From 2de1d56a5b600a3efd8b4d2e4a092ec2274795c9 Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Mon, 16 Dec 2024 09:53:40 -0500
Subject: [PATCH] update

---
 ec2-settings/README.md    | 66 +++++++++++++++++++++++++++++++++++++++
 ec2-settings/main.tf      |  2 +-
 ec2-settings/outputs.tf   |  0
 ec2-settings/variables.tf |  0
 4 files changed, 67 insertions(+), 1 deletion(-)
 create mode 100644 ec2-settings/README.md
 create mode 100644 ec2-settings/outputs.tf
 create mode 100644 ec2-settings/variables.tf

diff --git a/ec2-settings/README.md b/ec2-settings/README.md
new file mode 100644
index 0000000..7d06f97
--- /dev/null
+++ b/ec2-settings/README.md
@@ -0,0 +1,66 @@
+<!-- BEGIN_TF_DOCS -->
+# aws-inf-setup :: ec2-settings
+This module will setup several default per account and region.  It must be used in each region.
+
+* EBS
+  * default key (alias/aws/ebs)
+  * encrypt by default (using above key)
+  * blocks public sharing of snapshots
+* EC2
+  * blocks public sharing of AMIs
+  * sets instance metdata to allow v1 and v2
+  * makes imds token optional
+  * sets imds hop limit to 2
+  * enables metadata tags
+
+# Usage
+This module takes no attributes.
+
+```hcl
+module "ec2-settings" {
+  source = "git@github.e.it.census.gov:terraform-modules/aws-inf-setup.git//ec2-settings?ref=tf-upgrade"
+}
+```
+
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_ebs_default_kms_key.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ebs_default_kms_key) | resource |
+| [aws_ebs_encryption_by_default.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ebs_encryption_by_default) | resource |
+| [aws_ebs_snapshot_block_public_access.sharing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ebs_snapshot_block_public_access) | resource |
+| [aws_ec2_image_block_public_access.sharing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_image_block_public_access) | resource |
+| [aws_ec2_instance_metadata_defaults.imds](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_instance_metadata_defaults) | resource |
+| [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
+| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_kms_key.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/kms_key) | data source |
+| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
+| [aws_regions.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/regions) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_account_alias"></a> [account\_alias](#input\_account\_alias) | AWS Account Alias | `string` | `""` | no |
+| <a name="input_account_id"></a> [account\_id](#input\_account\_id) | AWS Account ID (default will pull from current user) | `string` | `""` | no |
+| <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component (efs, s3, ebs, kms, role, policy, security-group). This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | AWS Tags to apply to appropriate resources (S3, KMS).  Do not include safeguard tags here, use the data\_safeguard field for such things. | `map(string)` | `{}` | no |
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->
diff --git a/ec2-settings/main.tf b/ec2-settings/main.tf
index 473c937..a9b76fb 100644
--- a/ec2-settings/main.tf
+++ b/ec2-settings/main.tf
@@ -62,9 +62,9 @@ resource "aws_ec2_image_block_public_access" "sharing" {
 }
 
 resource "aws_ec2_instance_metadata_defaults" "imds" {
+  instance_metadata_tags      = "enabled"
   http_endpoint               = "enabled"
   http_tokens                 = "optional"
   http_put_response_hop_limit = 2
-  instance_metadata_tags      = "enabled"
 }
 
diff --git a/ec2-settings/outputs.tf b/ec2-settings/outputs.tf
new file mode 100644
index 0000000..e69de29
diff --git a/ec2-settings/variables.tf b/ec2-settings/variables.tf
new file mode 100644
index 0000000..e69de29