Merge pull request #10 from lorengordon/feat/ec2-imds

plus3it · Jan 7, 2025 · 5780d5f · 5780d5f
2 parents eea3dd1 + e56212b
commit 5780d5f
Show file tree

Hide file tree

Showing 6 changed files with 31 additions and 2 deletions.
diff --git a/.bumpversion.cfg b/.bumpversion.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 1.1.0
+current_version = 1.2.0
 commit = True
 message = Bumps version to {new_version}
 tag = False

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/).
 
+### [1.2.0](https://github.com/plus3it/terraform-aws-tardigrade-ec2-account/releases/tag/1.2.0)
+
+**Released**: 2024.12.30
+
+**Summary**:
+
+*   Supports configurating instance metadata defaults
+
 ### [1.1.0](https://github.com/plus3it/terraform-aws-tardigrade-ec2-account/releases/tag/1.1.0)
 
 **Released**: 2024.09.20

diff --git a/README.md b/README.md
@@ -23,7 +23,7 @@ Module to manage EC2 account settings
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_ec2_account"></a> [ec2\_account](#input\_ec2\_account) | Object of inputs for ec2 account settings | <pre>object({<br>    ebs_encryption_by_default = optional(object({<br>      enabled         = optional(bool, true)<br>      default_kms_key = optional(string)<br>    }), {})<br><br>    ebs_snapshot_block_public_access = optional(object({<br>      state = optional(string, "block-all-sharing")<br>    }), {})<br><br>    image_block_public_access = optional(object({<br>      state = optional(string, "block-new-sharing")<br>    }), {})<br><br>    serial_console_access = optional(object({<br>      enabled = optional(bool, false)<br>    }))<br>  })</pre> | `{}` | no |
+| <a name="input_ec2_account"></a> [ec2\_account](#input\_ec2\_account) | Object of inputs for ec2 account settings | <pre>object({<br>    ebs_encryption_by_default = optional(object({<br>      enabled         = optional(bool, true)<br>      default_kms_key = optional(string)<br>    }), {})<br><br>    ebs_snapshot_block_public_access = optional(object({<br>      state = optional(string, "block-all-sharing")<br>    }), {})<br><br>    image_block_public_access = optional(object({<br>      state = optional(string, "block-new-sharing")<br>    }), {})<br><br>    instance_metadata_defaults = optional(object({<br>      http_endpoint               = optional(string, "enabled")<br>      http_tokens                 = optional(string, "required")<br>      http_put_response_hop_limit = optional(number, 2)<br>      instance_metadata_tags      = optional(string, "enabled")<br>    }), {})<br><br>    serial_console_access = optional(object({<br>      enabled = optional(bool, false)<br>    }))<br>  })</pre> | `{}` | no |
 
 ## Outputs
 

diff --git a/main.tf b/main.tf
@@ -20,3 +20,10 @@ resource "aws_ec2_serial_console_access" "this" {
 
   enabled = var.ec2_account.serial_console_access.enabled
 }
+
+resource "aws_ec2_instance_metadata_defaults" "this" {
+  http_endpoint               = var.ec2_account.instance_metadata_defaults.http_endpoint
+  http_tokens                 = var.ec2_account.instance_metadata_defaults.http_tokens
+  http_put_response_hop_limit = var.ec2_account.instance_metadata_defaults.http_put_response_hop_limit
+  instance_metadata_tags      = var.ec2_account.instance_metadata_defaults.instance_metadata_tags
+}
diff --git a/tests/all-inputs/main.tf b/tests/all-inputs/main.tf
@@ -15,6 +15,13 @@ module "ec2_account" {
       state = "block-new-sharing"
     }
 
+    instance_metadata_defaults = {
+      http_endpoint               = "enabled"
+      http_tokens                 = "required"
+      http_put_response_hop_limit = 2
+      instance_metadata_tags      = "enabled"
+    }
+
     serial_console_access = {
       enabled = true
     }

diff --git a/variables.tf b/variables.tf
@@ -14,6 +14,13 @@ variable "ec2_account" {
       state = optional(string, "block-new-sharing")
     }), {})
 
+    instance_metadata_defaults = optional(object({
+      http_endpoint               = optional(string, "enabled")
+      http_tokens                 = optional(string, "required")
+      http_put_response_hop_limit = optional(number, 2)
+      instance_metadata_tags      = optional(string, "enabled")
+    }), {})
+
     serial_console_access = optional(object({
       enabled = optional(bool, false)
     }))