diff --git a/README.md b/README.md
index e57ad49..adb340b 100644
--- a/README.md
+++ b/README.md
@@ -270,6 +270,14 @@ Type: `string`
Default: `""`
+### [bastion\_ami](#input\_bastion\_ami)
+
+Description: EC2 AMI ID for bastion host.
+
+Type: `string`
+
+Default: `null`
+
### [bastion\_instance\_type](#input\_bastion\_instance\_type)
Description: EC2 instance type of bastion host.
diff --git a/main.tf b/main.tf
index b70187c..f408e1b 100644
--- a/main.tf
+++ b/main.tf
@@ -2,7 +2,7 @@
# VPC Resources
# -------------------------------------------------------------------------------------------------
module "aws_vpc" {
- source = "github.com/terraform-aws-modules/terraform-aws-vpc?ref=v5.13.0"
+ source = "github.com/terraform-aws-modules/terraform-aws-vpc?ref=v5.16.0"
cidr = var.vpc_cidr
azs = var.vpc_subnet_azs
@@ -132,15 +132,15 @@ resource "aws_launch_template" "bastion" {
count = var.vpc_enable_bastion_host ? 1 : 0
name_prefix = local.bastion_lc_name
- image_id = data.aws_ami.bastion[0].image_id
+ image_id = var.bastion_ami != null ? var.bastion_ami : data.aws_ami.bastion[0].image_id
instance_type = var.bastion_instance_type
vpc_security_group_ids = [aws_security_group.bastion[0].id]
- user_data = base64encode(templatefile("${path.module}/user_data.sh.tftpl",
+ user_data = length(var.bastion_ssh_keys) > 0 ? base64encode(templatefile("${path.module}/user_data.sh.tftpl",
{
ssh_user = "ec2-user"
ssh_keys = join("\n", var.bastion_ssh_keys)
}
- ))
+ )) : null
metadata_options {
http_tokens = "required"
diff --git a/variables.tf b/variables.tf
index 5776e1a..99f86d6 100644
--- a/variables.tf
+++ b/variables.tf
@@ -157,6 +157,12 @@ variable "bastion_route53_public_dns_name" {
default = ""
}
+variable "bastion_ami" {
+ description = "EC2 AMI ID for bastion host."
+ type = string
+ default = null
+}
+
variable "bastion_instance_type" {
description = "EC2 instance type of bastion host."
type = string