ami) : module.server[0].ami)
+  value = (local.skip_server ? module.image.ami : module.server[0].ami)
 }
 output "ram" {
  value = (local.skip_server ? "" : module.server[0].ram)
@ -17,5 +17,5 @@ output "cpu" {
  value = (local.skip_server ? "" : module.server[0].cpu)
 }
 output "storage" {
-  value = (local.skip_server ? 0 : module.server[0].storage)
-}
+  value = (local.skip_server ? "" : module.server[0].storage)
+}
--- a/tests/basic_test.go
+++ b/tests/basic_test.go
@ -1,17 +1,19 @@
 package test

 import (
-	"github.com/gruntwork-io/terratest/modules/terraform"
 	"testing"
+
+	"github.com/gruntwork-io/terratest/modules/terraform"
 )

 func TestBasic(t *testing.T) {
 	t.Parallel()
-
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/basic",
-	})
-
+	category := "basic"
+	directory := "basic"
+	region := "us-west-1"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }
--- a/tests/go.mod
+++ b/tests/go.mod
@ -2,7 +2,11 @@ module github.com/rancher/terraform-aws-server/test.go

 go 1.20

-require github.com/gruntwork-io/terratest v0.43.3
+require (
+	github.com/aws/aws-sdk-go v1.44.288
+	github.com/gruntwork-io/terratest v0.43.3
+	github.com/stretchr/testify v1.8.4
+)

 require (
 	cloud.google.com/go v0.110.3 // indirect
@ -12,9 +16,12 @@ require (
 	cloud.google.com/go/storage v1.30.1 // indirect
 	github.com/agext/levenshtein v1.2.3 // indirect
 	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
-	github.com/aws/aws-sdk-go v1.44.288 // indirect
 	github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
+	github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0 // indirect
+	github.com/go-sql-driver/mysql v1.4.1 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
@ -22,6 +29,7 @@ require (
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.2.4 // indirect
 	github.com/googleapis/gax-go/v2 v2.11.0 // indirect
+	github.com/gruntwork-io/go-commons v0.8.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-getter v1.7.1 // indirect
@ -38,9 +46,11 @@ require (
 	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/stretchr/testify v1.8.4 // indirect
+	github.com/pquerna/otp v1.2.0 // indirect
+	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/tmccombs/hcl2json v0.5.0 // indirect
 	github.com/ulikunitz/xz v0.5.11 // indirect
+	github.com/urfave/cli v1.22.2 // indirect
 	github.com/zclconf/go-cty v1.13.2 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	golang.org/x/crypto v0.10.0 // indirect
--- a/tests/go.sum
+++ b/tests/go.sum
@ -198,6 +198,9 @@ github.com/aws/aws-sdk-go v1.44.288 h1:Ln7fIao/nl0ACtelgR1I4AiEw/GLNkKcXfCaHupUW
 github.com/aws/aws-sdk-go v1.44.288/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas=
 github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ00z/TKoufEY6K/a0k6AhaJrQKdFe6OfVXsa4=
+github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
+github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8WK8raXaxBx6fRVTlJILwEwQGL1I/ByEI=
+github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
@ -215,6 +218,9 @@ github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWH
 github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
+github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
+github.com/cpuguy83/go-md2man/v2 v2.0.0 h1:EoUDS0afbrsXAZ9YQ9jdu/mZ2sXgT1/2yyNng4PGlyM=
+github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@ -229,10 +235,16 @@ github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.
 github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
+github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
+github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0 h1:skJKxRtNmevLqnayafdLe2AsenqRupVmzZSqrvb5caU=
+github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZpNwpA=
+github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-test/deep v1.0.7 h1:/VSMRlnY/JSyqxQUzQLKVMAskpY/NZKFA5j2P+0pP2M=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@ -331,6 +343,8 @@ github.com/googleapis/gax-go/v2 v2.11.0 h1:9V9PWXEsWnPpQhu/PeQIkS4eGzMlTLGgt80cU
 github.com/googleapis/gax-go/v2 v2.11.0/go.mod h1:DxmR61SGKkGLa2xigwuZIQpkCI2S5iydzRfb3peWZJI=
 github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
+github.com/gruntwork-io/go-commons v0.8.0 h1:k/yypwrPqSeYHevLlEDmvmgQzcyTwrlZGRaxEM6G0ro=
+github.com/gruntwork-io/go-commons v0.8.0/go.mod h1:gtp0yTtIBExIZp7vyIV9I0XQkVwiQZze678hvDXof78=
 github.com/gruntwork-io/terratest v0.43.3 h1:5m8muuUH/84vfahX1GM8yeTTfNY9oFAVcqqEAvjAt+w=
 github.com/gruntwork-io/terratest v0.43.3/go.mod h1:BaiZSbupsU6AmCuds8qLcoUOG8gcykW/IvWf4TtAUyU=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@ -366,6 +380,7 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o
 github.com/klauspost/compress v1.15.11/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM=
 github.com/klauspost/compress v1.16.6 h1:91SKEy4K37vkp255cJ8QesJhjyRO0hn9i9G0GoUwLsk=
 github.com/klauspost/compress v1.16.6/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
+github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
@ -373,8 +388,12 @@ github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
+github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
+github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
+github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE=
 github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
+github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo=
 github.com/mattn/go-zglob v0.0.4 h1:LQi2iOm0/fGgu80AioIJ/1j9w9Oh+9DZ39J4VAGzHQM=
 github.com/mattn/go-zglob v0.0.4/go.mod h1:MxxjyoXXnMxfIpxTK2GAkw1w8glPsQILx3N5wrKakiY=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
@ -386,13 +405,23 @@ github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTS
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pquerna/otp v1.2.0 h1:/A3+Jn+cagqayeR3iHs/L62m5ue7710D35zl1zJ1kok=
+github.com/pquerna/otp v1.2.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
+github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
+github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
@ -407,6 +436,8 @@ github.com/tmccombs/hcl2json v0.5.0/go.mod h1:B0ZpBthAKbQur6yZRKrtaqDmYLCvgnwHOB
 github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8=
 github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
+github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo=
+github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
@ -565,14 +596,17 @@ golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
 golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
--- a/tests/os_test.go
+++ b/tests/os_test.go
@ -1,72 +1,79 @@
 package test

