SCE-345 - Standardized name format, AMI OS lookup function

Jordan Severance · Jordan Severance · commit c59b3236a338 · 2025-03-10T14:58:56.000-07:00
update README

remove unneeded file
diff --git a/README.md b/README.md
@@ -173,7 +173,9 @@ The following combinations are supported to conditionally create resources:
 
 ## Modules
 
-No modules.
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_key-pair"></a> [key-pair](#module\_key-pair) | app.terraform.io/sccm/key-pair-creation/aws | 0.0.1 |
 
 ## Resources
 
@@ -186,6 +188,8 @@ No modules.
 | [aws_instance.ignore_ami](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource |
 | [aws_instance.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource |
 | [aws_spot_instance_request.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/spot_instance_request) | resource |
+| [aws_ami.selected](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |
+| [aws_ami.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |
 | [aws_iam_policy_document.assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
 | [aws_ssm_parameter.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source |
@@ -195,7 +199,9 @@ No modules.
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_ami"></a> [ami](#input\_ami) | ID of AMI to use for the instance | `string` | `null` | no |
+| <a name="input_ami_os"></a> [ami\_os](#input\_ami\_os) | value | `string` | `"override"` | no |
 | <a name="input_ami_ssm_parameter"></a> [ami\_ssm\_parameter](#input\_ami\_ssm\_parameter) | SSM parameter name for the AMI ID. For Amazon Linux AMI SSM parameters see [reference](https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-public-parameters-ami.html) | `string` | `"/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2"` | no |
+| <a name="input_application"></a> [application](#input\_application) | Identifier to be added to the resources created which represents the application they belong to | `string` | n/a | yes |
 | <a name="input_associate_public_ip_address"></a> [associate\_public\_ip\_address](#input\_associate\_public\_ip\_address) | Whether to associate a public IP address with an instance in a VPC | `bool` | `null` | no |
 | <a name="input_availability_zone"></a> [availability\_zone](#input\_availability\_zone) | AZ to start the instance in | `string` | `null` | no |
 | <a name="input_capacity_reservation_specification"></a> [capacity\_reservation\_specification](#input\_capacity\_reservation\_specification) | Describes an instance's Capacity Reservation targeting option | `any` | `{}` | no |
@@ -215,11 +221,12 @@ No modules.
 | <a name="input_eip_tags"></a> [eip\_tags](#input\_eip\_tags) | A map of additional tags to add to the eip | `map(string)` | `{}` | no |
 | <a name="input_enable_volume_tags"></a> [enable\_volume\_tags](#input\_enable\_volume\_tags) | Whether to enable volume tags (if enabled it conflicts with root\_block\_device tags) | `bool` | `true` | no |
 | <a name="input_enclave_options_enabled"></a> [enclave\_options\_enabled](#input\_enclave\_options\_enabled) | Whether Nitro Enclaves will be enabled on the instance. Defaults to `false` | `bool` | `null` | no |
+| <a name="input_environment"></a> [environment](#input\_environment) | Application environment (dev, qa, stg, uat, prod) | `string` | n/a | yes |
 | <a name="input_ephemeral_block_device"></a> [ephemeral\_block\_device](#input\_ephemeral\_block\_device) | Customize Ephemeral (also known as Instance Store) volumes on the instance | `list(map(string))` | `[]` | no |
 | <a name="input_get_password_data"></a> [get\_password\_data](#input\_get\_password\_data) | If true, wait for password data to become available and retrieve it | `bool` | `null` | no |
 | <a name="input_hibernation"></a> [hibernation](#input\_hibernation) | If true, the launched EC2 instance will support hibernation | `bool` | `null` | no |
 | <a name="input_host_id"></a> [host\_id](#input\_host\_id) | ID of a dedicated host that the instance will be assigned to. Use when an instance is to be launched on a specific dedicated host | `string` | `null` | no |
-| <a name="input_iam_instance_profile"></a> [iam\_instance\_profile](#input\_iam\_instance\_profile) | IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile | `string` | `null` | no |
+| <a name="input_iam_instance_profile"></a> [iam\_instance\_profile](#input\_iam\_instance\_profile) | IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile | `string` | `"EC2DefaultProfile"` | no |
 | <a name="input_iam_role_description"></a> [iam\_role\_description](#input\_iam\_role\_description) | Description of the role | `string` | `null` | no |
 | <a name="input_iam_role_name"></a> [iam\_role\_name](#input\_iam\_role\_name) | Name to use on IAM role created | `string` | `null` | no |
 | <a name="input_iam_role_path"></a> [iam\_role\_path](#input\_iam\_role\_path) | IAM role path | `string` | `null` | no |
@@ -229,6 +236,7 @@ No modules.
 | <a name="input_iam_role_use_name_prefix"></a> [iam\_role\_use\_name\_prefix](#input\_iam\_role\_use\_name\_prefix) | Determines whether the IAM role name (`iam_role_name` or `name`) is used as a prefix | `bool` | `true` | no |
 | <a name="input_ignore_ami_changes"></a> [ignore\_ami\_changes](#input\_ignore\_ami\_changes) | Whether changes to the AMI ID changes should be ignored by Terraform. Note - changing this value will result in the replacement of the instance | `bool` | `false` | no |
