diff --git a/examples/complete/README.md b/examples/complete/README.md
deleted file mode 100644
index 97e98fa5..00000000
--- a/examples/complete/README.md
+++ /dev/null
@@ -1,123 +0,0 @@
-# Complete EC2 instance
-
-Configuration in this directory creates EC2 instances with different sets of arguments (with Elastic IP, with network interface attached, with credit specifications).
-
-## Usage
-
-To run this example you need to execute:
-
-```bash
-$ terraform init
-$ terraform plan
-$ terraform apply
-```
-
-Note that this example may create resources which can cost money. Run `terraform destroy` when you don't need these resources.
-
-
-## Requirements
-
-| Name | Version |
-|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.5.7 |
-| [aws](#requirement\_aws) | >= 6.0 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| [aws](#provider\_aws) | >= 6.0 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| [ec2\_complete](#module\_ec2\_complete) | ../../ | n/a |
-| [ec2\_disabled](#module\_ec2\_disabled) | ../../ | n/a |
-| [ec2\_ignore\_ami\_changes](#module\_ec2\_ignore\_ami\_changes) | ../../ | n/a |
-| [ec2\_metadata\_options](#module\_ec2\_metadata\_options) | ../../ | n/a |
-| [ec2\_multiple](#module\_ec2\_multiple) | ../../ | n/a |
-| [ec2\_network\_interface](#module\_ec2\_network\_interface) | ../../ | n/a |
-| [ec2\_open\_capacity\_reservation](#module\_ec2\_open\_capacity\_reservation) | ../../ | n/a |
-| [ec2\_spot\_instance](#module\_ec2\_spot\_instance) | ../../ | n/a |
-| [ec2\_t2\_unlimited](#module\_ec2\_t2\_unlimited) | ../../ | n/a |
-| [ec2\_t3\_unlimited](#module\_ec2\_t3\_unlimited) | ../../ | n/a |
-| [ec2\_targeted\_capacity\_reservation](#module\_ec2\_targeted\_capacity\_reservation) | ../../ | n/a |
-| [security\_group](#module\_security\_group) | terraform-aws-modules/security-group/aws | ~> 5.0 |
-| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 6.0 |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_ec2_capacity_reservation.open](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_capacity_reservation) | resource |
-| [aws_ec2_capacity_reservation.targeted](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_capacity_reservation) | resource |
-| [aws_kms_key.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
-| [aws_network_interface.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_interface) | resource |
-| [aws_placement_group.web](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/placement_group) | resource |
-| [aws_ami.amazon_linux](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |
-| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
-
-## Inputs
-
-No inputs.
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| [ec2\_complete\_arn](#output\_ec2\_complete\_arn) | The ARN of the instance |
-| [ec2\_complete\_availability\_zone](#output\_ec2\_complete\_availability\_zone) | The availability zone of the created instance |
-| [ec2\_complete\_capacity\_reservation\_specification](#output\_ec2\_complete\_capacity\_reservation\_specification) | Capacity reservation specification of the instance |
-| [ec2\_complete\_ebs\_block\_device](#output\_ec2\_complete\_ebs\_block\_device) | EBS block device information |
-| [ec2\_complete\_ephemeral\_block\_device](#output\_ec2\_complete\_ephemeral\_block\_device) | Ephemeral block device information |
-| [ec2\_complete\_iam\_instance\_profile\_arn](#output\_ec2\_complete\_iam\_instance\_profile\_arn) | ARN assigned by AWS to the instance profile |
-| [ec2\_complete\_iam\_instance\_profile\_id](#output\_ec2\_complete\_iam\_instance\_profile\_id) | Instance profile's ID |
-| [ec2\_complete\_iam\_instance\_profile\_unique](#output\_ec2\_complete\_iam\_instance\_profile\_unique) | Stable and unique string identifying the IAM instance profile |
-| [ec2\_complete\_iam\_role\_arn](#output\_ec2\_complete\_iam\_role\_arn) | The Amazon Resource Name (ARN) specifying the IAM role |
-| [ec2\_complete\_iam\_role\_name](#output\_ec2\_complete\_iam\_role\_name) | The name of the IAM role |
-| [ec2\_complete\_iam\_role\_unique\_id](#output\_ec2\_complete\_iam\_role\_unique\_id) | Stable and unique string identifying the IAM role |
-| [ec2\_complete\_id](#output\_ec2\_complete\_id) | The ID of the instance |
-| [ec2\_complete\_instance\_state](#output\_ec2\_complete\_instance\_state) | The state of the instance. One of: `pending`, `running`, `shutting-down`, `terminated`, `stopping`, `stopped` |
-| [ec2\_complete\_primary\_network\_interface\_id](#output\_ec2\_complete\_primary\_network\_interface\_id) | The ID of the instance's primary network interface |
-| [ec2\_complete\_private\_dns](#output\_ec2\_complete\_private\_dns) | The private DNS name assigned to the instance. Can only be used inside the Amazon EC2, and only available if you've enabled DNS hostnames for your VPC |
-| [ec2\_complete\_public\_dns](#output\_ec2\_complete\_public\_dns) | The public DNS name assigned to the instance. For EC2-VPC, this is only available if you've enabled DNS hostnames for your VPC |
-| [ec2\_complete\_public\_ip](#output\_ec2\_complete\_public\_ip) | The public IP address assigned to the instance, if applicable. NOTE: If you are using an aws\_eip with your instance, you should refer to the EIP's address directly and not use `public_ip` as this field will change after the EIP is attached |
-| [ec2\_complete\_root\_block\_device](#output\_ec2\_complete\_root\_block\_device) | Root block device information |
-| [ec2\_complete\_tags\_all](#output\_ec2\_complete\_tags\_all) | A map of tags assigned to the resource, including those inherited from the provider default\_tags configuration block |
-| [ec2\_ignore\_ami\_changes\_ami](#output\_ec2\_ignore\_ami\_changes\_ami) | The AMI of the instance (ignore\_ami\_changes = true) |
-| [ec2\_multiple](#output\_ec2\_multiple) | The full output of the `ec2_module` module |
-| [ec2\_spot\_instance\_arn](#output\_ec2\_spot\_instance\_arn) | The ARN of the instance |
-| [ec2\_spot\_instance\_capacity\_reservation\_specification](#output\_ec2\_spot\_instance\_capacity\_reservation\_specification) | Capacity reservation specification of the instance |
-| [ec2\_spot\_instance\_id](#output\_ec2\_spot\_instance\_id) | The ID of the instance |
-| [ec2\_spot\_instance\_instance\_state](#output\_ec2\_spot\_instance\_instance\_state) | The state of the instance. One of: `pending`, `running`, `shutting-down`, `terminated`, `stopping`, `stopped` |
-| [ec2\_spot\_instance\_primary\_network\_interface\_id](#output\_ec2\_spot\_instance\_primary\_network\_interface\_id) | The ID of the instance's primary network interface |
-| [ec2\_spot\_instance\_private\_dns](#output\_ec2\_spot\_instance\_private\_dns) | The private DNS name assigned to the instance. Can only be used inside the Amazon EC2, and only available if you've enabled DNS hostnames for your VPC |
-| [ec2\_spot\_instance\_public\_dns](#output\_ec2\_spot\_instance\_public\_dns) | The public DNS name assigned to the instance. For EC2-VPC, this is only available if you've enabled DNS hostnames for your VPC |
-| [ec2\_spot\_instance\_public\_ip](#output\_ec2\_spot\_instance\_public\_ip) | The public IP address assigned to the instance, if applicable. NOTE: If you are using an aws\_eip with your instance, you should refer to the EIP's address directly and not use `public_ip` as this field will change after the EIP is attached |
-| [ec2\_spot\_instance\_tags\_all](#output\_ec2\_spot\_instance\_tags\_all) | A map of tags assigned to the resource, including those inherited from the provider default\_tags configuration block |
-| [ec2\_t2\_unlimited\_arn](#output\_ec2\_t2\_unlimited\_arn) | The ARN of the instance |
-| [ec2\_t2\_unlimited\_availability\_zone](#output\_ec2\_t2\_unlimited\_availability\_zone) | The availability zone of the created instance |
-| [ec2\_t2\_unlimited\_capacity\_reservation\_specification](#output\_ec2\_t2\_unlimited\_capacity\_reservation\_specification) | Capacity reservation specification of the instance |
-| [ec2\_t2\_unlimited\_id](#output\_ec2\_t2\_unlimited\_id) | The ID of the instance |
-| [ec2\_t2\_unlimited\_instance\_state](#output\_ec2\_t2\_unlimited\_instance\_state) | The state of the instance. One of: `pending`, `running`, `shutting-down`, `terminated`, `stopping`, `stopped` |
-| [ec2\_t2\_unlimited\_primary\_network\_interface\_id](#output\_ec2\_t2\_unlimited\_primary\_network\_interface\_id) | The ID of the instance's primary network interface |
-| [ec2\_t2\_unlimited\_private\_dns](#output\_ec2\_t2\_unlimited\_private\_dns) | The private DNS name assigned to the instance. Can only be used inside the Amazon EC2, and only available if you've enabled DNS hostnames for your VPC |
-| [ec2\_t2\_unlimited\_public\_dns](#output\_ec2\_t2\_unlimited\_public\_dns) | The public DNS name assigned to the instance. For EC2-VPC, this is only available if you've enabled DNS hostnames for your VPC |
-| [ec2\_t2\_unlimited\_public\_ip](#output\_ec2\_t2\_unlimited\_public\_ip) | The public IP address assigned to the instance, if applicable. NOTE: If you are using an aws\_eip with your instance, you should refer to the EIP's address directly and not use `public_ip` as this field will change after the EIP is attached |
-| [ec2\_t2\_unlimited\_tags\_all](#output\_ec2\_t2\_unlimited\_tags\_all) | A map of tags assigned to the resource, including those inherited from the provider default\_tags configuration block |
-| [ec2\_t3\_unlimited\_arn](#output\_ec2\_t3\_unlimited\_arn) | The ARN of the instance |
-| [ec2\_t3\_unlimited\_availability\_zone](#output\_ec2\_t3\_unlimited\_availability\_zone) | The availability zone of the created instance |
-| [ec2\_t3\_unlimited\_capacity\_reservation\_specification](#output\_ec2\_t3\_unlimited\_capacity\_reservation\_specification) | Capacity reservation specification of the instance |
-| [ec2\_t3\_unlimited\_id](#output\_ec2\_t3\_unlimited\_id) | The ID of the instance |
-| [ec2\_t3\_unlimited\_instance\_state](#output\_ec2\_t3\_unlimited\_instance\_state) | The state of the instance. One of: `pending`, `running`, `shutting-down`, `terminated`, `stopping`, `stopped` |
-| [ec2\_t3\_unlimited\_primary\_network\_interface\_id](#output\_ec2\_t3\_unlimited\_primary\_network\_interface\_id) | The ID of the instance's primary network interface |
-| [ec2\_t3\_unlimited\_private\_dns](#output\_ec2\_t3\_unlimited\_private\_dns) | The private DNS name assigned to the instance. Can only be used inside the Amazon EC2, and only available if you've enabled DNS hostnames for your VPC |
-| [ec2\_t3\_unlimited\_public\_dns](#output\_ec2\_t3\_unlimited\_public\_dns) | The public DNS name assigned to the instance. For EC2-VPC, this is only available if you've enabled DNS hostnames for your VPC |
-| [ec2\_t3\_unlimited\_public\_ip](#output\_ec2\_t3\_unlimited\_public\_ip) | The public IP address assigned to the instance, if applicable. NOTE: If you are using an aws\_eip with your instance, you should refer to the EIP's address directly and not use `public_ip` as this field will change after the EIP is attached |
-| [ec2\_t3\_unlimited\_tags\_all](#output\_ec2\_t3\_unlimited\_tags\_all) | A map of tags assigned to the resource, including those inherited from the provider default\_tags configuration block |
-| [spot\_bid\_status](#output\_spot\_bid\_status) | The current bid status of the Spot Instance Request |
-| [spot\_instance\_availability\_zone](#output\_spot\_instance\_availability\_zone) | The availability zone of the created spot instance |
-| [spot\_instance\_id](#output\_spot\_instance\_id) | The Instance ID (if any) that is currently fulfilling the Spot Instance request |
-| [spot\_request\_state](#output\_spot\_request\_state) | The current request state of the Spot Instance Request |
-
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
deleted file mode 100644
index d43bf633..00000000
--- a/examples/complete/main.tf
+++ /dev/null
@@ -1,385 +0,0 @@
-provider "aws" {
- region = local.region
-}
-
-data "aws_availability_zones" "available" {}
-
-locals {
- name = "ex-${basename(path.cwd)}"
- region = "eu-west-1"
-
- vpc_cidr = "10.0.0.0/16"
- azs = slice(data.aws_availability_zones.available.names, 0, 3)
-
- user_data = <<-EOT
- #!/bin/bash
- echo "Hello Terraform!"
