This module creates Auto-Scaling Group containing a single EC2 instance with public IP.
The instance can access all other instances in a VPC (Security Groups are preconfigured).
User Data script is parameterizable and it's output is logged to /var/log/user-data.log by default.
One can use aws-s3-authorized-keys module in order to be able to manage SSH keys that have access to the instance.
| Name | Version |
|---|---|
| terraform | >= 1.0 |
| aws | >= 4.0, < 5.0 |
| Name | Version |
|---|---|
| aws | >= 4.0, < 5.0 |
| template | n/a |
No modules.
| Name | Type |
|---|---|
| aws_eip.bastion | resource |
| aws_eip_association.bastion | resource |
| aws_iam_instance_profile.bastion | resource |
| aws_iam_role.bastion | resource |
| aws_instance.bastion | resource |
| aws_security_group.bastion_host | resource |
| aws_security_group_rule.bastion_all_access_egress | resource |
| aws_security_group_rule.bastion_ssh | resource |
| aws_security_group_rule.sg_all_access_ingress | resource |
| aws_ami.amazon_linux | data source |
| aws_iam_policy_document.bastion | data source |
| template_file.user_data | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| additional_user_data | Scripts to be ran when instance boots up. | string |
"" |
no |
| allowed_cidr_blocks | Determines what CIDRs (i.e. 18.202.145.21/32) can connect to the bastion instance. | list(string) |
[] |
no |
| ami_id | Amazon Machine Image identifier. You can use data.aws_ami to find the right image. | string |
null |
no |
| create | Set to false if you don't want to create any resources | bool |
true |
no |
| detailed_monitoring | Whether to enable EC2 instance monitoring. | bool |
false |
no |
| disable_api_termination | Whether to enable EC2 Instance Termination Protection | bool |
false |
no |
| egress_security_groups | Egress | list(string) |
[] |
no |
| eip_id | Elastic IP | string |
null |
no |
| extra_tags | AWS Tags that will be added to running bastion instance. | map(string) |
{} |
no |
| instance_type | Type of EC2 instance. | string |
"t3.nano" |
no |
| name | Name of bastion instance and a prefix for it's dependencies | string |
n/a | yes |
| ssh_key_name | Name of SSH key present in AWS EC2 keys list. | string |
null |
no |
| subnet_id | Identifier of Public Subnet Id where the bastion instance is placed. | string |
n/a | yes |
| volume_size | Root volume size in GB. | number |
8 |
no |
| vpc_id | Identifier of VPC where the bastion instance is placed. | string |
n/a | yes |
| Name | Description |
|---|---|
| bastion_iam_role | Bastion IAM role identifier. Can be used to attach additional IAM policies to it. |
| bastion_ip | Bastion Public IP. |
| bastion_security_group_id | Bastion Security Group identifier. Can be used to allow broader access to bastion instance. |