update

terraform-modules · Dec 16, 2024 · 2de1d56 · 2de1d56
1 parent 10cd5c8
commit 2de1d56
Show file tree

Hide file tree

Showing 4 changed files with 67 additions and 1 deletion.
diff --git a/ec2-settings/README.md b/ec2-settings/README.md
@@ -0,0 +1,66 @@
+<!-- BEGIN_TF_DOCS -->
+# aws-inf-setup :: ec2-settings
+This module will setup several default per account and region.  It must be used in each region.
+
+* EBS
+  * default key (alias/aws/ebs)
+  * encrypt by default (using above key)
+  * blocks public sharing of snapshots
+* EC2
+  * blocks public sharing of AMIs
+  * sets instance metdata to allow v1 and v2
+  * makes imds token optional
+  * sets imds hop limit to 2
+  * enables metadata tags
+
+# Usage
+This module takes no attributes.
+
+```hcl
+module "ec2-settings" {
+  source = "git@github.e.it.census.gov:terraform-modules/aws-inf-setup.git//ec2-settings?ref=tf-upgrade"
+}
+```
+
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_ebs_default_kms_key.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ebs_default_kms_key) | resource |
+| [aws_ebs_encryption_by_default.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ebs_encryption_by_default) | resource |
+| [aws_ebs_snapshot_block_public_access.sharing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ebs_snapshot_block_public_access) | resource |
+| [aws_ec2_image_block_public_access.sharing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_image_block_public_access) | resource |
+| [aws_ec2_instance_metadata_defaults.imds](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_instance_metadata_defaults) | resource |
+| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_kms_key.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_key) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_regions.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/regions) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_account_alias"></a> [account\_alias](#input\_account\_alias) | AWS Account Alias | `string` | `""` | no |
+| <a name="input_account_id"></a> [account\_id](#input\_account\_id) | AWS Account ID (default will pull from current user) | `string` | `""` | no |
+| <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component (efs, s3, ebs, kms, role, policy, security-group). This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->
diff --git a/ec2-settings/main.tf b/ec2-settings/main.tf
@@ -62,9 +62,9 @@ resource "aws_ec2_image_block_public_access" "sharing" {
 }
 
 resource "aws_ec2_instance_metadata_defaults" "imds" {
+  instance_metadata_tags      = "enabled"
   http_endpoint               = "enabled"
   http_tokens                 = "optional"
   http_put_response_hop_limit = 2
-  instance_metadata_tags      = "enabled"
 }
 
diff --git a/ec2-settings/outputs.tf b/ec2-settings/outputs.tf
diff --git a/ec2-settings/variables.tf b/ec2-settings/variables.tf