 | <a name="input_instance_initiated_shutdown_behavior"></a> [instance\_initiated\_shutdown\_behavior](#input\_instance\_initiated\_shutdown\_behavior) | Shutdown behavior for the instance. Amazon defaults this to stop for EBS-backed instances and terminate for instance-store instances. Cannot be set on instance-store instance | `string` | `null` | no |
+| <a name="input_instance_number"></a> [instance\_number](#input\_instance\_number) | This is an identifier, not a count | `string` | `"01"` | no |
 | <a name="input_instance_tags"></a> [instance\_tags](#input\_instance\_tags) | Additional tags for the instance | `map(string)` | `{}` | no |
 | <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | The type of instance to start | `string` | `"t3.micro"` | no |
 | <a name="input_ipv6_address_count"></a> [ipv6\_address\_count](#input\_ipv6\_address\_count) | A number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet | `number` | `null` | no |
@@ -238,13 +246,13 @@ No modules.
 | <a name="input_maintenance_options"></a> [maintenance\_options](#input\_maintenance\_options) | The maintenance options for the instance | `any` | `{}` | no |
 | <a name="input_metadata_options"></a> [metadata\_options](#input\_metadata\_options) | Customize the metadata options of the instance | `map(string)` | <pre>{<br/>  "http_endpoint": "enabled",<br/>  "http_put_response_hop_limit": 1,<br/>  "http_tokens": "optional"<br/>}</pre> | no |
 | <a name="input_monitoring"></a> [monitoring](#input\_monitoring) | If true, the launched EC2 instance will have detailed monitoring enabled | `bool` | `null` | no |
-| <a name="input_name"></a> [name](#input\_name) | Name to be used on EC2 instance created | `string` | `""` | no |
 | <a name="input_network_interface"></a> [network\_interface](#input\_network\_interface) | Customize network interfaces to be attached at instance boot time | `list(map(string))` | `[]` | no |
+| <a name="input_org"></a> [org](#input\_org) | n/a | `string` | `"sccm"` | no |
 | <a name="input_placement_group"></a> [placement\_group](#input\_placement\_group) | The Placement Group to start the instance in | `string` | `null` | no |
 | <a name="input_private_dns_name_options"></a> [private\_dns\_name\_options](#input\_private\_dns\_name\_options) | Customize the private DNS name options of the instance | `map(string)` | `{}` | no |
 | <a name="input_private_ip"></a> [private\_ip](#input\_private\_ip) | Private IP address to associate with the instance in a VPC | `string` | `null` | no |
 | <a name="input_putin_khuylo"></a> [putin\_khuylo](#input\_putin\_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no |
-| <a name="input_root_block_device"></a> [root\_block\_device](#input\_root\_block\_device) | Customize details about the root block device of the instance. See [Block Devices](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#ebs-ephemeral-and-root-block-devices) for details | `list(any)` | `[]` | no |
+| <a name="input_root_block_device"></a> [root\_block\_device](#input\_root\_block\_device) | Customize details about the root block device of the instance. See Block Devices below for details | `list(any)` | `[]` | no |
 | <a name="input_secondary_private_ips"></a> [secondary\_private\_ips](#input\_secondary\_private\_ips) | A list of secondary private IPv4 addresses to assign to the instance's primary network interface (eth0) in a VPC. Can only be assigned to the primary network interface (eth0) attached at instance creation, not a pre-existing network interface i.e. referenced in a `network_interface block` | `list(string)` | `null` | no |
 | <a name="input_source_dest_check"></a> [source\_dest\_check](#input\_source\_dest\_check) | Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs | `bool` | `null` | no |
 | <a name="input_spot_block_duration_minutes"></a> [spot\_block\_duration\_minutes](#input\_spot\_block\_duration\_minutes) | The required duration for the Spot instances, in minutes. This value must be a multiple of 60 (60, 120, 180, 240, 300, or 360) | `number` | `null` | no |
diff --git a/data.tf b/data.tf
@@ -0,0 +1,35 @@
+data "aws_ami" "this" {
+  count = var.ami == null ? 0 : 1
+  filter {
+    name   = "image-id"
+    values = [var.ami]
+  }
+}
+
+data "aws_partition" "current" {}
+
+data "aws_ssm_parameter" "this" {
+  count = local.create && var.ami == null ? 1 : 0
+
+  name = var.ami_ssm_parameter
+}
+
+data "aws_ami" "selected" {
+  count = var.ami_os != "override" ? 1 : 0
+
+  most_recent = true
+  owners      = ["amazon"]
+  filter {
+    name   = "name"
+    values = [local.os_search]
+  }
+  filter {
+    name   = "root-device-type"
+    values = ["ebs"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+}
diff --git a/examples/customizations/README.md b/examples/customizations/README.md
@@ -0,0 +1,30 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.66 |
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_instance"></a> [instance](#module\_instance) | ../../ | n/a |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.
+<!-- END_TF_DOCS -->
diff --git a/examples/customizations/main.tf b/examples/customizations/main.tf
@@ -1,9 +1,10 @@
 module "instance" {
-  source  = "../../"
+  source = "../../"
 
