coder
diff --git a/‎.github/typos.toml
Lines changed: 4 additions & 1 deletion b/‎.github/typos.toml
Lines changed: 4 additions & 1 deletion
diff --git a/‎.icons/1f4e6.png
5.5 KB b/‎.icons/1f4e6.png
5.5 KB
diff --git a/‎.icons/do.png
1.96 KB b/‎.icons/do.png
1.96 KB
diff --git a/‎.icons/docker.png
5.73 KB b/‎.icons/docker.png
5.73 KB
diff --git a/‎.icons/k8s.png
5.15 KB b/‎.icons/k8s.png
5.15 KB
diff --git a/‎.icons/lxc.svg
Lines changed: 21 additions & 0 deletions b/‎.icons/lxc.svg
Lines changed: 21 additions & 0 deletions
diff --git a/‎.icons/nomad.svg
Lines changed: 2 additions & 0 deletions b/‎.icons/nomad.svg
Lines changed: 2 additions & 0 deletions
diff --git a/‎registry/coder/templates/aws-devcontainer/README.md
Lines changed: 111 additions & 0 deletions b/‎registry/coder/templates/aws-devcontainer/README.md
Lines changed: 111 additions & 0 deletions
diff --git a/‎registry/coder/templates/aws-devcontainer/architecture.svg
Lines changed: 8 additions & 0 deletions b/‎registry/coder/templates/aws-devcontainer/architecture.svg
Lines changed: 8 additions & 0 deletions
diff --git a/‎registry/coder/templates/aws-devcontainer/cloud-init/cloud-config.yaml.tftpl
Lines changed: 15 additions & 0 deletions b/‎registry/coder/templates/aws-devcontainer/cloud-init/cloud-config.yaml.tftpl
Lines changed: 15 additions & 0 deletions
diff --git a/‎registry/coder/templates/aws-devcontainer/cloud-init/userdata.sh.tftpl
Lines changed: 37 additions & 0 deletions b/‎registry/coder/templates/aws-devcontainer/cloud-init/userdata.sh.tftpl
Lines changed: 37 additions & 0 deletions
@@ -1,4 +1,7 @@
 [default.extend-words]
 muc = "muc" # For Munich location code
 Hashi = "Hashi"
-HashiCorp = "HashiCorp"
+HashiCorp = "HashiCorp"
+
+[files]
+extend-exclude = ["registry/coder/templates/aws-devcontainer/architecture.svg"] #False positive
@@ -0,0 +1,111 @@
+---
+display_name: AWS EC2 (Devcontainer)
+description: Provision AWS EC2 VMs with a devcontainer as Coder workspaces
+icon: ../../../../.icons/aws.svg
+maintainer_github: coder
+verified: true
+tags: [vm, linux, aws, persistent, devcontainer]
+---
+
+# Remote Development on AWS EC2 VMs using a Devcontainer
+
+Provision AWS EC2 VMs as [Coder workspaces](https://coder.com/docs) with this example template.
+![Architecture Diagram](./architecture.svg)
+
+<!-- TODO: Add screenshot -->
+
+## Prerequisites
+
+### Authentication
+
+By default, this template authenticates to AWS using the provider's default [authentication methods](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#authentication-and-configuration).
+
+The simplest way (without making changes to the template) is via environment variables (e.g. `AWS_ACCESS_KEY_ID`) or a [credentials file](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html#cli-configure-files-format). If you are running Coder on a VM, this file must be in `/home/coder/aws/credentials`.
+
+To use another [authentication method](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#authentication), edit the template.
