Merge pull request #18 from mheffner/launch-template-config

gberenice · web-flow · commit 782823c2fa3c · 2024-02-05T17:06:19.000+02:00
Expand launch config customizations
diff --git a/main.tf b/main.tf
@@ -276,11 +276,11 @@ resource "aws_launch_template" "default" {
   user_data     = base64encode(var.user_data)
 
   monitoring {
-    enabled = true
+    enabled = var.monitoring_enabled
   }
 
   network_interfaces {
-    associate_public_ip_address = false
+    associate_public_ip_address = var.associate_public_ip_address
     delete_on_termination       = true
     security_groups             = concat(var.additional_security_group_ids, [aws_security_group.default.id])
   }
@@ -302,6 +302,12 @@ resource "aws_launch_template" "default" {
   lifecycle {
     create_before_destroy = true
   }
+
+  metadata_options {
+    http_endpoint      = var.metadata_http_endpoint_enabled ? "enabled" : "disabled"
+    http_tokens        = var.metadata_imdsv2_enabled ? "required" : "optional"
+    http_protocol_ipv6 = var.metadata_http_protocol_ipv6_enabled ? "enabled" : "disabled"
+  }
 }
 
 resource "aws_autoscaling_group" "default" {
diff --git a/variables.tf b/variables.tf
@@ -62,6 +62,40 @@ variable "additional_security_group_ids" {
   default     = []
 }
 
+variable "monitoring_enabled" {
+  description = "Enable detailed monitoring of instance"
+  type        = bool
+  default     = true
+}
+
+variable "associate_public_ip_address" {
+  description = "Associate public IP address"
+  type        = bool
+  # default should fall back to subnet setting
+  default = null
+}
+
+variable "metadata_http_endpoint_enabled" {
+  description = "Whether or not to enable the metadata http endpoint"
+  type        = bool
+  default     = true
+}
+
+variable "metadata_imdsv2_enabled" {
+  description = <<-EOT
+    Whether or not the metadata service requires session tokens,
+    also referred to as Instance Metadata Service Version 2 (IMDSv2).
+  EOT
+  type        = bool
+  default     = true
+}
+
+variable "metadata_http_protocol_ipv6_enabled" {
+  description = "Enable IPv6 metadata endpoint"
+  type        = bool
+  default     = false
+}
+
 ######################
 ## SESSION LOGGING ##
 ####################

Original file line number	Diff line number	Diff line change
`@@ -276,11 +276,11 @@ resource "aws_launch_template" "default" {`
`276`	`276`	`user_data = base64encode(var.user_data)`
`277`	`277`
`278`	`278`	`monitoring {`
`279`		`- enabled = true`
	`279`	`+ enabled = var.monitoring_enabled`
`280`	`280`	`}`
`281`	`281`
`282`	`282`	`network_interfaces {`
`283`		`- associate_public_ip_address = false`
	`283`	`+ associate_public_ip_address = var.associate_public_ip_address`
`284`	`284`	`delete_on_termination = true`
`285`	`285`	`security_groups = concat(var.additional_security_group_ids, [aws_security_group.default.id])`
`286`	`286`	`}`
`@@ -302,6 +302,12 @@ resource "aws_launch_template" "default" {`
`302`	`302`	`lifecycle {`
`303`	`303`	`create_before_destroy = true`
`304`	`304`	`}`
	`305`	`+`
	`306`	`+ metadata_options {`
	`307`	`+ http_endpoint = var.metadata_http_endpoint_enabled ? "enabled" : "disabled"`
	`308`	`+ http_tokens = var.metadata_imdsv2_enabled ? "required" : "optional"`
	`309`	`+ http_protocol_ipv6 = var.metadata_http_protocol_ipv6_enabled ? "enabled" : "disabled"`
	`310`	`+ }`
`305`	`311`	`}`
`306`	`312`
`307`	`313`	`resource "aws_autoscaling_group" "default" {`