180 lines
7.0 KiB
HCL
180 lines
7.0 KiB
HCL
variable "name" {
|
|
type = string
|
|
description = <<-EOT
|
|
The name to give the server, this will form the local hostname and appear in the AWS ec2 console.
|
|
The name should be unique within your region.
|
|
The name will be used as the value for the "Name" tag on the server.
|
|
The name should give some indication of the purpose of the server.
|
|
This value is ignored when overriding with the id.
|
|
If both the name and id are empty, no server will be created or selected and data will be empty.
|
|
EOT
|
|
default = ""
|
|
}
|
|
|
|
variable "owner" {
|
|
type = string
|
|
description = <<-EOT
|
|
The value of the "Owner" tag which will be added to resources, usually this is your email address.
|
|
Adding your email address as a tag on resources allows your teammates to contact you about the resource.
|
|
This can help prevent accidental deletion of resources or unexpected charges.
|
|
This value is ignored when overriding with the id.
|
|
EOT
|
|
default = ""
|
|
}
|
|
|
|
variable "type" {
|
|
type = string
|
|
description = <<-EOT
|
|
The designation of server "type" from the ./server/types.tf file
|
|
This will set the cpu, ram, and storage resources available to the server.
|
|
Larger types will have higher costs, none of the types listed are in the free tier.
|
|
Current types are "small", "medium", "large", "xl", "xxl"
|
|
This value is ignored when overriding with the id.
|
|
EOT
|
|
default = ""
|
|
}
|
|
|
|
variable "image" {
|
|
type = string
|
|
description = <<-EOT
|
|
The designation of server "image" from the ./image/types.tf file, this relates the AWS AMI information.
|
|
Please be aware that some images require a subscription and will have additional cost over usage of the server.
|
|
Current images are "sles-15", "ubuntu-22", "ubuntu-20", "rhel-8", "rocky-8", "sles-15-cis".
|
|
This value is ignored when overriding with the image_id.
|
|
Please specify either image_id or image_type.
|
|
EOT
|
|
default = ""
|
|
}
|
|
|
|
variable "image_initial_user" {
|
|
type = string
|
|
description = <<-EOT
|
|
The initial or default user on the AMI, this will be used to configure initial connection.
|
|
Use this only when overriding with the image_id (we already know initial users for preselected types).
|
|
EOT
|
|
default = ""
|
|
}
|
|
|
|
variable "image_admin_group" {
|
|
type = string
|
|
description = <<-EOT
|
|
The group defined as an 'admin' or 'sudoer' on the AMI, must allow sudo access.
|
|
Use this only when overriding with the image_id (we already know the admin group for preselected types).
|
|
EOT
|
|
default = ""
|
|
}
|
|
|
|
variable "image_workfolder" {
|
|
type = string
|
|
description = <<-EOT
|
|
The folder where scripts will be copied to and run from on the AMI.
|
|
This defaults to "/home/<initial_user>", and is usually safe.
|
|
If you are using an AMI where your home directory is mounted with noexec, you will need to change this.
|
|
Use this only when overriding with the image_id (we already know the workfolder for preselected types).
|
|
EOT
|
|
default = "~"
|
|
}
|
|
|
|
variable "image_id" {
|
|
type = string
|
|
description = <<-EOT
|
|
The id of the AMI to use. This is the AWS AMI id, not the id from the ./image/types.tf file.
|
|
Use this only when you need to use an AMI that is not listed in the ./image/types.tf file.
|
|
If you use this, the image_type variable will be ignored.
|
|
Please specify either image_id or image_type.
|
|
If you use this, the image_initial_user and image_admin_group variables are required.
|
|
EOT
|
|
default = ""
|
|
}
|
|
|
|
variable "user" {
|
|
type = string
|
|
description = <<-EOT
|
|
The username to add to the server for configuring the OS and provisioning software.
|
|
The user will get sudo access without a password, password authentication over remote connections is diabled.
|
|
The only way to access the server is by ssh-key using the user specified here.
|
|
This value is ignored when overriding with id.
|
|
If specified, this must be 32 characters or less.
|
|
EOT
|
|
default = ""
|
|
validation {
|
|
condition = (
|
|
var.user == "" ? true : (length(var.user) <= 32 ? true : false)
|
|
)
|
|
error_message = "If specified, this must be 32 characters or less."
|
|
}
|
|
}
|
|
|
|
variable "ssh_key" {
|
|
type = string
|
|
description = <<-EOT
|
|
The contents of the public key to use for ssh access.
|
|
This will be placed in the /home/.ssh/authorized_keys for the user provided.
|
|
This value is ignored when overriding with the id.
|
|
EOT
|
|
default = ""
|
|
}
|
|
variable "ssh_key_name" {
|
|
type = string
|
|
description = <<-EOT
|
|
The name of the ssh key pair object in AWS to use for ssh access.
|
|
There must be a key pair object in AWS with the tag "Name:<ssh_key_name>" for this to work.
|
|
In most cases this is not necessary, as the key will be added using cloud-init.
|
|
In some cases cloud-init is not allowed to write files (such as CIS STIG AMIs), and this is required.
|
|
EOT
|
|
default = ""
|
|
}
|
|
|
|
variable "security_group_name" {
|
|
type = string
|
|
description = <<-EOT
|
|
The name of the AWS security group that you want to apply to the server.
|
|
This must already exist in AWS, it will not be created by this module.
|
|
If you would like help creating a security group, please see the 'terraform-aws-access' module that we produce.
|
|
This uses the "Name" tag on the security group to select it, this is preferrable to make multi-region deployments easier.
|
|
EOT
|
|
default = ""
|
|
}
|
|
|
|
variable "subnet_name" {
|
|
type = string
|
|
description = <<-EOT
|
|
The name of the AWS subnet that you want to apply to the server.
|
|
This must already exist in AWS, it will not be created by this module.
|
|
If you would like help creating a subnet, please see the 'terraform-aws-access' module that we produce.
|
|
This uses the "Name" tag on the subnet to select it, this is preferrable to make multi-region deployments easier.
|
|
Subnets are tied to a specific availability zone, so when you select a subnet you are also selecting an availability zone.
|
|
EOT
|
|
default = ""
|
|
}
|
|
|
|
variable "id" {
|
|
type = string
|
|
description = <<-EOT
|
|
The id of the AWS Ec2 instance that you want to select.
|
|
This must already exist in AWS, it will not be created by this module.
|
|
This should only be used when you want to select an existing server, and not create a new one.
|
|
This can be helpful if you want to ensure a server exists and get data about it, without managing it.
|
|
If you would like to create a server, leave this empty.
|
|
If both the name and id are empty, no server will be created or selected and data will be empty.
|
|
EOT
|
|
default = ""
|
|
}
|
|
|
|
variable "cloudinit_script" {
|
|
type = string
|
|
description = <<-EOT
|
|
This is a shell script that will be injected in the cloud-init config.
|
|
Warning! This is injected into yaml, make sure to quote characters properly or things might break in unexpected ways.
|
|
EOT
|
|
default = ""
|
|
}
|
|
|
|
variable "cloudinit_timeout" {
|
|
type = string
|
|
description = <<-EOT
|
|
The number of minutes to wait for cloud-init to finish.
|
|
Defaults to '5' which checks the cloud-init status for 'done' every 10 seconds for 5 minutes / 300 seconds.
|
|
EOT
|
|
default = "5"
|
|
} |