diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8d5a8926..5ba7f627 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,9 @@
 
 ### Modules
 
+* `ec2-connect-tunnel`: singe node ASG to allow SSH using EC2 Instance Connect
+* `ec2-connect-role`: IAM role to allow EC2 Instance Connect
+
 ### Examples
 
 # v0.9.16
diff --git a/examples/single-node-asg-tester/main.tf b/examples/single-node-asg-tester/main.tf
new file mode 100644
index 00000000..336dfb64
--- /dev/null
+++ b/examples/single-node-asg-tester/main.tf
@@ -0,0 +1,49 @@
+provider "aws" {
+  region = "ap-northeast-1"
+}
+
+data "aws_availability_zones" "azs" {}
+
+module "vpc" {
+  source               = "fpco/foundation/aws//modules/vpc-scenario-2"
+  cidr                 = "192.168.0.0/16"
+  public_subnet_cidrs  = ["192.168.0.0/24", "192.168.1.0/24"]
+  private_subnet_cidrs = ["192.168.100.0/24", "192.168.101.0/24"]
+  azs                  = data.aws_availability_zones.azs.names
+  name_prefix          = "ebs-test"
+  region               = "ap-northeast-1"
+}
+
+module "ubuntu" {
+  source = "fpco/foundation/aws//modules/ami-ubuntu"
+}
+
+resource "aws_security_group" "ssh" {
+  vpc_id = module.vpc.vpc_id
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+module "tester" {
+  source             = "../../modules/single-node-asg"
+  name_prefix        = "ebs"
+  name_suffix        = "test"
+  key_name           = "tokyo"
+  ami                = module.ubuntu.id
+  instance_type      = "t2.micro"
+  subnet_id          = module.vpc.public_subnet_ids[0]
+  security_group_ids = [aws_security_group.ssh.id]
+  region             = "ap-northeast-1"
+  compatible_with_single_volume = false
+  data_volumes       = [{ name = "a", device = "/dev/xvdm", size = 50 }, { name = "b", device = "/dev/xvdn" }]
+}
diff --git a/modules/ec2-connect-role/README.md b/modules/ec2-connect-role/README.md
new file mode 100644
index 00000000..19230a88
--- /dev/null
+++ b/modules/ec2-connect-role/README.md
@@ -0,0 +1,4 @@
+## EC2 Instance Connect Role
+
+Creates an IAM role that can be used to connect to EC2 instances using
+EC2 Instance Connect e.g. created using the `ec2-connect-tunnel` module.
diff --git a/modules/ec2-connect-role/main.tf b/modules/ec2-connect-role/main.tf
new file mode 100644
index 00000000..3197da8e
--- /dev/null
+++ b/modules/ec2-connect-role/main.tf
@@ -0,0 +1,47 @@
+data "aws_caller_identity" "current" {
+}
+
+data "aws_iam_policy_document" "ec2-instance-connect" {
+  statement {
+    actions = [
+      "ec2:DescribeInstances",
+    ]
+
+    resources = ["*"]
+  }
+
+  statement {
+    actions = [
+      "ec2-instance-connect:SendSSHPublicKey",
+    ]
+
+    resources = [for i in var.instance_ids : "arn:aws:ec2:${var.region}:${var.account_id}:instance/${i}"]
+
+    condition {
+      test     = "StringEquals"
+      variable = "ec2:osuser"
+
+      values = [
+        "ubuntu",
+      ]
+    }
+  }
+}
+
+resource "aws_iam_policy" "ec2-instance-connect" {
+  name        = "ec2-instance-connect"
+  description = "grants permissions to connect to an instance using EC2 Instance Connect"
+  policy      = data.aws_iam_policy_document.ec2-instance-connect.json
+}
+
+module "role" {
+  source            = "../cross-account-role"
+  name              = var.name
+  trust_account_ids = concat([data.aws_caller_identity.current.account_id],
+    var.trust_account_ids)
+}
+
