feat: add new ec2 instance types (#43)

* feat: add new ec2 instance types * fix: update ec2 types
zscaler · Sep 26, 2023 · d7157dd · d7157dd
1 parent 3764201
commit d7157dd
Show file tree

Hide file tree

Showing 39 changed files with 317 additions and 266 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,23 +1,25 @@
-## URELEASED (TBD)
-* Autoscaling support
+## v1.0.0 (TBD)
+* Auto Scaling Group official release
     - add: terraform-zscc-asg-aws module
     - add: terraform-zscc-asg-labda-aws module
     - change: IAM policies for ASG lifecycle and Cloudwatch metrics
     - GWLB condition changes for ASG instance based target group requirements
-* Product code change to support service interface (now ENA0) and management interface (now ENA1) swap for both autoscaling and non-autoscaling deployments
-* terraform-zscc-ccvm-aws outputs
+* Medium and Large Cloud Connector instance official release
+* service interface (now ENA0) and management interface (now ENA1) swap for both autoscaling and non-autoscaling deployments
+* EC2 instance type changes:
+    - new default/recommend EC2 type for small CCs: m6i.large
+    - add: m5n, m6i, m6a, c6i, and c6a family support
+    - remove: m5 family support
+* module terraform-zscc-ccvm-aws outputs changes:
     - rename service_eni_1 output to management_eni
     - rename private_ip output to forwarding_ip
     - rename cc_service_private_ip to management_ip
     - add forwarding_eni
-
-## UNRELEASED (TBD)
-* Medium and Large Cloud Connector instance support
-* module terraform-zscc-gwlb-aws:
+* module terraform-zscc-gwlb-aws changes:
     - resource aws_lb_target_group_attachment.gwlb_target_group_attachment_small renamed to aws_lb_target_group_attachment.gwlb_target_group_attachment
     - rename variable cc_small_service_ips to cc_service_ips
     - remove dedicated CC Medium/Large additional service IP dependencies from target group attachment
-* module terraform-zscc-ccvm-aws:
+* module terraform-zscc-ccvm-aws changes:
     - remove secondary IP address from network interface index #1
     - add interface device index #5 for "large" CC.
 

diff --git a/examples/base_1cc/README.md b/examples/base_1cc/README.md
@@ -89,10 +89,10 @@ From base_1cc directory execute:
 | <a name="input_az_count"></a> [az\_count](#input\_az\_count) | Default number of subnets to create based on availability zone | `number` | `1` | no |
 | <a name="input_bastion_nsg_source_prefix"></a> [bastion\_nsg\_source\_prefix](#input\_bastion\_nsg\_source\_prefix) | CIDR blocks of trusted networks for bastion host ssh access | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
 | <a name="input_cc_count"></a> [cc\_count](#input\_cc\_count) | Default number of Cloud Connector appliances to create | `number` | `1` | no |
-| <a name="input_cc_instance_size"></a> [cc\_instance\_size](#input\_cc\_instance\_size) | Cloud Connector Instance size. Determined by and needs to match  the Cloud Connector Portal provisioning template configuration | `string` | `"small"` | no |
+| <a name="input_cc_instance_size"></a> [cc\_instance\_size](#input\_cc\_instance\_size) | Cloud Connector Instance size. Determined by and needs to match the Cloud Connector Portal provisioning template configuration | `string` | `"small"` | no |
 | <a name="input_cc_subnets"></a> [cc\_subnets](#input\_cc\_subnets) | Cloud Connector Subnets to create in VPC. This is only required if you want to override the default subnets that this code creates via vpc\_cidr variable. | `list(string)` | `null` | no |
 | <a name="input_cc_vm_prov_url"></a> [cc\_vm\_prov\_url](#input\_cc\_vm\_prov\_url) | Zscaler Cloud Connector Provisioning URL | `string` | n/a | yes |
-| <a name="input_ccvm_instance_type"></a> [ccvm\_instance\_type](#input\_ccvm\_instance\_type) | Cloud Connector Instance Type | `string` | `"m5.large"` | no |
+| <a name="input_ccvm_instance_type"></a> [ccvm\_instance\_type](#input\_ccvm\_instance\_type) | Cloud Connector Instance Type | `string` | `"m6i.large"` | no |
 | <a name="input_http_probe_port"></a> [http\_probe\_port](#input\_http\_probe\_port) | Port number for Cloud Connector cloud init to enable listener port for HTTP probe from GWLB Target Group | `number` | `50000` | no |
 | <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | The name prefix for all your resources | `string` | `"zscc"` | no |
 | <a name="input_owner_tag"></a> [owner\_tag](#input\_owner\_tag) | populate custom owner tag attribute | `string` | `"zscc-admin"` | no |

diff --git a/examples/base_1cc/terraform.tfvars b/examples/base_1cc/terraform.tfvars
@@ -39,21 +39,23 @@
 #aws_region                                 = "us-west-2"
 