- EOT
-
- tags = {
- Name = local.name
- Example = local.name
- Repository = "https://github.com/terraform-aws-modules/terraform-aws-ec2-instance"
- }
-}
-
-################################################################################
-# EC2 Module
-################################################################################
-
-module "ec2_complete" {
- source = "../../"
-
- name = local.name
-
- ami = data.aws_ami.amazon_linux.id
- instance_type = "c5.xlarge" # used to set core count below
- availability_zone = element(module.vpc.azs, 0)
- subnet_id = element(module.vpc.private_subnets, 0)
- vpc_security_group_ids = [module.security_group.security_group_id]
- placement_group = aws_placement_group.web.id
- create_eip = true
- disable_api_stop = false
-
- create_iam_instance_profile = true
- iam_role_description = "IAM role for EC2 instance"
- iam_role_policies = {
- AdministratorAccess = "arn:aws:iam::aws:policy/AdministratorAccess"
- }
-
- # only one of these can be enabled at a time
- hibernation = true
- # enclave_options_enabled = true
-
- user_data_base64 = base64encode(local.user_data)
- user_data_replace_on_change = false
-
- cpu_options = {
- core_count = 2
- threads_per_core = 1
- }
- enable_volume_tags = false
- root_block_device = {
- encrypted = true
- type = "gp3"
- throughput = 200
- size = 50
- tags = {
- Name = "my-root-block"
- }
- }
-
- ebs_volumes = {
- "/dev/sdf" = {
- size = 5
- throughput = 200
- encrypted = true
- kms_key_id = aws_kms_key.this.arn
- tags = {
- MountPoint = "/mnt/data"
- }
- }
- }
-
- tags = local.tags
-}
-
-module "ec2_network_interface" {
- source = "../../"
-
- name = "${local.name}-network-interface"
-
- network_interface = {
- 0 = {
- network_interface_id = aws_network_interface.this.id
- delete_on_termination = false
- }
- }
-
- tags = local.tags
-}
-
-module "ec2_metadata_options" {
- source = "../../"
-
- name = "${local.name}-metadata-options"
-
- subnet_id = element(module.vpc.private_subnets, 0)
-
- metadata_options = {
- http_endpoint = "enabled"
- http_tokens = "required"
- http_put_response_hop_limit = 8
- instance_metadata_tags = "enabled"
- }
-
- tags = local.tags
-}
-
-module "ec2_t2_unlimited" {
- source = "../../"
-
- name = "${local.name}-t2-unlimited"
-
- instance_type = "t2.micro"
- cpu_credits = "unlimited"
- subnet_id = element(module.vpc.private_subnets, 0)
- associate_public_ip_address = true
-
- maintenance_options = {
- auto_recovery = "default"
- }
-
- tags = local.tags
-}
-
-module "ec2_t3_unlimited" {
- source = "../../"
-
- name = "${local.name}-t3-unlimited"
-
- instance_type = "t3.micro"
- cpu_credits = "unlimited"
- subnet_id = element(module.vpc.private_subnets, 0)
- associate_public_ip_address = true
-
- tags = local.tags
-}
-
-module "ec2_disabled" {
- source = "../../"
-
- create = false
-}
-
-################################################################################
-# EC2 Module - with ignore AMI changes
-################################################################################
-
-module "ec2_ignore_ami_changes" {
- source = "../../"
-
- name = "${local.name}-ignore-ami-changes"
-
- ignore_ami_changes = true
-
- ami = data.aws_ami.amazon_linux.id
- instance_type = "t2.micro"
- availability_zone = element(module.vpc.azs, 0)
- subnet_id = element(module.vpc.private_subnets, 0)
-
- tags = local.tags
-}
-
-################################################################################
-# EC2 Module - multiple instances with `for_each`
-################################################################################
-
-locals {
- multiple_instances = {
- one = {
- instance_type = "t3.micro"
- availability_zone = element(module.vpc.azs, 0)
- subnet_id = element(module.vpc.private_subnets, 0)
- root_block_device = {
- encrypted = true
- type = "gp3"
- throughput = 200
- size = 50
- tags = {
- Name = "my-root-block"
- }
- }
- }
- two = {
- instance_type = "t3.small"
- availability_zone = element(module.vpc.azs, 1)
- subnet_id = element(module.vpc.private_subnets, 1)
- root_block_device = {
- encrypted = true
- type = "gp2"
- size = 50
- }
- }
- three = {
- instance_type = "t3.medium"
- availability_zone = element(module.vpc.azs, 2)
- subnet_id = element(module.vpc.private_subnets, 2)
- }
- }
-}
-
-module "ec2_multiple" {
- source = "../../"
-
- for_each = local.multiple_instances
-
- name = "${local.name}-multi-${each.key}"
-
- instance_type = each.value.instance_type
- availability_zone = each.value.availability_zone
- subnet_id = each.value.subnet_id
-
- enable_volume_tags = false
- root_block_device = try(each.value.root_block_device, null)
-
- tags = local.tags
-}
-
-################################################################################
-# EC2 Module - spot instance request
-################################################################################
-
-module "ec2_spot_instance" {
- source = "../../"
-
- name = "${local.name}-spot-instance"
- create_spot_instance = true
-
- availability_zone = element(module.vpc.azs, 0)
- subnet_id = element(module.vpc.private_subnets, 0)
- vpc_security_group_ids = [module.security_group.security_group_id]
- associate_public_ip_address = true
-
- # Spot request specific attributes
- spot_price = "0.1"
- spot_wait_for_fulfillment = true
- spot_type = "persistent"
- # End spot request specific attributes
-
- user_data_base64 = base64encode(local.user_data)
-
- cpu_options = {
- core_count = 2
- threads_per_core = 1
- }
-
- enable_volume_tags = false
- root_block_device = {
- encrypted = true
- type = "gp3"
- throughput = 200
- size = 50
- tags = {
- Name = "my-root-block"
- }
- }
-
- ebs_volumes = {
- "/dev/sdf" = {
- size = 5
- throughput = 200
- encrypted = true
- # kms_key_id = aws_kms_key.this.arn # you must grant the AWSServiceRoleForEC2Spot service-linked role access to any custom KMS keys
- }
- }
-
- tags = local.tags
-}
-
-################################################################################
-# EC2 Module - Capacity Reservation
-################################################################################
-
-module "ec2_open_capacity_reservation" {
- source = "../../"
-
- name = "${local.name}-open-capacity-reservation"
-
- instance_type = "m4.large"
- subnet_id = element(module.vpc.private_subnets, 0)
- associate_public_ip_address = false
-
- capacity_reservation_specification = {
- capacity_reservation_target = {
- capacity_reservation_id = aws_ec2_capacity_reservation.open.id
- }
- }
-
- tags = local.tags
-}
-
-module "ec2_targeted_capacity_reservation" {
- source = "../../"
-
- name = "${local.name}-targeted-capacity-reservation"
-
- instance_type = "m4.large"
- subnet_id = element(module.vpc.private_subnets, 0)
- associate_public_ip_address = false
-
- capacity_reservation_specification = {
- capacity_reservation_target = {
- capacity_reservation_id = aws_ec2_capacity_reservation.targeted.id
- }
- }
-
- tags = local.tags
-}
-
-resource "aws_ec2_capacity_reservation" "open" {
- instance_type = "m4.large"
- instance_platform = "Linux/UNIX"
- availability_zone = "${local.region}a"
- instance_count = 1
- instance_match_criteria = "open"
-}
-
-resource "aws_ec2_capacity_reservation" "targeted" {
- instance_type = "m4.large"
- instance_platform = "Linux/UNIX"
- availability_zone = "${local.region}a"
- instance_count = 1
- instance_match_criteria = "targeted"
-}
-
-################################################################################
-# Supporting Resources
-################################################################################
-
-module "vpc" {
- source = "terraform-aws-modules/vpc/aws"
- version = "~> 6.0"
-
- name = local.name
- cidr = local.vpc_cidr
-
- azs = local.azs
- private_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 4, k)]
- public_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k + 48)]
-
- tags = local.tags
-}
-
-data "aws_ami" "amazon_linux" {
- most_recent = true
- owners = ["amazon"]
- name_regex = "^al2023-ami-2023.*-x86_64"
-}
-
-module "security_group" {
- source = "terraform-aws-modules/security-group/aws"
- version = "~> 5.0"
-
- name = local.name
- description = "Security group for example usage with EC2 instance"
- vpc_id = module.vpc.vpc_id
-
- ingress_cidr_blocks = ["0.0.0.0/0"]
- ingress_rules = ["http-80-tcp", "all-icmp"]
-
- tags = local.tags
-}
-
-resource "aws_placement_group" "web" {
- name = local.name
- strategy = "cluster"
-}
-
-resource "aws_kms_key" "this" {
-}
-
-resource "aws_network_interface" "this" {
- subnet_id = element(module.vpc.private_subnets, 0)
- security_groups = [module.security_group.security_group_id]
-}
diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf
deleted file mode 100644
index cb32c4f3..00000000
--- a/examples/complete/outputs.tf
+++ /dev/null
@@ -1,275 +0,0 @@
-# EC2 Complete
-output "ec2_complete_id" {
- description = "The ID of the instance"
- value = module.ec2_complete.id
-}
-
-output "ec2_complete_arn" {
- description = "The ARN of the instance"
- value = module.ec2_complete.arn
-}
-
-output "ec2_complete_capacity_reservation_specification" {
- description = "Capacity reservation specification of the instance"
- value = module.ec2_complete.capacity_reservation_specification
-}
-
-output "ec2_complete_instance_state" {
- description = "The state of the instance. One of: `pending`, `running`, `shutting-down`, `terminated`, `stopping`, `stopped`"
- value = module.ec2_complete.instance_state
-}
-
-output "ec2_complete_primary_network_interface_id" {
- description = "The ID of the instance's primary network interface"
- value = module.ec2_complete.primary_network_interface_id
-}
-
-output "ec2_complete_private_dns" {
- description = "The private DNS name assigned to the instance. Can only be used inside the Amazon EC2, and only available if you've enabled DNS hostnames for your VPC"
- value = module.ec2_complete.private_dns
-}
-
-output "ec2_complete_public_dns" {
- description = "The public DNS name assigned to the instance. For EC2-VPC, this is only available if you've enabled DNS hostnames for your VPC"