+resource "aws_iam_role_policy_attachment" "role_ec2-instance-connect" {
+  role       = module.role.name
+  policy_arn = aws_iam_policy.ec2-instance-connect.arn
+}
diff --git a/modules/ec2-connect-role/outputs.tf b/modules/ec2-connect-role/outputs.tf
new file mode 100644
index 00000000..1f252c69
--- /dev/null
+++ b/modules/ec2-connect-role/outputs.tf
@@ -0,0 +1,7 @@
+output "arn" {
+  value = module.role.arn
+}
+
+output "name" {
+  value = module.role.name
+}
diff --git a/modules/ec2-connect-role/variables.tf b/modules/ec2-connect-role/variables.tf
new file mode 100644
index 00000000..db2df982
--- /dev/null
+++ b/modules/ec2-connect-role/variables.tf
@@ -0,0 +1,26 @@
+variable "name" {
+  description = "Name to give the role"
+  type        = string
+}
+
+variable "trust_account_ids" {
+  description = "List of other accounts to trust to assume the role"
+  default     = []
+  type        = list(string)
+}
+
+variable "region" {
+  description = "The AWS region to deploy to"
+  type        = string
+}
+
+variable "account_id" {
+  description = "ID of the account which instances to connect to"
+  type        = string
+}
+
+variable "instance_ids" {
+  description = "IDs of instances to connect to"
+  type        = list(string)
+  default     = ["*"]
+}
diff --git a/modules/ec2-connect-tunnel/README.md b/modules/ec2-connect-tunnel/README.md
new file mode 100644
index 00000000..6a031201
--- /dev/null
+++ b/modules/ec2-connect-tunnel/README.md
@@ -0,0 +1,6 @@
+# EC2 Instance Connect tunnel
+
+Creates a s single node ASG (using the `singe-node-asg` module) allowing SSH
+connections using [EC2 Instance Connect](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Connect-using-EC2-Instance-Connect.html).
+Assumes Ubuntu AMI to be used (`ec2-instance-connect` gets installed using
+`apt`). Use `ec2-connect-role` to setup an IAM role for SSH access.
diff --git a/modules/ec2-connect-tunnel/iam.tf b/modules/ec2-connect-tunnel/iam.tf
new file mode 100644
index 00000000..5c3eb5e3
--- /dev/null
+++ b/modules/ec2-connect-tunnel/iam.tf
@@ -0,0 +1,5 @@
+# allows connecting with SSM manager
+resource "aws_iam_role_policy_attachment" "ssm_instance" {
+  role       = module.asg.asg_iam_role_name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+}
diff --git a/modules/ec2-connect-tunnel/main.tf b/modules/ec2-connect-tunnel/main.tf
new file mode 100644
index 00000000..d5a02a40
--- /dev/null
+++ b/modules/ec2-connect-tunnel/main.tf
@@ -0,0 +1,22 @@
+module "asg" {
+  source  = "../single-node-asg"
+
+  region    = var.region
+  ami       = var.ami
+  key_name  = ""
+  instance_type = var.instance_type
+  name_prefix   = var.name_prefix
+  name_suffix   = var.name_suffix
+
+  security_group_ids = [module.tunnel-sg.id]
+  subnet_id          = var.subnet_id
+  data_volumes       = []
+  assign_eip         = true
+
+  init_prefix = var.init_prefix
+  init_suffix = <<END_INIT_SUFFIX
+echo "Installing ec2-instance-connect"
+apt install ec2-instance-connect
+${var.init_suffix}
+END_INIT_SUFFIX
+}
diff --git a/modules/ec2-connect-tunnel/outputs.tf b/modules/ec2-connect-tunnel/outputs.tf
new file mode 100644
index 00000000..85ceaf9f
--- /dev/null
+++ b/modules/ec2-connect-tunnel/outputs.tf
@@ -0,0 +1,24 @@
+output "public_ip" {
+  value       = module.asg.eip_address
+  description = "Public IP of the tunnel"
+}
+
+output "sg_id" {
+  value       = module.tunnel-sg.id
