{"id":48026315,"url":"https://github.com/binbashar/terraform-aws-ec2-basic-layout","last_synced_at":"2026-04-04T13:50:39.915Z","repository":{"id":36657428,"uuid":"207852536","full_name":"binbashar/terraform-aws-ec2-basic-layout","owner":"binbashar","description":"Terraform module to deploy a typical EC2 layout that includes an instance with a security group and a dns record.","archived":false,"fork":false,"pushed_at":"2024-10-23T17:49:45.000Z","size":297,"stargazers_count":5,"open_issues_count":4,"forks_count":3,"subscribers_count":11,"default_branch":"master","last_synced_at":"2024-10-24T01:58:41.114Z","etag":null,"topics":["bb-le-mod-terraform","binbash-terraform","terraform"],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/binbashar.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"security.tf","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"binbashar"}},"created_at":"2019-09-11T16:01:50.000Z","updated_at":"2024-10-23T17:49:47.000Z","dependencies_parsed_at":"2024-10-23T02:07:44.627Z","dependency_job_id":null,"html_url":"https://github.com/binbashar/terraform-aws-ec2-basic-layout","commit_stats":null,"previous_names":[],"tags_count":38,"template":false,"template_full_name":null,"purl":"pkg:github/binbashar/terraform-aws-ec2-basic-layout","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/binbashar%2Fterraform-aws-ec2-basic-layout","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/binbashar%2Fterraform-aws-ec2-basic-layout/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/binbashar%2Fterraform-aws-ec2-basic-layout/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/binbashar%2Fterraform-aws-ec2-basic-layout/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/binbashar","download_url":"https://codeload.github.com/binbashar/terraform-aws-ec2-basic-layout/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/binbashar%2Fterraform-aws-ec2-basic-layout/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31402276,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-04T10:20:44.708Z","status":"ssl_error","status_checked_at":"2026-04-04T10:20:06.846Z","response_time":60,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bb-le-mod-terraform","binbash-terraform","terraform"],"created_at":"2026-04-04T13:50:37.706Z","updated_at":"2026-04-04T13:50:39.893Z","avatar_url":"https://github.com/binbashar.png","language":"HCL","funding_links":["https://github.com/sponsors/binbashar"],"categories":[],"sub_categories":[],"readme":"\u003ca href=\"https://github.com/binbashar\"\u003e\n    \u003cimg src=\"https://raw.githubusercontent.com/binbashar/le-ref-architecture-doc/master/docs/assets/images/logos/binbash-leverage-banner.png\" width=\"1032\" align=\"left\" alt=\"Binbash\"/\u003e\n\u003c/a\u003e\n\u003cbr clear=\"left\"/\u003e\n\n# Terraform Module: AWS EC2 Basic Layout\n\n## Overview\n\nThis module could be useful if you find yourself creating a layout that includes\nthe following resources:\n\n* EC2 Instance w/ configurable AMI, family type, key pair, networking, userdata,\namong others.\n* EC2 Profile with a customizable IAM Role supporting both AWS and customer\n managed policies.\n* Multiple EBS dynamic blocks (root_block_device, ebs_block_device and\n ephemeral_block_device) w/ configurable type, size, device name and encryption\n configs among others.\n* Security group for the instance above.\n* Optionally associate a public IP address with the instance.\n* DNS record with a record that points to the instance private IP / public IP.\n* Tags: both EC2 and EBS.\n* SSM support for interactive shell access via browser or AWS CLI\n\nPersonally we have seen the need of creating a similar set of such resources\n for an OpenVPN instance, for Jenkins, Spinnaker, DroneCI, Prometheus, Grafana,\n Hashicorp Vault, ElasticSearch, Kibana and so forth.\n\n\u003c!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | \u003e= 0.13.2 |\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | ~\u003e 4.0 |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | ~\u003e 4.0 |\n\n## Modules\n\nNo modules.\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [aws_eip.