diff --git a/README.md b/README.md
index 5ccc080..8877782 100644
--- a/README.md
+++ b/README.md
@@ -254,8 +254,8 @@ Default: `null`
| [iam\_role\_arn\_vault\_cluster](#output\_iam\_role\_arn\_vault\_cluster) | IAM role ARN attached to the Vault cluster. |
| [iam\_role\_id\_consul\_cluster](#output\_iam\_role\_id\_consul\_cluster) | IAM role ID attached to the Consul cluster. |
| [iam\_role\_id\_vault\_cluster](#output\_iam\_role\_id\_vault\_cluster) | IAM role ID attached to the Vault cluster. |
-| [launch\_config\_name\_consul\_cluster](#output\_launch\_config\_name\_consul\_cluster) | Launch configuration name of the Consul cluster. |
-| [launch\_config\_name\_vault\_cluster](#output\_launch\_config\_name\_vault\_cluster) | Launch configuration name of the Vault cluster. |
+| [launch\_template\_name\_consul\_cluster](#output\_launch\_template\_name\_consul\_cluster) | Launch template name of the Consul cluster. |
+| [launch\_template\_name\_vault\_cluster](#output\_launch\_template\_name\_vault\_cluster) | Launch template name of the Vault cluster. |
| [security\_group\_id\_consul\_cluster](#output\_security\_group\_id\_consul\_cluster) | Security group ID of the Consul cluster to attach to other security group rules. |
| [security\_group\_id\_vault\_cluster](#output\_security\_group\_id\_vault\_cluster) | Security group ID of the Vault cluster to attach to other security group rules. |
diff --git a/main.tf b/main.tf
index f48559b..3d036a5 100644
--- a/main.tf
+++ b/main.tf
@@ -6,7 +6,7 @@ module "vault_cluster" {
instance_type = var.vault_instance_type
ami_id = var.ami_id
- user_data = templatefile("${path.module}/user-data/vault.sh.tftpl", {
+ user_data = base64encode(templatefile("${path.module}/user-data/vault.sh.tftpl", {
enable_s3_backend = var.enable_s3_backend ? 1 : 0
s3_bucket_region = data.aws_region.current.name
s3_bucket_name = var.s3_bucket_name
@@ -14,7 +14,7 @@ module "vault_cluster" {
consul_cluster_tag_value = local.consul_cluster_tag_val
ssh_keys = join("\n", var.ssh_keys)
ssh_user = "ubuntu"
- })
+ }))
vpc_id = var.vpc_id
subnet_ids = var.private_subnet_ids
@@ -82,12 +82,12 @@ module "consul_cluster" {
instance_type = var.consul_instance_type
ami_id = var.ami_id
- user_data = templatefile("${path.module}/user-data/consul.sh.tftpl", {
+ user_data = base64encode(templatefile("${path.module}/user-data/consul.sh.tftpl", {
consul_cluster_tag_key = local.consul_cluster_tag_key
consul_cluster_tag_value = local.consul_cluster_tag_val
ssh_keys = join("\n", var.ssh_keys)
ssh_user = "ubuntu"
- })
+ }))
vpc_id = var.vpc_id
subnet_ids = var.private_subnet_ids
diff --git a/modules/consul-cluster/README.md b/modules/consul-cluster/README.md
index 863e1a3..61659ec 100644
--- a/modules/consul-cluster/README.md
+++ b/modules/consul-cluster/README.md
@@ -42,7 +42,7 @@ rules.
| [aws_autoscaling_group.autoscaling_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group) | resource |
| [aws_iam_instance_profile.instance_profile](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource |
| [aws_iam_role.instance_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
-| [aws_launch_configuration.launch_configuration](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_configuration) | resource |
+| [aws_launch_template.launch_template](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) | resource |
| [null_resource.tags_as_list_of_maps](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
| [aws_iam_policy_document.instance_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
@@ -56,7 +56,6 @@ rules.
