Add AWS CLI module for Coder Registry

- Installs AWS CLI v2 in Coder workspaces
- Supports x86_64 and ARM64 architectures with auto-detection
- Allows version pinning or installs latest version
- Optional GPG signature verification for security
- Idempotent installation (skips if already installed)
- Supports custom installation directories
- Includes comprehensive tests (Terraform + TypeScript)
- Full documentation with multiple usage examples

Author: ausbru87

registry/coder/modules/aws-cli/README.md

@@ -0,0 +1,162 @@
+---
+display_name: AWS CLI
+description: Install the AWS Command Line Interface in your workspace
+icon: ../../../../.icons/aws.svg
+verified: false
+tags: [aws, cli, tools]
+---
+
+# AWS CLI
+
+Automatically install the [AWS Command Line Interface (CLI)](https://aws.amazon.com/cli/) in a Coder workspace. The AWS CLI is a unified tool to manage AWS services from the command line.
+
+```tf
+module "aws-cli" {
+  count    = data.coder_workspace.me.start_count
+  source   = "registry.coder.com/coder/aws-cli/coder"
+  version  = "1.0.0"
+  agent_id = coder_agent.example.id
+}
+```
+
+## Features
+
+- ✅ Supports both x86_64 and ARM64 (aarch64) architectures
+- ✅ Automatic architecture detection
+- ✅ Install latest version or pin to a specific version
+- ✅ Optional GPG signature verification
+- ✅ Idempotent - skips installation if already present
+- ✅ Supports custom installation directories
+
+## Examples
+
+### Basic Installation (Latest Version)
+
+Install the latest version of AWS CLI:
+
+```tf
+module "aws-cli" {
+  count    = data.coder_workspace.me.start_count
+  source   = "registry.coder.com/coder/aws-cli/coder"
+  version  = "1.0.0"
+  agent_id = coder_agent.example.id
+}
+```
+
+### Pin to Specific Version
+
+Install a specific version of AWS CLI for consistency across your team:
+
+```tf
+module "aws-cli" {
+  count    = data.coder_workspace.me.start_count
+  source   = "registry.coder.com/coder/aws-cli/coder"
+  version  = "1.0.0"
+  agent_id = coder_agent.example.id
+  
+  # Pin to AWS CLI version 2.15.0
+  aws_cli_version = "2.15.0"
+}
+```
+
+Note: Find available versions in the [AWS CLI v2 Changelog](https://github.com/aws/aws-cli/blob/v2/CHANGELOG.rst).
+
+### Custom Installation Directory
+
+Install AWS CLI to a custom directory (useful when you don't have sudo access):
+
+```tf
+module "aws-cli" {
+  count              = data.coder_workspace.me.start_count
+  source             = "registry.coder.com/coder/aws-cli/coder"
+  version            = "1.0.0"
+  agent_id           = coder_agent.example.id
+  install_directory  = "/home/coder/.local"
+}
+```
+
+### Verify GPG Signature
+
+Enable GPG signature verification for enhanced security:
+
+```tf
+module "aws-cli" {
+  count            = data.coder_workspace.me.start_count
+  source           = "registry.coder.com/coder/aws-cli/coder"
+  version          = "1.0.0"
+  agent_id         = coder_agent.example.id
+  verify_signature = true
+}
+```
+
+### Specify Architecture
+
+Explicitly set the architecture (usually auto-detected):
+
+```tf
+module "aws-cli" {
+  count        = data.coder_workspace.me.start_count
+  source       = "registry.coder.com/coder/aws-cli/coder"
+  version      = "1.0.0"
+  agent_id     = coder_agent.example.id
+  architecture = "aarch64"  # or "x86_64"
+}
+```
+
+## Configuration
+
+After installing AWS CLI, users will need to configure their AWS credentials. This can be done using:
+
+```bash
+aws configure
+```
+
+Or by setting environment variables:
+
+```bash
+export AWS_ACCESS_KEY_ID="your-access-key-id"
+export AWS_SECRET_ACCESS_KEY="your-secret-access-key"
+export AWS_DEFAULT_REGION="us-east-1"
+```
+
+For more information, see the [AWS CLI Configuration Guide](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html).
+
+## Variables
+
+| Name                | Description                                                                                  | Default        | Required |
+| ------------------- | -------------------------------------------------------------------------------------------- | -------------- | -------- |
+| `agent_id`          | The ID of a Coder agent                                                                      | -              | Yes      |
+| `aws_cli_version`   | The version of AWS CLI to install (leave empty for latest)                                   | `""`           | No       |
+| `install_directory` | The directory to install AWS CLI to                                                          | `/usr/local`   | No       |
+| `architecture`      | The architecture to install AWS CLI for (`x86_64` or `aarch64`, empty for auto-detection)    | `""`           | No       |
+| `verify_signature`  | Whether to verify the GPG signature of the downloaded installer                              | `false`        | No       |
+
+## Outputs
+
+| Name              | Description                                                                          |
+| ----------------- | ------------------------------------------------------------------------------------ |
+| `aws_cli_version` | The version of AWS CLI that was installed (or 'latest' if no version was specified) |
+
+## Requirements
+
+- Linux operating system (x86_64 or ARM64)
+- `curl` for downloading the installer
+- `unzip` for extracting the installer
+- `sudo` access (if installing to system directories like `/usr/local`)
+- Optional: `gpg` (if using signature verification)
+
+## Supported Platforms
+
+- Amazon Linux 1 & 2
+- CentOS
+- Fedora
+- Ubuntu
+- Debian
+- Any Linux distribution with glibc, groff, and less
+
+## Notes
+
+- The module is idempotent - if AWS CLI is already installed with the correct version, it will skip the installation
+- When no version is specified, the latest version will be installed
+- The installer automatically creates a symlink at `/usr/local/bin/aws` (or `$INSTALL_DIRECTORY/bin/aws`)
+- Architecture is automatically detected based on `uname -m` if not explicitly specified