 import (
-	"github.com/gruntwork-io/terratest/modules/terraform"
 	"testing"
+
+	"github.com/gruntwork-io/terratest/modules/terraform"
 )

 func TestCis(t *testing.T) {
 	t.Parallel()
-
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/os/cis",
-	})
-
+	category := "os"
+	directory := "cis"
+	region := "us-west-1"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }

 func TestSles15(t *testing.T) {
 	t.Parallel()
-
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/os/sles15",
-	})
-
+	category := "os"
+	directory := "sles15"
+	region := "us-west-1"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }

 func TestRocky8(t *testing.T) {
 	t.Parallel()
-
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/os/rocky8",
-	})
-
+	category := "os"
+	directory := "rocky8"
+	region := "us-west-1"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }

 func TestRhel8(t *testing.T) {
 	t.Parallel()
-
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/os/rhel8",
-	})
-
+	category := "os"
+	directory := "rhel8"
+	region := "us-west-1"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }

 func TestUbuntu20(t *testing.T) {
 	t.Parallel()
-
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/os/ubuntu20",
-	})
-
+	category := "os"
+	directory := "ubuntu20"
+	region := "us-west-1"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }

 func TestUbuntu22(t *testing.T) {
 	t.Parallel()
-
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/os/ubuntu22",
-	})
-
+	category := "os"
+	directory := "ubuntu22"
+	region := "us-west-1"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }
--- a/tests/overrides_test.go
+++ b/tests/overrides_test.go
@ -1,36 +1,54 @@
 package test

