From 23114e1baf452347158dc8ccd42c5a42b06873a5 Mon Sep 17 00:00:00 2001
From: sylvain zaki <szaki@splio.com>
Date: Mon, 9 Dec 2019 17:34:21 +0100
Subject: [PATCH] Add encrypted option for root block device and add ebs
 specifications

---
 modules/consul-cluster/main.tf      |  9 ++++++++
 modules/consul-cluster/variables.tf | 36 +++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+)

diff --git a/modules/consul-cluster/main.tf b/modules/consul-cluster/main.tf
index 139789c8..49cac3ec 100644
--- a/modules/consul-cluster/main.tf
+++ b/modules/consul-cluster/main.tf
@@ -75,10 +75,19 @@ resource "aws_launch_configuration" "launch_configuration" {
 
   ebs_optimized = var.root_volume_ebs_optimized
 
+  ebs_block_device {
+    device_name           = var.ebs_device_name
+    volume_size           = var.ebs_volume_size
+    volume_type           = var.ebs_volume_type
+    delete_on_termination = var.ebs_volume_delete_on_termination
+    encrypted             = var.ebs_volume_encrypted
+  }
+
   root_block_device {
     volume_type           = var.root_volume_type
     volume_size           = var.root_volume_size
     delete_on_termination = var.root_volume_delete_on_termination
+    encrypted             = var.root_volume_encrypted
   }
 
   # Important note: whenever using a launch configuration with an auto scaling group, you must set
diff --git a/modules/consul-cluster/variables.tf b/modules/consul-cluster/variables.tf
index 762180c0..2425a493 100644
--- a/modules/consul-cluster/variables.tf
+++ b/modules/consul-cluster/variables.tf
@@ -164,6 +164,42 @@ variable "root_volume_delete_on_termination" {
   default     = true
 }
 
+variable "root_volume_encrypted" {
+  description = "If true, the root volume will be encrypted."
+  type        = bool
+  default     = false
+}
+
+variable "ebs_device_name" {
+  description = "The name of the ebs volume. For example /dev/sdb"
+  type        = bool
+  default     = "/dev/sdb"
+}
+
+variable "ebs_volume_size" {
+  description = "The size, in GB, of the ebs EBS volume."
+  type        = bool
+  default     = number
+}
+
+variable "ebs_volume_type" {
+  description = "The type of volume. Must be one of: standard, gp2, or io1.."
+  type        = string
+  default     = "standard"
+}
+
+variable "ebs_volume_delete_on_termination" {
+  description = "Whether the volume should be destroyed on instance termination."
+  type        = bool
+  default     = true
+}
+
+variable "ebs_volume_encrypted" {
+  description = "If true, the root volume will be encrypted."
+  type        = bool
+  default     = false
+}
+
 variable "wait_for_capacity_timeout" {
   description = "A maximum duration that Terraform should wait for ASG instances to be healthy before timing out. Setting this to '0' causes Terraform to skip all Capacity Waiting behavior."
   type        = string