+  description = "Security group id of the tunnel"
+}
+
+output "asg_name" {
+  value       = module.asg.asg_name
+  description = "name of the tunnel ASG"
+}
+
+output "asg_iam_role_name" {
+  value       = module.asg.asg_iam_role_name
+  description = "name of ASG IAM role"
+}
+
+output "data_volume_name_tag" {
+  value       = module.asg.data_volume_name_tag
+  description = "Name tag value for attached data volume."
+}
diff --git a/modules/ec2-connect-tunnel/sg.tf b/modules/ec2-connect-tunnel/sg.tf
new file mode 100644
index 00000000..937fed71
--- /dev/null
+++ b/modules/ec2-connect-tunnel/sg.tf
@@ -0,0 +1,13 @@
+module "tunnel-sg" {
+  source      = "../security-group-base"
+  name        = "${var.name_prefix}-sg"
+  description = "SG for the tunnel ASG"
+  vpc_id      = var.vpc_id
+  extra_tags  = var.extra_tags
+}
+
+# security group rule to open egress (outbound from nodes)
+module "allow-open-egress" {
+  source            = "../open-egress-sg"
+  security_group_id = module.tunnel-sg.id
+}
diff --git a/modules/ec2-connect-tunnel/variables.tf b/modules/ec2-connect-tunnel/variables.tf
new file mode 100644
index 00000000..26434c37
--- /dev/null
+++ b/modules/ec2-connect-tunnel/variables.tf
@@ -0,0 +1,53 @@
+variable "name_prefix" {
+  description = "Prefix for naming resources, usually project-related"
+  type        = string
+}
+
+variable "name_suffix" {
+  description = "suffix to include when naming the various resources"
+  type        = string
+  default     = ""
+}
+
+variable "region" {
+  description = "The AWS region to deploy to"
+  type        = string
+}
+
+variable "ami" {
+  description = "The base AMI for each AWS instance created"
+  type        = string
+}
+
+variable "instance_type" {
+  description = "The type of AWS instance (size)"
+  type        = string
+}
+
+variable "vpc_id" {
+  description = "ID of VPC to associate SG with"
+  type        = string
+}
+
+variable "subnet_id" {
+  description = "The ID of the subnet to use, depends on the availability zone"
+  type        = string
+}
+
+variable "init_prefix" {
+  default     = ""
+  description = "init shell to run before executing the main part of instance init"
+  type        = string
+}
+
+variable "init_suffix" {
+  default     = ""
+  description = "init shell to run after the main part of instance init"
+  type        = string
+}
+
+variable "extra_tags" {
+  description = "map of name,value pairs to tag the security group (append to Name tag)"
+  default     = {}
+  type        = map(string)
+}
diff --git a/modules/init-snippet-attach-ebs-volume/instance_id.tpl b/modules/init-snippet-attach-ebs-volume/instance_id.tpl
new file mode 100644
index 00000000..0e3e8663
--- /dev/null
+++ b/modules/init-snippet-attach-ebs-volume/instance_id.tpl
@@ -0,0 +1,10 @@
+if which wget; then
+  INSTANCE_ID="$(wget -O- http://169.254.169.254/latest/meta-data/instance-id)"
+elif which curl; then
+  INSTANCE_ID="$(curl http://169.254.169.254/latest/meta-data/instance-id)"
+fi
+
+if [ "x$${INSTANCE_ID}" == "x" ]; then
+  echo 'There is no wget or curl tool installed. Hence bootstrap cannot get instance ID.'
+  exit 1
+fi
diff --git a/modules/init-snippet-attach-ebs-volume/main.tf b/modules/init-snippet-attach-ebs-volume/main.tf
index 71d16726..3f9d8d17 100644
--- a/modules/init-snippet-attach-ebs-volume/main.tf
+++ b/modules/init-snippet-attach-ebs-volume/main.tf
@@ -9,70 +9,37 @@
  *
  */
 
-# variables used by this snippet of init shellcode
-variable "device_path" {
-  default     = "/dev/xvdf"
-  description = "path, to the device's path in /dev/"
-  type = string
-}
-
-variable "init_prefix" {
-  default     = ""
-  description = "initial init (shellcode) to prefix this snippet with"
-  type = string
-}
-
-variable "init_suffix" {
-  default     = ""
-  description = "init (shellcode) to append to the end of this snippet"
-  type = string
-}
-
-variable "log_level" {
-  default     = "info"
-  description = "default log level verbosity for apps that support it"
-  type = string
-}
-
-variable "log_prefix" {
-  default     = "OPS: "
-  description = "string to prefix log messages with"
-  type = string
-}
-
-variable "region" {
-  description = "AWS region the volume is in"
-  type = string
-}
-
-variable "wait_interval" {
-  default     = "5"
-  description = "time (in seconds) to wait when looping to find the device"
-  type = number
-}
-
-variable "volume_id" {
-  description = "ID of the EBS volume to attach"
-  type = string
+locals {
+  device_paths = var.compatible_with_single_volume ? [var.device_path] : var.device_paths
+  volume_ids   = var.compatible_with_single_volume ? [var.volume_id] : var.volume_ids
 }
 
 # render init script for a cluster using our generic template
 data "template_file" "init_snippet" {
+  count = length(local.volume_ids)
+
   template = file("${path.module}/snippet.tpl")
 
   vars = {
-    device_path   = var.device_path
-    init_prefix   = var.init_prefix
-    init_suffix   = var.init_suffix
+    device_path   = local.device_paths[count.index]
     log_prefix    = var.log_prefix
     log_level     = var.log_level
     region        = var.region
-    volume_id     = var.volume_id
+    volume_id     = local.volume_ids[count.index]
     wait_interval = var.wait_interval
   }
 }
 
+data "template_file" "instance_id" {
+  template = file("${path.module}/instance_id.tpl")
+}
+
 output "init_snippet" {
-  value = data.template_file.init_snippet.rendered
+  value = <<EOF
+${var.init_prefix}
+${data.template_file.instance_id.rendered}
+${join("\n", data.template_file.init_snippet.*.rendered)}
+${var.init_suffix}
+EOF
 }
 
diff --git a/modules/init-snippet-attach-ebs-volume/snippet.tpl b/modules/init-snippet-attach-ebs-volume/snippet.tpl
index 0bf91f1f..8f390f86 100644
--- a/modules/init-snippet-attach-ebs-volume/snippet.tpl
+++ b/modules/init-snippet-attach-ebs-volume/snippet.tpl
@@ -1,34 +1,19 @@
-# start snippet - attach EBS volume
-${init_prefix}
 export AWS_DEFAULT_REGION=${region}
 VOLUME_ID=${volume_id}
-if which wget; then
-  INSTANCE_ID="$(wget -O- http://169.254.169.254/latest/meta-data/instance-id)"
-elif which curl; then
-  INSTANCE_ID="$(curl http://169.254.169.254/latest/meta-data/instance-id)"
-fi
+echo "${log_prefix} will attach $${VOLUME_ID} via the AWS API in ${region}"
+while ! aws ec2 attach-volume                     \
+        --volume-id "$${VOLUME_ID}"     \
+        --instance-id "$${INSTANCE_ID}" \
+        --device '${device_path}'; do
+  echo "Attaching command failed to run. Retrying."
+  sleep '${wait_interval}'
+done
+echo "${log_prefix} $${VOLUME_ID} attached."
+sleep '${wait_interval}' # Wait for device up
 