- value = module.ec2_complete.public_dns
-}
-
-output "ec2_complete_public_ip" {
- description = "The public IP address assigned to the instance, if applicable. NOTE: If you are using an aws_eip with your instance, you should refer to the EIP's address directly and not use `public_ip` as this field will change after the EIP is attached"
- value = module.ec2_complete.public_ip
-}
-
-output "ec2_complete_tags_all" {
- description = "A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block"
- value = module.ec2_complete.tags_all
-}
-
-output "ec2_complete_iam_role_name" {
- description = "The name of the IAM role"
- value = module.ec2_complete.iam_role_name
-}
-
-output "ec2_complete_iam_role_arn" {
- description = "The Amazon Resource Name (ARN) specifying the IAM role"
- value = module.ec2_complete.iam_role_arn
-}
-
-output "ec2_complete_iam_role_unique_id" {
- description = "Stable and unique string identifying the IAM role"
- value = module.ec2_complete.iam_role_unique_id
-}
-
-output "ec2_complete_iam_instance_profile_arn" {
- description = "ARN assigned by AWS to the instance profile"
- value = module.ec2_complete.iam_instance_profile_arn
-}
-
-output "ec2_complete_iam_instance_profile_id" {
- description = "Instance profile's ID"
- value = module.ec2_complete.iam_instance_profile_id
-}
-
-output "ec2_complete_iam_instance_profile_unique" {
- description = "Stable and unique string identifying the IAM instance profile"
- value = module.ec2_complete.iam_instance_profile_unique
-}
-
-output "ec2_complete_root_block_device" {
- description = "Root block device information"
- value = module.ec2_complete.root_block_device
-}
-
-output "ec2_complete_ebs_block_device" {
- description = "EBS block device information"
- value = module.ec2_complete.ebs_block_device
-}
-
-output "ec2_complete_ephemeral_block_device" {
- description = "Ephemeral block device information"
- value = module.ec2_complete.ephemeral_block_device
-}
-
-output "ec2_complete_availability_zone" {
- description = "The availability zone of the created instance"
- value = module.ec2_complete.availability_zone
-}
-
-# EC2 T2 Unlimited
-output "ec2_t2_unlimited_id" {
- description = "The ID of the instance"
- value = module.ec2_t2_unlimited.id
-}
-
-output "ec2_t2_unlimited_arn" {
- description = "The ARN of the instance"
- value = module.ec2_t2_unlimited.arn
-}
-
-output "ec2_t2_unlimited_capacity_reservation_specification" {
- description = "Capacity reservation specification of the instance"
- value = module.ec2_t2_unlimited.capacity_reservation_specification
-}
-
-output "ec2_t2_unlimited_instance_state" {
- description = "The state of the instance. One of: `pending`, `running`, `shutting-down`, `terminated`, `stopping`, `stopped`"
- value = module.ec2_t2_unlimited.instance_state
-}
-
-output "ec2_t2_unlimited_primary_network_interface_id" {
- description = "The ID of the instance's primary network interface"
- value = module.ec2_t2_unlimited.primary_network_interface_id
-}
-
-output "ec2_t2_unlimited_private_dns" {
- description = "The private DNS name assigned to the instance. Can only be used inside the Amazon EC2, and only available if you've enabled DNS hostnames for your VPC"
- value = module.ec2_t2_unlimited.private_dns
-}
-
-output "ec2_t2_unlimited_public_dns" {
- description = "The public DNS name assigned to the instance. For EC2-VPC, this is only available if you've enabled DNS hostnames for your VPC"
- value = module.ec2_t2_unlimited.public_dns
-}
-
-output "ec2_t2_unlimited_public_ip" {
- description = "The public IP address assigned to the instance, if applicable. NOTE: If you are using an aws_eip with your instance, you should refer to the EIP's address directly and not use `public_ip` as this field will change after the EIP is attached"
- value = module.ec2_t2_unlimited.public_ip
-}
-
-output "ec2_t2_unlimited_tags_all" {
- description = "A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block"
- value = module.ec2_t2_unlimited.tags_all
-}
-
-output "ec2_t2_unlimited_availability_zone" {
- description = "The availability zone of the created instance"
- value = module.ec2_t2_unlimited.availability_zone
-}
-
-# EC2 T3 Unlimited
-output "ec2_t3_unlimited_id" {
- description = "The ID of the instance"
- value = module.ec2_t3_unlimited.id
-}
-
-output "ec2_t3_unlimited_arn" {
- description = "The ARN of the instance"
- value = module.ec2_t3_unlimited.arn
-}
-
-output "ec2_t3_unlimited_capacity_reservation_specification" {
- description = "Capacity reservation specification of the instance"
- value = module.ec2_t3_unlimited.capacity_reservation_specification
-}
-
-output "ec2_t3_unlimited_instance_state" {
- description = "The state of the instance. One of: `pending`, `running`, `shutting-down`, `terminated`, `stopping`, `stopped`"
- value = module.ec2_t3_unlimited.instance_state
-}
-
-output "ec2_t3_unlimited_primary_network_interface_id" {
- description = "The ID of the instance's primary network interface"
- value = module.ec2_t3_unlimited.primary_network_interface_id
-}
-
-output "ec2_t3_unlimited_private_dns" {
- description = "The private DNS name assigned to the instance. Can only be used inside the Amazon EC2, and only available if you've enabled DNS hostnames for your VPC"
- value = module.ec2_t3_unlimited.private_dns
-}
-
-output "ec2_t3_unlimited_public_dns" {
- description = "The public DNS name assigned to the instance. For EC2-VPC, this is only available if you've enabled DNS hostnames for your VPC"
- value = module.ec2_t3_unlimited.public_dns
-}
-
-output "ec2_t3_unlimited_public_ip" {
- description = "The public IP address assigned to the instance, if applicable. NOTE: If you are using an aws_eip with your instance, you should refer to the EIP's address directly and not use `public_ip` as this field will change after the EIP is attached"
- value = module.ec2_t3_unlimited.public_ip
-}
-
-output "ec2_t3_unlimited_tags_all" {
- description = "A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block"
- value = module.ec2_t3_unlimited.tags_all
-}
-
-output "ec2_t3_unlimited_availability_zone" {
- description = "The availability zone of the created instance"
- value = module.ec2_t3_unlimited.availability_zone
-}
-
-# EC2 with ignore AMI changes
-output "ec2_ignore_ami_changes_ami" {
- description = "The AMI of the instance (ignore_ami_changes = true)"
- value = module.ec2_ignore_ami_changes.ami
-}
-
-# EC2 Multiple
-output "ec2_multiple" {
- description = "The full output of the `ec2_module` module"
- value = module.ec2_multiple
-}
-
-# EC2 Spot Instance
-output "ec2_spot_instance_id" {
- description = "The ID of the instance"
- value = module.ec2_spot_instance.id
-}
-
-output "ec2_spot_instance_arn" {
- description = "The ARN of the instance"
- value = module.ec2_spot_instance.arn
-}
-
-output "ec2_spot_instance_capacity_reservation_specification" {
- description = "Capacity reservation specification of the instance"
- value = module.ec2_spot_instance.capacity_reservation_specification
-}
-
-output "ec2_spot_instance_instance_state" {
- description = "The state of the instance. One of: `pending`, `running`, `shutting-down`, `terminated`, `stopping`, `stopped`"
- value = module.ec2_spot_instance.instance_state
-}
-
-output "ec2_spot_instance_primary_network_interface_id" {
- description = "The ID of the instance's primary network interface"
- value = module.ec2_spot_instance.primary_network_interface_id
-}
-
-output "ec2_spot_instance_private_dns" {
- description = "The private DNS name assigned to the instance. Can only be used inside the Amazon EC2, and only available if you've enabled DNS hostnames for your VPC"
- value = module.ec2_spot_instance.private_dns
-}
-
-output "ec2_spot_instance_public_dns" {
- description = "The public DNS name assigned to the instance. For EC2-VPC, this is only available if you've enabled DNS hostnames for your VPC"
- value = module.ec2_spot_instance.public_dns
-}
-
-output "ec2_spot_instance_public_ip" {
- description = "The public IP address assigned to the instance, if applicable. NOTE: If you are using an aws_eip with your instance, you should refer to the EIP's address directly and not use `public_ip` as this field will change after the EIP is attached"
- value = module.ec2_spot_instance.public_ip
-}
-
-output "ec2_spot_instance_tags_all" {
- description = "A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block"
- value = module.ec2_spot_instance.tags_all
-}
-
-output "spot_bid_status" {
- description = "The current bid status of the Spot Instance Request"
- value = module.ec2_spot_instance.spot_bid_status
-}
-
-output "spot_request_state" {
- description = "The current request state of the Spot Instance Request"
- value = module.ec2_spot_instance.spot_request_state
-}
-
-output "spot_instance_id" {
- description = "The Instance ID (if any) that is currently fulfilling the Spot Instance request"
- value = module.ec2_spot_instance.spot_instance_id
-}
-
-output "spot_instance_availability_zone" {
- description = "The availability zone of the created spot instance"
- value = module.ec2_spot_instance.availability_zone
-}
diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
deleted file mode 100644
index e69de29b..00000000
diff --git a/examples/complete/versions.tf b/examples/complete/versions.tf
deleted file mode 100644
index db13b0a8..00000000
--- a/examples/complete/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
- required_version = ">= 1.5.7"
-
- required_providers {
- aws = {
- source = "hashicorp/aws"
- version = ">= 6.0"
- }
- }
-}
diff --git a/examples/session-manager/README.md b/examples/session-manager/README.md
deleted file mode 100644
index d0ef062c..00000000
--- a/examples/session-manager/README.md
+++ /dev/null
@@ -1,82 +0,0 @@
-# EC2 instance w/ private network access via Session Manager
-
-The configuration in this directory creates an EC2 instance not connected to the Internet that can be accessed using Session Manager through VPC Endpoints.
