Merge pull request #21 from carlosrodlop/feat-branch

[EKS, Bastion Module] Include Synk recommendations

clouds/aws/modules/aws-bastion/README.md

@@ -0,0 +1,52 @@
+# aws-bastion
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 3.72 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.72 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_instance.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource |
+| [aws_security_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
+| [aws_security_group_rule.egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_security_group_rule.source](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
+| [aws_ssm_parameter.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | Instance type to use for the Bastion Host | `string` | `"t3.small"` | no |
+| <a name="input_instance_user"></a> [instance\_user](#input\_instance\_user) | Bastion Host user | `string` | `"ec2-user"` | no |
+| <a name="input_key_name"></a> [key\_name](#input\_key\_name) | Name of the Key Pair to use for ssh into the Bastion Host instance. Assumes PEM format. | `string` | n/a | yes |
+| <a name="input_resource_prefix"></a> [resource\_prefix](#input\_resource\_prefix) | Prefix for the name of the resources created by this module | `string` | n/a | yes |
+| <a name="input_source_security_group_id"></a> [source\_security\_group\_id](#input\_source\_security\_group\_id) | Security Group ID for the EKS Node groups | `string` | n/a | yes |
+| <a name="input_ssh_cidr_blocks"></a> [ssh\_cidr\_blocks](#input\_ssh\_cidr\_blocks) | CIDR block for the Security Group to allow SSH inbound traffic | `set(string)` | n/a | yes |
+| <a name="input_subnet_id"></a> [subnet\_id](#input\_subnet\_id) | Subnet ID to place the Bastion Host in | `string` | n/a | yes |
+| <a name="input_tags"></a> [tags](#input\_tags) | Tags to apply to the resources created by this module | `map(string)` | `{}` | no |
+| <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | VPC ID to place the Bastion Host in | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_bastion_ssh_connection_string"></a> [bastion\_ssh\_connection\_string](#output\_bastion\_ssh\_connection\_string) | SSH connection string for the Bastion Host. Replace <pathToTheKey> to the path to the public key. |
+| <a name="output_security_group_id"></a> [security\_group\_id](#output\_security\_group\_id) | Security Group ID for the Bastion Host |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

clouds/aws/modules/aws-bastion/main.tf

@@ -13,6 +13,11 @@ resource "aws_instance" "this" {
   subnet_id                   = var.subnet_id
   vpc_security_group_ids      = [aws_security_group.this.id]
   associate_public_ip_address = true
+  disable_api_termination     = true
+  ebs_optimized               = true
+  metadata_options {
+    http_tokens = "required"
+  }
 
   tags = merge(var.tags, {
     Name = local.bastion_host_name