Terraform module which creates Session Manager resources on AWS.
Provision SSM Documents, EC2 Instances and Instance Profiles for Session Manager.
This module provides recommended settings:
- No open inbound ports
- Loggable session activity
module "session_manager" {
source = "git::https://github.com/tmknom/terraform-aws-session-manager.git?ref=tags/2.0.0"
name = "example"
instance_type = "t2.micro"
subnet_id = var.subnet_id
vpc_id = var.vpc_id
}
module "session_manager" {
source = "git::https://github.com/tmknom/terraform-aws-session-manager.git?ref=tags/2.0.0"
name = "example"
instance_type = "t2.micro"
subnet_id = var.subnet_id
vpc_id = var.vpc_id
ssm_document_name = "SSM-SessionManagerRunShell-for-example"
s3_bucket_name = var.s3_bucket_name
s3_key_prefix = "prefix"
s3_encryption_enabled = false
cloudwatch_log_group_name = var.cloudwatch_log_group_name
cloudwatch_encryption_enabled = false
ami = var.ami
vpc_security_group_ids = var.vpc_security_group_ids
iam_policy = var.iam_policy
iam_path = "/service-role/"
description = "This is example"
tags = {
Environment = "prod"
}
}
Name | Version |
---|---|
terraform | >= 0.12 |
Name | Version |
---|---|
aws | n/a |
Name | Description | Type | Default | Required |
---|---|---|---|---|
instance_type | The type of instance to start. | string |
n/a | yes |
name | The name of the Session Manager. | string |
n/a | yes |
subnet_id | The VPC Subnet ID to launch in. | string |
n/a | yes |
vpc_id | The VPC ID. | string |
n/a | yes |
ami | The AMI to use for the instance. | string |
"" |
no |
cloudwatch_encryption_enabled | Specify true to indicate that encryption for CloudWatch Logs enabled. | bool |
true |
no |
cloudwatch_log_group_name | The name of the log group. | string |
"" |
no |
description | The description of the all resources. | string |
"Managed by Terraform" |
no |
iam_path | Path in which to create the IAM Role and the IAM Policy. | string |
"/" |
no |
iam_policy | The policy document. This is a JSON formatted string. | string |
"" |
no |
s3_bucket_name | The name of the bucket. | string |
"" |
no |
s3_encryption_enabled | Specify true to indicate that encryption for S3 Bucket enabled. | bool |
true |
no |
s3_key_prefix | The prefix for the specified S3 bucket. | string |
"" |
no |
ssm_document_name | The name of the document. | string |
"SSM-SessionManagerRunShell" |
no |
tags | A mapping of tags to assign to all resources. | map(string) |
{} |
no |
user_data | The user data to provide when launching the instance. | string |
"" |
no |
vpc_security_group_ids | A list of security group IDs to associate with. | list(string) |
[] |
no |
Name | Description |
---|---|
iam_instance_profile_arn | The ARN assigned by AWS to the instance profile. |
iam_instance_profile_create_date | The creation timestamp of the instance profile. |
iam_instance_profile_id | The instance profile's ID. |
iam_instance_profile_name | The instance profile's name. |
iam_instance_profile_path | The path of the instance profile in IAM. |
iam_instance_profile_role | The role assigned to the instance profile. |
iam_instance_profile_unique_id | The unique ID assigned by AWS. |
iam_policy_arn | The ARN assigned by AWS to this IAM Policy. |
iam_policy_description | The description of the IAM Policy. |
iam_policy_document | The policy document of the IAM Policy. |
iam_policy_id | The IAM Policy's ID. |
iam_policy_name | The name of the IAM Policy. |
iam_policy_path | The path of the IAM Policy. |
iam_role_arn | The Amazon Resource Name (ARN) specifying the IAM Role. |
iam_role_create_date | The creation date of the IAM Role. |
iam_role_description | The description of the IAM Role. |
iam_role_name | The name of the IAM Role. |
iam_role_unique_id | The stable and unique string identifying the IAM Role. |
instance_arn | The ARN of the instance. |
instance_availability_zone | The availability zone of the instance. |
instance_id | The instance ID. |
instance_key_name | The key name of the instance. |
instance_placement_group | The placement group of the instance. |
instance_primary_network_interface_id | The ID of the instance's primary network interface. |
instance_private_dns | The private DNS name assigned to the instance. |
instance_private_ip | The private IP address assigned to the instance. |
instance_security_groups | The associated security groups. |
instance_subnet_id | The VPC subnet ID. |
security_group_arn | The ARN of the security group. |
security_group_description | The description of the security group. |
security_group_egress | The egress rules of the security group. |
security_group_id | The ID of the security group. |
security_group_ingress | The ingress rules of the security group. |
security_group_name | The name of the security group. |
security_group_owner_id | The owner ID of the security group. |
security_group_vpc_id | The VPC ID of the security group. |
ssm_document_default_version | The default version of the document. |
ssm_document_description | The description of the document. |
ssm_document_hash | The sha1 or sha256 of the document content. |
ssm_document_hash_type | The hashing algorithm used when hashing the content. |
ssm_document_latest_version | The latest version of the document. |
ssm_document_owner | The AWS user account of the person who created the document. |
ssm_document_parameter | The parameters that are available to this document. |
ssm_document_platform_types | A list of OS platforms compatible with this SSM document. |
ssm_document_schema_version | The schema version of the document. |
ssm_document_status | The current status of the document. |
export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
export AWS_DEFAULT_REGION=ap-northeast-1
git clone [email protected]:tmknom/terraform-aws-session-manager.git
cd terraform-aws-session-manager
make install
apply-complete Run terraform apply examples/complete
apply-minimal Run terraform apply examples/minimal
check-format Check format code
clean Clean .terraform
destroy-complete Run terraform destroy examples/complete
destroy-minimal Run terraform destroy examples/minimal
diff Word diff
docs Generate docs
format Format code
help Show help
install Install requirements
lint Lint code
plan-complete Run terraform plan examples/complete
plan-minimal Run terraform plan examples/minimal
release Release GitHub and Terraform Module Registry
start-session Start session to example
upgrade Upgrade makefile
Bump VERSION file, and run make release
.
Apache 2 Licensed. See LICENSE for full details.