-if [ "x$${INSTANCE_ID}" == "x" ]; then
-  echo 'OS not functioning'
-else
-  echo "${log_prefix} will attach $${VOLUME_ID} via the AWS API in ${region}"
-  while ! aws ec2 attach-volume                     \
-          --volume-id "$${VOLUME_ID}"     \
-          --instance-id "$${INSTANCE_ID}" \
-          --device '${device_path}'; do
-    echo "Attaching command failed to run. Retrying."
-    sleep '${wait_interval}'
-  done
-  echo "${log_prefix} $${VOLUME_ID} attached."
-  
+if [ ! -e ${device_path} ]; then
   vol_id="$(echo "$${VOLUME_ID}" | tr -d '-')"
-  while [ ! -e /dev/disk/by-id/*-Amazon_Elastic_Block_Store_$${vol_id} ]; do
-    sleep '${wait_interval}' 
-  done
-  
   dev_id="$(ls /dev/disk/by-id/*-Amazon_Elastic_Block_Store_$${vol_id} | head -1)"
   dev_name="/dev/$(readlink "$${dev_id}" | tr / '\n' | tail -1)"
   [ "$${dev_name}" == "${device_path}" ] || ln -s "$${dev_name}" "${device_path}"
 fi
-
-${init_suffix}
diff --git a/modules/init-snippet-attach-ebs-volume/variables.tf b/modules/init-snippet-attach-ebs-volume/variables.tf
new file mode 100644
index 00000000..316bb02e
--- /dev/null
+++ b/modules/init-snippet-attach-ebs-volume/variables.tf
@@ -0,0 +1,63 @@
+variable "device_path" {
+  default     = "/dev/xvdf"
+  description = "path, to the device's path in /dev/"
+  type        = string
+}
+
+variable "device_paths" {
+  type        = list(string)
+  description = "paths, to the device's path in /dev/"
+  default     = []
+}
+
+variable "init_prefix" {
+  default     = ""
+  description = "initial init (shellcode) to prefix this snippet with"
+  type        = string
+}
+
+variable "init_suffix" {
+  default     = ""
+  description = "init (shellcode) to append to the end of this snippet"
+  type        = string
+}
+
+variable "log_level" {
+  default     = "info"
+  description = "default log level verbosity for apps that support it"
+  type        = string
+}
+
+variable "log_prefix" {
+  default     = "OPS: "
+  description = "string to prefix log messages with"
+  type        = string
+}
+
+variable "region" {
+  description = "AWS region the volume is in"
+  type        = string
+}
+
+variable "wait_interval" {
+  default     = "5"
+  description = "time (in seconds) to wait when looping to find the device"
+  type        = number
+}
+
+variable "volume_id" {
+  description = "ID of the EBS volume to attach"
+  type        = string
+  default     = ""
+}
+
+variable "volume_ids" {
+  description = "IDs of the EBS volumes to attach"
+  type        = list(string)
+  default     = []
+}
+
+variable "compatible_with_single_volume" {
+  default = true
+  description = "Using variables for single volumes or not."
+}
diff --git a/modules/persistent-ebs/data.tf b/modules/persistent-ebs/data.tf
index 0050a82a..0911e307 100644
--- a/modules/persistent-ebs/data.tf
+++ b/modules/persistent-ebs/data.tf
@@ -14,9 +14,7 @@ data "aws_iam_policy_document" "attach_ebs_policy_doc" {
       "ec2:DetachVolume",
     ]
 