-
-This example outputs instance id, ARN, state, and tags.
-
-## Usage
-
-To run this example you need to execute:
-
-```bash
-$ terraform init
-$ terraform plan
-$ terraform apply
-```
-
-You can verify that SSM is setup correctly by connecting to the instance. The example output provides the AWS CLI command to connect to the instance under the output `ssm_connect_command` which will look like:
-
-```bash
-aws ssm start-session --target --region
-```
-
-You will need to have the Session Manager plugin for the AWS CLI installed to execute the command. Instructions for installing can be found [here](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html).
-
-Note that this example may create resources which can cost money. Run `terraform destroy` when you don't need these resources.
-
-
-## Requirements
-
-| Name | Version |
-|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.5.7 |
-| [aws](#requirement\_aws) | >= 6.0 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| [aws](#provider\_aws) | >= 6.0 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| [ec2](#module\_ec2) | ../../ | n/a |
-| [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 6.0 |
-| [vpc\_endpoints](#module\_vpc\_endpoints) | terraform-aws-modules/vpc/aws//modules/vpc-endpoints | ~> 6.0 |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_availability_zones.available](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones) | data source |
-
-## Inputs
-
-No inputs.
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| [ec2\_arn](#output\_ec2\_arn) | The ARN of the instance |
-| [ec2\_capacity\_reservation\_specification](#output\_ec2\_capacity\_reservation\_specification) | Capacity reservation specification of the instance |
-| [ec2\_ebs\_block\_device](#output\_ec2\_ebs\_block\_device) | EBS block device information |
-| [ec2\_ephemeral\_block\_device](#output\_ec2\_ephemeral\_block\_device) | Ephemeral block device information |
-| [ec2\_iam\_instance\_profile\_arn](#output\_ec2\_iam\_instance\_profile\_arn) | ARN assigned by AWS to the instance profile |
-| [ec2\_iam\_instance\_profile\_id](#output\_ec2\_iam\_instance\_profile\_id) | Instance profile's ID |
-| [ec2\_iam\_instance\_profile\_unique](#output\_ec2\_iam\_instance\_profile\_unique) | Stable and unique string identifying the IAM instance profile |
-| [ec2\_iam\_role\_arn](#output\_ec2\_iam\_role\_arn) | The Amazon Resource Name (ARN) specifying the IAM role |
-| [ec2\_iam\_role\_name](#output\_ec2\_iam\_role\_name) | The name of the IAM role |
-| [ec2\_iam\_role\_unique\_id](#output\_ec2\_iam\_role\_unique\_id) | Stable and unique string identifying the IAM role |
-| [ec2\_id](#output\_ec2\_id) | The ID of the instance |
-| [ec2\_instance\_state](#output\_ec2\_instance\_state) | The state of the instance. One of: `pending`, `running`, `shutting-down`, `terminated`, `stopping`, `stopped` |
-| [ec2\_primary\_network\_interface\_id](#output\_ec2\_primary\_network\_interface\_id) | The ID of the instance's primary network interface |
-| [ec2\_private\_dns](#output\_ec2\_private\_dns) | The private DNS name assigned to the instance. Can only be used inside the Amazon EC2, and only available if you've enabled DNS hostnames for your VPC |
-| [ec2\_public\_dns](#output\_ec2\_public\_dns) | The public DNS name assigned to the instance. For EC2-VPC, this is only available if you've enabled DNS hostnames for your VPC |
-| [ec2\_public\_ip](#output\_ec2\_public\_ip) | The public IP address assigned to the instance, if applicable. NOTE: If you are using an aws\_eip with your instance, you should refer to the EIP's address directly and not use `public_ip` as this field will change after the EIP is attached |
-| [ec2\_root\_block\_device](#output\_ec2\_root\_block\_device) | Root block device information |
-| [ec2\_tags\_all](#output\_ec2\_tags\_all) | A map of tags assigned to the resource, including those inherited from the provider default\_tags configuration block |
-| [ssm\_connect\_command](#output\_ssm\_connect\_command) | The AWS CLI command to connect to the instance using Session Manager |
-
diff --git a/examples/session-manager/main.tf b/examples/session-manager/main.tf
deleted file mode 100644
index e58cb4e2..00000000
--- a/examples/session-manager/main.tf
+++ /dev/null
@@ -1,92 +0,0 @@
-provider "aws" {
- region = local.region
-}
-
-data "aws_availability_zones" "available" {}
-
-locals {
- name = "ex-${basename(path.cwd)}"
- region = "eu-west-1"
-
- vpc_cidr = "10.0.0.0/16"
- azs = slice(data.aws_availability_zones.available.names, 0, 3)
-
- tags = {
- Name = local.name
- Example = local.name
- Repository = "https://github.com/terraform-aws-modules/terraform-aws-ec2-instance"
- }
-}
-
-################################################################################
-# EC2 Module
-################################################################################
-
-module "ec2" {
- source = "../../"
-
- name = local.name
-
- subnet_id = element(module.vpc.intra_subnets, 0)
- security_group_egress_rules = {
- vpc-endpoints = {
- description = "Allow outbound traffic to VPC endpoints"
- cidr_ipv4 = module.vpc.vpc_cidr_block
- from_port = 443
- }
- }
-
- create_iam_instance_profile = true
- iam_role_description = "IAM role for EC2 instance"
- iam_role_policies = {
- AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
- }
-
- tags = local.tags
-}
-
-################################################################################
-# Supporting Resources
-################################################################################
-
-module "vpc" {
- source = "terraform-aws-modules/vpc/aws"
- version = "~> 6.0"
-
- name = local.name
- cidr = local.vpc_cidr
-
- azs = local.azs
- intra_subnets = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)]
-
- tags = local.tags
-}
-
-module "vpc_endpoints" {
- source = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints"
- version = "~> 6.0"
-
- vpc_id = module.vpc.vpc_id
-
- endpoints = { for service in toset(["ssm", "ssmmessages", "ec2messages"]) :
- replace(service, ".", "_") =>
- {
- service = service
- subnet_ids = module.vpc.intra_subnets
- private_dns_enabled = true
- tags = { Name = "${local.name}-${service}" }
- }
- }
-
- create_security_group = true
- security_group_name_prefix = "${local.name}-vpc-endpoints-"
- security_group_description = "VPC endpoint security group"
- security_group_rules = {
- ingress_https = {
- description = "HTTPS from subnets"
- cidr_blocks = module.vpc.intra_subnets_cidr_blocks
- }
- }
-
- tags = local.tags
-}
diff --git a/examples/session-manager/outputs.tf b/examples/session-manager/outputs.tf
deleted file mode 100644
index 4324ddc5..00000000
--- a/examples/session-manager/outputs.tf
+++ /dev/null
@@ -1,94 +0,0 @@
-output "ec2_id" {
- description = "The ID of the instance"
- value = module.ec2.id
-}
-
-output "ec2_arn" {
- description = "The ARN of the instance"
- value = module.ec2.arn
-}
-
-output "ec2_capacity_reservation_specification" {
- description = "Capacity reservation specification of the instance"
- value = module.ec2.capacity_reservation_specification
-}
-
-output "ec2_instance_state" {
- description = "The state of the instance. One of: `pending`, `running`, `shutting-down`, `terminated`, `stopping`, `stopped`"
- value = module.ec2.instance_state
-}
-
-output "ec2_primary_network_interface_id" {
- description = "The ID of the instance's primary network interface"
- value = module.ec2.primary_network_interface_id
-}
-
-output "ec2_private_dns" {
- description = "The private DNS name assigned to the instance. Can only be used inside the Amazon EC2, and only available if you've enabled DNS hostnames for your VPC"
- value = module.ec2.private_dns
-}
-
-output "ec2_public_dns" {
- description = "The public DNS name assigned to the instance. For EC2-VPC, this is only available if you've enabled DNS hostnames for your VPC"
- value = module.ec2.public_dns
-}
-
-output "ec2_public_ip" {
- description = "The public IP address assigned to the instance, if applicable. NOTE: If you are using an aws_eip with your instance, you should refer to the EIP's address directly and not use `public_ip` as this field will change after the EIP is attached"
- value = module.ec2.public_ip
-}
-
-output "ec2_tags_all" {
- description = "A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block"
- value = module.ec2.tags_all
-}
-
-output "ec2_iam_role_name" {
- description = "The name of the IAM role"
- value = module.ec2.iam_role_name
-}
-
-output "ec2_iam_role_arn" {
- description = "The Amazon Resource Name (ARN) specifying the IAM role"
- value = module.ec2.iam_role_arn
-}
-
-output "ec2_iam_role_unique_id" {
- description = "Stable and unique string identifying the IAM role"
- value = module.ec2.iam_role_unique_id
-}
-
-output "ec2_iam_instance_profile_arn" {
- description = "ARN assigned by AWS to the instance profile"
- value = module.ec2.iam_instance_profile_arn
-}
-
-output "ec2_iam_instance_profile_id" {
- description = "Instance profile's ID"
- value = module.ec2.iam_instance_profile_id
-}
-
-output "ec2_iam_instance_profile_unique" {
- description = "Stable and unique string identifying the IAM instance profile"
- value = module.ec2.iam_instance_profile_unique
-}
-
-output "ec2_root_block_device" {
- description = "Root block device information"
- value = module.ec2.root_block_device
-}
-
-output "ec2_ebs_block_device" {
- description = "EBS block device information"
- value = module.ec2.ebs_block_device
-}
-
-output "ec2_ephemeral_block_device" {
- description = "Ephemeral block device information"
- value = module.ec2.ephemeral_block_device
-}
-
-output "ssm_connect_command" {
- description = "The AWS CLI command to connect to the instance using Session Manager"
- value = "aws ssm start-session --target ${module.ec2.id} --region ${local.region}"
-}
diff --git a/examples/session-manager/variables.tf b/examples/session-manager/variables.tf
deleted file mode 100644
index e69de29b..00000000
diff --git a/examples/session-manager/versions.tf b/examples/session-manager/versions.tf