 ## 6. Cloud Connector AWS EC2 Instance size selection. Uncomment ccvm_instance_type line with desired vm size to change.
-##    (Default: m5.large)
+##    (Default: m6i.large)
 
 #ccvm_instance_type                         = "t3.medium"
-#ccvm_instance_type                         = "m5.large"
-#ccvm_instance_type                         = "c5.large"
+#ccvm_instance_type                         = "t3a.medium"
+#ccvm_instance_type                         = "m5n.large"
 #ccvm_instance_type                         = "c5a.large"
-#ccvm_instance_type                         = "m5.2xlarge"
-#ccvm_instance_type                         = "c5.2xlarge"
-#ccvm_instance_type                         = "m5.4xlarge"
+#ccvm_instance_type                         = "m6i.large"
+#ccvm_instance_type                         = "c6i.large"
+#ccvm_instance_type                         = "m5n.4xlarge"
 #ccvm_instance_type                         = "c5.4xlarge"
+#ccvm_instance_type                         = "m6i.4xlarge"
+#ccvm_instance_type                         = "c6i.4xlarge"
 
 ## 7. Cloud Connector Instance size selection. Uncomment cc_instance_size line with desired vm size to change
 ##    (Default: "small") 
 ##    **** NOTE - There is a dependency between ccvm_instance_type and cc_instance_size selections ****
-##    If size = "small" any supported EC2 instance type can be deployed, but "m5/c5.large" is ideal
+##    If size = "small" any supported EC2 instance type can be deployed, but "m6i/c6i.large" is ideal
 ##    If size = "medium" only 4xlarge and up EC2 instance types can be deployed
 ##    If size = "large" only 4xlarge EC2 instane types can be deployed 
 ##    **** NOTE - medium and large cc_instance_size is only supported with GWLB deployments. Legacy HA/Lambda deployments must be small.

diff --git a/examples/base_1cc/variables.tf b/examples/base_1cc/variables.tf
@@ -83,25 +83,27 @@ variable "cc_count" {
 variable "ccvm_instance_type" {
   type        = string
   description = "Cloud Connector Instance Type"
-  default     = "m5.large"
+  default     = "m6i.large"
   validation {
     condition = (
       var.ccvm_instance_type == "t3.medium" ||
-      var.ccvm_instance_type == "m5.large" ||
-      var.ccvm_instance_type == "c5.large" ||
+      var.ccvm_instance_type == "t3a.medium" ||
+      var.ccvm_instance_type == "m5n.large" ||
       var.ccvm_instance_type == "c5a.large" ||
-      var.ccvm_instance_type == "m5.2xlarge" ||
-      var.ccvm_instance_type == "c5.2xlarge" ||
-      var.ccvm_instance_type == "m5.4xlarge" ||
-      var.ccvm_instance_type == "c5.4xlarge"
+      var.ccvm_instance_type == "m6i.large" ||
+      var.ccvm_instance_type == "c6i.large" ||
+      var.ccvm_instance_type == "c5.4xlarge" ||
+      var.ccvm_instance_type == "m5n.4xlarge" ||
+      var.ccvm_instance_type == "m6i.4xlarge" ||
+      var.ccvm_instance_type == "c6i.4xlarge"
     )
     error_message = "Input ccvm_instance_type must be set to an approved vm instance type."
   }
 }
 
 variable "cc_instance_size" {
   type        = string
-  description = "Cloud Connector Instance size. Determined by and needs to match  the Cloud Connector Portal provisioning template configuration"
+  description = "Cloud Connector Instance size. Determined by and needs to match the Cloud Connector Portal provisioning template configuration"
   default     = "small"
   validation {
     condition = (
@@ -115,9 +117,9 @@ variable "cc_instance_size" {
 
