Skip to main content



Terraform module which creates EC2 instance(s) on AWS



amiID of AMI to use for the instancestringfalse
associate_public_ip_addressWhether to associate a public IP address with an instance in a VPCboolfalse
availability_zoneAZ to start the instance instringfalse
capacity_reservation_specificationDescribes an instance's Capacity Reservation targeting optionanyfalse
cpu_core_countSets the number of CPU cores for an instance.numberfalse
cpu_creditsThe credit option for CPU usage (unlimited or standard)stringfalse
cpu_threads_per_coreSets the number of CPU threads per core for an instance (has no effect unless cpu_core_count is also set).numberfalse
createWhether to create an instanceboolfalse
create_spot_instanceDepicts if the instance is a spot instanceboolfalse
disable_api_terminationIf true, enables EC2 Instance Termination Protectionboolfalse
ebs_block_deviceAdditional EBS block devices to attach to the instancelist(map(string))false
ebs_optimizedIf true, the launched EC2 instance will be EBS-optimizedboolfalse
enable_volume_tagsWhether to enable volume tags (if enabled it conflicts with root_block_device tags)boolfalse
enclave_options_enabledWhether Nitro Enclaves will be enabled on the instance. Defaults to falseboolfalse
ephemeral_block_deviceCustomize Ephemeral (also known as Instance Store) volumes on the instancelist(map(string))false
get_password_dataIf true, wait for password data to become available and retrieve it.boolfalse
hibernationIf true, the launched EC2 instance will support hibernationboolfalse
host_idID of a dedicated host that the instance will be assigned to. Use when an instance is to be launched on a specific dedicated hoststringfalse
iam_instance_profileIAM Instance Profile to launch the instance with. Specified as the name of the Instance Profilestringfalse
instance_initiated_shutdown_behaviorShutdown behavior for the instance. Amazon defaults this to stop for EBS-backed instances and terminate for instance-store instances. Cannot be set on instance-store instancestringfalse
instance_typeThe type of instance to startstringfalse
ipv6_address_countA number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnetnumberfalse
ipv6_addressesSpecify one or more IPv6 addresses from the range of the subnet to associate with the primary network interfacelist(string)false
key_nameKey name of the Key Pair to use for the instance; which can be managed using the aws_key_pair resourcestringfalse
launch_templateSpecifies a Launch Template to configure the instance. Parameters configured on this resource will override the corresponding parameters in the Launch Templatemap(string)false
metadata_optionsCustomize the metadata options of the instancemap(string)false
monitoringIf true, the launched EC2 instance will have detailed monitoring enabledboolfalse
nameName to be used on EC2 instance createdstringfalse
network_interfaceCustomize network interfaces to be attached at instance boot timelist(map(string))false
placement_groupThe Placement Group to start the instance instringfalse
private_ipPrivate IP address to associate with the instance in a VPCstringfalse
putin_khuyloDo you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info:!boolfalse
root_block_deviceCustomize details about the root block device of the instance. See Block Devices below for detailslist(any)false
secondary_private_ipsA list of secondary private IPv4 addresses to assign to the instance's primary network interface (eth0) in a VPC. Can only be assigned to the primary network interface (eth0) attached at instance creation, not a pre-existing network interface i.e. referenced in a network_interface blocklist(string)false
source_dest_checkControls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs.boolfalse
spot_block_duration_minutesThe required duration for the Spot instances, in minutes. This value must be a multiple of 60 (60, 120, 180, 240, 300, or 360)numberfalse
spot_instance_interruption_behaviorIndicates Spot instance behavior when it is interrupted. Valid values are terminate, stop, or hibernatestringfalse
spot_launch_groupA launch group is a group of spot instances that launch together and terminate together. If left empty instances are launched and terminated individuallystringfalse
spot_priceThe maximum price to request on the spot market. Defaults to on-demand pricestringfalse
spot_typeIf set to one-time, after the instance is terminated, the spot request will be closed. Default persistentstringfalse
spot_valid_fromThe start date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ)stringfalse
spot_valid_untilThe end date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ)stringfalse
spot_wait_for_fulfillmentIf set, Terraform will wait for the Spot Request to be fulfilled, and will throw an error if the timeout of 10m is reachedboolfalse
subnet_idThe VPC Subnet ID to launch instringfalse
tagsA mapping of tags to assign to the resourcemap(string)false
tenancyThe tenancy of the instance (if the instance is running in a VPC). Available values: default, dedicated, host.stringfalse
timeoutsDefine maximum timeout for creating, updating, and deleting EC2 instance resourcesmap(string)false
user_dataThe user data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see user_data_base64 instead.stringfalse
user_data_base64Can be used instead of user_data to pass base64-encoded binary data directly. Use this instead of user_data whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption.stringfalse
volume_tagsA mapping of tags to assign to the devices created by the instance at launch timemap(string)false
vpc_security_group_idsA list of security group IDs to associate withlist(string)false
writeConnectionSecretToRefThe secret which the cloud resource connection will be written towriteConnectionSecretToReffalse


nameThe secret name which the cloud resource connection will be written tostringtrue
namespaceThe secret namespace which the cloud resource connection will be written tostringfalse