deleted file mode 100644
index db13b0a8..00000000
--- a/examples/session-manager/versions.tf
+++ /dev/null
@@ -1,10 +0,0 @@
-terraform {
- required_version = ">= 1.5.7"
-
- required_providers {
- aws = {
- source = "hashicorp/aws"
- version = ">= 6.0"
- }
- }
-}
diff --git a/examples/standardized-complete-import/main.tf b/examples/standardized-complete-import/main.tf
new file mode 100644
index 00000000..8e8e75c1
--- /dev/null
+++ b/examples/standardized-complete-import/main.tf
@@ -0,0 +1,212 @@
+# ==============================================================================
+# STANDARDIZED EC2 INSTANCE EXAMPLE - COMPLETE CONFIGURATION
+# ==============================================================================
+# This example follows strict standards for LLM code generation:
+# 1. NO terraform/provider blocks (handled by Terragrunt)
+# 2. Standardized module name "ec2_instance" for consistent output references
+# 3. All variables use var. prefix
+# 4. Import blocks for existing resources
+# 5. Consistent structure and naming patterns
+# ==============================================================================
+
+# ==============================================================================
+# IMPORT EXISTING RESOURCES (when importing)
+# ==============================================================================
+
+# Import existing EC2 instance
+import {
+ to = module.ec2_instance.aws_instance.this[0]
+ id = var.instance_id # Provided during import operation
+}
+
+# Import existing security group (if not creating new one)
+import {
+ to = module.ec2_instance.aws_security_group.this[0]
+ id = var.existing_security_group_id
+}
+
+# Import existing IAM role (if not creating new one)
+import {
+ to = module.ec2_instance.aws_iam_role.this[0]
+ id = var.existing_iam_role_name
+}
+
+# ==============================================================================
+# MAIN MODULE CONFIGURATION
+# ==============================================================================
+# CRITICAL: Module name MUST be "ec2_instance" for consistent output references
+# This ensures outputs.tf can reliably reference module.ec2_instance.*
+
+module "ec2_instance" {
+ source = var.module_source
+
+ # ==============================================================================
+ # BASIC CONFIGURATION
+ # ==============================================================================
+
+ create = var.create
+ name = var.name
+ region = var.region
+
+ # ==============================================================================
+ # AMI AND INSTANCE CONFIGURATION
+ # ==============================================================================
+
+ ami = var.ami
+ ami_ssm_parameter = var.ami_ssm_parameter
+ ignore_ami_changes = var.ignore_ami_changes
+ instance_type = var.instance_type
+
+ # ==============================================================================
+ # NETWORK CONFIGURATION
+ # ==============================================================================
+
+ associate_public_ip_address = var.associate_public_ip_address
+ availability_zone = var.availability_zone
+ subnet_id = var.subnet_id
+ vpc_security_group_ids = var.vpc_security_group_ids
+ private_ip = var.private_ip
+ secondary_private_ips = var.secondary_private_ips
+ ipv6_address_count = var.ipv6_address_count
+ ipv6_addresses = var.ipv6_addresses
+ enable_primary_ipv6 = var.enable_primary_ipv6
+ source_dest_check = var.source_dest_check
+
+ # ==============================================================================
+ # STORAGE CONFIGURATION
+ # ==============================================================================
+
+ ebs_optimized = var.ebs_optimized
+ root_block_device = var.root_block_device
+ ebs_volumes = var.ebs_volumes
+ ephemeral_block_device = var.ephemeral_block_device
+
+ # ==============================================================================
+ # SECURITY AND ACCESS CONFIGURATION
+ # ==============================================================================
+
+ key_name = var.key_name
+ get_password_data = var.get_password_data
+ iam_instance_profile = var.iam_instance_profile
+ disable_api_termination = var.disable_api_termination
+ disable_api_stop = var.disable_api_stop
+
+ # ==============================================================================
+ # METADATA AND MONITORING CONFIGURATION
+ # ==============================================================================
+
+ metadata_options = var.metadata_options
+ monitoring = var.monitoring
+ enclave_options_enabled = var.enclave_options_enabled
+
+ # ==============================================================================
+ # ADVANCED CONFIGURATION
+ # ==============================================================================
+
+ cpu_options = var.cpu_options
+ cpu_credits = var.cpu_credits
+ capacity_reservation_specification = var.capacity_reservation_specification
+ hibernation = var.hibernation
+ host_id = var.host_id
+ host_resource_group_arn = var.host_resource_group_arn
+ tenancy = var.tenancy
+ placement_group = var.placement_group
+ placement_partition_number = var.placement_partition_number
+
+ # ==============================================================================
+ # LIFECYCLE AND MAINTENANCE
+ # ==============================================================================
+
+ instance_initiated_shutdown_behavior = var.instance_initiated_shutdown_behavior
+ maintenance_options = var.maintenance_options
+ private_dns_name_options = var.private_dns_name_options
+
+ # ==============================================================================
+ # USER DATA AND INITIALIZATION
+ # ==============================================================================
+
+ user_data = var.user_data
+ user_data_base64 = var.user_data_base64
+ user_data_replace_on_change = var.user_data_replace_on_change
+
+ # ==============================================================================
+ # SPOT INSTANCE CONFIGURATION
+ # ==============================================================================
+
+ create_spot_instance = var.create_spot_instance
+ spot_price = var.spot_price
+ spot_wait_for_fulfillment = var.spot_wait_for_fulfillment
+ spot_type = var.spot_type
+ spot_instance_interruption_behavior = var.spot_instance_interruption_behavior
+ spot_launch_group = var.spot_launch_group
+ spot_valid_from = var.spot_valid_from
+ spot_valid_until = var.spot_valid_until
+
+ # ==============================================================================
+ # NETWORK INTERFACE CONFIGURATION
+ # ==============================================================================
+
+ network_interface = var.network_interface
+
+ # ==============================================================================
+ # LAUNCH TEMPLATE CONFIGURATION
+ # ==============================================================================
+
+ launch_template = var.launch_template
+ instance_market_options = var.instance_market_options
+
+ # ==============================================================================
+ # TAGGING CONFIGURATION
+ # ==============================================================================
+
+ tags = var.tags
+ instance_tags = var.instance_tags
+ volume_tags = var.volume_tags
+ enable_volume_tags = var.enable_volume_tags
+
+ # ==============================================================================
+ # TIMEOUT CONFIGURATION
+ # ==============================================================================
+
+ timeouts = var.timeouts
+
+ # ==============================================================================
+ # IAM ROLE AND INSTANCE PROFILE CONFIGURATION
+ # ==============================================================================
+
+ create_iam_instance_profile = var.create_iam_instance_profile
+ iam_role_name = var.iam_role_name
+ iam_role_use_name_prefix = var.iam_role_use_name_prefix
+ iam_role_path = var.iam_role_path
+ iam_role_description = var.iam_role_description
+ iam_role_permissions_boundary = var.iam_role_permissions_boundary
+ iam_role_policies = var.iam_role_policies
+ iam_role_tags = var.iam_role_tags
+
+ # ==============================================================================
+ # SECURITY GROUP CONFIGURATION
+ # ==============================================================================
+
+ create_security_group = var.create_security_group
+ security_group_name = var.security_group_name
+ security_group_use_name_prefix = var.security_group_use_name_prefix
+ security_group_description = var.security_group_description
+ security_group_vpc_id = var.security_group_vpc_id
+ security_group_tags = var.security_group_tags
+ security_group_egress_rules = var.security_group_egress_rules
+ security_group_ingress_rules = var.security_group_ingress_rules
+
+ # ==============================================================================
+ # ELASTIC IP CONFIGURATION
+ # ==============================================================================
+
+ create_eip = var.create_eip
+ eip_domain = var.eip_domain
+ eip_tags = var.eip_tags
+
+ # ==============================================================================
+ # LEGACY/COMPATIBILITY VARIABLES
+ # ==============================================================================
+
+ putin_khuylo = var.putin_khuylo
+}
\ No newline at end of file
diff --git a/examples/standardized-complete-import/outputs.tf b/examples/standardized-complete-import/outputs.tf
new file mode 100644
index 00000000..674791f9
--- /dev/null
+++ b/examples/standardized-complete-import/outputs.tf
@@ -0,0 +1,283 @@
+# ==============================================================================
+# STANDARDIZED OUTPUT DEFINITIONS
+# ==============================================================================
+# This file uses the standardized module name "ec2_instance" for consistent
+# references. All outputs follow the pattern: module.ec2_instance.*
+# This ensures LLM can reliably generate correct output references.