+
+## Required permissions / policy
+
+The following sample policy allows Coder to create EC2 instances and modify
+instances provisioned by Coder:
+
+```json
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "VisualEditor0",
+      "Effect": "Allow",
+      "Action": [
+        "ec2:GetDefaultCreditSpecification",
+        "ec2:DescribeIamInstanceProfileAssociations",
+        "ec2:DescribeTags",
+        "ec2:DescribeInstances",
+        "ec2:DescribeInstanceTypes",
+        "ec2:DescribeInstanceStatus",
+        "ec2:CreateTags",
+        "ec2:RunInstances",
+        "ec2:DescribeInstanceCreditSpecifications",
+        "ec2:DescribeImages",
+        "ec2:ModifyDefaultCreditSpecification",
+        "ec2:DescribeVolumes"
+      ],
+      "Resource": "*"
+    },
+    {
+      "Sid": "CoderResources",
+      "Effect": "Allow",
+      "Action": [
+        "ec2:DescribeInstanceAttribute",
+        "ec2:UnmonitorInstances",
+        "ec2:TerminateInstances",
+        "ec2:StartInstances",
+        "ec2:StopInstances",
+        "ec2:DeleteTags",
+        "ec2:MonitorInstances",
+        "ec2:CreateTags",
+        "ec2:RunInstances",
+        "ec2:ModifyInstanceAttribute",
+        "ec2:ModifyInstanceCreditSpecification"
+      ],
+      "Resource": "arn:aws:ec2:*:*:instance/*",
+      "Condition": {
+        "StringEquals": {
+          "aws:ResourceTag/Coder_Provisioned": "true"
+        }
+      }
+    }
+  ]
+}
+```
+
+## Architecture
+
+This template provisions the following resources:
+
+- AWS Instance
+
+Coder uses `aws_ec2_instance_state` to start and stop the VM. This example template is fully persistent, meaning the full filesystem is preserved when the workspace restarts. See this [community example](https://github.com/bpmct/coder-templates/tree/main/aws-linux-ephemeral) of an ephemeral AWS instance.
+
+> **Note**
+> This template is designed to be a starting point! Edit the Terraform to extend the template to support your use case.
+
+## Caching
+
+To speed up your builds, you can use a container registry as a cache.
+When creating the template, set the parameter `cache_repo` to a valid Docker repository in the form `host.tld/path/to/repo`.
+
+See the [Envbuilder Terraform Provider Examples](https://github.com/coder/terraform-provider-envbuilder/blob/main/examples/resources/envbuilder_cached_image/envbuilder_cached_image_resource.tf/) for a more complete example of how the provider works.
+
+> [!NOTE]
+> We recommend using a registry cache with authentication enabled.
+> To allow Envbuilder to authenticate with a registry cache hosted on ECR, specify an IAM instance
+> profile that has read and write access to the given registry. For more information, see the
+> [AWS documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html).
+>
+> Alternatively, you can specify the variable `cache_repo_docker_config_path`
+> with the path to a Docker config `.json` on disk containing valid credentials for the registry.
+
+## code-server
+
+`code-server` is installed via the [`code-server`](https://registry.coder.com/modules/code-server) registry module. For a list of all modules and templates pplease check [Coder Registry](https://registry.coder.com).
@@ -0,0 +1,15 @@
+#cloud-config
+cloud_final_modules:
+  - [scripts-user, always]
+hostname: ${hostname}
+users:
+  - name: ${linux_user}
+    sudo: ALL=(ALL) NOPASSWD:ALL
+    shell: /bin/bash
+    ssh_authorized_keys:
+      - "${ssh_pubkey}"
+# Automatically grow the partition
+growpart:
+  mode: auto
+  devices: ['/']
+  ignore_growroot_disabled: false
@@ -0,0 +1,37 @@
+#!/bin/bash
+# Install Docker
+if ! command -v docker &> /dev/null
+then
+	echo "Docker not found, installing..."
+	curl -fsSL https://get.docker.com -o get-docker.sh && sh get-docker.sh 2>&1 >/dev/null
+	usermod -aG docker ${linux_user}
+	newgrp docker
+else
+	echo "Docker is already installed."
+fi
+
+# Set up Docker credentials
+mkdir -p "/home/${linux_user}/.docker"
+
+if [ -n "${docker_config_json_base64}" ]; then
+	# Write the Docker config JSON to disk if it is provided.
+	printf "%s" "${docker_config_json_base64}" | base64 -d | tee "/home/${linux_user}/.docker/config.json"
+else
+	# Assume that we're going to use the instance IAM role to pull from the cache repo if we need to.
+	# Set up the ecr credential helper.
+	apt-get update -y && apt-get install -y amazon-ecr-credential-helper
+	mkdir -p .docker
+	printf '{"credsStore": "ecr-login"}' | tee "/home/${linux_user}/.docker/config.json"
+fi
+chown -R ${linux_user}:${linux_user} "/home/${linux_user}/.docker"
+
+# Start envbuilder
+sudo -u coder docker run \
+	--rm \
+	--net=host \
+	-h ${hostname} \
+	-v /home/${linux_user}/envbuilder:/workspaces \
+	%{ for key, value in environment ~}
+	-e ${key}="${value}" \
+	%{ endfor ~}
+	${builder_image}