Skip to content

EC2 Module

Source: tofu/modules/ec2

Creates an EC2 instance with a dedicated security group, KMS-encrypted EBS volume, and CloudWatch auto-recovery alarm.

Inputs

Variable Type Description
name string Name prefix for instance and SG
ami_id string AMI ID
instance_type string Instance type (e.g. t3.small)
subnet_id string Subnet to launch in
vpc_id string VPC ID for security group
kms_key_arn string KMS key for EBS encryption
iam_instance_profile string IAM instance profile name
root_volume_size number Root EBS volume size in GB
user_data string Userdata script
ingress_rules list(object) Security group ingress rules
tags map(string) Resource tags

Outputs

Output Description
instance_id EC2 instance ID
private_ip Private IP address
security_group_id Security group ID

Features

  • EBS volume encrypted with KMS CMK
  • CloudWatch StatusCheckFailed_System alarm → auto-recover
  • No SSH key pair — access via SSM only