 import (
-	"github.com/gruntwork-io/terratest/modules/terraform"
+	"fmt"
 	"testing"
+
+	"github.com/gruntwork-io/terratest/modules/terraform"
 )

 func TestServerOnly(t *testing.T) {
+	// in this test we are going to create a server without touching the image module
 	t.Parallel()
-
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/overrides/server_only",
-	})
-
+	category := "overrides"
+	directory := "server_only"
+	region := "us-west-1"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }
-func TestImageOnly(t *testing.T) {
+func TestSelectImage(t *testing.T) {
+	// in this test we are going to select an image without touching the server module
 	t.Parallel()
-
+	category := "overrides"
+	directory := "select_image"
+	region := "us-west-1"
 	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/overrides/image_only",
+		TerraformDir: fmt.Sprintf("../examples/%s/%s", category, directory),
+		// Environment variables to set when running Terraform
+		EnvVars: map[string]string{
+			"AWS_DEFAULT_REGION": region,
+		},
 	})

 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }

-func TestSelectOnly(t *testing.T) {
+func TestSelectServer(t *testing.T) {
+	// in this test we are going to select an image and a server without creating anything
 	t.Parallel()
-
+	category := "overrides"
+	directory := "select_server"
+	region := "us-west-1"
 	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/overrides/select_only",
+		TerraformDir: fmt.Sprintf("../examples/%s/%s", category, directory),
+		// Environment variables to set when running Terraform
+		EnvVars: map[string]string{
+			"AWS_DEFAULT_REGION": region,
+		},
 	})

 	defer terraform.Destroy(t, terraformOptions)
--- a/tests/region_test.go
+++ b/tests/region_test.go
@ -6,42 +6,50 @@ import (
 )

 func TestUsEast1(t *testing.T) {
+	// in this test we are going to create a server in the us-east-1 region
 	t.Parallel()
-
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/region/useast1",
-	})
-
+	category := "region"
+	directory := "useast1"
+	region := "us-east-1"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }
 func TestUsEast2(t *testing.T) {
+	// in this test we are going to create a server in the us-east-2 region
 	t.Parallel()
-
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/region/useast2",
-	})
-
+	category := "region"
+	directory := "useast2"
+	region := "us-east-2"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }
 func TestUsWest1(t *testing.T) {
+	// in this test we are going to create a server in the us-west-1 region
 	t.Parallel()
-
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/region/uswest1",
-	})
-
+	category := "region"
+	directory := "uswest1"
+	region := "us-west-1"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }
 func TestUsWest2(t *testing.T) {
+	// in this test we are going to create a server in the us-west-2 region
 	t.Parallel()
-
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/region/uswest2",
-	})
-
+	category := "region"
+	directory := "uswest2"
+	region := "us-west-2"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }
--- a/tests/size_test.go
+++ b/tests/size_test.go
@ -1,57 +1,68 @@
 package test

 import (
-	"github.com/gruntwork-io/terratest/modules/terraform"
 	"testing"
+
+	"github.com/gruntwork-io/terratest/modules/terraform"
 )

