From 2da9e8e4b7be94ce6727615266160db9183225aa Mon Sep 17 00:00:00 2001 From: leinad-sch Date: Wed, 2 Apr 2025 16:46:35 +0200 Subject: [PATCH 1/2] feat: add support for custom Cloud-Init parts Introduced the `cloud_init_parts` variable to allow users to include custom Cloud-Init configurations in the NAT instance user data script. --- ec2.tf | 41 ++++++++++++++++++++++++++++++----------- variables.tf | 29 +++++++++++++++++++---------- 2 files changed, 49 insertions(+), 21 deletions(-) diff --git a/ec2.tf b/ec2.tf index 66b42ab..41c05d0 100644 --- a/ec2.tf +++ b/ec2.tf @@ -2,25 +2,25 @@ data "aws_ami" "main" { count = var.ami_id != null ? 0 : 1 most_recent = true - owners = ["568608671756"] + owners = ["568608671756"] filter { - name = "name" + name = "name" values = ["fck-nat-al2023-hvm-*"] } filter { - name = "architecture" + name = "architecture" values = [local.is_arm ? "arm64" : "x86_64"] } filter { - name = "root-device-type" + name = "root-device-type" values = ["ebs"] } filter { - name = "virtualization-type" + name = "virtualization-type" values = ["hvm"] } } @@ -31,6 +31,30 @@ data "aws_arn" "ssm_param" { arn = var.cloudwatch_agent_configuration_param_arn } +data "cloudinit_config" "this" { + gzip = true + base64_encode = true + + part { + content_type = "text/x-shellscript" + content = templatefile("${path.module}/templates/user_data.sh", { + TERRAFORM_ENI_ID = aws_network_interface.main.id + TERRAFORM_EIP_ID = length(var.eip_allocation_ids) != 0 ? var.eip_allocation_ids[0] : "" + TERRAFORM_CWAGENT_ENABLED = var.use_cloudwatch_agent ? "true" : "" + TERRAFORM_CWAGENT_CFG_PARAM_NAME = local.cwagent_param_name != null ? local.cwagent_param_name : "" + }) + } + + dynamic part { + for_each = var.cloud_init_parts + + content { + content_type = part.value["content_type"] + content = part.value["content"] + } + } +} + resource "aws_launch_template" "main" { #checkov:skip=CKV_AWS_88:NAT instances must have a public IP. name = var.name @@ -78,12 +102,7 @@ resource "aws_launch_template" "main" { } } - user_data = base64encode(templatefile("${path.module}/templates/user_data.sh", { - TERRAFORM_ENI_ID = aws_network_interface.main.id - TERRAFORM_EIP_ID = length(var.eip_allocation_ids) != 0 ? var.eip_allocation_ids[0] : "" - TERRAFORM_CWAGENT_ENABLED = var.use_cloudwatch_agent ? "true" : "" - TERRAFORM_CWAGENT_CFG_PARAM_NAME = local.cwagent_param_name != null ? local.cwagent_param_name : "" - })) + user_data = data.cloudinit_config.this.rendered # Enforce IMDSv2 metadata_options { diff --git a/variables.tf b/variables.tf index ccb61ca..e0518b1 100644 --- a/variables.tf +++ b/variables.tf @@ -33,8 +33,8 @@ variable "route_table_id" { variable "route_tables_ids" { description = "Route tables to update. Only valid if update_route_tables is true" - type = map(string) - default = {} + type = map(string) + default = {} } variable "encryption" { @@ -75,8 +75,8 @@ variable "ebs_root_volume_size" { variable "eip_allocation_ids" { description = "EIP allocation IDs to use for the NAT instance. Automatically assign a public IP if none is provided. Note: Currently only supports at most one EIP allocation." - type = list(string) - default = [] + type = list(string) + default = [] } variable "attach_ssm_policy" { @@ -100,9 +100,9 @@ variable "use_cloudwatch_agent" { variable "cloudwatch_agent_configuration" { description = "CloudWatch configuration for the NAT instance" type = object({ - namespace = optional(string, "fck-nat"), + namespace = optional(string, "fck-nat"), collection_interval = optional(number, 60), - endpoint_override = optional(string, "") + endpoint_override = optional(string, "") }) default = { namespace = "fck-nat" @@ -125,8 +125,8 @@ variable "use_default_security_group" { variable "additional_security_group_ids" { description = "A list of identifiers of security groups to be added for the NAT instance" - type = list(string) - default = [] + type = list(string) + default = [] } variable "use_ssh" { @@ -155,6 +155,15 @@ variable "ssh_cidr_blocks" { variable "tags" { description = "Tags to apply to resources created within the module" - type = map(string) - default = {} + type = map(string) + default = {} +} + +variable "cloud_init_parts" { + description = "Cloud-init parts to add to the user data script" + type = list(object({ + content = string + content_type = string + })) + default = [] } \ No newline at end of file From c63311292a47824229dc77ff16bd24b7f24c460c Mon Sep 17 00:00:00 2001 From: leinad-sch Date: Mon, 14 Apr 2025 15:48:59 +0200 Subject: [PATCH 2/2] chore: terraform fmt --- ec2.tf | 10 +++++----- examples/full/main.tf | 2 +- variables.tf | 20 ++++++++++---------- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/ec2.tf b/ec2.tf index 41c05d0..d3072e1 100644 --- a/ec2.tf +++ b/ec2.tf @@ -2,25 +2,25 @@ data "aws_ami" "main" { count = var.ami_id != null ? 0 : 1 most_recent = true - owners = ["568608671756"] + owners = ["568608671756"] filter { - name = "name" + name = "name" values = ["fck-nat-al2023-hvm-*"] } filter { - name = "architecture" + name = "architecture" values = [local.is_arm ? "arm64" : "x86_64"] } filter { - name = "root-device-type" + name = "root-device-type" values = ["ebs"] } filter { - name = "virtualization-type" + name = "virtualization-type" values = ["hvm"] } } diff --git a/examples/full/main.tf b/examples/full/main.tf index 0943ad9..544c3e5 100644 --- a/examples/full/main.tf +++ b/examples/full/main.tf @@ -17,4 +17,4 @@ module "fck-nat" { route_tables_ids = { "private" = aws_route_table.private.id } -} \ No newline at end of file +} diff --git a/variables.tf b/variables.tf index e0518b1..26f9aca 100644 --- a/variables.tf +++ b/variables.tf @@ -33,8 +33,8 @@ variable "route_table_id" { variable "route_tables_ids" { description = "Route tables to update. Only valid if update_route_tables is true" - type = map(string) - default = {} + type = map(string) + default = {} } variable "encryption" { @@ -75,8 +75,8 @@ variable "ebs_root_volume_size" { variable "eip_allocation_ids" { description = "EIP allocation IDs to use for the NAT instance. Automatically assign a public IP if none is provided. Note: Currently only supports at most one EIP allocation." - type = list(string) - default = [] + type = list(string) + default = [] } variable "attach_ssm_policy" { @@ -100,9 +100,9 @@ variable "use_cloudwatch_agent" { variable "cloudwatch_agent_configuration" { description = "CloudWatch configuration for the NAT instance" type = object({ - namespace = optional(string, "fck-nat"), + namespace = optional(string, "fck-nat"), collection_interval = optional(number, 60), - endpoint_override = optional(string, "") + endpoint_override = optional(string, "") }) default = { namespace = "fck-nat" @@ -125,8 +125,8 @@ variable "use_default_security_group" { variable "additional_security_group_ids" { description = "A list of identifiers of security groups to be added for the NAT instance" - type = list(string) - default = [] + type = list(string) + default = [] } variable "use_ssh" { @@ -155,8 +155,8 @@ variable "ssh_cidr_blocks" { variable "tags" { description = "Tags to apply to resources created within the module" - type = map(string) - default = {} + type = map(string) + default = {} } variable "cloud_init_parts" {