Add variable to overwrite default bastion AMI id (#33)

README.md

@@ -270,6 +270,14 @@ Type: `string`
 
 Default: `""`
 
+### <a name="input_bastion_ami"></a> [bastion\_ami](#input\_bastion\_ami)
+
+Description: EC2 AMI ID for bastion host.
+
+Type: `string`
+
+Default: `null`
+
 ### <a name="input_bastion_instance_type"></a> [bastion\_instance\_type](#input\_bastion\_instance\_type)
 
 Description: EC2 instance type of bastion host.

main.tf

@@ -2,7 +2,7 @@
 # VPC Resources
 # -------------------------------------------------------------------------------------------------
 module "aws_vpc" {
-  source = "github.com/terraform-aws-modules/terraform-aws-vpc?ref=v5.13.0"
+  source = "github.com/terraform-aws-modules/terraform-aws-vpc?ref=v5.16.0"
 
   cidr            = var.vpc_cidr
   azs             = var.vpc_subnet_azs
@@ -132,15 +132,15 @@ resource "aws_launch_template" "bastion" {
   count = var.vpc_enable_bastion_host ? 1 : 0
 
   name_prefix            = local.bastion_lc_name
-  image_id               = data.aws_ami.bastion[0].image_id
+  image_id               = var.bastion_ami != null ? var.bastion_ami : data.aws_ami.bastion[0].image_id
   instance_type          = var.bastion_instance_type
   vpc_security_group_ids = [aws_security_group.bastion[0].id]
-  user_data = base64encode(templatefile("${path.module}/user_data.sh.tftpl",
+  user_data = length(var.bastion_ssh_keys) > 0 ? base64encode(templatefile("${path.module}/user_data.sh.tftpl",
     {
       ssh_user = "ec2-user"
       ssh_keys = join("\n", var.bastion_ssh_keys)
     }
-  ))
+  )) : null
 
   metadata_options {
     http_tokens                 = "required"

variables.tf

@@ -157,6 +157,12 @@ variable "bastion_route53_public_dns_name" {
   default     = ""
 }
 
+variable "bastion_ami" {
+  description = "EC2 AMI ID for bastion host."
+  type        = string
+  default     = null
+}
+
 variable "bastion_instance_type" {
   description = "EC2 instance type of bastion host."
   type        = string