Skip to content

StratusGrid/terraform-aws-ec2-instance-profile-builder

BranchesTags

Repository files navigation

Contact Us | Stratusphere FinOps | StratusGrid Home | Blog

terraform-aws-ec2-instance-profile-builder

GitHub: StratusGrid/terraform-aws-ec2-instance-profile-builder

This module helps create an instance profile with or without a custom policy(ies). It can add cloudwatch agent rights to IAM as well as ssm, and is often used solely to make a default iam instance profile which gives the privileges needed for cloudwatch agent and ssm to work.

Example Usage:

Create a default role with permissions for ssm and cloudwatch agent:

module "ec2_default_instance_profile" {
  source  = "StratusGrid/ec2-instance-profile-builder/aws"
  version = "2.0.0"
  # source                = "github.com/StratusGrid/terraform-aws-ec2-instance-profile-builder"

  instance_profile_name = "${var.name_prefix}-default-ec2-instance-profile${local.full_suffix}"
  input_tags            = merge(local.common_tags, {})
}

Create a role with custom permissions in addition to ssm and cloudwatch agent permissions:

module "ec2_default_instance_profile" {
  source  = "StratusGrid/ec2-instance-profile-builder/aws"
  version = "2.0.0
  # source                = "github.com/StratusGrid/terraform-aws-ec2-instance-profile-builder"

  instance_profile_name = "${var.name_prefix}-default-ec2-instance-profile${local.full_suffix}"
  custom_policy_jsons    = ["${data.aws_iam_policy_document.my_custom_instance_policy.json}"]
  input_tags            = merge(local.common_tags, {})
}

Resources

Name Type
aws_iam_instance_profile.ec2_instance_profile resource
aws_iam_policy.cloudwatch_agent resource
aws_iam_policy.custom resource
aws_iam_policy.ssm resource
aws_iam_role.ec2_instance_profile resource
aws_iam_role_policy_attachment.cloudwatch_agent resource
aws_iam_role_policy_attachment.custom resource
aws_iam_role_policy_attachment.ssm resource

Inputs

Name Description Type Default Required
cloudwatch_agent_policy True/False to add cloudwatch agent policy permissions to the IAM Role for the Instance Profile string true no
custom_policy_jsons List of JSON strings of custom policies to be attached to the ec2 instance profile iam role list(string) [] no
input_tags Map of tags to apply to resources map(string) 
{
  "Developer": "StratusGrid",
  "Provisioner": "Terraform"
}
 no
instance_profile_name Unique string name of instance profile to be created. Also prepends supporting resource names string n/a yes
ssm_policy True/False to add ssm policy permissions to the IAM Role for the Instance Profile string true no

Outputs

Name Description
instance_profile_arn ARN of Instance Profile used to reference the created objects in IAM policies
instance_profile_id ID of Instance Profile used to reference the created objects in aws_instance resources

Note: Manual changes to the README will be overwritten when the documentation is updated. To update the documentation, run terraform-docs -c .config/.terraform-docs.yml .

About

This module helps build a default, or custom, AWS EC2 Instance Profiles.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

3 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases 9

v2.1.3 Latest
Apr 15, 2024
+ 8 releases

Packages

No packages published

Contributors 8

Languages