-  name                   = "example name"
+  application            = "exampleapp"
+  environment            = "dev"
+  ami_os                 = "Amazon_Linux"
   instance_type          = "r5.large"
-  ami                    = "ami-04426a869f59d0d45"
   key_name               = "example_key"
   vpc_security_group_ids = ["sg-07b4edce8a1a6eb24"]
   subnet_id              = "subnet-067f45f707b2dc297"
diff --git a/locals.tf b/locals.tf
@@ -0,0 +1,40 @@
+locals {
+  create             = var.create && var.putin_khuylo
+  is_t_instance_type = replace(var.instance_type, "/^t(2|3|3a|4g){1}\\..*$/", "1") == "1" ? true : false
+  ami                = try(coalesce(var.ami, try(data.aws_ami.selected[0].id, null), try(nonsensitive(data.aws_ssm_parameter.this[0].value), null)), null)
+  name               = "${var.org}_${var.application}_${local.os_abv}_${var.instance_number}${local.env_abv}"
+  windows_instance   = var.ami != null && var.ami_os == "override" ? (data.aws_ami.this[0].platform != "" ? "WIN" : "LX") : "ovr"
+  env_abv = lookup(
+    {
+      dev  = "D",
+      qa   = "Q",
+      stg  = "S",
+      uat  = "U",
+      prod = "P"
+    },
+    var.environment,
+    var.environment
+  )
+  os_abv = lookup(
+    {
+      Windows      = "WIN",
+      Amazon_Linux = "AL",
+      RHEL         = "RHEL",
+      Ubuntu       = "UB",
+      override     = local.windows_instance
+    },
+    var.ami_os,
+    var.ami_os
+  )
+  os_search = lookup(
+    {
+      Windows      = "Windows_Server-2025-English-Full-Base-*"
+      Amazon_Linux = "amzn2-ami-kernel-5.10-hvm-*",
+      RHEL         = "RHEL-9.5.0_HVM-*",
+      Ubuntu       = "ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-server-*",
+      override     = ""
+    },
+    var.ami_os
+  )
+}
+
diff --git a/main.tf b/main.tf
@@ -1,19 +1,3 @@
-data "aws_partition" "current" {}
-
-locals {
-  create = var.create && var.putin_khuylo
-
-  is_t_instance_type = replace(var.instance_type, "/^t(2|3|3a|4g){1}\\..*$/", "1") == "1" ? true : false
-
-  ami = try(coalesce(var.ami, try(nonsensitive(data.aws_ssm_parameter.this[0].value), null)), null)
-}
-
-data "aws_ssm_parameter" "this" {
-  count = local.create && var.ami == null ? 1 : 0
-
-  name = var.ami_ssm_parameter
-}
-
 ################################################################################
 # Instance
 ################################################################################
@@ -188,8 +172,8 @@ resource "aws_instance" "this" {
     delete = try(var.timeouts.delete, null)
   }
 