registry/coder/modules/aws-cli/aws-cli.tftest.hcl

@@ -0,0 +1,117 @@
+run "required_vars" {
+  command = plan
+
+  variables {
+    agent_id = "test-agent-id"
+  }
+}
+
+run "with_version" {
+  command = plan
+
+  variables {
+    agent_id         = "test-agent-id"
+    aws_cli_version  = "2.15.0"
+  }
+
+  assert {
+    condition     = resource.coder_script.aws-cli.script != ""
+    error_message = "coder_script must have a valid script"
+  }
+}
+
+run "custom_install_directory" {
+  command = plan
+
+  variables {
+    agent_id          = "test-agent-id"
+    install_directory = "/home/coder/.local"
+  }
+
+  assert {
+    condition     = resource.coder_script.aws-cli.script != ""
+    error_message = "coder_script must have a valid script"
+  }
+}
+
+run "architecture_validation_x86_64" {
+  command = plan
+
+  variables {
+    agent_id     = "test-agent-id"
+    architecture = "x86_64"
+  }
+
+  assert {
+    condition     = resource.coder_script.aws-cli.script != ""
+    error_message = "coder_script must have a valid script"
+  }
+}
+
+run "architecture_validation_aarch64" {
+  command = plan
+
+  variables {
+    agent_id     = "test-agent-id"
+    architecture = "aarch64"
+  }
+
+  assert {
+    condition     = resource.coder_script.aws-cli.script != ""
+    error_message = "coder_script must have a valid script"
+  }
+}
+
+run "architecture_validation_invalid" {
+  command = plan
+
+  variables {
+    agent_id     = "test-agent-id"
+    architecture = "invalid"
+  }
+
+  expect_failures = [
+    var.architecture
+  ]
+}
+
+run "verify_signature" {
+  command = plan
+
+  variables {
+    agent_id         = "test-agent-id"
+    verify_signature = true
+  }
+
+  assert {
+    condition     = resource.coder_script.aws-cli.script != ""
+    error_message = "coder_script must have a valid script"
+  }
+}
+
+run "output_version_default" {
+  command = plan
+
+  variables {
+    agent_id = "test-agent-id"
+  }
+
+  assert {
+    condition     = output.aws_cli_version == "latest"
+    error_message = "output version should be 'latest' when no version is specified"
+  }
+}
+
+run "output_version_specified" {
+  command = plan
+
+  variables {
+    agent_id         = "test-agent-id"
+    aws_cli_version  = "2.15.0"
+  }
+
+  assert {
+    condition     = output.aws_cli_version == "2.15.0"
+    error_message = "output version should match the specified version"
+  }
+}