| [user\_data](#input\_user\_data) | A User Data script to execute while the server is booting. We remmend passing in a bash script that executes the run-consul script, which should have been installed in the Consul AMI by the install-consul module. | `string` | n/a | yes |
| [instance\_type](#input\_instance\_type) | The type of EC2 Instances to run for each node in the cluster (e.g. t3.micro). | `string` | `"t3.micro"` | no |
| [cluster\_size](#input\_cluster\_size) | The number of nodes to have in the Consul cluster. We strongly recommended that you use either 3 or 5. | `number` | `3` | no |
-| [tenancy](#input\_tenancy) | The tenancy of the instance. Must be one of: empty string, default or dedicated. For EC2 Spot Instances only empty string or dedicated can be used. | `string` | `""` | no |
| [root\_volume\_ebs\_optimized](#input\_root\_volume\_ebs\_optimized) | If true, the launched EC2 instance will be EBS-optimized. | `bool` | `false` | no |
| [root\_volume\_type](#input\_root\_volume\_type) | The type of volume. Must be one of: standard, gp2, or io1. | `string` | `"standard"` | no |
| [root\_volume\_size](#input\_root\_volume\_size) | The size, in GB, of the root EBS volume. | `number` | `50` | no |
@@ -79,7 +78,7 @@ rules.
|------|-------------|
| [asg\_name](#output\_asg\_name) | Name of the Consul autoscaling group |
| [cluster\_size](#output\_cluster\_size) | Number of Consul nodes |
-| [launch\_config\_name](#output\_launch\_config\_name) | Name of the Consul launch configuration |
+| [launch\_template](#output\_launch\_template) | Name of the Vault launch\_template |
| [iam\_role\_arn](#output\_iam\_role\_arn) | ARN of the IAM role attached to the Consul instance. |
| [iam\_role\_id](#output\_iam\_role\_id) | ID of the IAM role attached to the Consul instance. |
| [iam\_role\_name](#output\_iam\_role\_name) | Name of the IAM role attached to the Consul instance. |
diff --git a/modules/consul-cluster/main.tf b/modules/consul-cluster/main.tf
index 598b6fc..8b6e2c1 100644
--- a/modules/consul-cluster/main.tf
+++ b/modules/consul-cluster/main.tf
@@ -1,7 +1,10 @@
resource "aws_autoscaling_group" "autoscaling_group" {
name_prefix = var.cluster_name
- launch_configuration = aws_launch_configuration.launch_configuration.name
+ launch_template {
+ id = aws_launch_template.launch_template.id
+ version = aws_launch_template.launch_template.latest_version
+ }
vpc_zone_identifier = flatten(var.subnet_ids)
@@ -44,36 +47,33 @@ resource "aws_autoscaling_group" "autoscaling_group" {
}
}
-resource "aws_launch_configuration" "launch_configuration" {
+resource "aws_launch_template" "launch_template" {
name_prefix = "${var.cluster_name}-"
image_id = var.ami_id
instance_type = var.instance_type
user_data = var.user_data
- iam_instance_profile = aws_iam_instance_profile.instance_profile.name
- placement_tenancy = var.tenancy
+ iam_instance_profile {
+ name = aws_iam_instance_profile.instance_profile.name
+ }
+ vpc_security_group_ids = [
+ module.lc_security_group.security_group_id,
+ module.attach_security_group.security_group_id,
+ ]
metadata_options {
http_tokens = "required"
http_put_response_hop_limit = 1
http_endpoint = "enabled"
}
- security_groups = [
- module.lc_security_group.security_group_id,
- module.attach_security_group.security_group_id,
- ]
-
- associate_public_ip_address = false
-
ebs_optimized = var.root_volume_ebs_optimized
- root_block_device {
- volume_type = var.root_volume_type
- volume_size = var.root_volume_size
- delete_on_termination = var.root_volume_delete_on_termination
- }
-
- lifecycle {
- create_before_destroy = true
+ block_device_mappings {
+ device_name = "/dev/sda1"
+ ebs {
+ volume_size = var.root_volume_size
+ delete_on_termination = var.root_volume_delete_on_termination
+ volume_type = var.root_volume_type
+ }
}
}
diff --git a/modules/consul-cluster/outputs.tf b/modules/consul-cluster/outputs.tf
index fe67331..f2e5bde 100644
--- a/modules/consul-cluster/outputs.tf
+++ b/modules/consul-cluster/outputs.tf
@@ -8,11 +8,10 @@ output "cluster_size" {
description = "Number of Consul nodes"
}
-output "launch_config_name" {
- value = aws_launch_configuration.launch_configuration.name
- description = "Name of the Consul launch configuration"
+output "launch_template" {
+ value = aws_launch_template.launch_template.name
+ description = "Name of the Vault launch_template"
}
-
output "iam_role_arn" {
value = aws_iam_role.instance_role.arn
description = "ARN of the IAM role attached to the Consul instance."