 # Validation to ensure that ccvm_instance_type and cc_instance_size are set appropriately
 locals {
-  small_cc_instance  = ["t3.medium", "m5.large", "c5.large", "c5a.large", "m5.2xlarge", "c5.2xlarge", "m5.4xlarge", "c5.4xlarge"]
-  medium_cc_instance = ["m5.4xlarge", "c5.4xlarge"]
-  large_cc_instance  = ["m5.4xlarge", "c5.4xlarge"]
+  small_cc_instance  = ["t3.medium", "t3a.medium", "m5n.large", "c5a.large", "m6i.large", "c6i.large", "c5.4xlarge", "m5n.4xlarge", "m6i.4xlarge", "c6i.4xlarge"]
+  medium_cc_instance = ["c5.4xlarge", "m5n.4xlarge", "m6i.4xlarge", "c6i.4xlarge"]
+  large_cc_instance  = ["c5.4xlarge", "m5n.4xlarge", "m6i.4xlarge", "c6i.4xlarge"]
 
   valid_cc_create = (
     contains(local.small_cc_instance, var.ccvm_instance_type) && var.cc_instance_size == "small" ||

diff --git a/examples/base_1cc_zpa/README.md b/examples/base_1cc_zpa/README.md
@@ -90,10 +90,10 @@ From base_1cc_zpa directory execute:
 | <a name="input_az_count"></a> [az\_count](#input\_az\_count) | Default number of subnets to create based on availability zone | `number` | `1` | no |
 | <a name="input_bastion_nsg_source_prefix"></a> [bastion\_nsg\_source\_prefix](#input\_bastion\_nsg\_source\_prefix) | CIDR blocks of trusted networks for bastion host ssh access | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
 | <a name="input_cc_count"></a> [cc\_count](#input\_cc\_count) | Default number of Cloud Connector appliances to create | `number` | `1` | no |
-| <a name="input_cc_instance_size"></a> [cc\_instance\_size](#input\_cc\_instance\_size) | Cloud Connector Instance size. Determined by and needs to match  the Cloud Connector Portal provisioning template configuration | `string` | `"small"` | no |
+| <a name="input_cc_instance_size"></a> [cc\_instance\_size](#input\_cc\_instance\_size) | Cloud Connector Instance size. Determined by and needs to match the Cloud Connector Portal provisioning template configuration | `string` | `"small"` | no |
 | <a name="input_cc_subnets"></a> [cc\_subnets](#input\_cc\_subnets) | Cloud Connector Subnets to create in VPC. This is only required if you want to override the default subnets that this code creates via vpc\_cidr variable. | `list(string)` | `null` | no |
 | <a name="input_cc_vm_prov_url"></a> [cc\_vm\_prov\_url](#input\_cc\_vm\_prov\_url) | Zscaler Cloud Connector Provisioning URL | `string` | n/a | yes |
-| <a name="input_ccvm_instance_type"></a> [ccvm\_instance\_type](#input\_ccvm\_instance\_type) | Cloud Connector Instance Type | `string` | `"m5.large"` | no |
+| <a name="input_ccvm_instance_type"></a> [ccvm\_instance\_type](#input\_ccvm\_instance\_type) | Cloud Connector Instance Type | `string` | `"m6i.large"` | no |
 | <a name="input_domain_names"></a> [domain\_names](#input\_domain\_names) | Domain names fqdn/wildcard to have Route 53 redirect DNS requests to Cloud Connector for ZPA. Refer to terraform.tfvars ZPA/Route 53 specific variables | `map(any)` | n/a | yes |
 | <a name="input_http_probe_port"></a> [http\_probe\_port](#input\_http\_probe\_port) | Port number for Cloud Connector cloud init to enable listener port for HTTP probe from GWLB Target Group | `number` | `50000` | no |
 | <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | The name prefix for all your resources | `string` | `"zscc"` | no |

diff --git a/examples/base_1cc_zpa/terraform.tfvars b/examples/base_1cc_zpa/terraform.tfvars
@@ -54,21 +54,23 @@
 #aws_region                                 = "us-west-2"
 
 ## 6. Cloud Connector AWS EC2 Instance size selection. Uncomment ccvm_instance_type line with desired vm size to change.
-##    (Default: m5.large)
+##    (Default: m6i.large)
 
 #ccvm_instance_type                         = "t3.medium"
-#ccvm_instance_type                         = "m5.large"
-#ccvm_instance_type                         = "c5.large"
+#ccvm_instance_type                         = "t3a.medium"
+#ccvm_instance_type                         = "m5n.large"
 #ccvm_instance_type                         = "c5a.large"
-#ccvm_instance_type                         = "m5.2xlarge"
-#ccvm_instance_type                         = "c5.2xlarge"
-#ccvm_instance_type                         = "m5.4xlarge"
+#ccvm_instance_type                         = "m6i.large"
+#ccvm_instance_type                         = "c6i.large"
+#ccvm_instance_type                         = "m5n.4xlarge"
 #ccvm_instance_type                         = "c5.4xlarge"
+#ccvm_instance_type                         = "m6i.4xlarge"
+#ccvm_instance_type                         = "c6i.4xlarge"
 