registry/coder/modules/aws-cli/main.test.ts

@@ -0,0 +1,54 @@
+import { describe, expect, it } from "bun:test";
+import {
+  runTerraformApply,
+  runTerraformInit,
+  testRequiredVariables,
+} from "~test";
+
+describe("aws-cli", async () => {
+  await runTerraformInit(import.meta.dir);
+
+  testRequiredVariables(import.meta.dir, {
+    agent_id: "foo",
+  });
+
+  it("default output version is 'latest'", async () => {
+    const state = await runTerraformApply(import.meta.dir, {
+      agent_id: "foo",
+    });
+    expect(state.outputs.aws_cli_version.value).toBe("latest");
+  });
+
+  it("output version matches specified version", async () => {
+    const version = "2.15.0";
+    const state = await runTerraformApply(import.meta.dir, {
+      agent_id: "foo",
+      aws_cli_version: version,
+    });
+    expect(state.outputs.aws_cli_version.value).toBe(version);
+  });
+
+  it("accepts custom install directory", async () => {
+    const state = await runTerraformApply(import.meta.dir, {
+      agent_id: "foo",
+      install_directory: "/home/coder/.local",
+    });
+    expect(state.resources).toHaveLength(1);
+  });
+
+  it("accepts architecture parameter", async () => {
+    const state = await runTerraformApply(import.meta.dir, {
+      agent_id: "foo",
+      architecture: "x86_64",
+    });
+    expect(state.resources).toHaveLength(1);
+  });
+
+  it("accepts verify_signature parameter", async () => {
+    const state = await runTerraformApply(import.meta.dir, {
+      agent_id: "foo",
+      verify_signature: "true",
+    });
+    expect(state.resources).toHaveLength(1);
+  });
+});

registry/coder/modules/aws-cli/main.tf

@@ -0,0 +1,61 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    coder = {
+      source  = "coder/coder"
+      version = ">= 2.5"
+    }
+  }
+}
+
+variable "agent_id" {
+  type        = string
+  description = "The ID of a Coder agent."
+}
+
+variable "aws_cli_version" {
+  type        = string
+  description = "The version of AWS CLI to install. Leave empty for latest."
+  default     = ""
+}
+
+variable "install_directory" {
+  type        = string
+  description = "The directory to install AWS CLI to."
+  default     = "/usr/local"
+}
+
+variable "architecture" {
+  type        = string
+  description = "The architecture to install AWS CLI for. Valid values are 'x86_64' and 'aarch64'. Leave empty for auto-detection."
+  default     = ""
+  validation {
+    condition     = var.architecture == "" || var.architecture == "x86_64" || var.architecture == "aarch64"
+    error_message = "The 'architecture' variable must be one of: '', 'x86_64', 'aarch64'."
+  }
+}
+
+variable "verify_signature" {
+  type        = bool
+  description = "Whether to verify the GPG signature of the downloaded installer."
+  default     = false
+}
+
+resource "coder_script" "aws-cli" {
+  agent_id     = var.agent_id
+  display_name = "AWS CLI"
+  icon         = "/icon/aws.svg"
+  script = templatefile("${path.module}/run.sh", {
+    VERSION : var.aws_cli_version,
+    INSTALL_DIRECTORY : var.install_directory,
+    ARCHITECTURE : var.architecture,
+    VERIFY_SIGNATURE : var.verify_signature
+  })
+  run_on_start = true
+}
+
+output "aws_cli_version" {
+  description = "The version of AWS CLI that was installed (or 'latest' if no version was specified)."
+  value       = var.aws_cli_version != "" ? var.aws_cli_version : "latest"
+}