terraform.examples/modules/compute/LaunchTemplate/main.tf

/**
* # LaunchTemplate
*
* This module created EC2 launch template. If a single instance type is specified
* it will create launch template with that instance type. If multiple types are specified
* then a launch template with instance_requirements will be created.
*
* Root ebs volume is always encrypted - either with the aws/ebs key or a customer managed key
*/

data "aws_ami" "this" {
  filter {
    name   = "image-id"
    values = [var.image_id]
  }
}

resource "aws_launch_template" "template" {
  name                                 = var.name
  description                          = var.description
  image_id                             = var.image_id
  instance_initiated_shutdown_behavior = var.instance_initiated_shutdown_behavior
  key_name                             = var.key_name
  vpc_security_group_ids               = var.security_grouo_ids
  user_data                            = var.userdata_base64
  update_default_version               = var.update_default_version

  iam_instance_profile {
    name = var.instance_profile_name
  }

  monitoring {
    enabled = true
  }

  dynamic "tag_specifications" {
    for_each = toset(["instance", "volume"])
    content {
      resource_type = tag_specifications.value
      tags = merge(var.tag_specifications, {
        os_platform  = coalesce(data.aws_ami.this.platform, "Linux")
        architecture = data.aws_ami.this.architecture
        ami_name     = data.aws_ami.this.name
      })
    }
  }

  block_device_mappings {
    device_name = data.aws_ami.this.platform == "Windows" ? "/dev/sda1" : "/dev/xvda"
    ebs {
      volume_size           = var.root_volume_size
      volume_type           = var.root_volume_type
      delete_on_termination = true
      encrypted             = true
      kms_key_id            = var.ebs_volume_kms_key_id
    }
  }

  dynamic "metadata_options" {
    for_each = var.imdsv2_required ? [1] : []
    content {
      http_endpoint               = "enabled"  # Enables instance metadata service endpoint
      http_tokens                 = "required" # Enforces IMDSv2
      http_put_response_hop_limit = 2          # 1 default, 2 for containers
    }
  }

  instance_type = length(var.instance_types) == 1 ? var.instance_types[0] : null

  dynamic "instance_requirements" {
    for_each = length(var.instance_types) > 1 ? [1] : []
    content {
      vcpu_count {
        min = var.cpu_count_min
        max = var.cpu_count_max
      }
      memory_mib {
        min = var.mem_mib_min
        max = var.mem_mib_max
      }
      allowed_instance_types = var.instance_types
    }
  }
}