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |\n| [aws_iam_instance_profile.basic_instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource |\n| [aws_iam_policy.cross_org_instance_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |\n| [aws_iam_role.basic_instance_assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |\n| [aws_iam_role_policy_attachment.basic_instance_aws_roles](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_iam_role_policy_attachment.ec2_ssm_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_iam_role_policy_attachment.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |\n| [aws_instance.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource |\n| [aws_route53_record.main_private](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |\n| [aws_route53_record.main_public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |\n| [aws_security_group.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |\n| [aws_security_group_rule.egress_allow_all](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |\n| [aws_security_group_rule.ingress_rules](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |\n| [aws_ami.ubuntu_linux](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |\n| [aws_iam_policy_document.cross_org_instance_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n| [aws_iam_policy_document.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_ami_id\"\u003e\u003c/a\u003e [ami\\_id](#input\\_ami\\_id) | AMI Identifier | `string` | `\"\"` | no |\n| \u003ca name=\"input_associate_public_ip_address\"\u003e\u003c/a\u003e [associate\\_public\\_ip\\_address](#input\\_associate\\_public\\_ip\\_address) | Associate a public IP address with the instance | `bool` | `false` | no |\n| \u003ca name=\"input_aws_ami_os_id\"\u003e\u003c/a\u003e [aws\\_ami\\_os\\_id](#input\\_aws\\_ami\\_os\\_id) | AWS AMI Operating System Identificator | `string` | `\"ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-*\"` | no |\n| \u003ca name=\"input_aws_ami_os_owner\"\u003e\u003c/a\u003e [aws\\_ami\\_os\\_owner](#input\\_aws\\_ami\\_os\\_owner) | AWS AMI Operating System Owner, eg: 099720109477 for Canonical | `string` | `\"099720109477\"` | no |\n| \u003ca name=\"input_credit_specification_cpu\"\u003e\u003c/a\u003e [credit\\_specification\\_cpu](#input\\_credit\\_specification\\_cpu) | Can be applied/modified to the EC2 at any time. The credit option for CPU usage. Can be 'standard' or 'unlimited'. By default T3 = unlimited \u0026 T2 'standard'. | `string` | `\"unlimited\"` | no |\n| \u003ca name=\"input_cross_account_roles_resource_arn_list\"\u003e\u003c/a\u003e [cross\\_account\\_roles\\_resource\\_arn\\_list](#input\\_cross\\_account\\_roles\\_resource\\_arn\\_list) | Resources arn list for cross org roles for EC2 profile IAM Role policy. | `list(string)` | `[]` | no |\n| \u003ca name=\"input_disable_api_termination\"\u003e\u003c/a\u003e [disable\\_api\\_termination](#input\\_disable\\_api\\_termination) | If true, enables EC2 Instance Termination Protection | `string` | `\"false\"` | no |\n| \u003ca name=\"input_dns_records_internal_hosted_zone\"\u003e\u003c/a\u003e [dns\\_records\\_internal\\_hosted\\_zone](#input\\_dns\\_records\\_internal\\_hosted\\_zone) | A list of DNS private (internal hosted zone) records to create with the instance's IP | `list(any)` | `[]` | no |\n| \u003ca name=\"input_dns_records_public_hosted_zone\"\u003e\u003c/a\u003e [dns\\_records\\_public\\_hosted\\_zone](#input\\_dns\\_records\\_public\\_hosted\\_zone) | A list of DNS public (public hosted zone) records to create with the instance's IP | `list(any)` | `[]` | no |\n| \u003ca name=\"input_ebs_block_device\"\u003e\u003c/a\u003e [ebs\\_block\\_device](#input\\_ebs\\_block\\_device) | Additional EBS block devices to attach to the instance | `list(map(string))` | `[]` | no |\n| \u003ca name=\"input_ebs_optimized\"\u003e\u003c/a\u003e [ebs\\_optimized](#input\\_ebs\\_optimized) | Enable EBS Optimized | `string` | `\"false\"` | no |\n| \u003ca name=\"input_enable_ssm_access\"\u003e\u003c/a\u003e [enable\\_ssm\\_access](#input\\_enable\\_ssm\\_access) | If true, attaches SSM policy to instance role | `bool` | `false` | no |\n| \u003ca