Merge pull request #22 from Coalfire-CF/ebs_optimized_precondition

Ebs_optimized_precondition
Coalfire-CF · Aug 2, 2024 · bc900b9 · bc900b9
2 parents bfde430 + 1a18812
commit bc900b9
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -200,6 +200,7 @@ module "ad2" {
 | [aws_network_interface_attachment.eni_attachment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface_attachment) | resource |
 | [aws_network_interface_sg_attachment.additional](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface_sg_attachment) | resource |
 | [aws_volume_attachment.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/volume_attachment) | resource |
+| [aws_ec2_instance_type.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_instance_type) | data source |
 | [aws_iam_policy.AmazonSSMManagedInstanceCore](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
 
 ## Inputs

diff --git a/ec2.tf b/ec2.tf
@@ -1,10 +1,14 @@
+data "aws_ec2_instance_type" "this" {
+  instance_type = var.ec2_instance_type
+}
+
 resource "aws_instance" "this" {
   ###  BASICS  ###
-  ami           = var.ami
-  instance_type = var.ec2_instance_type
-  count         = var.instance_count
-  key_name      = var.ec2_key_pair
-  monitoring    = true
+  ami                         = var.ami
+  instance_type               = var.ec2_instance_type
+  count                       = var.instance_count
+  key_name                    = var.ec2_key_pair
+  monitoring                  = true
   user_data                   = var.user_data
   user_data_base64            = var.user_data_base64
   user_data_replace_on_change = var.user_data_replace_on_change
@@ -51,5 +55,13 @@ resource "aws_instance" "this" {
 
   lifecycle {
     ignore_changes = [root_block_device, ebs_block_device, user_data, ami]
+    precondition {
+      condition     = (data.aws_ec2_instance_type.this.ebs_optimized_support == "unsupported" && var.ebs_optimized == false) || (data.aws_ec2_instance_type.this.ebs_optimized_support == "supported" && var.ebs_optimized == true) || (data.aws_ec2_instance_type.this.ebs_optimized_support == "default" && var.ebs_optimized == true)
+      error_message = <<-EOT
+  The instance type (${var.ec2_instance_type}) has an EBS Optimized value of (${data.aws_ec2_instance_type.this.ebs_optimized_support}), 
+  but variable ebs_optimized is set to (${var.ebs_optimized}) (default is 'true').
+  Please ensure the ebs_optimized variable matches the EBS Optimized support of the instance type.
+  EOT
+    }
   }
 }