Terraform module which creates Session Manager resources on AWS.
Provision SSM Documents, EC2 Instances and Instance Profiles for Session Manager.
This module provides recommended settings:
- No open inbound ports
- Loggable session activity
module "session_manager" { source = "git::https://github.com/tmknom/terraform-aws-session-manager.git?ref=tags/2.0.0" name = "example" instance_type = "t2.micro" subnet_id = var.subnet_id vpc_id = var.vpc_id }module "session_manager" { source = "git::https://github.com/tmknom/terraform-aws-session-manager.git?ref=tags/2.0.0" name = "example" instance_type = "t2.micro" subnet_id = var.subnet_id vpc_id = var.vpc_id ssm_document_name = "SSM-SessionManagerRunShell-for-example" s3_bucket_name = var.s3_bucket_name s3_key_prefix = "prefix" s3_encryption_enabled = false cloudwatch_log_group_name = var.cloudwatch_log_group_name cloudwatch_encryption_enabled = false ami = var.ami vpc_security_group_ids = var.vpc_security_group_ids iam_policy = var.iam_policy iam_path = "/service-role/" description = "This is example" tags = { Environment = "prod" } }| Name | Version |
|---|---|
| terraform | >= 0.12 |
| Name | Version |
|---|---|
| aws | n/a |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| instance_type | The type of instance to start. | string | n/a | yes |
| name | The name of the Session Manager. | string | n/a | yes |
| subnet_id | The VPC Subnet ID to launch in. | string | n/a | yes |
| vpc_id | The VPC ID. | string | n/a | yes |
| ami | The AMI to use for the instance. | string | "" | no |
| cloudwatch_encryption_enabled | Specify true to indicate that encryption for CloudWatch Logs enabled. | bool | true | no |
| cloudwatch_log_group_name | The name of the log group. | string | "" | no |
| description | The description of the all resources. | string | "Managed by Terraform" | no |
| iam_path | Path in which to create the IAM Role and the IAM Policy. | string | "/" | no |
| iam_policy | The policy document. This is a JSON formatted string. | string | "" | no |
| s3_bucket_name | The name of the bucket. | string | "" | no |
| s3_encryption_enabled | Specify true to indicate that encryption for S3 Bucket enabled. | bool | true | no |
| s3_key_prefix | The prefix for the specified S3 bucket. | string | "" | no |
| ssm_document_name | The name of the document. | string | "SSM-SessionManagerRunShell" | no |
| tags | A mapping of tags to assign to all resources. | map(string) | {} | no |
| user_data | The user data to provide when launching the instance. | string | "" | no |
| vpc_security_group_ids | A list of security group IDs to associate with. | list(string) | [] | no |
| Name | Description |
|---|---|
| iam_instance_profile_arn | The ARN assigned by AWS to the instance profile. |
| iam_instance_profile_create_date | The creation timestamp of the instance profile. |
| iam_instance_profile_id | The instance profile's ID. |
| iam_instance_profile_name | The instance profile's name. |
| iam_instance_profile_path | The path of the instance profile in IAM. |
| iam_instance_profile_role | The role assigned to the instance profile. |
| iam_instance_profile_unique_id | The unique ID assigned by AWS. |
| iam_policy_arn | The ARN assigned by AWS to this IAM Policy. |
| iam_policy_description | The description of the IAM Policy. |
| iam_policy_document | The policy document of the IAM Policy. |
| iam_policy_id | The IAM Policy's ID. |
| iam_policy_name | The name of the IAM Policy. |
| iam_policy_path | The path of the IAM Policy. |
| iam_role_arn | The Amazon Resource Name (ARN) specifying the IAM Role. |
| iam_role_create_date | The creation date of the IAM Role. |
| iam_role_description | The description of the IAM Role. |
| iam_role_name | The name of the IAM Role. |
| iam_role_unique_id | The stable and unique string identifying the IAM Role. |
| instance_arn | The ARN of the instance. |
| instance_availability_zone | The availability zone of the instance. |
| instance_id | The instance ID. |
| instance_key_name | The key name of the instance. |
| instance_placement_group | The placement group of the instance. |
| instance_primary_network_interface_id | The ID of the instance's primary network interface. |
| instance_private_dns | The private DNS name assigned to the instance. |
| instance_private_ip | The private IP address assigned to the instance. |
| instance_security_groups | The associated security groups. |
| instance_subnet_id | The VPC subnet ID. |
| security_group_arn | The ARN of the security group. |
| security_group_description | The description of the security group. |
| security_group_egress | The egress rules of the security group. |
| security_group_id | The ID of the security group. |
| security_group_ingress | The ingress rules of the security group. |
| security_group_name | The name of the security group. |
| security_group_owner_id | The owner ID of the security group. |
| security_group_vpc_id | The VPC ID of the security group. |
| ssm_document_default_version | The default version of the document. |
| ssm_document_description | The description of the document. |
| ssm_document_hash | The sha1 or sha256 of the document content. |
| ssm_document_hash_type | The hashing algorithm used when hashing the content. |
| ssm_document_latest_version | The latest version of the document. |
| ssm_document_owner | The AWS user account of the person who created the document. |
| ssm_document_parameter | The parameters that are available to this document. |
| ssm_document_platform_types | A list of OS platforms compatible with this SSM document. |
| ssm_document_schema_version | The schema version of the document. |
| ssm_document_status | The current status of the document. |
export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY export AWS_DEFAULT_REGION=ap-northeast-1git clone git@github.com:tmknom/terraform-aws-session-manager.git cd terraform-aws-session-manager make installapply-complete Run terraform apply examples/complete apply-minimal Run terraform apply examples/minimal check-format Check format code clean Clean .terraform destroy-complete Run terraform destroy examples/complete destroy-minimal Run terraform destroy examples/minimal diff Word diff docs Generate docs format Format code help Show help install Install requirements lint Lint code plan-complete Run terraform plan examples/complete plan-minimal Run terraform plan examples/minimal release Release GitHub and Terraform Module Registry start-session Start session to example upgrade Upgrade makefile Bump VERSION file, and run make release.
Apache 2 Licensed. See LICENSE for full details.