Skip to content

wearetechnative/terraform-aws-ec2-asg

BranchesTags

Repository files navigation

Terraform AWS EC2 ASG

This module implements an EC2 Auto Scaling Group

When to use terraform-aws-ec2-asg

Use terraform-aws-ec2-asg if:

  • You need to provide a fail-over setup with one EC2 (i.e. the initial use of terraform-aws-ec2-asg).
    • Generally used with use_floating_ip = true to host applications that are not Dockerized. An EIP will be used and floats to another EC2 instance if the current instance fails.
    • Also used for setting up reliable Bastion hosts.
  • You need to provide compute resources for ECS clusters.

Do not use terraform-aws-ec2-asg if:

  • If you need to provision EC2 instances for EKS, we have eks_custom_nodegroup for this. (Altough we should/could refactor the ec2_asg module for use with EKS as well...) or at least use it in eks_custom_nodegroup.

Todo

  • Implement spot instance functionality in launch_template.

Troubleshooting / Known issues

ARN specified for Service-Linked Role does not exist

Sometimes you receive the following error:

│ Error: creating Auto Scaling Group (ec2-asg-website_stack_dev-eu-central-1b): ValidationError: ARN specified for Service-Linked Role does not exist.
│       status code: 400, request id: 3dcf1ff4-d46f-4724-9586-f1e4957b5dd4
│
│   with module.network_compute.module.network.module.nat_instances["eu-central-1b"].module.ec2_asg.aws_autoscaling_group.this,
│   on ../../modules/ec2_asg/autoscaling_group.tf line 16, in resource "aws_autoscaling_group" "this":
│   16: resource "aws_autoscaling_group" "this" {

Run terraform apply again. This is because of a race condition in AWS.

Initial lifecycle hooks are not updated in ASG when changed.

We currently do not know a solution other than deleting and recreating the ASG.

Providers

Name Version
aws >=4.8.0
random n/a

Modules

Name Source Version
eip_lambda ./eip_lambda n/a
iam_role git@github.com:wearetechnative/terraform-aws-iam-role 0fe916c27097706237692122e09f323f55e8237e

Resources

Name Type
aws_autoscaling_group.this resource
aws_eip.this resource
aws_iam_instance_profile.this resource
aws_iam_policy.userdata-lifecycle resource
aws_iam_role_policy_attachment.userdata-lifecycle resource
aws_iam_service_linked_role.this resource
aws_kms_grant.this resource
aws_launch_template.this resource
aws_ssm_parameter.public-ip resource
random_string.this resource
aws_ami.this data source
aws_caller_identity.current data source
aws_eip.own_eip data source
aws_iam_policy_document.userdata-lifecycle data source
aws_region.current data source

Inputs

Name Description Type Default Required
additional_tags Additional tags on the ASG that will be propagated to the hosts. Useful for EKS & Systems Manager state management. Always propagated to EC2 instances. map(string) {} no
ec2_ami_name_filter_list Optional regex value to filter the AMI image. Most recently is used. Only AMIs with root device EBS and virtualization type HVM are currently allowed. Default is Ubuntu. list(string) 
[
  "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"
]
 no
ec2_ami_owner_list Optional list of owners as an additional filter. This is a safeguard to prevent AMI names from being reused by malicious third parties. Default is Canonical. list(string) 
[
  "099720109477"
]
 no
ec2_instance_type Optional instance type for EC2. Defaults to t3a.small. string "t3a.small" no
ec2_root_initial_size Optional initial size of the EC2 root instance disk. Must be sufficient for the AMI that is used. Defaults to 8Gb. number 8 no
initial_amount_of_pods Initial amount of pods to set when the ASG is (re)created. number 0 no
instance_role_name Optional instance role name. If not specified a default role with some policies like AmazonSSMManagedInstanceCore will be attached. string null no
kms_key_arn KMS key to use for encrypting EBS volumes. string n/a yes
lifecycle_hooks Additional lifecycle hooks for this ASG. They are implemented as initial lifecycle hooks so they will apply to all created EC2 instances. The map key is the name. 
map(object({
    timeout_in_seconds = number
    launch_lifecycle = bool
    notification_metadata = string
  }))
 {} no
name Unique name for EC2 with ASG setup. string n/a yes
own_eip_for_floaing_ip Optionally own EIP if floating IP is set to true. string null no
security_group_ids Optional security groups to be associated with EC2 instances. Make sure that SSM endpoints or WAN access is allowed if you want SSM to work. list(string) [] no
sqs_dlq_arn Optionally specify a normal SQS queue to be used as DLQ for EventBridge and Lambda. string null no
subnet_ids Required list of subnets to launch instances in. list(string) n/a yes
target_group_arns Target groups to add the managed EC2 instances to. list(string) [] no
use_floating_ip Use floating IP for standard endpoint entry. bool true no
use_public_ip Associate public IPs to EC2 instance. bool false no
user_data Optional userdata in cleartext.
- Especially if var.user_data_completion_hook is set as well then keep the 16Kb limit in mind for these scripts.
- The script always initiates a server reboot at the end.		 string "" no
user_data_completion_hook Append completion hook to userdata. Make sure you install awscli and jq in the userdata script. This assumes the userdata script is a bash shell script! bool false no
user_data_lifecyclehook_timeout Max timeout on userdata lifecycle hook in seconds. Default to 1800 seconds. number 1800 no

Outputs

Name Description
autoscaling_group_arn n/a
autoscaling_group_name n/a
elasticip_parameter_arn n/a

About

AWS auto scaling is used to scale up and scale down the EC2-instance by depending up on the incoming traffic.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 5

Languages