-    resources = [
-      "arn:${data.aws_partition.current.partition}:ec2:${var.region}:${data.aws_caller_identity.current.account_id}:volume/${aws_ebs_volume.main.id}",
-      "arn:${data.aws_partition.current.partition}:ec2:${var.region}:${data.aws_caller_identity.current.account_id}:instance/*",
-    ]
+    resources = concat(["arn:${data.aws_partition.current.partition}:ec2:${var.region}:${data.aws_caller_identity.current.account_id}:instance/*"],
+    [for x in aws_ebs_volume.main.*.id : "arn:${data.aws_partition.current.partition}:ec2:${var.region}:${data.aws_caller_identity.current.account_id}:volume/${x}"])
   }
 }
diff --git a/modules/persistent-ebs/locals.tf b/modules/persistent-ebs/locals.tf
new file mode 100644
index 00000000..1a070bce
--- /dev/null
+++ b/modules/persistent-ebs/locals.tf
@@ -0,0 +1,20 @@
+locals {
+  volume_default = {
+    type        = "gp2"
+    iops        = 0
+    size        = 15
+    encrypted   = true
+    kms_key_id  = ""
+    snapshot_id = ""
+  }
+  volumes_default_no_comp = [for x in var.volumes : merge(local.volume_default, x)]
+  volumes_default = var.compatible_with_single_volume ? [{
+    type        = var.volume_type,
+    iops        = var.iops,
+    size        = var.size,
+    encrypted   = var.encrypted,
+    kms_key_id  = var.kms_key_id,
+    snapshot_id = var.snapshot_id,
+    name        = "default"
+  }] : local.volumes_default_no_comp
+}
diff --git a/modules/persistent-ebs/main.tf b/modules/persistent-ebs/main.tf
index 11b2ab6f..04f944af 100644
--- a/modules/persistent-ebs/main.tf
+++ b/modules/persistent-ebs/main.tf
@@ -9,17 +9,19 @@
  */
 
 resource "aws_ebs_volume" "main" {
+  count = length(local.volumes_default)
+
   availability_zone = var.az
-  size              = var.size
-  type              = var.volume_type
-  encrypted         = var.encrypted
-  kms_key_id        = var.kms_key_id
-  snapshot_id       = var.snapshot_id
+  size              = local.volumes_default[count.index].size
+  type              = local.volumes_default[count.index].type
+  encrypted         = local.volumes_default[count.index].encrypted
+  kms_key_id        = local.volumes_default[count.index].kms_key_id
+  snapshot_id       = local.volumes_default[count.index].snapshot_id
 
   # merge Name w/ extra_tags
   tags = merge(
     {
-      "Name" = "${var.name_prefix}-${var.az}"
+      "Name" = "${var.name_prefix}-${var.az}-${local.volumes_default[count.index].name}"
     },
     var.extra_tags,
   )
@@ -27,7 +29,7 @@ resource "aws_ebs_volume" "main" {
 
 # IAM policy that allows attaching this EBS volume to an EC2 instance
 resource "aws_iam_policy" "attach_ebs" {
-  name   = "${var.name_prefix}-attach-ebs-${aws_ebs_volume.main.id}"
+  name   = "${var.name_prefix}-attach-ebs"
   policy = data.aws_iam_policy_document.attach_ebs_policy_doc.json
 }
 
diff --git a/modules/persistent-ebs/outputs.tf b/modules/persistent-ebs/outputs.tf
index 2ad0e844..1ce7fc78 100644
--- a/modules/persistent-ebs/outputs.tf
+++ b/modules/persistent-ebs/outputs.tf
@@ -1,5 +1,5 @@
-output "volume_id" {
-  value       = aws_ebs_volume.main.id
+output "volume_ids" {
+  value       = aws_ebs_volume.main.*.id
   description = "`id` exported from the `aws_ebs_volume`"
 }
 
diff --git a/modules/persistent-ebs/variables.tf b/modules/persistent-ebs/variables.tf
index 1f70f89a..a8f19f02 100644
--- a/modules/persistent-ebs/variables.tf
+++ b/modules/persistent-ebs/variables.tf
@@ -60,3 +60,22 @@ variable "iam_instance_profile_role_name" {
   description = "The role to attach policy needed by this module."
   type        = string
 }
+
+variable "volumes" {
+  type = list(map(any))
+### Note: what should be contained.
+#    type        = string,
+#    iops        = number,
+#    size        = number,
+#    encrypted   = bool,
+#    kms_key_id  = string,
+#    snapshot_id = string,
+#    name        = string
+  description = "Definition of volumes. `name` is required."
+  default     = []
+}
+
+variable "compatible_with_single_volume" {
+  default = true
+  description = "Using variables for single volumes or not."
+}
diff --git a/modules/single-node-asg/main.tf b/modules/single-node-asg/main.tf
index d99b37ae..f5465b7e 100644
--- a/modules/single-node-asg/main.tf
+++ b/modules/single-node-asg/main.tf
@@ -21,12 +21,30 @@ locals {
   # To give us a short-hand refernce to the AZ
   az = data.aws_subnet.server-subnet.availability_zone
 
