diff --git a/README.md b/README.md index 2dfc040..7d93432 100644 --- a/README.md +++ b/README.md @@ -129,6 +129,7 @@ module "example" { | private\_reverse\_zone\_id | The DNS Zone ID in which to create private reverse lookup records. | `string` | n/a | yes | | private\_zone\_id | The DNS Zone ID in which to create private lookup records. | `string` | n/a | yes | | public\_zone\_id | The DNS Zone ID in which to create public lookup records. | `string` | n/a | yes | +| root\_disk\_size | The size of the OpenVPN instance's root disk in GiB. | `number` | `8` | no | | security\_groups | Additional security group ids the server will join. | `list(string)` | `[]` | no | | ssm\_dh4096\_pem | The SSM key that contains the Diffie Hellman pem. | `string` | `"/openvpn/server/dh4096.pem"` | no | | ssm\_read\_role\_accounts\_allowed | A list of accounts allowed to access the role that can read SSM keys. | `list(string)` | `[]` | no | diff --git a/ec2.tf b/ec2.tf index 1ee814b..09c2f88 100644 --- a/ec2.tf +++ b/ec2.tf @@ -31,5 +31,9 @@ resource "aws_instance" "openvpn" { # Require IMDS tokens AKA require the use of IMDSv2 http_tokens = "required" } + root_block_device { + volume_size = var.root_disk_size + volume_type = "gp3" + } iam_instance_profile = aws_iam_instance_profile.instance_profile.name } diff --git a/variables.tf b/variables.tf index 9d0bf71..e64114f 100644 --- a/variables.tf +++ b/variables.tf @@ -165,6 +165,12 @@ variable "security_groups" { default = [] } +variable "root_disk_size" { + type = number + description = "The size of the OpenVPN instance's root disk in GiB." + default = 8 +} + variable "ssm_dh4096_pem" { type = string description = "The SSM key that contains the Diffie Hellman pem."