SLT | SSM-Managed Instance

An EC2 instance with AmazonSSMManagedInstanceCore policy included in its profile, allowing to connect to the instance securely via AWS SSM's Session Manager.

Storm Library for Terraform

This repository is a member of the SLT | Storm Library for Terraform, a collection of Terraform modules for Amazon Web Services. The focus of these modules, maintained in separate GitHub™ repositories, is on building examples, demos and showcases on AWS. The audience of the library is learners and presenters alike - people that want to know or show how a certain service, pattern or solution looks like, or "feels".

Learn more

Installation

This demo can be built using GitHub Actions. In order to do so

• Install the Storm Library for Terraform
• Deploy this member repository

Deployment of this member should take < 2 minutes on GitHub resources.

Architecture

Explore this demo

This is rather a helper module than a demo. It provides for an EC2 instance with the AmazonSSMManagedInstanceCore AWS managed policy attached to its profile in order to login into your EC2 instance using AWS Session Manager.

The instance itself has no dedicated purpose. In the context of the Storm Library for Terraform it often serves as controller host, supporting the deployment flow where Terraform can't, or as an instance for interacting with and exploring of resources of a demo.

Terraform Docs

Click to show

Requirements

Name	Version
terraform	>= 1
aws	>= 6

Providers

Name	Version
aws	>= 6

Modules

No modules.

Resources

Name	Type
aws_iam_instance_profile.instance	resource
aws_iam_role.instance	resource
aws_iam_role_policy_attachment.additional_policies	resource
aws_iam_role_policy_attachment.administrator_access	resource
aws_iam_role_policy_attachment.amazon_ssm_managed_instance_core	resource
aws_instance.instance	resource
aws_ami.latest_amazon_linux_ami	data source
aws_iam_policy.administrator_access	data source
aws_iam_policy.amazon_ssm_managed_instance_core	data source
aws_iam_policy_document.client_assume_role	data source
aws_region.current	data source

Inputs

Name	Description	Type	Default	Required
_metadata	n/a	object({ actor = string # Github actor (deployer) of the deployment catalog_id = string # SLT catalog id of this module deployment = string # slt-<catalod_id>-- ref = string # Git reference of the deployment ref_name = string # Git ref_name (branch) of the deployment repo = string # GitHub short repository name (without owner) of the deployment repository = string # GitHub full repository name (including owner) of the deployment sha = string # Git (full-length, 40 char) commit SHA of the deployment short_name = string # slt-<catalog_id>- time = string # Timestamp of the deployment })	{ "actor": "", "catalog_id": "", "deployment": "", "ref": "", "ref_name": "", "repo": "", "repository": "", "sha": "", "short_name": "", "time": "" }	no
ami	AMI (Id) to use for the instance	string	null	no
detailed_monitoring	Flag for detailed monitoring. Make sure to understand cost/benefit relationship. Check: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/manage-detailed-monitoring.html	bool	true	no
instance_type	Instance type	string	"t3.medium"	no
key_name	Key pair name to use	string	null	no
name	Instance name	string	null	no
policies	List of IAM policy ARNs to attach to the instance	list(string)	[]	no
region	Region where to deploy to	string	null	no
root_volume_size	Root volume size in GB	number	50	no
source_dest_check	Disable source/dest check (default true)	bool	true	no
subnet_id	Id of the subnet to create this instance in	string	null	no
user_data	User data to pass to the instance	string	null	no
user_data_base64	User data to pass to the instance; base64-encoded	string	null	no
vpc_security_group_ids	List of security group IDs to use with the instance	list(string)	null	no

Outputs

Name	Description
_default_tags	n/a
_metadata	n/a
_name_tag	n/a
instance	n/a