-  # The "name_prefix" we provide to the persistent-ebs module
-  data_volume_name_prefix = "${var.name_prefix}-${var.name_suffix}-data"
-
   # The `name_prefix` we provide to the `iam-instance-profile` module
   # The persistent-ebs module appends the AZ to the data node name, other modules don't do that
   name_prefix_with_az = "${var.name_prefix}-${var.name_suffix}-${local.az}"
+
+  data_volume_default = {
+    type        = "gp2"
+    iops        = 0
+    size        = 10
+    encrypted   = true
+    kms_key_id  = ""
+    snapshot_id = ""
+  }
+
+  data_volumes_default_no_comp = [for x in var.data_volumes : merge(local.data_volume_default, x)]
+  data_volumes_default = var.compatible_with_single_volume ? [{
+    type        = var.data_volume_type,
+    iops        = var.data_volume_iops,
+    size        = var.data_volume_size,
+    encrypted   = var.data_volume_encrypted,
+    kms_key_id  = var.data_volume_kms_key_id,
+    snapshot_id = var.data_volume_snapshot_id,
+    name        = "${local.name_prefix_with_az}-default",
+    device      = "/dev/xvdf"
+  }] : local.data_volumes_default_no_comp
 }
 
 # Create an IAM Instance profile we can use on EC2, associated with the ASG
@@ -38,20 +56,42 @@ module "instance_profile" {
 # Create a single EBS volume that can be used in a single/specific AZ, for the ASG
 module "service-data" {
   source      = "../persistent-ebs"
-  name_prefix = local.data_volume_name_prefix
+  name_prefix = "${var.name_prefix}-${var.name_suffix}"
   region      = var.region
   az          = local.az
-  size        = var.data_volume_size
-  iops        = var.data_volume_iops
-  volume_type = var.data_volume_type
-  encrypted   = var.data_volume_encrypted
-  kms_key_id  = var.data_volume_kms_key_id
-  snapshot_id = var.data_volume_snapshot_id
+  volumes     = local.data_volumes_default
+  compatible_with_single_volume = false
 
   # EBS module will create an IAM policy and associate with this role
   iam_instance_profile_role_name = module.instance_profile.iam_role_name
 }
 
+resource "aws_eip" "eip" {
+  count = var.assign_eip ? 1 : 0
+  vpc   = true
+}
+
+resource "aws_iam_role_policy_attachment" "associate_eip" {
+  role       = module.instance_profile.iam_role_name
+  policy_arn = aws_iam_policy.associate_eip_policy.arn
+}
+
+resource "aws_iam_policy" "associate_eip_policy" {
+  name   = "associate_address"
+  policy = data.aws_iam_policy_document.associate_eip_policy_doc.json
+}
+
+data "aws_iam_policy_document" "associate_eip_policy_doc" {
+  statement {
+    sid    = ""
+    effect = "Allow"
+    actions = [
+      "ec2:AssociateAddress"
+    ]
+    resources = ["*"]
+  }
+}
+
 # Create an ASG with just 1 EC2 instance
 module "server" {
   source = "../asg"
@@ -66,12 +106,11 @@ module "server" {
   max_nodes       = 1
   min_nodes       = 1
   placement_group = var.placement_group
-  public_ip       = var.public_ip
+  public_ip       = var.assign_eip ? false : var.public_ip
   # the prefix and suffix names are combined in
   # the `asg` module to create the full name
-  name_prefix = var.name_prefix
-  name_suffix = "${var.name_suffix}-${local.az}"
-
+  name_prefix        = var.name_prefix
+  name_suffix        = "${var.name_suffix}-${local.az}"
   root_volume_type   = var.root_volume_type
   root_volume_size   = var.root_volume_size
   security_group_ids = var.security_group_ids
@@ -82,9 +121,14 @@ module "server" {
   user_data = <<END_INIT
 #!/bin/bash
 # exec > /tmp/init.log
-# exec 2> /tmp/init-err.log
+exec 2>&1
 # set -x
+apt update
+${module.install-awscli.init_snippet}
 ${var.init_prefix}
+while ! ${var.assign_eip ? "aws ec2 associate-address --instance-id \"$(ec2metadata --instance-id)\" --region \"${var.region}\" --allocation-id \"${element(aws_eip.eip.*.id, 0)}\"" : "true"}; do
+  sleep 1
+done
 ${module.init-attach-ebs.init_snippet}
 ${var.init_suffix}
 END_INIT
@@ -93,7 +137,13 @@ END_INIT
 
 # Render init snippet - boxed module to attach the EBS volume to the node
 module "init-attach-ebs" {
-  source    = "../init-snippet-attach-ebs-volume"
-  region    = var.region
-  volume_id = module.service-data.volume_id
+  source       = "../init-snippet-attach-ebs-volume"
+  region       = var.region
+  volume_ids   = module.service-data.volume_ids
+  device_paths = [for x in local.data_volumes_default : x.device]
+  compatible_with_single_volume = false
+}
+
+module "install-awscli" {
+  source = "../init-snippet-install-awscli"
 }
diff --git a/modules/single-node-asg/outputs.tf b/modules/single-node-asg/outputs.tf
index d2bbbbdc..e4ee1c37 100644
--- a/modules/single-node-asg/outputs.tf
+++ b/modules/single-node-asg/outputs.tf
@@ -9,6 +9,10 @@ output "asg_iam_role_name" {
 }
 
 output "data_volume_name_tag" {
-  value       = "${local.data_volume_name_prefix}-${local.az}"
-  description = "Name tag value for attached data volume"
+  value       = "${local.name_prefix_with_az}-default"
+  description = "Name tag value for attached data volume. This is for compatible with old code."
+}
+
+output "eip_address" {
+  value = var.assign_eip ? aws_eip.eip.*[0].public_ip : ""
 }
diff --git a/modules/single-node-asg/variables.tf b/modules/single-node-asg/variables.tf
index 97de3191..03c025aa 100644
--- a/modules/single-node-asg/variables.tf
+++ b/modules/single-node-asg/variables.tf
@@ -42,9 +42,9 @@ variable "root_volume_type" {
 }
 
 variable "root_volume_size" {
-  default     = "8"
+  default     = 8
   description = "Size (in GB) of EBS volume to use for the root block device"
-  type        = string
+  type        = number
 }
 
 variable "data_volume_type" {
@@ -54,15 +54,15 @@ variable "data_volume_type" {
 }
 
 variable "data_volume_size" {
-  default     = "10"
+  default     = 10
   description = "Size (in GB) of EBS volume to use for the EBS volume"
-  type        = string
+  type        = number
 }
 
 variable "data_volume_encrypted" {
   default     = true
   description = "Boolean, whether or not to encrypt the EBS block device"
-  type        = string
+  type        = bool
 }
 
 variable "data_volume_kms_key_id" {
@@ -98,7 +98,7 @@ variable "init_suffix" {
 variable "public_ip" {
   default     = true
   description = "Boolean flag to enable/disable `map_public_ip_on_launch` in the launch configuration"
-  type        = string
+  type        = bool
 }
 
 variable "subnet_id" {
@@ -121,3 +121,19 @@ variable "load_balancers" {
   description = "The list of load balancers names to pass to the ASG module"
   type        = list(string)
 }
+
+variable "assign_eip" {
+  default     = false
+  description = "Whether or not associating an EIP with the node."
+  type        = bool
+}
+
+variable "data_volumes" {
+  type = list(map(any))
+  description = "Definition of the data volumes. `name` and `device` are required."
+}
+
+variable "compatible_with_single_volume" {
+  default = true
+  description = "Using variables for single volumes or not."
+}