+# ==============================================================================
+
+# ==============================================================================
+# INSTANCE INFORMATION OUTPUTS
+# ==============================================================================
+
+output "instance_id" {
+ description = "The ID of the EC2 instance"
+ value = module.ec2_instance.id
+}
+
+output "instance_arn" {
+ description = "The ARN of the EC2 instance"
+ value = module.ec2_instance.arn
+}
+
+output "instance_state" {
+ description = "The state of the instance (pending, running, shutting-down, terminated, stopping, stopped)"
+ value = module.ec2_instance.instance_state
+}
+
+output "availability_zone" {
+ description = "The availability zone of the instance"
+ value = module.ec2_instance.availability_zone
+}
+
+output "placement_group" {
+ description = "The placement group of the instance"
+ value = module.ec2_instance.placement_group
+}
+
+output "capacity_reservation_specification" {
+ description = "Capacity reservation specification of the instance"
+ value = module.ec2_instance.capacity_reservation_specification
+}
+
+# ==============================================================================
+# NETWORK INFORMATION OUTPUTS
+# ==============================================================================
+
+output "private_ip" {
+ description = "The private IP address assigned to the instance"
+ value = module.ec2_instance.private_ip
+}
+
+output "public_ip" {
+ description = "The public IP address assigned to the instance (if applicable)"
+ value = module.ec2_instance.public_ip
+}
+
+output "private_dns" {
+ description = "The private DNS name assigned to the instance"
+ value = module.ec2_instance.private_dns
+}
+
+output "public_dns" {
+ description = "The public DNS name assigned to the instance"
+ value = module.ec2_instance.public_dns
+}
+
+output "primary_network_interface_id" {
+ description = "The ID of the instance's primary network interface"
+ value = module.ec2_instance.primary_network_interface_id
+}
+
+output "security_groups" {
+ description = "List of security group IDs associated with the instance"
+ value = module.ec2_instance.security_groups
+}
+
+output "vpc_security_group_ids" {
+ description = "List of VPC security group IDs associated with the instance"
+ value = module.ec2_instance.vpc_security_group_ids
+}
+
+# ==============================================================================
+# SECURITY INFORMATION OUTPUTS
+# ==============================================================================
+
+output "iam_role_name" {
+ description = "The name of the IAM role attached to the instance"
+ value = module.ec2_instance.iam_role_name
+}
+
+output "iam_role_arn" {
+ description = "The ARN of the IAM role attached to the instance"
+ value = module.ec2_instance.iam_role_arn
+}
+
+output "iam_role_unique_id" {
+ description = "Stable and unique string identifying the IAM role"
+ value = module.ec2_instance.iam_role_unique_id
+}
+
+output "iam_instance_profile_arn" {
+ description = "ARN assigned by AWS to the instance profile"
+ value = module.ec2_instance.iam_instance_profile_arn
+}
+
+output "iam_instance_profile_id" {
+ description = "Instance profile's ID"
+ value = module.ec2_instance.iam_instance_profile_id
+}
+
+output "iam_instance_profile_unique" {
+ description = "Stable and unique string identifying the IAM instance profile"
+ value = module.ec2_instance.iam_instance_profile_unique
+}
+
+output "security_group_arn" {
+ description = "ARN of the security group created by the module"
+ value = module.ec2_instance.security_group_arn
+}
+
+output "security_group_id" {
+ description = "ID of the security group created by the module"
+ value = module.ec2_instance.security_group_id
+}
+
+# ==============================================================================
+# STORAGE INFORMATION OUTPUTS
+# ==============================================================================
+
+output "root_block_device" {
+ description = "Root block device information"
+ value = module.ec2_instance.root_block_device
+ sensitive = false
+}
+
+output "ebs_block_device" {
+ description = "EBS block device information"
+ value = module.ec2_instance.ebs_block_device
+ sensitive = false
+}
+
+output "ephemeral_block_device" {
+ description = "Ephemeral block device information"
+ value = module.ec2_instance.ephemeral_block_device
+ sensitive = false
+}
+
+# ==============================================================================
+# SPOT INSTANCE OUTPUTS
+# ==============================================================================
+
+output "spot_bid_status" {
+ description = "The current bid status of the Spot Instance Request"
+ value = module.ec2_instance.spot_bid_status
+}
+
+output "spot_request_state" {
+ description = "The current request state of the Spot Instance Request"
+ value = module.ec2_instance.spot_request_state
+}
+
+output "spot_instance_id" {
+ description = "The Instance ID (if any) that is currently fulfilling the Spot Instance request"
+ value = module.ec2_instance.spot_instance_id
+}
+
+# ==============================================================================
+# ELASTIC IP OUTPUTS
+# ==============================================================================
+
+output "eip_id" {
+ description = "Contains the EIP allocation ID"
+ value = module.ec2_instance.eip_id
+}
+
+output "eip_association_id" {
+ description = "Contains the EIP association ID"
+ value = module.ec2_instance.eip_association_id
+}
+
+output "eip_domain" {
+ description = "Indicates if this EIP is for use in VPC"
+ value = module.ec2_instance.eip_domain
+}
+
+output "eip_public_dns" {
+ description = "Public DNS associated with the Elastic IP address"
+ value = module.ec2_instance.eip_public_dns
+}
+
+output "eip_public_ip" {
+ description = "Contains the public IP address"
+ value = module.ec2_instance.eip_public_ip
+}
+
+# ==============================================================================
+# ADDITIONAL METADATA OUTPUTS
+# ==============================================================================
+
+output "ami" {
+ description = "The AMI ID used for the instance"
+ value = module.ec2_instance.ami
+}
+
+output "instance_type" {
+ description = "The instance type used for the instance"
+ value = module.ec2_instance.instance_type
+}
+
+output "key_name" {
+ description = "The key name used for the instance"
+ value = module.ec2_instance.key_name
+}
+
+output "monitoring" {
+ description = "Whether detailed monitoring is enabled"
+ value = module.ec2_instance.monitoring
+}
+
+output "tags_all" {
+ description = "A map of tags assigned to the resource, including those inherited from the provider"
+ value = module.ec2_instance.tags_all
+ sensitive = false
+}
+
+# ==============================================================================
+# CPU AND PERFORMANCE OUTPUTS
+# ==============================================================================
+
+output "cpu_options" {
+ description = "The CPU options of the instance"
+ value = module.ec2_instance.cpu_options
+ sensitive = false
+}
+
+output "credit_specification" {
+ description = "Credit specification of the instance"
+ value = module.ec2_instance.credit_specification
+ sensitive = false
+}
+
+# ==============================================================================
+# AGGREGATED OUTPUTS FOR AUTOMATION
+# ==============================================================================
+
+output "instance_summary" {
+ description = "Summary of key instance information for automation and monitoring"
+ value = {
+ id = module.ec2_instance.id
+ arn = module.ec2_instance.arn
+ instance_type = module.ec2_instance.instance_type
+ availability_zone = module.ec2_instance.availability_zone
+ private_ip = module.ec2_instance.private_ip
+ public_ip = module.ec2_instance.public_ip
+ state = module.ec2_instance.instance_state
+ monitoring = module.ec2_instance.monitoring
+ }
+ sensitive = false
+}
+
+output "network_summary" {
+ description = "Summary of network configuration for automation"
+ value = {
+ private_ip = module.ec2_instance.private_ip
+ public_ip = module.ec2_instance.public_ip
+ private_dns = module.ec2_instance.private_dns
+ public_dns = module.ec2_instance.public_dns
+ primary_network_interface_id = module.ec2_instance.primary_network_interface_id
+ security_groups = module.ec2_instance.security_groups
+ }
+ sensitive = false
+}
+
+output "security_summary" {
+ description = "Summary of security configuration for compliance reporting"
+ value = {
+ iam_role_arn = module.ec2_instance.iam_role_arn
+ iam_instance_profile_arn = module.ec2_instance.iam_instance_profile_arn
+ security_group_id = module.ec2_instance.security_group_id
+ key_name = module.ec2_instance.key_name
+ }
+ sensitive = false
+}
\ No newline at end of file
diff --git a/examples/standardized-complete-import/variables.tf b/examples/standardized-complete-import/variables.tf
new file mode 100644
index 00000000..c29aaad6
--- /dev/null
+++ b/examples/standardized-complete-import/variables.tf
@@ -0,0 +1,799 @@
+# ==============================================================================
+# STANDARDIZED VARIABLE DEFINITIONS FOR EC2 INSTANCE MODULE
+# ==============================================================================
+# This file follows strict standards for LLM code generation:
+# 1. All variables include comprehensive documentation
+# 2. Proper type definitions and validation rules
+# 3. Import-specific variables for existing resources
+# 4. Consistent naming and structure
+# 5. Real-world examples and use cases
+# ==============================================================================
+
+# ==============================================================================
+# MODULE SOURCE CONFIGURATION
+# ==============================================================================
+
+variable "module_source" {
+ description = "Source path for the EC2 instance module. Must be specified for consistent module referencing."
+ type = string
+ default = "git::https://github.com/terraform-aws-modules/terraform-aws-ec2-instance.git?ref=v5.6.0"
+
+ validation {
+ condition = length(var.module_source) > 0
+ error_message = "Module source cannot be empty."
+ }
+}
+
+# ==============================================================================
+# IMPORT-SPECIFIC VARIABLES
+# ==============================================================================
+# These variables are used when importing existing AWS resources
+
+variable "instance_id" {
+ description = "The ID of the existing EC2 instance to import. Required when importing existing instances."
+ type = string
+ default = null
+
+ validation {
+ condition = var.instance_id == null || can(regex("^i-[0-9a-f]{8,17}$", var.instance_id))
+ error_message = "Instance ID must be in the format i-xxxxxxxx or i-xxxxxxxxxxxxxxxxx."
+ }
+}
+
+variable "existing_security_group_id" {
+ description = "The ID of the existing security group to import. Used when importing existing security groups."
+ type = string
+ default = null
+
+ validation {
+ condition = var.existing_security_group_id == null || can(regex("^sg-[0-9a-f]{8,17}$", var.existing_security_group_id))
+ error_message = "Security group ID must be in the format sg-xxxxxxxx or sg-xxxxxxxxxxxxxxxxx."
+ }
+}
+
+variable "existing_iam_role_name" {
+ description = "The name of the existing IAM role to import. Used when importing existing IAM roles."
+ type = string
+ default = null
+
+ validation {
+ condition = var.existing_iam_role_name == null || can(regex("^[a-zA-Z0-9+=,.@_-]+$", var.existing_iam_role_name))
+ error_message = "IAM role name must contain only alphanumeric characters and +=,.@_- characters."
+ }
+}
+
+# ==============================================================================
+# BASIC CONFIGURATION
+# ==============================================================================
+
+variable "create" {
+ description = "Whether to create an EC2 instance. Set to false to skip instance creation entirely."
+ type = bool
+ default = true
+}
+
+variable "name" {
+ description = "Name to be used on EC2 instance created. This will be used for the Name tag and resource naming."
+ type = string
+
+ validation {
+ condition = length(var.name) > 0 && length(var.name) <= 255
+ error_message = "Name must be between 1 and 255 characters."
+ }
+
+ validation {
+ condition = can(regex("^[a-zA-Z0-9-_]*$", var.name))
+ error_message = "Name must contain only alphanumeric characters, hyphens, and underscores."
+ }
+}
+
+variable "region" {
+ description = "AWS region where the EC2 instance will be created. If null, uses provider default region."
+ type = string
+ default = null
+
+ validation {
+ condition = var.region == null || can(regex("^[a-z]{2}-[a-z]+-[0-9]$", var.region))
+ error_message = "Region must be a valid AWS region format (e.g., us-east-1, eu-west-1)."
+ }
+}
+
+# ==============================================================================
+# AMI AND INSTANCE TYPE CONFIGURATION
+# ==============================================================================
+
+variable "ami" {
+ description = "ID of AMI to use for the instance. If null, will use ami_ssm_parameter to fetch latest AMI."
