Skip to content

thinkalpha/terraform-aws-bastion

BranchesTags
 
 

Repository files navigation

terraform-aws-bastion

Terraform module to create Bastion Host in AWS VPC running as Spot Instance/s

Resources created

This module will create Bastion Host/s which will make use of Launch Template and Auto Scaling Group. Bastion host will run as a spot instance. In order to reduce the amount of Elastic IPs, module creates a route53 A record which points to the bastion host/s.

Terraform versions

Terraform 0.12. Pin module version to ~> v1.0. Submit pull-requests to master branch.

Usage

module "bastion" {
  source = "umotif-public/bastion/aws"
  version = "~> 1.3.0"

  name_prefix = "core-example"

  vpc_id         = "vpc-abasdasd132"
  subnets        = ["subnet-abasdasd132123", "subnet-abasdasd132123132"]

  hosted_zone_id = "Z1IY32BQNIYX16"
  ssh_key_name   = "marcin-test"

  tags = {
    Project = "Test"
  }
}

Bastion Host Visual Architecture

Basiton

Assumptions

Module is to be used with Terraform > 0.12.

Examples

Authors

Module managed by Marcin Cuber LinkedIn.

Requirements

Name Version
terraform ~> 0.12.6
aws ~> 2.45

Providers

Name Version
aws ~> 2.45

Inputs

Name Description Type Default Required
ami_id AMI ID to be used for bastion host. If not provided, it will default to latest amazon linux 2 image. string "" no
asg_scale_down_desired_capacity Auto Scalling Group value for desired capacity of bastion hosts. Scale down action. number 0 no
asg_scale_down_max_size Auto Scalling Group value for maximum capacity of bastion hosts. Scale down action. number 0 no
asg_scale_down_min_size Auto Scalling Group value for minimum capacity of bastion hosts. Scale down action. number 0 no
asg_scale_down_recurrence The time when recurring future actions will start. Start time is specified by the user following the Unix cron syntax format. Scale down action. string "0 18 * * MON-FRI" no
asg_scale_up_desired_capacity Auto Scalling Group value for desired capacity of bastion hosts. Scale up action. number 1 no
asg_scale_up_max_size Auto Scalling Group value for maximum capacity of bastion hosts. Scale up action. number 1 no
asg_scale_up_min_size Auto Scalling Group value for minimum capacity of bastion hosts. Scale up action. number 1 no
asg_scale_up_recurrence The time when recurring future actions will start. Start time is specified by the user following the Unix cron syntax format. Scale up action. string "0 9 * * MON-FRI" no
availability_zones Availability zones for the default Ireland region. list(string) 
[
  "eu-west-1a",
  "eu-west-1b",
  "eu-west-1c"
]
 no
bastion_instance_types Bastion instance types used for spot instances. list(string) 
[
  "t3.nano",
  "t3.micro",
  "t3.small",
  "t2.nano",
  "t2.micro",
  "t2.small"
]
 no
desired_capacity Auto Scalling Group value for desired capacity of bastion hosts. number 1 no
egress_cidr_blocks List of CIDR ranges to allow outbound traffic at security group level. Defaults to 0.0.0.0/0 list(string) 
[
  "0.0.0.0/0"
]
 no
egress_ipv6_cidr_blocks List of IPv6 CIDR ranges to allow outbound traffic at security group level. Defaults to ::/0 list(string) 
[
  "::/0"
]
 no
enable_asg_scale_down n/a bool false no
enable_asg_scale_up n/a bool false no
hosted_zone_id Hosted zone id where A record will be added for bastion host/s. string "" no
ingress_cidr_blocks List of CIDR ranges to allow ssh access at security group level. Defaults to 0.0.0.0/0 list(string) 
[
  "0.0.0.0/0"
]
 no
ingress_ipv6_cidr_blocks List of IPv6 CIDR ranges to allow ssh access at security group level. Defaults to ::/0 list(string) 
[
  "::/0"
]
 no
max_size Auto Scalling Group value for maximum capacity of bastion hosts. number 1 no
min_size Auto Scalling Group value for minimum capacity of bastion hosts. number 1 no
name_prefix A prefix used for naming resources. string n/a yes
private_subnets Classless Inter-Domain Routing ranges for private subnets. list(string) [] no
public_subnets Classless Inter-Domain Routing ranges for public subnets. list(string) n/a yes
region AWS region in which resources will get deployed. Defaults to Ireland. string "eu-west-1" no
ssh_key_name SSH key used to connect to the bastion host string n/a yes
ssh_port SSH port used to access a bastion host. number 22 no
tags Default tags attached to all resources. map(string) 
{
  "ServiceType": "ceng-eks"
}
 no
termination_policies A list of policies to decide how the instances in the auto scale group should be terminated. The allowed values are OldestInstance, NewestInstance, OldestLaunchConfiguration, ClosestToNextInstanceHour, OldestLaunchTemplate, AllocationStrategy. list(string) 
[
  "OldestInstance"
]
 no
userdata_file_content n/a string "" no
vpc_id VPC ID where bastion hosts and security groups will be created. string n/a yes

Outputs

Name Description
auto_scaling_group_arn The ARN of the bastion's auto scaling group.
auto_scaling_group_id The ID of the bastion's auto scaling group.
iam_role_arn The ARN of the bastion's IAM Role.
iam_role_id The ID or name of the bastion's IAM Role.
launch_template_arn The ARN of the bastion's launch template.
launch_template_id The ID of the bastion's launch template.
security_group_id The ID of the bastion's security group.

License

See LICENSE for full details.

Pre-commit hooks

Install dependencies

MacOS

brew install pre-commit terraform-docs tflint

brew tap git-chglog/git-chglog
brew install git-chglog

About

Terraform module to create Bastion Host in AWS VPC.

registry.terraform.io/modules/umotif-public/bastion/aws

Resources

Readme

License

View license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

8 tags

Packages

No packages published

Languages

  • HCL 85.6%
  • Shell 11.2%
  • Makefile 3.2%