 ## 7. Cloud Connector Instance size selection. Uncomment cc_instance_size line with desired vm size to change
 ##    (Default: "small") 
 ##    **** NOTE - There is a dependency between ccvm_instance_type and cc_instance_size selections ****
-##    If size = "small" any supported EC2 instance type can be deployed, but "m5/c5.large" is ideal
+##    If size = "small" any supported EC2 instance type can be deployed, but "m6i/c6i.large" is ideal
 ##    If size = "medium" only 4xlarge and up EC2 instance types can be deployed
 ##    If size = "large" only 4xlarge EC2 instane types can be deployed 
 ##    **** NOTE - medium and large cc_instance_size is only supported with GWLB deployments. Legacy HA/Lambda deployments must be small.

diff --git a/examples/base_1cc_zpa/variables.tf b/examples/base_1cc_zpa/variables.tf
@@ -89,25 +89,27 @@ variable "cc_count" {
 variable "ccvm_instance_type" {
   type        = string
   description = "Cloud Connector Instance Type"
-  default     = "m5.large"
+  default     = "m6i.large"
   validation {
     condition = (
       var.ccvm_instance_type == "t3.medium" ||
-      var.ccvm_instance_type == "m5.large" ||
-      var.ccvm_instance_type == "c5.large" ||
+      var.ccvm_instance_type == "t3a.medium" ||
+      var.ccvm_instance_type == "m5n.large" ||
       var.ccvm_instance_type == "c5a.large" ||
-      var.ccvm_instance_type == "m5.2xlarge" ||
-      var.ccvm_instance_type == "c5.2xlarge" ||
-      var.ccvm_instance_type == "m5.4xlarge" ||
-      var.ccvm_instance_type == "c5.4xlarge"
+      var.ccvm_instance_type == "m6i.large" ||
+      var.ccvm_instance_type == "c6i.large" ||
+      var.ccvm_instance_type == "c5.4xlarge" ||
+      var.ccvm_instance_type == "m5n.4xlarge" ||
+      var.ccvm_instance_type == "m6i.4xlarge" ||
+      var.ccvm_instance_type == "c6i.4xlarge"
     )
     error_message = "Input ccvm_instance_type must be set to an approved vm instance type."
   }
 }
 
 variable "cc_instance_size" {
   type        = string
-  description = "Cloud Connector Instance size. Determined by and needs to match  the Cloud Connector Portal provisioning template configuration"
+  description = "Cloud Connector Instance size. Determined by and needs to match the Cloud Connector Portal provisioning template configuration"
   default     = "small"
   validation {
     condition = (
@@ -121,9 +123,9 @@ variable "cc_instance_size" {
 
 # Validation to ensure that ccvm_instance_type and cc_instance_size are set appropriately
 locals {
-  small_cc_instance  = ["t3.medium", "m5.large", "c5.large", "c5a.large", "m5.2xlarge", "c5.2xlarge", "m5.4xlarge", "c5.4xlarge"]
-  medium_cc_instance = ["m5.4xlarge", "c5.4xlarge"]
-  large_cc_instance  = ["m5.4xlarge", "c5.4xlarge"]
+  small_cc_instance  = ["t3.medium", "t3a.medium", "m5n.large", "c5a.large", "m6i.large", "c6i.large", "c5.4xlarge", "m5n.4xlarge", "m6i.4xlarge", "c6i.4xlarge"]
+  medium_cc_instance = ["c5.4xlarge", "m5n.4xlarge", "m6i.4xlarge", "c6i.4xlarge"]
+  large_cc_instance  = ["c5.4xlarge", "m5n.4xlarge", "m6i.4xlarge", "c6i.4xlarge"]
 
   valid_cc_create = (
     contains(local.small_cc_instance, var.ccvm_instance_type) && var.cc_instance_size == "small" ||