 func TestSmall(t *testing.T) {
+	// in this test we are going to create a small server
 	t.Parallel()
-
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/size/small",
-	})
-
+	category := "size"
+	directory := "small"
+	region := "us-west-1"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }
 func TestMedium(t *testing.T) {
+	// in this test we are going to create a medium server
 	t.Parallel()
-
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/size/medium",
-	})
-
+	category := "size"
+	directory := "medium"
+	region := "us-west-1"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }
 func TestLarge(t *testing.T) {
+	// in this test we are going to create a large server
 	t.Parallel()
-
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/size/large",
-	})
-
+	category := "size"
+	directory := "large"
+	region := "us-west-1"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }
 func TestXl(t *testing.T) {
+	// in this test we are going to create a extra large server
 	t.Parallel()
-
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/size/xl",
-	})
-
+	category := "size"
+	directory := "xl"
+	region := "us-west-1"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }
 func TestXxl(t *testing.T) {
+	// in this test we are going to create a extra-extra large server
 	t.Parallel()
-
-	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
-		TerraformDir: "../examples/size/xxl",
-	})
-
+	category := "size"
+	directory := "xxl"
+	region := "us-west-1"
+	owner := "terraform-ci@suse.com"
+	terraformOptions, keyPair, sshAgent := setup(t, category, directory, region, owner)
+	defer teardown(t, category, directory, keyPair, sshAgent)
 	defer terraform.Destroy(t, terraformOptions)
 	terraform.InitAndApply(t, terraformOptions)
 }
--- a/tests/util_test.go
+++ b/tests/util_test.go
@ -0,0 +1,71 @@
+package test
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	a "github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/ec2"
+	aws "github.com/gruntwork-io/terratest/modules/aws"
+	"github.com/gruntwork-io/terratest/modules/random"
+	"github.com/gruntwork-io/terratest/modules/ssh"
+	"github.com/gruntwork-io/terratest/modules/terraform"
+	"github.com/stretchr/testify/require"
+)
+
+func teardown(t *testing.T, category string, directory string, keyPair *aws.Ec2Keypair, sshAgent *ssh.SshAgent) {
+	err := os.RemoveAll(fmt.Sprintf("../examples/%s/%s/.terraform", category, directory))
+	require.NoError(t, err)
+	aws.DeleteEC2KeyPair(t, keyPair)
+	sshAgent.Stop()
+}
+
+func setup(t *testing.T, category string, directory string, region string, owner string) (*terraform.Options, *aws.Ec2Keypair, *ssh.SshAgent) {
+	uniqueID := random.UniqueId()
+
+	// Create an EC2 KeyPair that we can use for SSH access
+	keyPairName := fmt.Sprintf("terraform-aws-server-test-%s-%s-%s", category, directory, uniqueID)
+	keyPair := aws.CreateAndImportEC2KeyPair(t, region, keyPairName)
+
+	// tag the key pair so we can find in the access module
+	client, err1 := aws.NewEc2ClientE(t, region)
+	require.NoError(t, err1)
+
+	input := &ec2.DescribeKeyPairsInput{
+		KeyNames: []*string{a.String(keyPairName)},
+	}
+	result, err2 := client.DescribeKeyPairs(input)
+	require.NoError(t, err2)
+
+	aws.AddTagsToResource(t, region, *result.KeyPairs[0].KeyPairId, map[string]string{"Name": keyPairName, "Owner": owner})
+
+	// start an SSH agent, with our key pair added
+	sshAgent := ssh.SshAgentWithKeyPair(t, keyPair.KeyPair)
+
+	retryableTerraformErrors := map[string]string{
+		// The reason is unknown, but eventually these succeed after a few retries.
+		".*unable to verify signature.*":             "Failed due to transient network error.",
+		".*unable to verify checksum.*":              "Failed due to transient network error.",
+		".*no provider exists with the given name.*": "Failed due to transient network error.",
+		".*registry service is unreachable.*":        "Failed due to transient network error.",
+		".*connection reset by peer.*":               "Failed due to transient network error.",
+		".*TLS handshake timeout.*":                  "Failed due to transient network error.",
+	}
+
+	terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
+		TerraformDir: fmt.Sprintf("../examples/%s/%s", category, directory),
+		// Variables to pass to our Terraform code using -var options
+		Vars: map[string]interface{}{
+			"key":      keyPair.KeyPair.PublicKey,
+			"key_name": keyPairName,
+		},
+		// Environment variables to set when running Terraform
+		EnvVars: map[string]string{
+			"AWS_DEFAULT_REGION": region,
+		},
+		SshAgent:                 sshAgent, // Overrides local SSH agent with our new agent
+		RetryableTerraformErrors: retryableTerraformErrors,
+	})
+	return terraformOptions, keyPair, sshAgent
+}