Skip to content

Terraform AWS EC2 Instance

Terraform module which creates EC2 instance(s) on AWS with comprehensive features including spot instances, IAM instance profiles, security groups, EBS volumes, and elastic IPs.

Implemented Controls

The following compliance controls are implemented in this module.

Compliance.tf registry endpoints

module "ec2_instance" {
  source  = "acscessentialeight.compliance.tf/terraform-aws-modules/ec2-instance/aws"
  version = "<version>"

  # ... your arguments here
}

module "ec2_instance" {
  source  = "acscism2023.compliance.tf/terraform-aws-modules/ec2-instance/aws"
  version = "<version>"

  # ... your arguments here
}

module "ec2_instance" {
  source  = "awscontroltower.compliance.tf/terraform-aws-modules/ec2-instance/aws"
  version = "<version>"

  # ... your arguments here
}

module "ec2_instance" {
  source  = "awsgenai.compliance.tf/terraform-aws-modules/ec2-instance/aws"
  version = "<version>"

  # ... your arguments here
}

module "ec2_instance" {
  source  = "awswellarchitected.compliance.tf/terraform-aws-modules/ec2-instance/aws"
  version = "<version>"

  # ... your arguments here
}

module "ec2_instance" {
  source  = "cccsmedium.compliance.tf/terraform-aws-modules/ec2-instance/aws"
  version = "<version>"

  # ... your arguments here
}

module "ec2_instance" {
  source  = "cfrpart11.compliance.tf/terraform-aws-modules/ec2-instance/aws"
  version = "<version>"

  # ... your arguments here
}

module "ec2_instance" {
  source  = "cis.compliance.tf/terraform-aws-modules/ec2-instance/aws"
  version = "<version>"

  # ... your arguments here
}

module "ec2_instance" {
  source  = "cisv500.compliance.tf/terraform-aws-modules/ec2-instance/aws"
  version = "<version>"

  # ... your arguments here
}

module "ec2_instance" {
  source  = "cisv600.compliance.tf/terraform-aws-modules/ec2-instance/aws"
  version = "<version>"

  # ... your arguments here
}

module "ec2_instance" {
  source  = "cisv80ig1.compliance.tf/terraform-aws-modules/ec2-instance/aws"
  version = "<version>"

  # ... your arguments here
}

module "ec2_instance" {
  source  = "cisacyberessentials.compliance.tf/terraform-aws-modules/ec2-instance/aws"
  version = "<version>"

  # ... your arguments here
}

module "ec2_instance" {
  source  = "eugmpannex11.compliance.tf/terraform-aws-modules/ec2-instance/aws"
  version = "<version>"

  # ... your arguments here
}

module "ec2_instance" {
  source  = "fedramplow.compliance.tf/terraform-aws-modules/ec2-instance/aws"
  version = "<version>"

  # ... your arguments here
}

module "ec2_instance" {
  source  = "fedrampmoderate.compliance.tf/terraform-aws-modules/ec2-instance/aws"
  version = "<version>"

  # ... your arguments here
}

module "ec2_instance" {
  source  = "ffiec.compliance.tf/terraform-aws-modules/ec2-instance/aws"
  version = "<version>"

  # ... your arguments here
}

module "ec2_instance" {
  source  = "gdpr.compliance.tf/terraform-aws-modules/ec2-instance/aws"
  version = "<version>"

  # ... your arguments here
}

module "ec2_instance" {
  source  = "hipaa.compliance.tf/terraform-aws-modules/ec2-instance/aws"
  version = "<version>"

  # ... your arguments here
}

module "ec2_instance" {
  source  = "iso27001.compliance.tf/terraform-aws-modules/ec2-instance/aws"
  version = "<version>"

  # ... your arguments here
}

module "ec2_instance" {
  source  = "nist800171.compliance.tf/terraform-aws-modules/ec2-instance/aws"
  version = "<version>"

  # ... your arguments here
}

module "ec2_instance" {
  source  = "nist80053.compliance.tf/terraform-aws-modules/ec2-instance/aws"
  version = "<version>"

  # ... your arguments here
}

module "ec2_instance" {
  source  = "nistcsf.compliance.tf/terraform-aws-modules/ec2-instance/aws"
  version = "<version>"

  # ... your arguments here
}

module "ec2_instance" {
  source  = "nydfs23.compliance.tf/terraform-aws-modules/ec2-instance/aws"
  version = "<version>"

  # ... your arguments here
}

module "ec2_instance" {
  source  = "pcidss.compliance.tf/terraform-aws-modules/ec2-instance/aws"
  version = "<version>"

  # ... your arguments here
}

module "ec2_instance" {
  source  = "rbicybersecurity.compliance.tf/terraform-aws-modules/ec2-instance/aws"
  version = "<version>"

  # ... your arguments here
}

module "ec2_instance" {
  source  = "rbiitfnbfc.compliance.tf/terraform-aws-modules/ec2-instance/aws"
  version = "<version>"

  # ... your arguments here
}

module "ec2_instance" {
  source  = "soc2.compliance.tf/terraform-aws-modules/ec2-instance/aws"
  version = "<version>"

  # ... your arguments here
}

See the Technical Usage Guide to get started and read the Features section for more details on how to customize the module for your requirements.

Mapped compliance frameworks

CT-1.0.1: 1.0.1 - Disallow launch of EC2 instance types that are not EBS-optimized

CT-1.0.3: 1.0.3 - Enable encryption for EBS volumes attached to EC2 instances

CM-7: Least Functionality

2.2.1: Ensure EBS volume encryption is enabled

1.17 Ensure IAM instance roles are used for AWS resource access from instances

5.7 Ensure that the EC2 Metadata Service only allows IMDSv2

2.17 Ensure IAM instance roles are used for AWS resource access from instances

6.7 Ensure that the EC2 Metadata Service only allows IMDSv2

4.4: Implement and Manage a Firewall on Servers

SC-7: Boundary Protection

A.13.1.1: Network controls

3.13.1: Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems.

IA-9: Service Identification And Authentication

SA-8(20): Secure Metadata Management

SC-7: Boundary Protection

1.3.2: Network access to and from the cardholder data environment is restricted.