Merge pull request #17676 from pdostal/sev

Enable AMD SEV-SNP for EC2

data/publiccloud/terraform/ec2.tf

@@ -1,7 +1,7 @@
 terraform {
   required_providers {
     aws = {
-      version = "= 4.59.0"
+      version = "= 5.14.0"
       source = "hashicorp/aws"
     }
     random = {
@@ -56,6 +56,10 @@ variable "vm_create_timeout" {
     default = "20m"
 }
 
+variable "enable_confidential_vm" {
+    default = "disabled"
+}
+
 resource "random_id" "service" {
     count = var.instance_count
     keepers = {
@@ -115,6 +119,10 @@ resource "aws_instance" "openqa" {
     timeouts {
         create = var.vm_create_timeout
     }
+
+    cpu_options {
+        amd_sev_snp = var.enable_confidential_vm
+    }
 }
 
 resource "aws_volume_attachment" "ebs_att" {

lib/publiccloud/provider.pm

@@ -13,7 +13,7 @@ use Mojo::Base -base;
 use publiccloud::instance;
 use publiccloud::instances;
 use publiccloud::ssh_interactive 'select_host_console';
-use publiccloud::utils qw(is_azure is_ec2);
+use publiccloud::utils qw(is_azure is_gce is_ec2);
 use Carp;
 use List::Util qw(max);
 use Data::Dumper;
@@ -480,7 +480,8 @@ sub terraform_apply {
         $cmd .= "-var 'region=" . $self->provider_client->region . "' ";
         $cmd .= "-var 'name=" . $self->resource_name . "' ";
         $cmd .= "-var 'project=" . $args{project} . "' " if $args{project};
-        $cmd .= "-var 'enable_confidential_vm=true' " if $args{confidential_compute};
+        $cmd .= "-var 'enable_confidential_vm=true' " if ($args{confidential_compute} && is_gce());
+        $cmd .= "-var 'enable_confidential_vm=enabled' " if ($args{confidential_compute} && is_ec2());
         $cmd .= "-var 'vm_create_timeout=" . $terraform_vm_create_timeout . "' " if $terraform_vm_create_timeout;
         $cmd .= sprintf(q(-var 'tags=%s' ), escape_single_quote($self->terraform_param_tags));
         if ($args{use_extra_disk}) {