AWS Amazon EC2 Template

aws_launch_template (Terraform)

The Template in Amazon EC2 can be configured in Terraform with the resource name aws_launch_template. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub

SonarSource/sonar-iac

resource "aws_launch_template" "noncompliantawstemplate1" { # Noncompliant {{Make sure that using public IP address is safe here.}}
#        ^^^^^^^^^^^^^^^^^^^^^
}

resource "aws_launch_template" "noncompliantawstemplate2" {
#        ^^^^^^^^^^^^^^^^^^^^^> {{Related template}}

AlexsLemonade/alsf-scpca

resource "aws_launch_template" "nf_lt_standard" {
  name = "nextflow-launchtemplate-standard"
  tags = var.default_tags
  # ccdl-nextflow-base-v2.0 image
  image_id = "ami-01c08d4de548477df"
  block_device_mappings {

gilyas/infracost

resource "aws_launch_template" "lt_basic" {
  image_id      = "fake_ami"
  instance_type = "t2.medium"

  block_device_mappings {
    device_name = "xvdf"

garutilorenzo/k3s-aws-terraform-cluster

resource "aws_launch_template" "k3s_server" {
  name_prefix   = "k3s_server_tpl"
  image_id      = var.AMIS[var.AWS_REGION]
  instance_type = "t3.large"
  user_data     = data.template_cloudinit_config.k3s_server.rendered

TheCountt/terraform-cloud

resource "aws_launch_template" "bastion" {
  name = "bastion-launch-template"

  image_id = var.ami-bastion

  instance_type = var.instance_type

Parameters

• arn optional computed - string
• default_version optional computed - number
• description optional - string
• disable_api_termination optional - bool
• ebs_optimized optional - string
• id optional computed - string
• image_id optional - string
• instance_initiated_shutdown_behavior optional - string
• instance_type optional - string
• kernel_id optional - string
• key_name optional - string
• latest_version optional computed - number
• name optional computed - string
• name_prefix optional - string
• ram_disk_id optional - string
• security_group_names optional - set of string
• tags optional - map from string to string
• update_default_version optional - bool
• user_data optional - string
• vpc_security_group_ids optional - set of string
• block_device_mappings list block
  • device_name optional - string
  • no_device optional - string
  • virtual_name optional - string
  • ebs list block
    • delete_on_termination optional - string
    • encrypted optional - string
    • iops optional computed - number
    • kms_key_id optional - string
    • snapshot_id optional - string
    • throughput optional computed - number
    • volume_size optional computed - number
    • volume_type optional computed - string
• capacity_reservation_specification list block
  • capacity_reservation_preference optional - string
  • capacity_reservation_target list block
    • capacity_reservation_id optional - string
• cpu_options list block
  • core_count optional - number
  • threads_per_core optional - number
• credit_specification list block
  • cpu_credits optional - string
• elastic_gpu_specifications list block
  • type required - string
• elastic_inference_accelerator list block
  • type required - string
• enclave_options list block
  • enabled optional - bool
• hibernation_options list block
  • configured required - bool
• iam_instance_profile list block
  • arn optional - string
  • name optional - string
• instance_market_options list block
  • market_type optional - string
  • spot_options list block
    • block_duration_minutes optional - number
    • instance_interruption_behavior optional - string
    • max_price optional - string
    • spot_instance_type optional - string
    • valid_until optional computed - string
• license_specification set block
  • license_configuration_arn required - string
• metadata_options list block
  • http_endpoint optional computed - string
  • http_put_response_hop_limit optional computed - number
  • http_tokens optional computed - string
• monitoring list block
  • enabled optional - bool
• network_interfaces list block
  • associate_carrier_ip_address optional - string
  • associate_public_ip_address optional - string
  • delete_on_termination optional - string
  • description optional - string
  • device_index optional - number
  • ipv4_address_count optional - number
  • ipv4_addresses optional - set of string
  • ipv6_address_count optional - number
  • ipv6_addresses optional - set of string
  • network_interface_id optional - string
  • private_ip_address optional - string
  • security_groups optional - set of string
  • subnet_id optional - string
• placement list block
  • affinity optional - string
  • availability_zone optional - string
  • group_name optional - string
  • host_id optional - string
  • partition_number optional - number
  • spread_domain optional - string
  • tenancy optional - string
• tag_specifications list block
  • resource_type optional - string
  • tags optional - map from string to string

Explanation in Terraform Registry

Provides an EC2 launch template resource. Can be used to create instances or auto scaling groups.

Tips: Best Practices for The Other AWS Amazon EC2 Resources

In addition to the aws_default_vpc, AWS Amazon EC2 has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

aws_default_vpc

Ensure to avoid using default VPC

It is better to define the own VPC and use it.

aws_network_acl_rule

Ensure your network ACL rule blocks unwanted inbound traffic

It is better to block unwanted inbound traffic.

aws_ebs_volume

Ensure to use a customer-managed key for EBS volume encryption

It is better to use a customer-managed key for EBS volume encryption. It can be gain more control over the encryption by using customer-managed keys (CMK).

aws_instance

Ensure to avoid storing AWS access keys in user data

It is better to avoid storing AWS access keys in user data. `aws_iam_instance_profile` could be used instead.

aws_security_group

Ensure your security group blocks unwanted inbound traffic

It is better to block unwanted inbound traffic.