diff --git a/modules/consul-cluster/variables.tf b/modules/consul-cluster/variables.tf
index 498e31c..0030ad1 100644
--- a/modules/consul-cluster/variables.tf
+++ b/modules/consul-cluster/variables.tf
@@ -30,12 +30,6 @@ variable "cluster_size" {
type = number
}
-variable "tenancy" {
- description = "The tenancy of the instance. Must be one of: empty string, default or dedicated. For EC2 Spot Instances only empty string or dedicated can be used."
- default = ""
- type = string
-}
-
variable "root_volume_ebs_optimized" {
description = "If true, the launched EC2 instance will be EBS-optimized."
default = false
diff --git a/modules/vault-cluster/README.md b/modules/vault-cluster/README.md
index 01e9250..1d62025 100644
--- a/modules/vault-cluster/README.md
+++ b/modules/vault-cluster/README.md
@@ -63,7 +63,7 @@ machines.
| [aws_iam_role.instance_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role_policy.vault_s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
| [aws_iam_role_policy.vault_s3_kms](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
-| [aws_launch_configuration.launch_configuration](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_configuration) | resource |
+| [aws_launch_template.launch_template](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) | resource |
| [null_resource.tags_as_list_of_maps](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
| [aws_iam_policy_document.instance_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.vault_s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
@@ -81,7 +81,6 @@ machines.
| [user\_data](#input\_user\_data) | A User Data script to execute while the server is booting. We recommend passing in a bash script that executes the run-vault script, which should have been installed in the AMI by the install-vault module. | `string` | n/a | yes |
| [instance\_type](#input\_instance\_type) | The type of EC2 Instances to run for each node in the cluster (e.g. t2.micro). | `string` | `"t3.micro"` | no |
| [cluster\_size](#input\_cluster\_size) | The number of nodes to have in the cluster. We strongly recommend setting this to 3 or 5. | `number` | `3` | no |
-| [tenancy](#input\_tenancy) | The tenancy of the instance. Must be one of: default or dedicated. | `string` | `"default"` | no |
| [root\_volume\_ebs\_optimized](#input\_root\_volume\_ebs\_optimized) | If true, the launched EC2 instance will be EBS-optimized. | `bool` | `false` | no |
| [root\_volume\_type](#input\_root\_volume\_type) | The type of volume. Must be one of: standard, gp2, or io1. | `string` | `"standard"` | no |
| [root\_volume\_size](#input\_root\_volume\_size) | The size, in GB, of the root EBS volume. | `number` | `50` | no |
@@ -106,7 +105,7 @@ machines.
