Skip to content

tfstack/terraform-aws-ec2-server

BranchesTags

Repository files navigation

terraform-aws-ec2-server

Provision a single EC2 instance with optional server role and SSM support

Requirements

Name Version
terraform >= 1.0
aws >= 4.0

Providers

Name Version
aws >= 4.0

Modules

No modules.

Resources

Name Type
aws_ebs_volume.multiple resource
aws_ebs_volume.single resource
aws_iam_instance_profile.ec2_server resource
aws_iam_role.ec2_server resource
aws_iam_role_policy_attachment.cloudwatch resource
aws_iam_role_policy_attachment.ssm resource
aws_instance.server resource
aws_security_group.ec2_server resource
aws_volume_attachment.multiple resource
aws_volume_attachment.single resource
aws_ami.amazon_linux_2 data source

Inputs

Name Description Type Default Required
allowed_cidr_blocks List of CIDR blocks allowed to access the instance via SSH and ICMP list(string) 
[
  "0.0.0.0/0"
]
 no
ami_type AMI type (default supports only amazonlinux2) string "amazonlinux2" no
assign_public_ip Assign public IP to instance. Note: For SSM to work with public IP, ensure the instance is in a public subnet with route to internet gateway. bool false no
create_security_group Create a dedicated security group allowing SSH/ICMP from allowed CIDRs if no security group IDs are supplied. If true, vpc_security_group_ids can be empty. bool false no
ebs_device_name Device name for the EBS volume (for single volume configuration) string "/dev/xvdf" no
ebs_volume_size Size of the EBS volume in GB (for single volume configuration) number null no
ebs_volume_type Type of EBS volume (for single volume configuration) string "gp3" no
ebs_volumes List of EBS volumes to attach to the instance 
list(object({
    device_name = string
    volume_size = number
    volume_type = string
    encrypted   = optional(bool, true)
    kms_key_id  = optional(string, null)
    iops        = optional(number, null)
    throughput  = optional(number, null)
    tags        = optional(map(string), {})
  }))
 [] no
enable_cw_logs Enable CloudWatch Logs agent (writes basic system logs to CW Logs) bool false no
enable_ssm Enable SSM access. Note: For SSM to work with public IP, ensure the instance is in a public subnet with route to internet gateway. bool false no
http_port HTTP port for webserver (default: 80) number 80 no
instance_tags Tags to apply to the instance map(string) {} no
instance_type EC2 instance type string "t3.micro" no
name Name prefix for resources (e.g., 'my-server', 'web-app') string "ec2-server" no
role Optional server role (e.g., webserver) string null no
subnet_id Subnet ID to launch the instance string n/a yes
user_data Optional custom user data script string null no
vpc_id ID of the VPC string n/a yes
vpc_security_group_ids List of security group IDs to attach to the instance. list(string) [] no
webserver_type Webserver type if role is webserver (nginx or apache) string "nginx" no

Outputs

Name Description
ebs_volume_attachments Map of device names to volume IDs for attached EBS volumes
ebs_volume_ids List of EBS volume IDs attached to the instance
effective_security_group_ids List of security group IDs attached to the instance
instance_id EC2 instance ID
private_ip Private IP address
public_ip Public IP address
security_group_id Security Group ID (if created)
ssm_instance_url SSM Console Session URL (if SSM enabled)

About

Provision a single EC2 instance with optional server role and SSM support

registry.terraform.io/modules/tfstack/ec2-server/aws/latest

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 3

v1.0.2 Latest
Sep 7, 2025
+ 2 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages