Merge pull request #99 from cisagov/improvement/add-input-var-for-dis…

…k-size Add a variable to set the size of the OpenVPN instance's root disk
cisagov · Feb 15, 2024 · 1b76568 · 1b76568
2 parents eedac2e + e9eff00
commit 1b76568
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -129,6 +129,7 @@ module "example" {
 | private\_reverse\_zone\_id | The DNS Zone ID in which to create private reverse lookup records. | `string` | n/a | yes |
 | private\_zone\_id | The DNS Zone ID in which to create private lookup records. | `string` | n/a | yes |
 | public\_zone\_id | The DNS Zone ID in which to create public lookup records. | `string` | n/a | yes |
+| root\_disk\_size | The size of the OpenVPN instance's root disk in GiB. | `number` | `8` | no |
 | security\_groups | Additional security group ids the server will join. | `list(string)` | `[]` | no |
 | ssm\_dh4096\_pem | The SSM key that contains the Diffie Hellman pem. | `string` | `"/openvpn/server/dh4096.pem"` | no |
 | ssm\_read\_role\_accounts\_allowed | A list of accounts allowed to access the role that can read SSM keys. | `list(string)` | `[]` | no |

diff --git a/ec2.tf b/ec2.tf
@@ -31,5 +31,9 @@ resource "aws_instance" "openvpn" {
     # Require IMDS tokens AKA require the use of IMDSv2
     http_tokens = "required"
   }
+  root_block_device {
+    volume_size = var.root_disk_size
+    volume_type = "gp3"
+  }
   iam_instance_profile = aws_iam_instance_profile.instance_profile.name
 }
diff --git a/variables.tf b/variables.tf
@@ -165,6 +165,12 @@ variable "security_groups" {
   default     = []
 }
 
+variable "root_disk_size" {
+  type        = number
+  description = "The size of the OpenVPN instance's root disk in GiB."
+  default     = 8
+}
+
 variable "ssm_dh4096_pem" {
   type        = string
   description = "The SSM key that contains the Diffie Hellman pem."