TheDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/mcamacho97/terraform-mean-stack-aws/llms.txt
Use this file to discover all available pages before exploring further.
ec2-instance module is a general-purpose building block that the root configuration instantiates three times — once for each of the two Node.js servers (node_1, node_2) and once for the MongoDB database (mongodb). Each call passes different subnet IDs, security groups, public IP settings, and user-data scripts, producing three distinct instances from a single module definition. Shared concerns — IMDSv2 enforcement, encrypted storage, IAM profile attachment — are configured once inside the module and apply uniformly to all three instances.
EC2 Resource Configuration
Theaws_instance resource inside this module is configured with several security and operational defaults:
- AMI: Sourced from
data.aws_ami.ubuntu, which resolves to the latest Ubuntu 24.04 LTS (ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-server-*) owned by Canonical. - User data: Loaded from
file(var.user_data_file). Theuser_data_replace_on_change = trueflag forces EC2 to replace the instance (not just re-run user-data) whenever the bootstrap script changes, ensuring the instance always reflects the current script. - IMDSv2 enforced:
metadata_optionssetshttp_tokens = "required", blocking all requests to the Instance Metadata Service that do not use session-oriented IMDSv2. This prevents SSRF attacks from leaking instance credentials. - Root volume:
gp3type, 20 GB default,encrypted = true. The gp3 baseline of 3,000 IOPS is included at no extra cost. - Monitoring:
monitoring = false— basic CloudWatch metrics only; detailed (1-minute) monitoring is not enabled.
Input Variables
Value for the instance’s
Name tag (e.g. terraform-mean-node-1). Constructed in the root module as "${var.project_name}-node-1".The AMI ID to launch. In the root module this is always
data.aws_ami.ubuntu.id, resolving to the latest Ubuntu 24.04 LTS AMI in the target region.EC2 instance type (e.g.
t3.micro, t3.small). The same var.instance_type from the root is used for all three instances.The subnet in which to launch the instance.
node_1 uses public_subnet_1_id, node_2 uses public_subnet_2_id, and mongodb uses private_subnet_id.List of security group IDs to attach to the instance. Node instances receive
[node_security_group_id]; the MongoDB instance receives [mongo_security_group_id].Whether to assign a public IP address. Set to
true for node_1 and node_2 (public subnets); set to false for mongodb (private subnet).The name of the EC2 Key Pair to associate with the instance. Sourced from
module.keypair.key_name in the root module.The name of the IAM instance profile to attach. Sourced from
module.iam.instance_profile_name, granting all instances SSM access.Filesystem path to the shell script run on first boot (e.g.
${path.root}/userdata/node.sh or ${path.root}/userdata/mongo.sh). The script content is read with Terraform’s file() function.Size of the root EBS volume in gigabytes. Defaults to
20. The volume type is always gp3 and encryption is always enabled regardless of this value.Outputs
The EC2 instance ID (e.g.
i-0abc123def456). The alb module consumes node_1 and node_2 instance IDs via the target_instances map.The private IPv4 address of the instance. Available for all three instances regardless of subnet type.
The public IPv4 address of the instance. Returns a valid address for
node_1 and node_2; returns null for mongodb since associate_public_ip = false.The private DNS hostname (e.g.
ip-10-0-1-42.ec2.internal). Useful for service-to-service communication inside the VPC, such as Node.js connecting to MongoDB.Three Module Calls Compared
The rootmain.tf invokes ec2-instance three times. The key differences between calls are highlighted in comments: