AWS Amazon EC2 From Instance
This page shows how to write Terraform for Amazon EC2 From Instance and write them securely.
aws_ami_from_instance (Terraform)
The From Instance in Amazon EC2 can be configured in Terraform with the resource name aws_ami_from_instance. The following sections describe 5 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_ami_from_instance" "controller-0-ami" {
name = "controller-0-ami"
source_instance_id = aws_instance.controller-0.id
depends_on = [null_resource.dns-server-config]
}
resource "aws_ami_from_instance" "example1" {
name = "serviceone"
source_instance_id = aws_instance.ServiceOne.id
depends_on = [null_resource.ansibleservices]
}
#Create Image form ServiceTwo installed host
resource "aws_ami_from_instance" "ami_from_instance" {
name =
source_instance_id =
}
resource "aws_ami_from_instance" "ami_from_instance1" {
resource "aws_ami_from_instance" "payments_sd_cac_clone" {
name = "payments_sd_cac_clone_20191112"
source_instance_id = "i-043dec12552c0a948"
snapshot_without_reboot = true
tags = {
Name = "payments_sd_cac_clone_20191112"
resource "aws_ami_from_instance" "example" {
name = "ami2"
source_instance_id = "i-0659f71"
}
Parameters
-
architectureoptional computed - string -
arnoptional computed - string -
descriptionoptional - string -
ena_supportoptional computed - bool -
hypervisoroptional computed - string -
idoptional computed - string -
image_locationoptional computed - string -
image_owner_aliasoptional computed - string -
image_typeoptional computed - string -
kernel_idoptional computed - string -
manage_ebs_snapshotsoptional computed - bool -
namerequired - string -
owner_idoptional computed - string -
platformoptional computed - string -
platform_detailsoptional computed - string -
publicoptional computed - bool -
ramdisk_idoptional computed - string -
root_device_nameoptional computed - string -
root_snapshot_idoptional computed - string -
snapshot_without_rebootoptional - bool -
source_instance_idrequired - string -
sriov_net_supportoptional computed - string -
tagsoptional - map from string to string -
usage_operationoptional computed - string -
virtualization_typeoptional computed - string -
ebs_block_deviceset block-
delete_on_terminationoptional computed - bool -
device_nameoptional computed - string -
encryptedoptional computed - bool -
iopsoptional computed - number -
snapshot_idoptional computed - string -
throughputoptional computed - number -
volume_sizeoptional computed - number -
volume_typeoptional computed - string
-
-
ephemeral_block_deviceset block-
device_nameoptional computed - string -
virtual_nameoptional computed - string
-
-
timeoutssingle block
Explanation in Terraform Registry
The "AMI from instance" resource allows the creation of an Amazon Machine Image (AMI) modelled after an existing EBS-backed EC2 instance. The created AMI will refer to implicitly-created snapshots of the instance's EBS volumes and mimick its assigned block device configuration at the time the resource is created. This resource is best applied to an instance that is stopped when this instance is created, so that the contents of the created image are predictable. When applied to an instance that is running, the instance will be stopped before taking the snapshots and then started back up again, resulting in a period of downtime. Note that the source instance is inspected only at the initial creation of this resource. Ongoing updates to the referenced instance will not be propagated into the generated AMI. Users may taint or otherwise recreate the resource in order to produce a fresh snapshot.
Tips: Best Practices for The Other AWS Amazon EC2 Resources
In addition to the aws_default_vpc, AWS Amazon EC2 has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_default_vpc
Ensure to avoid using default VPC
It is better to define the own VPC and use it.
aws_network_acl_rule
Ensure your network ACL rule blocks unwanted inbound traffic
It is better to block unwanted inbound traffic.
aws_ebs_volume
Ensure to use a customer-managed key for EBS volume encryption
It is better to use a customer-managed key for EBS volume encryption. It can be gain more control over the encryption by using customer-managed keys (CMK).
aws_instance
Ensure to avoid storing AWS access keys in user data
It is better to avoid storing AWS access keys in user data. `aws_iam_instance_profile` could be used instead.
aws_security_group
Ensure your security group blocks unwanted inbound traffic
It is better to block unwanted inbound traffic.
CloudFormation Example
CloudFormation code does not have the related resource.
Frequently asked questions
What is AWS Amazon EC2 From Instance?
AWS Amazon EC2 From Instance is a resource for Amazon EC2 of Amazon Web Service. Settings can be wrote in Terraform.
Where can I find the example code for the AWS Amazon EC2 From Instance?
For Terraform, the alinuxien/k8s-aws-iac, rubenivanyan/epam_final_project and rachel-yoon59/codeherent-test-2 source code examples are useful. See the Terraform Example section for further details.
