Skip to content

Latest commit

 

History

History

aws-bastion-instance

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
example
example
 
 
templates
templates
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

README.md

AWS Bastion Instance

This module creates Auto-Scaling Group containing a single EC2 instance with public IP. The instance can access all other instances in a VPC (Security Groups are preconfigured). User Data script is parameterizable and it's output is logged to /var/log/user-data.log by default. One can use aws-s3-authorized-keys module in order to be able to manage SSH keys that have access to the instance.

Requirements

Name Version
terraform >= 1.0
aws >= 4.0, < 5.0

Providers

Name Version
aws >= 4.0, < 5.0
template n/a

Modules

No modules.

Resources

Name Type
aws_eip.bastion resource
aws_eip_association.bastion resource
aws_iam_instance_profile.bastion resource
aws_iam_role.bastion resource
aws_instance.bastion resource
aws_security_group.bastion_host resource
aws_security_group_rule.bastion_all_access_egress resource
aws_security_group_rule.bastion_ssh resource
aws_security_group_rule.sg_all_access_ingress resource
aws_ami.amazon_linux data source
aws_iam_policy_document.bastion data source
template_file.user_data data source

Inputs

Name Description Type Default Required
additional_user_data Scripts to be ran when instance boots up. string "" no
allowed_cidr_blocks Determines what CIDRs (i.e. 18.202.145.21/32) can connect to the bastion instance. list(string) [] no
ami_id Amazon Machine Image identifier. You can use data.aws_ami to find the right image. string null no
create Set to false if you don't want to create any resources bool true no
detailed_monitoring Whether to enable EC2 instance monitoring. bool false no
disable_api_termination Whether to enable EC2 Instance Termination Protection bool false no
egress_security_groups Egress list(string) [] no
eip_id Elastic IP string null no
extra_tags AWS Tags that will be added to running bastion instance. map(string) {} no
instance_type Type of EC2 instance. string "t3.nano" no
name Name of bastion instance and a prefix for it's dependencies string n/a yes
ssh_key_name Name of SSH key present in AWS EC2 keys list. string null no
subnet_id Identifier of Public Subnet Id where the bastion instance is placed. string n/a yes
volume_size Root volume size in GB. number 8 no
vpc_id Identifier of VPC where the bastion instance is placed. string n/a yes

Outputs

Name Description
bastion_iam_role Bastion IAM role identifier. Can be used to attach additional IAM policies to it.
bastion_ip Bastion Public IP.
bastion_security_group_id Bastion Security Group identifier. Can be used to allow broader access to bastion instance.