diff --git a/modules/region/README.md b/modules/region/README.md
index c1f60f5..8c45f31 100644
--- a/modules/region/README.md
+++ b/modules/region/README.md
@@ -5,6 +5,7 @@ This module creates following resources.
- `aws_ebs_encryption_by_default`
- `aws_ebs_default_kms_key` (optional)
- `aws_ec2_image_block_public_access`
+- `aws_ec2_instance_metadata_defaults`
- `aws_ec2_serial_console_access`
- `aws_macie2_organization_admin_account` (optional)
- `aws_resourceexplorer2_index` (optional)
@@ -16,8 +17,8 @@ This module creates following resources.
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.5 |
-| [aws](#requirement\_aws) | >= 4.22 |
+| [terraform](#requirement\_terraform) | >= 1.6 |
+| [aws](#requirement\_aws) | >= 5.43 |
## Providers
@@ -39,6 +40,7 @@ This module creates following resources.
| [aws_ebs_encryption_by_default.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ebs_encryption_by_default) | resource |
| [aws_ec2_availability_zone_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_availability_zone_group) | resource |
| [aws_ec2_image_block_public_access.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_image_block_public_access) | resource |
+| [aws_ec2_instance_metadata_defaults.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_instance_metadata_defaults) | resource |
| [aws_ec2_serial_console_access.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_serial_console_access) | resource |
| [aws_macie2_organization_admin_account.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/macie2_organization_admin_account) | resource |
| [aws_resourceexplorer2_index.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/resourceexplorer2_index) | resource |
@@ -51,7 +53,7 @@ This module creates following resources.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [ebs\_default\_encryption](#input\_ebs\_default\_encryption) | (Optional) The configuration of the EBS default encryption. `ebs_default_encryption` as defined below.
(Optional) `enabled` - Whether or not default EBS encryption is enabled.
(Optional) `kms_key` - The ARN of the AWS Key Management Service (AWS KMS) customer master key (CMK) to use to encrypt the EBS volume. |
object({| `{}` | no | -| [ec2](#input\_ec2) | (Optional) The configuration of EC2 in the current AWS region. `ec2` as defined below.
enabled = optional(bool, false)
kms_key = optional(string)
})
object({| `{}` | no | +| [ec2](#input\_ec2) | (Optional) The configuration of EC2 in the current AWS region. `ec2` as defined below.
ami_public_access_enabled = optional(bool, false)
serial_console_enabled = optional(bool, false)
})
object({| `{}` | no | | [macie](#input\_macie) | (Optional) The configuration of Macie in the current AWS region. `macie` as defined below.
ami_public_access_enabled = optional(bool, false)
instance_metadata_defaults = optional(object({
http_enabled = optional(bool)
http_token_required = optional(bool)
http_put_response_hop_limit = optional(number)
instance_tags_enabled = optional(bool)
}), {})
serial_console_enabled = optional(bool, false)
})
object({| `{}` | no | | [module\_tags\_enabled](#input\_module\_tags\_enabled) | (Optional) Whether to create AWS Resource Tags for the module informations. | `bool` | `true` | no | | [resource\_explorer](#input\_resource\_explorer) | (Optional) The configuration of the Resource Explorer in the current AWS region. `resource_explorer` as defined below.
delegated_administrator = optional(string)
})
object({| `{}` | no | diff --git a/modules/region/ec2.tf b/modules/region/ec2.tf index 85bcbbb..7bb5fab 100644 --- a/modules/region/ec2.tf +++ b/modules/region/ec2.tf @@ -10,6 +10,28 @@ resource "aws_ec2_image_block_public_access" "this" { } +################################################### +# Instance Metadata Defaults for EC2 +################################################### + +resource "aws_ec2_instance_metadata_defaults" "this" { + http_endpoint = (var.ec2.instance_metadata_defaults.http_enabled != null + ? (var.ec2.instance_metadata_defaults.http_enabled ? "enabled" : "disabled") + : "no-preference" + ) + http_tokens = (var.ec2.instance_metadata_defaults.http_token_required != null + ? (var.ec2.instance_metadata_defaults.http_token_required ? "required" : "optional") + : "no-preference" + ) + http_put_response_hop_limit = coalesce(var.ec2.instance_metadata_defaults.http_put_response_hop_limit, -1) + + instance_metadata_tags = (var.ec2.instance_metadata_defaults.instance_tags_enabled != null + ? (var.ec2.instance_metadata_defaults.instance_tags_enabled ? "enabled" : "disabled") + : "no-preference" + ) +} + + ################################################### # Serial Consol Access for EC2 ################################################### diff --git a/modules/region/outputs.tf b/modules/region/outputs.tf index 3b6cac5..31e5391 100644 --- a/modules/region/outputs.tf +++ b/modules/region/outputs.tf @@ -38,8 +38,9 @@ output "ec2" { `serial_console_enabled` - Whether serial console access is enabled for the current AWS region. EOF value = { - ami_public_access_enabled = aws_ec2_image_block_public_access.this.state == "unblocked" - serial_console_enabled = aws_ec2_serial_console_access.this.enabled + ami_public_access_enabled = aws_ec2_image_block_public_access.this.state == "unblocked" + instance_metadata_defaults = var.ec2.instance_metadata_defaults + serial_console_enabled = aws_ec2_serial_console_access.this.enabled } } diff --git a/modules/region/variables.tf b/modules/region/variables.tf index 80e8cab..18e92ad 100644 --- a/modules/region/variables.tf +++ b/modules/region/variables.tf @@ -16,11 +16,22 @@ variable "ec2" { description = <
enabled = optional(bool, true)
index_type = optional(string, "LOCAL")
views = optional(list(object({
name = string
is_default = optional(bool, false)
filter_queries = optional(list(string), [])
additional_resource_attributes = optional(set(string), [])
})), [])
})