display_name: AWS EC2 (Linux)

description: Provision AWS EC2 VMs as Coder workspaces

icon: ../../../site/static/icon/aws.svg

maintainer_github: coder

verified: true

tags: [vm, linux, aws, persistent-vm]

Provision AWS EC2 VMs as [Coder workspaces](https://coder.com/docs/workspaces) with this example template.

By default, this template authenticates to AWS using the provider's default [authentication methods](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#authentication-and-configuration).

The simplest way (without making changes to the template) is via environment variables (e.g. `AWS_ACCESS_KEY_ID`) or a [credentials file](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html#cli-configure-files-format). If you are running Coder on a VM, this file must be in `/home/coder/aws/credentials`.

To use another [authentication method](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#authentication), edit the template.

The following sample policy allows Coder to create EC2 instances and modify

instances provisioned by Coder:

{

"Version": "2012-10-17",

"Statement": [

{

"Sid": "VisualEditor0",

"Effect": "Allow",

"Action": [

"ec2:GetDefaultCreditSpecification",

"ec2:DescribeIamInstanceProfileAssociations",

"ec2:DescribeTags",

"ec2:DescribeInstances",

"ec2:DescribeInstanceTypes",

"ec2:CreateTags",

"ec2:RunInstances",

"ec2:DescribeInstanceCreditSpecifications",

"ec2:DescribeImages",

"ec2:ModifyDefaultCreditSpecification",

"ec2:DescribeVolumes"

],

"Resource": "*"

},

{

"Sid": "CoderResources",

"Effect": "Allow",

"Action": [

"ec2:DescribeInstanceAttribute",

"ec2:UnmonitorInstances",

"ec2:TerminateInstances",

"ec2:StartInstances",

"ec2:StopInstances",

"ec2:DeleteTags",

"ec2:MonitorInstances",

"ec2:CreateTags",

"ec2:RunInstances",

"ec2:ModifyInstanceAttribute",

"ec2:ModifyInstanceCreditSpecification"

],

"Resource": "arn:aws:ec2:*:*:instance/*",

"Condition": {

"StringEquals": {

"aws:ResourceTag/Coder_Provisioned": "true"

}

}

}

]

}

This template provisions the following resources:

- AWS Instance

Coder uses `aws_ec2_instance_state` to start and stop the VM. This example template is fully persistent, meaning the full filesystem is preserved when the workspace restarts. See this [community example](https://github.com/bpmct/coder-templates/tree/main/aws-linux-ephemeral) of an ephemeral AWS instance.

`code-server` is installed via the `startup_script` argument in the `coder_agent`

resource block. The `coder_app` resource is defined to access `code-server` through

the dashboard UI over `localhost:13337`.

terraform {

required_providers {

coder = {

source = "coder/coder"

}

aws = {

source = "hashicorp/aws"

}

}

}

data "coder_parameter" "region" {

name = "region"

display_name = "Region"

description = "The region to deploy the workspace in."

default = "us-east-1"

mutable = false

option {

name = "Asia Pacific (Tokyo)"

value = "ap-northeast-1"

icon = "/emojis/1f1ef-1f1f5.png"

}

option {

name = "Asia Pacific (Seoul)"

value = "ap-northeast-2"

icon = "/emojis/1f1f0-1f1f7.png"

}

option {

name = "Asia Pacific (Osaka)"

value = "ap-northeast-3"

icon = "/emojis/1f1ef-1f1f5.png"

}

option {

name = "Asia Pacific (Mumbai)"

value = "ap-south-1"

icon = "/emojis/1f1ee-1f1f3.png"

}

option {

name = "Asia Pacific (Singapore)"

value = "ap-southeast-1"

icon = "/emojis/1f1f8-1f1ec.png"

}

option {

name = "Asia Pacific (Sydney)"

value = "ap-southeast-2"

icon = "/emojis/1f1e6-1f1fa.png"

}

option {

name = "Canada (Central)"

value = "ca-central-1"

icon = "/emojis/1f1e8-1f1e6.png"

}

option {

name = "EU (Frankfurt)"

value = "eu-central-1"

icon = "/emojis/1f1ea-1f1fa.png"

}

option {

name = "EU (Stockholm)"

value = "eu-north-1"

icon = "/emojis/1f1ea-1f1fa.png"

}

option {

name = "EU (Ireland)"

value = "eu-west-1"

icon = "/emojis/1f1ea-1f1fa.png"

