Skip to content

umotif-public/terraform-aws-bastion

BranchesTags

Repository files navigation

GitHub release (latest by date)

terraform-aws-bastion

Terraform module to create Bastion Host in AWS VPC running as Spot Instance/s or On Demand.

Resources created

This module will create Bastion Host/s which will make use of Launch Template and Auto Scaling Group. Bastion host will run as a spot instance. In order to reduce the amount of Elastic IPs, module creates a route53 A record which points to the bastion host/s.

Terraform versions

Terraform 0.13+. Pin module version to ~> v2.0. Submit pull-requests to master branch.

Usage

module "bastion" {
  source = "umotif-public/bastion/aws"
  version = "~> 2.1.0"

  name_prefix = "core-example"

  vpc_id         = "vpc-abasdasd132"
  public_subnets = ["subnet-abasdasd132123", "subnet-abasdasd132123132"]

  hosted_zone_id = "Z1IY32BQNIYX16"
  ssh_key_name   = "test"

  tags = {
    Project = "Test"
  }
}

Bastion Host Visual Architecture

Bastion

Examples

Authors

Module managed by uMotif.

Requirements

Name Version
terraform >= 1.3.0
aws >= 4.0.0

Providers

Name Version
aws >= 4.0.0

Modules

No modules.

Resources

Name Type
aws_autoscaling_group.bastion resource
aws_autoscaling_schedule.asg_scale_down resource
aws_autoscaling_schedule.asg_scale_up resource
aws_iam_instance_profile.bastion resource
aws_iam_role.bastion resource
aws_iam_role_policy.iam_bastion_policy resource
aws_launch_template.bastion resource
aws_security_group.bastion resource
aws_ami.amazon_linux data source
aws_iam_policy_document.bastion_role_assume_role_policy data source
aws_iam_policy_document.bastion_role_policy data source
aws_partition.current data source

Inputs

Name Description Type Default Required
ami_id AMI ID to be used for bastion host. If not provided, it will default to latest amazon linux 2 image. string "" no
asg_scale_down_desired_capacity Auto Scalling Group value for desired capacity of bastion hosts. Scale down action. number 0 no
asg_scale_down_max_size Auto Scalling Group value for maximum capacity of bastion hosts. Scale down action. number 0 no
asg_scale_down_min_size Auto Scalling Group value for minimum capacity of bastion hosts. Scale down action. number 0 no
asg_scale_down_recurrence The time when recurring future actions will start. Start time is specified by the user following the Unix cron syntax format. Scale down action. string "0 18 * * MON-FRI" no
asg_scale_up_desired_capacity Auto Scalling Group value for desired capacity of bastion hosts. Scale up action. number 1 no
asg_scale_up_max_size Auto Scalling Group value for maximum capacity of bastion hosts. Scale up action. number 1 no
asg_scale_up_min_size Auto Scalling Group value for minimum capacity of bastion hosts. Scale up action. number 1 no
asg_scale_up_recurrence The time when recurring future actions will start. Start time is specified by the user following the Unix cron syntax format. Scale up action. string "0 9 * * MON-FRI" no
bastion_instance_types Bastion instance types used for spot instances. list(string) 
[
  "t4g.nano",
  "t4g.micro",
  "t4g.small"
]
 no
block_device_mappings Specify volumes to attach to the instance besides the volumes specified by the AMI 
list(object({
    device_name  = string
    no_device    = optional(string)
    virtual_name = optional(string)
    ebs = optional(object({
      delete_on_termination = optional(bool, true)
      encrypted             = optional(bool, true)
      iops                  = optional(number)
      kms_key_id            = optional(string)
      snapshot_id           = optional(string)
      volume_size           = optional(number)
      volume_type           = optional(string)
      throughput            = optional(number)
    }))
  }))
 [] no
desired_capacity Auto Scalling Group value for desired capacity of bastion hosts. number 1 no
ebs_optimized If true, the launched EC2 instance will be EBS-optimized bool null no
egress_cidr_blocks List of CIDR ranges to allow outbound traffic at security group level. Defaults to 0.0.0.0/0 list(string) 
[
  "0.0.0.0/0"
]
 no
egress_ipv6_cidr_blocks List of IPv6 CIDR ranges to allow outbound traffic at security group level. Defaults to ::/0 list(string) 
[
  "::/0"
]
 no
enable_asg_scale_down n/a bool false no
enable_asg_scale_up n/a bool false no
hosted_zone_id Hosted zone id where A record will be added for bastion host/s. string "" no
ingress_cidr_blocks List of CIDR ranges to allow ssh access at security group level. Defaults to 0.0.0.0/0 list(string) 
[
  "0.0.0.0/0"
]
 no
ingress_ipv6_cidr_blocks List of IPv6 CIDR ranges to allow ssh access at security group level. Defaults to ::/0 list(string) 
[
  "::/0"
]
 no
max_size Auto Scalling Group value for maximum capacity of bastion hosts. number 1 no
min_size Auto Scalling Group value for minimum capacity of bastion hosts. number 1 no
name_prefix A prefix used for naming resources. string n/a yes
on_demand_base_capacity Auto Scalling Group value for desired capacity for instance lifecycle type on-demand of bastion hosts. number 0 no
public_subnets Classless Inter-Domain Routing ranges for public subnets. list(string) n/a yes
ssh_key_name SSH key used to connect to the bastion host string n/a yes
ssh_port SSH port used to access a bastion host. number 22 no
tag_specifications The tags to apply to the resources during launch. You can tag instances, volumes, elastic GPUs and spot instance requests. list(string) 
[
  "instance",
  "volume",
  "network-interface",
  "spot-instances-request"
]
 no
tags Default tags attached to all resources. map(string) 
{
  "ServiceType": "ceng-eks"
}
 no
termination_policies A list of policies to decide how the instances in the auto scale group should be terminated. The allowed values are OldestInstance, NewestInstance, OldestLaunchConfiguration, ClosestToNextInstanceHour, OldestLaunchTemplate, AllocationStrategy. list(string) 
[
  "OldestInstance"
]
 no
time_zone Used for ASG Scale Up/Down. Valid values are the canonical names of the IANA time zones (such as Etc/GMT+9 or London/Europe) string "Etc/UTC" no
userdata_file_content The user data to provide when launching the instance. string "" no
vpc_id VPC ID where bastion hosts and security groups will be created. string n/a yes

Outputs

Name Description
auto_scaling_group_arn The ARN of the bastion's auto scaling group.
auto_scaling_group_id The ID of the bastion's auto scaling group.
aws_ami n/a
iam_role_arn The ARN of the bastion's IAM Role.
iam_role_id The ID or name of the bastion's IAM Role.
launch_template_arn The ARN of the bastion's launch template.
launch_template_id The ID of the bastion's launch template.
security_group_id The ID of the bastion's security group.

License

See LICENSE for full details.

Pre-commit hooks

Install dependencies

MacOS

brew install pre-commit terraform-docs tflint

brew tap git-chglog/git-chglog
brew install git-chglog

About

Terraform module to create Bastion Host in AWS VPC.

registry.terraform.io/modules/umotif-public/bastion/aws

Topics

bastion aws terraform aws-vpc terraform-module terraform-aws-bastion

Resources

Readme

License

View license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

15 stars

Watchers

4 watching

Forks

14 forks
Report repository

Releases 21

2.6.1 - Update README Latest
Aug 7, 2023
+ 20 releases

Packages

No packages published

Contributors 6

Languages