+ type = string
+ default = null
+
+ validation {
+ condition = var.ami == null || can(regex("^ami-[0-9a-f]{8,17}$", var.ami))
+ error_message = "AMI ID must be in the format ami-xxxxxxxx or ami-xxxxxxxxxxxxxxxxx."
+ }
+}
+
+variable "ami_ssm_parameter" {
+ description = "SSM parameter name for the AMI ID. Used when ami is null to fetch the latest AMI automatically."
+ type = string
+ default = "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64"
+
+ validation {
+ condition = can(regex("^/", var.ami_ssm_parameter))
+ error_message = "SSM parameter must start with a forward slash (/)."
+ }
+}
+
+variable "ignore_ami_changes" {
+ description = "Whether changes to the AMI ID should be ignored by Terraform. Useful for preventing instance replacement when AMI updates."
+ type = bool
+ default = false
+}
+
+variable "instance_type" {
+ description = "The type of instance to start. Choose based on your performance and cost requirements."
+ type = string
+ default = "t3.micro"
+
+ validation {
+ condition = can(regex("^[a-z][0-9][a-z]*\\.[a-z0-9]+$", var.instance_type))
+ error_message = "Instance type must be a valid EC2 instance type (e.g., t3.micro, m5.large, c5.xlarge)."
+ }
+}
+
+# ==============================================================================
+# NETWORK CONFIGURATION
+# ==============================================================================
+
+variable "associate_public_ip_address" {
+ description = "Whether to associate a public IP address with an instance in a VPC. Required for internet access in public subnets."
+ type = bool
+ default = null
+}
+
+variable "availability_zone" {
+ description = "AZ to start the instance in. If not specified, AWS will choose automatically within the region."
+ type = string
+ default = null
+
+ validation {
+ condition = var.availability_zone == null || can(regex("^[a-z]{2}-[a-z]+-[0-9][a-z]$", var.availability_zone))
+ error_message = "Availability zone must be in the format region+letter (e.g., us-east-1a, eu-west-1b)."
+ }
+}
+
+variable "subnet_id" {
+ description = "The VPC Subnet ID to launch the instance in. Must be in the same AZ as availability_zone if specified."
+ type = string
+ default = null
+
+ validation {
+ condition = var.subnet_id == null || can(regex("^subnet-[0-9a-f]{8,17}$", var.subnet_id))
+ error_message = "Subnet ID must be in the format subnet-xxxxxxxx or subnet-xxxxxxxxxxxxxxxxx."
+ }
+}
+
+variable "vpc_security_group_ids" {
+ description = "A list of security group IDs to associate with the instance. Controls network access rules."
+ type = list(string)
+ default = []
+
+ validation {
+ condition = alltrue([
+ for sg in var.vpc_security_group_ids : can(regex("^sg-[0-9a-f]{8,17}$", sg))
+ ])
+ error_message = "All security group IDs must be in the format sg-xxxxxxxx or sg-xxxxxxxxxxxxxxxxx."
+ }
+}
+
+variable "private_ip" {
+ description = "Private IP address to associate with the instance in a VPC. Must be within the subnet CIDR range."
+ type = string
+ default = null
+}
+
+variable "secondary_private_ips" {
+ description = "A list of secondary private IPv4 addresses to assign to the instance's primary network interface."
+ type = list(string)
+ default = null
+}
+
+variable "ipv6_address_count" {
+ description = "A number of IPv6 addresses to associate with the primary network interface."
+ type = number
+ default = null
+
+ validation {
+ condition = var.ipv6_address_count == null || (var.ipv6_address_count >= 0 && var.ipv6_address_count <= 16)
+ error_message = "IPv6 address count must be between 0 and 16."
+ }
+}
+
+variable "ipv6_addresses" {
+ description = "Specify one or more IPv6 addresses from the range of the subnet to associate with the primary network interface."
+ type = list(string)
+ default = null
+}
+
+variable "enable_primary_ipv6" {
+ description = "Whether to assign a primary IPv6 Global Unicast Address (GUA) to the instance when launched in a dual-stack or IPv6-only subnet."
+ type = bool
+ default = null
+}
+
+variable "source_dest_check" {
+ description = "Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs."
+ type = bool
+ default = null
+}
+
+# ==============================================================================
+# STORAGE CONFIGURATION
+# ==============================================================================
+
+variable "ebs_optimized" {
+ description = "If true, the launched EC2 instance will be EBS-optimized. Improves EBS performance for supported instance types."
+ type = bool
+ default = null
+}
+
+variable "root_block_device" {
+ description = "Customize details about the root block device of the instance. Controls OS disk configuration."
+ type = object({
+ delete_on_termination = optional(bool, true)
+ encrypted = optional(bool, true)
+ iops = optional(number)
+ kms_key_id = optional(string)
+ tags = optional(map(string), {})
+ throughput = optional(number)
+ size = optional(number, 20)
+ type = optional(string, "gp3")
+ })
+ default = null
+}
+
+variable "ebs_volumes" {
+ description = "Additional EBS volumes to attach to the instance. Map key will be used as device name if device_name not specified."
+ type = map(object({
+ encrypted = optional(bool, true)
+ final_snapshot = optional(bool, false)
+ iops = optional(number)
+ kms_key_id = optional(string)
+ multi_attach_enabled = optional(bool, false)
+ outpost_arn = optional(string)
+ size = optional(number, 10)
+ snapshot_id = optional(string)
+ tags = optional(map(string), {})
+ throughput = optional(number)
+ type = optional(string, "gp3")
+ device_name = optional(string)
+ force_detach = optional(bool, false)
+ skip_destroy = optional(bool, false)
+ stop_instance_before_detaching = optional(bool, false)
+ }))
+ default = null
+}
+
+variable "ephemeral_block_device" {
+ description = "Customize Ephemeral (also known as Instance Store) volumes on the instance. Temporary storage that's lost on stop/terminate."
+ type = map(object({
+ device_name = string
+ no_device = optional(bool)
+ virtual_name = optional(string)
+ }))
+ default = null
+}
+
+# ==============================================================================
+# SECURITY AND ACCESS CONFIGURATION
+# ==============================================================================
+
+variable "key_name" {
+ description = "Key name of the Key Pair to use for the instance. Required for SSH access to Linux instances."
+ type = string
+ default = null
+}
+
+variable "get_password_data" {
+ description = "If true, wait for password data to become available and retrieve it. Useful for Windows instances."
+ type = bool
+ default = null
+}
+
+variable "iam_instance_profile" {
+ description = "IAM Instance Profile to launch the instance with. Provides AWS API access to the instance."
+ type = string
+ default = null
+}
+
+variable "disable_api_termination" {
+ description = "If true, enables EC2 Instance Termination Protection. Prevents accidental termination via API."
+ type = bool
+ default = null
+}
+
+variable "disable_api_stop" {
+ description = "If true, enables EC2 Instance Stop Protection. Prevents accidental stopping via API."
+ type = bool
+ default = null
+}
+
+# ==============================================================================
+# METADATA AND MONITORING CONFIGURATION
+# ==============================================================================
+
+variable "metadata_options" {
+ description = "Customize the metadata options of the instance. Controls access to instance metadata service."
+ type = object({
+ http_endpoint = optional(string, "enabled")
+ http_protocol_ipv6 = optional(string, "disabled")
+ http_put_response_hop_limit = optional(number, 1)
+ http_tokens = optional(string, "required")
+ instance_metadata_tags = optional(string, "disabled")
+ })
+ default = {
+ http_endpoint = "enabled"
+ http_put_response_hop_limit = 1
+ http_tokens = "required"
+ }
+}
+
+variable "monitoring" {
+ description = "If true, the launched EC2 instance will have detailed monitoring enabled. Provides 1-minute CloudWatch metrics."
+ type = bool
+ default = null
+}
+
+variable "enclave_options_enabled" {
+ description = "Whether Nitro Enclaves will be enabled on the instance. Provides isolated compute environments."
+ type = bool
+ default = null
+}
+
+# ==============================================================================
+# ADVANCED CONFIGURATION
+# ==============================================================================
+
+variable "cpu_options" {
+ description = "Defines CPU options to apply to the instance at launch time. Useful for licensing optimization."
+ type = object({
+ amd_sev_snp = optional(string)
+ core_count = optional(number)
+ threads_per_core = optional(number)
+ })
+ default = null
+}
+
+variable "cpu_credits" {
+ description = "The credit option for CPU usage (unlimited or standard). Only applicable to burstable performance instances (T2/T3/T4g)."
+ type = string
+ default = null
+
+ validation {
+ condition = var.cpu_credits == null || contains(["standard", "unlimited"], var.cpu_credits)
+ error_message = "CPU credits must be 'standard' or 'unlimited'."
+ }
+}
+
+variable "capacity_reservation_specification" {
+ description = "Describes an instance's Capacity Reservation targeting option. Ensures capacity availability."
+ type = object({
+ capacity_reservation_preference = optional(string)
+ capacity_reservation_target = optional(object({
+ capacity_reservation_id = optional(string)
+ capacity_reservation_resource_group_arn = optional(string)
+ }))
+ })
+ default = null
+}
+
+variable "hibernation" {
+ description = "If true, the launched EC2 instance will support hibernation. Saves instance state to EBS."
+ type = bool
+ default = null
+}
+
+variable "host_id" {
+ description = "ID of a dedicated host that the instance will be assigned to. Use when an instance is to be launched on a specific dedicated host."
+ type = string
+ default = null
+}
+
+variable "host_resource_group_arn" {
+ description = "ARN of the host resource group in which to launch the instances. If you specify an ARN, omit the tenancy parameter or set it to host."
+ type = string
+ default = null
+}
+
+variable "tenancy" {
+ description = "The tenancy of the instance (if the instance is running in a VPC). Available values: default, dedicated, host."
+ type = string
+ default = null
+
+ validation {
+ condition = var.tenancy == null || contains(["default", "dedicated", "host"], var.tenancy)
+ error_message = "Tenancy must be 'default', 'dedicated', or 'host'."
+ }
+}
+
+variable "placement_group" {
+ description = "The Placement Group to start the instance in. Provides low latency networking between instances."
+ type = string
+ default = null
+}
+
+variable "placement_partition_number" {
+ description = "Number of the partition the instance is in. Valid only if the aws_placement_group resource's strategy argument is set to partition."
+ type = number
+ default = null
+
+ validation {
+ condition = var.placement_partition_number == null || (var.placement_partition_number >= 1 && var.placement_partition_number <= 7)
+ error_message = "Placement partition number must be between 1 and 7."