}

option {

name = "EU (London)"

value = "eu-west-2"

icon = "/emojis/1f1ea-1f1fa.png"

}

option {

name = "EU (Paris)"

value = "eu-west-3"

icon = "/emojis/1f1ea-1f1fa.png"

}

option {

name = "South America (São Paulo)"

value = "sa-east-1"

icon = "/emojis/1f1e7-1f1f7.png"

}

option {

name = "US East (N. Virginia)"

value = "us-east-1"

icon = "/emojis/1f1fa-1f1f8.png"

}

option {

name = "US East (Ohio)"

value = "us-east-2"

icon = "/emojis/1f1fa-1f1f8.png"

}

option {

name = "US West (N. California)"

value = "us-west-1"

icon = "/emojis/1f1fa-1f1f8.png"

}

option {

name = "US West (Oregon)"

value = "us-west-2"

icon = "/emojis/1f1fa-1f1f8.png"

}

}

data "coder_parameter" "instance_type" {

name = "instance_type"

display_name = "Instance type"

description = "What instance type should your workspace use?"

default = "t3.micro"

mutable = false

option {

name = "2 vCPU, 1 GiB RAM"

value = "t3.micro"

}

option {

name = "2 vCPU, 2 GiB RAM"

value = "t3.small"

}

option {

name = "2 vCPU, 4 GiB RAM"

value = "t3.medium"

}

option {

name = "2 vCPU, 8 GiB RAM"

value = "t3.large"

}

option {

name = "4 vCPU, 16 GiB RAM"

value = "t3.xlarge"

}

option {

name = "8 vCPU, 32 GiB RAM"

value = "t3.2xlarge"

}

}

provider "aws" {

region = data.coder_parameter.region.value

}

data "coder_workspace" "me" {

}

data "coder_workspace_owner" "me" {}

data "aws_ami" "ubuntu" {

most_recent = true

filter {

name = "name"

values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]

}

filter {

name = "virtualization-type"

values = ["hvm"]

}

owners = ["099720109477"] # Canonical

}

resource "coder_agent" "dev" {

count = data.coder_workspace.me.start_count

arch = "amd64"

auth = "aws-instance-identity"

os = "linux"

startup_script = <<-EOT

metadata {

key = "cpu"

display_name = "CPU Usage"

interval = 5

timeout = 5

script = "coder stat cpu"

}

metadata {

key = "memory"

display_name = "Memory Usage"

interval = 5

timeout = 5

script = "coder stat mem"

}

metadata {

key = "disk"

display_name = "Disk Usage"

interval = 600 # every 10 minutes

timeout = 30 # df can take a while on large filesystems

script = "coder stat disk --path $HOME"

}

}

resource "coder_app" "code-server" {

count = data.coder_workspace.me.start_count

agent_id = coder_agent.dev[0].id

slug = "code-server"

display_name = "code-server"

url = "http://localhost:13337/?folder=/home/coder"

icon = "/icon/code.svg"

subdomain = false

share = "owner"

healthcheck {

url = "http://localhost:13337/healthz"

interval = 3

threshold = 10

}

}

locals {

linux_user = "coder"

user_data = <<-EOT

}

resource "aws_instance" "dev" {

ami = data.aws_ami.ubuntu.id

instance_market_options {

market_type = "spot"

spot_options {

instance_interruption_behavior = "stop"

spot_instance_type = "persistent"

}

}

availability_zone = "${data.coder_parameter.region.value}a"

instance_type = data.coder_parameter.instance_type.value

user_data = local.user_data

tags = {

Name = "coder-${data.coder_workspace_owner.me.name}-${data.coder_workspace.me.name}"

# Required if you are using our example policy, see template README

Coder_Provisioned = "true"

}

lifecycle {

ignore_changes = [ami]

}

}

resource "coder_metadata" "workspace_info" {

resource_id = aws_instance.dev.id

item {

key = "region"

value = data.coder_parameter.region.value

}

item {

key = "instance type"

value = aws_instance.dev.instance_type

}

item {

key = "disk"

value = "${aws_instance.dev.root_block_device[0].volume_size} GiB"

}

}

resource "aws_ec2_instance_state" "dev" {

instance_id = aws_instance.dev.id

state = data.coder_workspace.me.transition == "start" ? "running" : "stopped"

}