Skip to content

T
terraform-aws-ec2-instance
Commit a327acd9 authored by Anton Babenko's avatar Anton Babenko Committed by GitHub
Browse files
Options

Add encrypted and kms_key_id arguments to the ebs_* and root_* block (#124) 

* Add encrypted and kms_key_id arguments to the ebs_* and root_* block device configuration blocks

This commit resolves #6

* Updated example to include volume encryption settings
parent dc4cc78b
Show whitespace changes
Inline Side-by-side
Showing with 17 additions and 1 deletion
examples/basic/main.tf
View file @ a327acd9
...@@ -58,10 +58,13 @@ resource "aws_placement_group" "web" { ...@@ -58,10 +58,13 @@ resource "aws_placement_group" "web" {
strategy = "cluster" strategy = "cluster"
} }
resource "aws_kms_key" "this" {
}
module "ec2" { module "ec2" {
source = "../../" source = "../../"
instance_count = 2 instance_count = 1
name = "example-normal" name = "example-normal"
ami = data.aws_ami.amazon_linux.id ami = data.aws_ami.amazon_linux.id
...@@ -79,6 +82,16 @@ module "ec2" { ...@@ -79,6 +82,16 @@ module "ec2" {
}, },
] ]
ebs_block_device = [
{
device_name = "/dev/sdf"
volume_type = "gp2"
volume_size = 5
encrypted = true
kms_key_id = aws_kms_key.this.arn
}
]
tags = { tags = {
"Env" = "Private" "Env" = "Private"
"Location" = "Secret" "Location" = "Secret"
......
main.tf
View file @ a327acd9
...@@ -32,7 +32,9 @@ resource "aws_instance" "this" { ...@@ -32,7 +32,9 @@ resource "aws_instance" "this" {
for_each = var.root_block_device for_each = var.root_block_device
content { content {
delete_on_termination = lookup(root_block_device.value, "delete_on_termination", null) delete_on_termination = lookup(root_block_device.value, "delete_on_termination", null)
encrypted = lookup(root_block_device.value, "encrypted", null)
iops = lookup(root_block_device.value, "iops", null) iops = lookup(root_block_device.value, "iops", null)
kms_key_id = lookup(root_block_device.value, "kms_key_id", null)
volume_size = lookup(root_block_device.value, "volume_size", null) volume_size = lookup(root_block_device.value, "volume_size", null)
volume_type = lookup(root_block_device.value, "volume_type", null) volume_type = lookup(root_block_device.value, "volume_type", null)
} }
...@@ -45,6 +47,7 @@ resource "aws_instance" "this" { ...@@ -45,6 +47,7 @@ resource "aws_instance" "this" {
device_name = ebs_block_device.value.device_name device_name = ebs_block_device.value.device_name
encrypted = lookup(ebs_block_device.value, "encrypted", null) encrypted = lookup(ebs_block_device.value, "encrypted", null)
iops = lookup(ebs_block_device.value, "iops", null) iops = lookup(ebs_block_device.value, "iops", null)
kms_key_id = lookup(ebs_block_device.value, "kms_key_id", null)
snapshot_id = lookup(ebs_block_device.value, "snapshot_id", null) snapshot_id = lookup(ebs_block_device.value, "snapshot_id", null)
volume_size = lookup(ebs_block_device.value, "volume_size", null) volume_size = lookup(ebs_block_device.value, "volume_size", null)
volume_type = lookup(ebs_block_device.value, "volume_type", null) volume_type = lookup(ebs_block_device.value, "volume_type", null)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment