feat: Improved support for EFA network interfaces

examples/complete/README.md

@@ -9,6 +9,8 @@ There are primarily six different setups shown in this example project:
 - `external` - demonstrates how to create an autoscaling group using an externally created launch template
 - `complete` - demonstrates the vast majority of the functionality available for creating an autoscaling group
 - `mixed instance` - demonstrates how to create an autoscaling group configured to use a mixed instance policy
+- `warm pool` - demonstrates the usage of warm pools with capacity reservations
+- `efa` - demonstrates the usage of EFA (Elastic Fabric Adapter) type network interfaces
 
 ## Usage
 
@@ -46,6 +48,7 @@ Note that this example may create resources which cost money. Run `terraform des
 | <a name="module_complete"></a> [complete](#module\_complete) | ../../ | n/a |
 | <a name="module_default"></a> [default](#module\_default) | ../../ | n/a |
 | <a name="module_disabled"></a> [disabled](#module\_disabled) | ../../ | n/a |
+| <a name="module_efa"></a> [efa](#module\_efa) | ../../ | n/a |
 | <a name="module_external"></a> [external](#module\_external) | ../../ | n/a |
 | <a name="module_launch_template_only"></a> [launch\_template\_only](#module\_launch\_template\_only) | ../../ | n/a |
 | <a name="module_mixed_instance"></a> [mixed\_instance](#module\_mixed\_instance) | ../../ | n/a |

examples/complete/main.tf

@@ -443,6 +443,52 @@ module "warm_pool" {
   tags = local.tags
 }
 
+################################################################################
+# EFA Network Interface
+# !Warning - This example requires the use of expensive instance types - Warning!
+################################################################################
+
+locals {
+  efa_user_data = <<-EOT
+  # Install EFA libraries
+  curl -O https://efa-installer.amazonaws.com/aws-efa-installer-latest.tar.gz
+  tar -xf aws-efa-installer-latest.tar.gz && cd aws-efa-installer
+  ./efa_installer.sh -y --minimal
+  fi_info -p efa -t FI_EP_RDM
+  # Disable ptrace
+  sysctl -w kernel.yama.ptrace_scope=0
+  EOT
+}
+
+module "efa" {
+  source = "../../"
+
+  # Autoscaling group
+  name = "default-${local.name}"
+
+  vpc_zone_identifier = module.vpc.private_subnets
+  min_size            = 0
+  max_size            = 1
+  desired_capacity    = 1
+
+  # aws ec2 describe-instance-types --region eu-west-1 --filters Name=network-info.efa-supported,Values=true --query "InstanceTypes[*].[InstanceType]" --output text | sort
+  instance_type = "c5n.9xlarge"
+  image_id      = data.aws_ami.amazon_linux.id
+  user_data     = base64encode(local.efa_user_data)
+
+  network_interfaces = [
+    {
+      description                 = "EFA interface example"
+      delete_on_termination       = true
+      device_index                = 0
+      associate_public_ip_address = false
+      interface_type              = "efa"
+    }
+  ]
+
+  tags = local.tags
+}
+
 ################################################################################
 # Supporting Resources
 ################################################################################

main.tf

@@ -31,7 +31,8 @@ resource "aws_launch_template" "this" {
   key_name      = var.key_name
   user_data     = var.user_data
 
-  vpc_security_group_ids = var.security_groups
+  # Ref: https://github.com/hashicorp/terraform-provider-aws/issues/4570
+  vpc_security_group_ids = length(var.network_interfaces) > 0 ? [] : var.security_groups
 
   default_version                      = var.default_version
   update_default_version               = var.update_default_version
@@ -192,8 +193,9 @@ resource "aws_launch_template" "this" {
       network_interface_id         = try(network_interfaces.value.network_interface_id, null)
       network_card_index           = try(network_interfaces.value.network_card_index, null)
       private_ip_address           = try(network_interfaces.value.private_ip_address, null)
-      security_groups              = try(network_interfaces.value.security_groups, [])
-      subnet_id                    = try(network_interfaces.value.subnet_id, null)
+      # Ref: https://github.com/hashicorp/terraform-provider-aws/issues/4570
+      security_groups = compact(concat(try(network_interfaces.value.security_groups, []), var.security_groups))
+      subnet_id       = try(network_interfaces.value.subnet_id, null)
     }
   }