|------|-------------|
| [asg\_name](#output\_asg\_name) | Name of the Vault autoscaling group |
| [cluster\_size](#output\_cluster\_size) | Number of Vault nodes |
-| [launch\_config\_name](#output\_launch\_config\_name) | Name of the Vault launch configuration |
+| [launch\_template](#output\_launch\_template) | Name of the Vault launch\_template |
| [iam\_role\_arn](#output\_iam\_role\_arn) | ARN of the IAM role attached to the Vault instance. |
| [iam\_role\_id](#output\_iam\_role\_id) | ID of the IAM role attached to the Vault instance. |
| [iam\_role\_name](#output\_iam\_role\_name) | Name of the IAM role attached to the Vault instance. |
diff --git a/modules/vault-cluster/main.tf b/modules/vault-cluster/main.tf
index e621648..50cec40 100644
--- a/modules/vault-cluster/main.tf
+++ b/modules/vault-cluster/main.tf
@@ -1,7 +1,10 @@
resource "aws_autoscaling_group" "autoscaling_group" {
name_prefix = var.cluster_name
- launch_configuration = aws_launch_configuration.launch_configuration.name
+ launch_template {
+ id = aws_launch_template.launch_template.id
+ version = aws_launch_template.launch_template.latest_version
+ }
vpc_zone_identifier = flatten(var.subnet_ids)
@@ -39,36 +42,34 @@ resource "aws_autoscaling_group" "autoscaling_group" {
}
}
-resource "aws_launch_configuration" "launch_configuration" {
+# Launch Template Resource
+resource "aws_launch_template" "launch_template" {
name_prefix = "${var.cluster_name}-"
image_id = var.ami_id
instance_type = var.instance_type
user_data = var.user_data
- iam_instance_profile = aws_iam_instance_profile.instance_profile.name
- placement_tenancy = var.tenancy
+ iam_instance_profile {
+ name = aws_iam_instance_profile.instance_profile.name
+ }
- security_groups = [
+ vpc_security_group_ids = [
module.lc_security_group.security_group_id,
module.attach_security_group.security_group_id,
]
-
metadata_options {
http_tokens = "required"
http_put_response_hop_limit = 1
http_endpoint = "enabled"
}
- associate_public_ip_address = false
-
ebs_optimized = var.root_volume_ebs_optimized
- root_block_device {
- volume_type = var.root_volume_type
- volume_size = var.root_volume_size
- delete_on_termination = var.root_volume_delete_on_termination
- }
-
- lifecycle {
- create_before_destroy = true
+ block_device_mappings {
+ device_name = "/dev/sda1"
+ ebs {
+ volume_size = var.root_volume_size
+ delete_on_termination = var.root_volume_delete_on_termination
+ volume_type = var.root_volume_type
+ }
}
}
diff --git a/modules/vault-cluster/outputs.tf b/modules/vault-cluster/outputs.tf
index 79e97f3..21e0097 100644
--- a/modules/vault-cluster/outputs.tf
+++ b/modules/vault-cluster/outputs.tf
@@ -8,9 +8,9 @@ output "cluster_size" {
description = "Number of Vault nodes"
}
-output "launch_config_name" {
- value = aws_launch_configuration.launch_configuration.name
- description = "Name of the Vault launch configuration"
+output "launch_template" {
+ value = aws_launch_template.launch_template.name
+ description = "Name of the Vault launch_template"
}
output "iam_role_arn" {
diff --git a/modules/vault-cluster/variables.tf b/modules/vault-cluster/variables.tf
index 7c4053c..a99aab0 100644
--- a/modules/vault-cluster/variables.tf
+++ b/modules/vault-cluster/variables.tf
@@ -30,12 +30,6 @@ variable "cluster_size" {
type = number
}
-variable "tenancy" {
- description = "The tenancy of the instance. Must be one of: default or dedicated."
- default = "default"
- type = string
-}
-
variable "root_volume_ebs_optimized" {
description = "If true, the launched EC2 instance will be EBS-optimized."
default = false
diff --git a/outputs.tf b/outputs.tf
index 34ff54a..32c59c3 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -18,14 +18,14 @@ output "asg_name_vault_cluster" {
description = "Autoscaling group name of the Vault cluster."
}
-output "launch_config_name_consul_cluster" {
- value = module.consul_cluster.launch_config_name
- description = "Launch configuration name of the Consul cluster."
+output "launch_template_name_consul_cluster" {
+ value = module.consul_cluster.launch_template
+ description = "Launch template name of the Consul cluster."
}
-output "launch_config_name_vault_cluster" {
- value = module.vault_cluster.launch_config_name
- description = "Launch configuration name of the Vault cluster."
+output "launch_template_name_vault_cluster" {
+ value = module.vault_cluster.launch_template
+ description = "Launch template name of the Vault cluster."
}
output "iam_role_arn_consul_cluster" {