diff --git a/examples/base_2cc/README.md b/examples/base_2cc/README.md
@@ -92,10 +92,10 @@ From base_2cc directory execute:
 | <a name="input_az_count"></a> [az\_count](#input\_az\_count) | Default number of subnets to create based on availability zone | `number` | `2` | no |
 | <a name="input_bastion_nsg_source_prefix"></a> [bastion\_nsg\_source\_prefix](#input\_bastion\_nsg\_source\_prefix) | CIDR blocks of trusted networks for bastion host ssh access | `list(string)` | <pre>[<br>  "0.0.0.0/0"<br>]</pre> | no |
 | <a name="input_cc_count"></a> [cc\_count](#input\_cc\_count) | Default number of Cloud Connector appliances to create | `number` | `2` | no |
-| <a name="input_cc_instance_size"></a> [cc\_instance\_size](#input\_cc\_instance\_size) | Cloud Connector Instance size. Determined by and needs to match  the Cloud Connector Portal provisioning template configuration | `string` | `"small"` | no |
+| <a name="input_cc_instance_size"></a> [cc\_instance\_size](#input\_cc\_instance\_size) | Cloud Connector Instance size. Determined by and needs to match the Cloud Connector Portal provisioning template configuration | `string` | `"small"` | no |
 | <a name="input_cc_subnets"></a> [cc\_subnets](#input\_cc\_subnets) | Cloud Connector Subnets to create in VPC. This is only required if you want to override the default subnets that this code creates via vpc\_cidr variable. | `list(string)` | `null` | no |
 | <a name="input_cc_vm_prov_url"></a> [cc\_vm\_prov\_url](#input\_cc\_vm\_prov\_url) | Zscaler Cloud Connector Provisioning URL | `string` | n/a | yes |
-| <a name="input_ccvm_instance_type"></a> [ccvm\_instance\_type](#input\_ccvm\_instance\_type) | Cloud Connector Instance Type | `string` | `"m5.large"` | no |
+| <a name="input_ccvm_instance_type"></a> [ccvm\_instance\_type](#input\_ccvm\_instance\_type) | Cloud Connector Instance Type | `string` | `"m6i.large"` | no |
 | <a name="input_http_probe_port"></a> [http\_probe\_port](#input\_http\_probe\_port) | Port number for Cloud Connector cloud init to enable listener port for HTTP probe from GWLB Target Group | `number` | `50000` | no |
 | <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | The name prefix for all your resources | `string` | `"zscc"` | no |
 | <a name="input_owner_tag"></a> [owner\_tag](#input\_owner\_tag) | populate custom owner tag attribute | `string` | `"zscc-admin"` | no |

diff --git a/examples/base_2cc/terraform.tfvars b/examples/base_2cc/terraform.tfvars
@@ -39,21 +39,23 @@
 #aws_region                                 = "us-west-2"
 
 ## 6. Cloud Connector AWS EC2 Instance size selection. Uncomment ccvm_instance_type line with desired vm size to change.
-##    (Default: m5.large)
+##    (Default: m6i.large)
 
 #ccvm_instance_type                         = "t3.medium"
-#ccvm_instance_type                         = "m5.large"
-#ccvm_instance_type                         = "c5.large"
+#ccvm_instance_type                         = "t3a.medium"
+#ccvm_instance_type                         = "m5n.large"
 #ccvm_instance_type                         = "c5a.large"
-#ccvm_instance_type                         = "m5.2xlarge"
-#ccvm_instance_type                         = "c5.2xlarge"
-#ccvm_instance_type                         = "m5.4xlarge"
+#ccvm_instance_type                         = "m6i.large"
+#ccvm_instance_type                         = "c6i.large"
+#ccvm_instance_type                         = "m5n.4xlarge"
 #ccvm_instance_type                         = "c5.4xlarge"
+#ccvm_instance_type                         = "m6i.4xlarge"
+#ccvm_instance_type                         = "c6i.4xlarge"
 
 ## 7. Cloud Connector Instance size selection. Uncomment cc_instance_size line with desired vm size to change
 ##    (Default: "small") 
 ##    **** NOTE - There is a dependency between ccvm_instance_type and cc_instance_size selections ****
-##    If size = "small" any supported EC2 instance type can be deployed, but "m5/c5.large" is ideal
+##    If size = "small" any supported EC2 instance type can be deployed, but "m6i/c6i.large" is ideal
 ##    If size = "medium" only 4xlarge and up EC2 instance types can be deployed
 ##    If size = "large" only 4xlarge EC2 instane types can be deployed 
 ##    **** NOTE - medium and large cc_instance_size is only supported with GWLB deployments. Legacy HA/Lambda deployments must be small.