initial commit

2026-02-13 15:44:24 +08:00
parent 66be8224f4
commit 09ce4c881a
570 changed files with 61807 additions and 0 deletions
@@ -0,0 +1,84 @@
+/**
+* # LaunchTemplate
+*
+* This module created EC2 launch template. If a single instance type is specified
+* it will create launch template with that instance type. If multiple types are specified
+* then a launch template with instance_requirements will be created.
+*
+* Root ebs volume is always encrypted - either with the aws/ebs key or a customer managed key
+*/
+
+data "aws_ami" "this" {
+  filter {
+    name   = "image-id"
+    values = [var.image_id]
+  }
+}
+
+resource "aws_launch_template" "template" {
+  name                                 = var.name
+  description                          = var.description
+  image_id                             = var.image_id
+  instance_initiated_shutdown_behavior = var.instance_initiated_shutdown_behavior
+  key_name                             = var.key_name
+  vpc_security_group_ids               = var.security_grouo_ids
+  user_data                            = var.userdata_base64
+  update_default_version               = var.update_default_version
+
+  iam_instance_profile {
+    name = var.instance_profile_name
+  }
+
+  monitoring {
+    enabled = true
+  }
+
+  dynamic "tag_specifications" {
+    for_each = toset(["instance", "volume"])
+    content {
+      resource_type = tag_specifications.value
+      tags = merge(var.tag_specifications, {
+        os_platform  = coalesce(data.aws_ami.this.platform, "Linux")
+        architecture = data.aws_ami.this.architecture
+        ami_name     = data.aws_ami.this.name
+      })
+    }
+  }
+
+  block_device_mappings {
+    device_name = data.aws_ami.this.platform == "Windows" ? "/dev/sda1" : "/dev/xvda"
+    ebs {
+      volume_size           = var.root_volume_size
+      volume_type           = var.root_volume_type
+      delete_on_termination = true
+      encrypted             = true
+      kms_key_id            = var.ebs_volume_kms_key_id
+    }
+  }
+
+  dynamic "metadata_options" {
+    for_each = var.imdsv2_required ? [1] : []
+    content {
+      http_endpoint               = "enabled"  # Enables instance metadata service endpoint
+      http_tokens                 = "required" # Enforces IMDSv2
+      http_put_response_hop_limit = 2          # 1 default, 2 for containers
+    }
+  }
+
+  instance_type = length(var.instance_types) == 1 ? var.instance_types[0] : null
+
+  dynamic "instance_requirements" {
+    for_each = length(var.instance_types) > 1 ? [1] : []
+    content {
+      vcpu_count {
+        min = var.cpu_count_min
+        max = var.cpu_count_max
+      }
+      memory_mib {
+        min = var.mem_mib_min
+        max = var.mem_mib_max
+      }
+      allowed_instance_types = var.instance_types
+    }
+  }
+}