+ }
+}
+
+# ==============================================================================
+# LIFECYCLE AND MAINTENANCE
+# ==============================================================================
+
+variable "instance_initiated_shutdown_behavior" {
+ description = "Shutdown behavior for the instance. Amazon defaults this to stop for EBS-backed instances and terminate for instance-store instances."
+ type = string
+ default = null
+
+ validation {
+ condition = var.instance_initiated_shutdown_behavior == null || contains(["stop", "terminate"], var.instance_initiated_shutdown_behavior)
+ error_message = "Instance initiated shutdown behavior must be 'stop' or 'terminate'."
+ }
+}
+
+variable "maintenance_options" {
+ description = "The maintenance options for the instance. Controls automatic recovery behavior."
+ type = object({
+ auto_recovery = optional(string, "default")
+ })
+ default = null
+}
+
+variable "private_dns_name_options" {
+ description = "Customize the private DNS name options of the instance. Controls DNS resolution behavior."
+ type = object({
+ enable_resource_name_dns_a_record = optional(bool)
+ enable_resource_name_dns_aaaa_record = optional(bool)
+ hostname_type = optional(string)
+ })
+ default = null
+}
+
+# ==============================================================================
+# USER DATA AND INITIALIZATION
+# ==============================================================================
+
+variable "user_data" {
+ description = "The user data to provide when launching the instance. Do not pass gzip-compressed data via this argument."
+ type = string
+ default = null
+}
+
+variable "user_data_base64" {
+ description = "Can be used instead of user_data to pass base64-encoded binary data directly. Use this for gzip-compressed data."
+ type = string
+ default = null
+}
+
+variable "user_data_replace_on_change" {
+ description = "When used in combination with user_data or user_data_base64 will trigger a destroy and recreate when set to true."
+ type = bool
+ default = null
+}
+
+# ==============================================================================
+# SPOT INSTANCE CONFIGURATION
+# ==============================================================================
+
+variable "create_spot_instance" {
+ description = "Depicts if the instance is a spot instance. Spot instances can save up to 90% of On-Demand costs."
+ type = bool
+ default = false
+}
+
+variable "spot_price" {
+ description = "The maximum price to request on the spot market. Defaults to on-demand price if not specified."
+ type = string
+ default = null
+}
+
+variable "spot_wait_for_fulfillment" {
+ description = "If set, Terraform will wait for the Spot Request to be fulfilled, and will throw an error if the timeout of 10m is reached."
+ type = bool
+ default = null
+}
+
+variable "spot_type" {
+ description = "If set to one-time, after the instance is terminated, the spot request will be closed. Default persistent."
+ type = string
+ default = null
+
+ validation {
+ condition = var.spot_type == null || contains(["one-time", "persistent"], var.spot_type)
+ error_message = "Spot type must be 'one-time' or 'persistent'."
+ }
+}
+
+variable "spot_instance_interruption_behavior" {
+ description = "Indicates Spot instance behavior when it is interrupted. Valid values are terminate, stop, or hibernate."
+ type = string
+ default = null
+
+ validation {
+ condition = var.spot_instance_interruption_behavior == null || contains(["terminate", "stop", "hibernate"], var.spot_instance_interruption_behavior)
+ error_message = "Spot interruption behavior must be 'terminate', 'stop', or 'hibernate'."
+ }
+}
+
+variable "spot_launch_group" {
+ description = "A launch group is a group of spot instances that launch together and terminate together. If left empty instances are launched and terminated individually."
+ type = string
+ default = null
+}
+
+variable "spot_valid_from" {
+ description = "The start date and time of the request, in UTC RFC3339 format (for example, YYYY-MM-DDTHH:MM:SSZ)."
+ type = string
+ default = null
+}
+
+variable "spot_valid_until" {
+ description = "The end date and time of the request, in UTC RFC3339 format (for example, YYYY-MM-DDTHH:MM:SSZ)."
+ type = string
+ default = null
+}
+
+# ==============================================================================
+# NETWORK INTERFACE CONFIGURATION
+# ==============================================================================
+
+variable "network_interface" {
+ description = "Customize network interfaces to be attached at instance boot time. For advanced networking scenarios."
+ type = map(object({
+ delete_on_termination = optional(bool, true)
+ device_index = optional(number)
+ network_card_index = optional(number, 0)
+ network_interface_id = string
+ }))
+ default = null
+}
+
+# ==============================================================================
+# LAUNCH TEMPLATE CONFIGURATION
+# ==============================================================================
+
+variable "launch_template" {
+ description = "Specifies a Launch Template to configure the instance. Parameters configured on this resource will override the corresponding parameters in the Launch Template."
+ type = object({
+ id = optional(string)
+ name = optional(string)
+ version = optional(string)
+ })
+ default = null
+}
+
+variable "instance_market_options" {
+ description = "The market (purchasing) option for the instance. If set, overrides the create_spot_instance variable."
+ type = object({
+ market_type = optional(string, "spot")
+ spot_options = optional(object({
+ instance_interruption_behavior = optional(string, "terminate")
+ max_price = optional(string)
+ spot_instance_type = optional(string, "one-time")
+ valid_until = optional(string)
+ }))
+ })
+ default = null
+}
+
+# ==============================================================================
+# TAGGING CONFIGURATION
+# ==============================================================================
+
+variable "tags" {
+ description = "A mapping of tags to assign to the resource. These tags will be applied to the EC2 instance."
+ type = map(string)
+ default = {}
+}
+
+variable "instance_tags" {
+ description = "Additional tags for the instance. These will be merged with the tags variable."
+ type = map(string)
+ default = {}
+}
+
+variable "volume_tags" {
+ description = "A mapping of tags to assign to the devices created by the instance at launch time."
+ type = map(string)
+ default = {}
+}
+
+variable "enable_volume_tags" {
+ description = "Whether to enable volume tags (if enabled it conflicts with root_block_device tags)."
+ type = bool
+ default = true
+}
+
+# ==============================================================================
+# TIMEOUT CONFIGURATION
+# ==============================================================================
+
+variable "timeouts" {
+ description = "Define maximum timeout for creating, updating, and deleting EC2 instance resources."
+ type = map(string)
+ default = {}
+}
+
+# ==============================================================================
+# IAM ROLE AND INSTANCE PROFILE CONFIGURATION
+# ==============================================================================
+
+variable "create_iam_instance_profile" {
+ description = "Determines whether an IAM instance profile is created or to use an existing IAM instance profile."
+ type = bool
+ default = false
+}
+
+variable "iam_role_name" {
+ description = "Name to use on IAM role created. If null, will use the instance name."
+ type = string
+ default = null
+}
+
+variable "iam_role_use_name_prefix" {
+ description = "Determines whether the IAM role name (iam_role_name or name) is used as a prefix."
+ type = bool
+ default = true
+}
+
+variable "iam_role_path" {
+ description = "IAM role path. Must begin and end with a forward slash."
+ type = string
+ default = null
+}
+
+variable "iam_role_description" {
+ description = "Description of the IAM role created for the instance."
+ type = string
+ default = null
+}
+
+variable "iam_role_permissions_boundary" {
+ description = "ARN of the policy that is used to set the permissions boundary for the IAM role."
+ type = string
+ default = null
+}
+
+variable "iam_role_policies" {
+ description = "Policies attached to the IAM role. Map of policy names to policy ARNs."
+ type = map(string)
+ default = {}
+}
+
+variable "iam_role_tags" {
+ description = "A map of additional tags to add to the IAM role/profile created."
+ type = map(string)
+ default = {}
+}
+
+# ==============================================================================
+# SECURITY GROUP CONFIGURATION
+# ==============================================================================
+
+variable "create_security_group" {
+ description = "Determines whether a security group will be created for the instance."
+ type = bool
+ default = true
+}
+
+variable "security_group_name" {
+ description = "Name to use on security group created. If null, will use the instance name."
+ type = string
+ default = null
+}
+
+variable "security_group_use_name_prefix" {
+ description = "Determines whether the security group name (security_group_name or name) is used as a prefix."
+ type = bool
+ default = true
+}
+
+variable "security_group_description" {
+ description = "Description of the security group created for the instance."
+ type = string
+ default = null
+}
+
+variable "security_group_vpc_id" {
+ description = "VPC ID to create the security group in. If not set, the security group will be created in the default VPC."
+ type = string
+ default = null
+}
+
+variable "security_group_tags" {
+ description = "A map of additional tags to add to the security group created."
+ type = map(string)
+ default = {}
+}
+
+variable "security_group_egress_rules" {
+ description = "Egress rules to add to the security group. Controls outbound traffic from the instance."
+ type = map(object({
+ cidr_ipv4 = optional(string)
+ cidr_ipv6 = optional(string)
+ description = optional(string)
+ from_port = optional(number)
+ ip_protocol = optional(string, "tcp")
+ prefix_list_id = optional(string)
+ referenced_security_group_id = optional(string)
+ tags = optional(map(string), {})
+ to_port = optional(number)
+ }))
+ default = {
+ ipv4_default = {
+ cidr_ipv4 = "0.0.0.0/0"
+ description = "Allow all IPv4 traffic"
+ ip_protocol = "-1"
+ }
+ }
+}
+
+variable "security_group_ingress_rules" {
+ description = "Ingress rules to add to the security group. Controls inbound traffic to the instance."
+ type = map(object({
+ cidr_ipv4 = optional(string)
+ cidr_ipv6 = optional(string)
+ description = optional(string)
+ from_port = optional(number)
+ ip_protocol = optional(string, "tcp")
+ prefix_list_id = optional(string)
+ referenced_security_group_id = optional(string)
+ tags = optional(map(string), {})
+ to_port = optional(number)
+ }))
+ default = null
+}
+
+# ==============================================================================
+# ELASTIC IP CONFIGURATION
+# ==============================================================================
+
+variable "create_eip" {
+ description = "Determines whether a public EIP will be created and associated with the instance."
+ type = bool
+ default = false
+}
+
+variable "eip_domain" {
+ description = "Indicates if this EIP is for use in VPC. Should always be 'vpc' for modern AWS usage."
+ type = string
+ default = "vpc"
+
+ validation {
+ condition = contains(["vpc", "standard"], var.eip_domain)
+ error_message = "EIP domain must be 'vpc' or 'standard'."
+ }
+}
+
+variable "eip_tags" {
+ description = "A map of additional tags to add to the Elastic IP."
+ type = map(string)
+ default = {}
+}
+
+# ==============================================================================
+# LEGACY/COMPATIBILITY VARIABLES
+# ==============================================================================
+
+variable "putin_khuylo" {
+ description = "Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!"
+ type = bool
+ default = true
+}
\ No newline at end of file