-  tags        = merge({ "Name" = var.name }, var.instance_tags, var.tags)
-  volume_tags = var.enable_volume_tags ? merge({ "Name" = var.name }, var.volume_tags) : null
+  tags        = merge({ "Name" = local.name }, var.instance_tags, var.tags)
+  volume_tags = var.enable_volume_tags ? merge({ "Name" = local.name }, var.volume_tags) : null
 }
 
 ################################################################################
@@ -366,8 +350,8 @@ resource "aws_instance" "ignore_ami" {
     delete = try(var.timeouts.delete, null)
   }
 
-  tags        = merge({ "Name" = var.name }, var.instance_tags, var.tags)
-  volume_tags = var.enable_volume_tags ? merge({ "Name" = var.name }, var.volume_tags) : null
+  tags        = merge({ "Name" = local.name }, var.instance_tags, var.tags)
+  volume_tags = var.enable_volume_tags ? merge({ "Name" = local.name }, var.volume_tags) : null
 
   lifecycle {
     ignore_changes = [
@@ -540,16 +524,16 @@ resource "aws_spot_instance_request" "this" {
     delete = try(var.timeouts.delete, null)
   }
 
-  tags        = merge({ "Name" = var.name }, var.instance_tags, var.tags)
-  volume_tags = var.enable_volume_tags ? merge({ "Name" = var.name }, var.volume_tags) : null
+  tags        = merge({ "Name" = local.name }, var.instance_tags, var.tags)
+  volume_tags = var.enable_volume_tags ? merge({ "Name" = local.name }, var.volume_tags) : null
 }
 
 ################################################################################
 # IAM Role / Instance Profile
 ################################################################################
 
 locals {
-  iam_role_name = try(coalesce(var.iam_role_name, var.name), "")
+  iam_role_name = try(coalesce(var.iam_role_name, local.name), "")
 }
 
 data "aws_iam_policy_document" "assume_role_policy" {
diff --git a/variables.tf b/variables.tf
@@ -4,10 +4,29 @@ variable "create" {
   default     = true
 }
 
-variable "name" {
-  description = "Name to be used on EC2 instance created"
+variable "instance_number" {
   type        = string
-  default     = ""
+  default     = "01"
+  description = "This is an identifier, not a count"
+}
+
+variable "org" {
+  type    = string
+  default = "sccm"
+}
+
+variable "application" {
+  description = "Identifier to be added to the resources created which represents the application they belong to"
+  type        = string
+}
+
+variable "environment" {
+  type        = string
+  description = "Application environment (dev, qa, stg, uat, prod)"
+  validation {
+    condition     = contains(["dev", "qa", "stg", "uat", "prod"], var.environment)
+    error_message = "Valid values for environment: dev, qa, stg, uat, prod"
+  }
 }
 
 variable "ami_ssm_parameter" {
@@ -16,6 +35,16 @@ variable "ami_ssm_parameter" {
   default     = "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2"
 }
 
+variable "ami_os" {
+  description = "value"
+  type        = string
+  default     = "override"
+  validation {
+    condition     = contains(["Windows", "Amazon_Linux", "RHEL", "Ubuntu", "override"], var.ami_os)
+    error_message = "Valid values for ami_os: Windows, Amazon_Linux, RHEL, Ubuntu, override. If you select override, provide a value for ami variable"
+  }
+}
+
 variable "ami" {
   description = "ID of AMI to use for the instance"
   type        = string
@@ -430,3 +459,4 @@ variable "eip_tags" {
   type        = map(string)
   default     = {}
 }
+