name=\"input_ephemeral_block_device\"\u003e\u003c/a\u003e [ephemeral\\_block\\_device](#input\\_ephemeral\\_block\\_device) | Customize Ephemeral (also known as Instance Store) volumes on the instance | `list(map(string))` | `[]` | no |\n| \u003ca name=\"input_instance_profile\"\u003e\u003c/a\u003e [instance\\_profile](#input\\_instance\\_profile) | The IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile. | `string` | `\"\"` | no |\n| \u003ca name=\"input_instance_type\"\u003e\u003c/a\u003e [instance\\_type](#input\\_instance\\_type) | EC2 Instance Type | `string` | `\"t3.micro\"` | no |\n| \u003ca name=\"input_key_pair_name\"\u003e\u003c/a\u003e [key\\_pair\\_name](#input\\_key\\_pair\\_name) | Key Pair Name | `string` | n/a | yes |\n| \u003ca name=\"input_monitoring\"\u003e\u003c/a\u003e [monitoring](#input\\_monitoring) | If true, the launched EC2 instance will have detailed monitoring enabled | `bool` | `false` | no |\n| \u003ca name=\"input_name\"\u003e\u003c/a\u003e [name](#input\\_name) | Name | `string` | n/a | yes |\n| \u003ca name=\"input_policy_arn\"\u003e\u003c/a\u003e [policy\\_arn](#input\\_policy\\_arn) | Attach AWS IAM managed policies to the IAM Role. | `list(string)` | `[]` | no |\n| \u003ca name=\"input_prefix\"\u003e\u003c/a\u003e [prefix](#input\\_prefix) | Prefix | `string` | `\"default\"` | no |\n| \u003ca name=\"input_root_block_device\"\u003e\u003c/a\u003e [root\\_block\\_device](#input\\_root\\_block\\_device) | Customize details about the root block device of the instance. See Block Devices below for details | `list(map(string))` | `[]` | no |\n| \u003ca name=\"input_root_device_backup_tag\"\u003e\u003c/a\u003e [root\\_device\\_backup\\_tag](#input\\_root\\_device\\_backup\\_tag) | EC2 Root Block Device backup tag | `string` | `\"True\"` | no |\n| \u003ca name=\"input_security_group_ids\"\u003e\u003c/a\u003e [security\\_group\\_ids](#input\\_security\\_group\\_ids) | A list of security group ids | `list(string)` | `[]` | no |\n| \u003ca name=\"input_security_group_rules\"\u003e\u003c/a\u003e [security\\_group\\_rules](#input\\_security\\_group\\_rules) | A list of security group rules | `list(any)` | `[]` | no |\n| \u003ca name=\"input_subnet_id\"\u003e\u003c/a\u003e [subnet\\_id](#input\\_subnet\\_id) | Subnet ID | `string` | n/a | yes |\n| \u003ca name=\"input_tag_approved_ami_value\"\u003e\u003c/a\u003e [tag\\_approved\\_ami\\_value](#input\\_tag\\_approved\\_ami\\_value) | Set the specific tag ApprovedAMI ('true' \\| 'false') that identifies aws-config compliant AMIs | `string` | `\"false\"` | no |\n| \u003ca name=\"input_tags\"\u003e\u003c/a\u003e [tags](#input\\_tags) | Tags | `map(string)` | `{}` | no |\n| \u003ca name=\"input_user_data\"\u003e\u003c/a\u003e [user\\_data](#input\\_user\\_data) | The user data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see user\\_data\\_base64 instead. | `string` | `null` | no |\n| \u003ca name=\"input_user_data_base64\"\u003e\u003c/a\u003e [user\\_data\\_base64](#input\\_user\\_data\\_base64) | Can be used instead of user\\_data to pass base64-encoded binary data directly. Use this instead of user\\_data whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption. | `string` | `null` | no |\n| \u003ca name=\"input_vpc_id\"\u003e\u003c/a\u003e [vpc\\_id](#input\\_vpc\\_id) | VPC ID | `string` | n/a | yes |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_aws_instance_ami\"\u003e\u003c/a\u003e [aws\\_instance\\_ami](#output\\_aws\\_instance\\_ami) | The AMI of the Instance. |\n| \u003ca name=\"output_aws_instance_assume_role_name\"\u003e\u003c/a\u003e [aws\\_instance\\_assume\\_role\\_name](#output\\_aws\\_instance\\_assume\\_role\\_name) | The IAM instance profile of the EC2. |\n| \u003ca name=\"output_aws_instance_iam_profile\"\u003e\u003c/a\u003e [aws\\_instance\\_iam\\_profile](#output\\_aws\\_instance\\_iam\\_profile) | The IAM instance profile of the EC2. |\n| \u003ca name=\"output_aws_instance_key_name\"\u003e\u003c/a\u003e [aws\\_instance\\_key\\_name](#output\\_aws\\_instance\\_key\\_name) | The ssh key pair name of the Instance. |\n| \u003ca name=\"output_aws_instance_private_ip\"\u003e\u003c/a\u003e [aws\\_instance\\_private\\_ip](#output\\_aws\\_instance\\_private\\_ip) | Contains the instance private IP address. |\n| \u003ca name=\"output_aws_instance_public_ip\"\u003e\u003c/a\u003e [aws\\_instance\\_public\\_ip](#output\\_aws\\_instance\\_public\\_ip) | Contains the instance public IP address. |\n| \u003ca name=\"output_aws_instance_type\"\u003e\u003c/a\u003e [aws\\_instance\\_type](#output\\_aws\\_instance\\_type) | The type of the Instance. |\n| \u003ca name=\"output_aws_instance_volume_tags\"\u003e\u003c/a\u003e [aws\\_instance\\_volume\\_tags](#output\\_aws\\_instance\\_volume\\_tags) | The root EBS volume tags of the instace. |\n| \u003ca name=\"output_dns_record_private\"\u003e\u003c/a\u003e [dns\\_record\\_private](#output\\_dns\\_record\\_private) | DNS |\n| \u003ca name=\"output_dns_record_public\"\u003e\u003c/a\u003e [dns\\_record\\_public](#output\\_dns\\_record\\_public) | n/a |\n| \u003ca name=\"output_instance\"\u003e\u003c/a\u003e [instance](#output\\_instance) | Compute |\n| \u003ca name=\"output_security_group\"\u003e\u003c/a\u003e [security\\_group](#output\\_security\\_group) | n/a |\n\u003c!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n\n## Examples\n\nPlease refer to the module [**Examples**](https://github.com/binbashar/terraform-aws-ec2-basic-layout/tree/master/examples).\n## Binbash Leverage | DevOps Automation Code Library Integration\n\nIn order to get the full automated potential of the\n[Binbash Leverage DevOps Automation Code Library](https://leverage.binbash.com.ar/how-it-works/code-library/code-library/)  \nyou should initialize all the necessary helper **Makefiles**.\n\n#### How?\nYou must execute the `make init-makefiles` command  at the root context:\n\n```shell\n╭─delivery at delivery-I7567 in ~/terraform/terraform-aws-backup-by-tags on master✔ 20-09-17\n╰─⠠⠵ make\nAvailable Commands:\n - init-makefiles     initialize makefiles\n\n```\n\n### Why?\nYou'll get all the necessary commands to automatically operate this module via a dockerized approach,\nexample shown below\n\n```shell\n╭─delivery at delivery-I7567 in ~/terraform/terraform-aws-backup-by-tags on master✔ 20-09-17\n╰─⠠⠵ make\nAvailable Commands:\n - circleci-validate-config  ## Validate A CircleCI Config (https\n - format-check        ## The terraform fmt is used to rewrite tf conf files to a canonical format and style.\n - format              ## The terraform fmt is used to rewrite tf conf files to a canonical format and style.\n - tf-dir-chmod        ## run chown in ./.terraform to gran that the docker mounted dir has the right permissions\n - version             ## Show terraform version\n - init-makefiles      ## initialize makefiles\n```\n\n```shell\n╭─delivery at delivery-I7567 in ~/terraform/terraform-aws-backup-by-tags on master✔ 20-09-17\n╰─⠠⠵ make format-check\ndocker run --rm -v /home/delivery/Binbash/repos/Leverage/terraform/terraform-aws-backup-by-tags:\"/go/src/project/\":rw -v :/config -v /common.config:/common-config/common.config -v ~/.ssh:/root/.ssh -v ~/.gitconfig:/etc/gitconfig -v ~/.aws/bb:/root/.aws/bb -e AWS_SHARED_CREDENTIALS_FILE=/root/.aws/bb/credentials -e AWS_CONFIG_FILE=/root/.aws/bb/config --entrypoint=/bin/terraform -w \"/go/src/project/\" -it binbash/terraform-awscli-slim:0.12.28 fmt -check\n```\n\n# Release Management\n### CircleCi PR auto-release job\n\n\u003cdiv align=\"left\"\u003e\n  \u003cimg src=\"https://raw.githubusercontent.com/binbashar/terraform-aws-ec2-basic-layout/master/figures/circleci-logo.png\"\n   alt=\"circleci\" width=\"130\"/\u003e\n\u003c/div\u003e\n\n- [**pipeline-job**](https://circleci.com/gh/binbashar/terraform-aws-ec2-basic-layout) (**NOTE:** Will only run after merged PR)\n- [**releases**](https://github.com/binbashar/terraform-aws-ec2-basic-layout/releases)\n- [**changelog**](https://github.com/binbashar/terraform-aws-ec2-basic-layout/blob/master/CHANGELOG.md)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbinbashar%2Fterraform-aws-ec2-basic-layout","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbinbashar%2Fterraform-aws-ec2-basic-layout","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbinbashar%2Fterraform-aws-ec2-basic-layout/lists"}