Bastion (AWS)

AWS Bastion with multiple SSH Key support.

Usage

ssh-keygen -t rsa
module "bastion" {
  source = "github.com/opszero/terraform-aws-bastion"

  ssh_keys = [ "ssh-rsa ..." ]
}

Connect

  • Use MrMgr to setup IAM access to the Bastion

  • pip3 install pip3 install ec2instanceconnectcli

  • mssh --profile awsprofile ubuntu@i-1234566

Deployment

terraform init
terraform plan
terraform apply -auto-approve

Teardown

terraform destroy -auto-approve

Providers

Name

Version

aws

n/a

cloudinit

n/a

Inputs

Name

Description

Type

Default

Required

ami_id

The AMI ID of the bastion host

string

null

no

bastion_name

The name of the bastion host

string

n/a

yes

ingress_cidrs

Configuration block for ingress rules

any

n/a

yes

instance_type

EC2 Instance Type of the bastion host

string

"t3.micro"

no

security_group_ids

A list of security group names to associate with.

list(any)

[]

no

ssh_keys

SSH public keys to add to the image

list(any)

[]

no

subnet_id

The VPC subnet ID to launch in EC2 bastion host

string

n/a

yes

tags

A map of tags to assign to the resource

map(any)

{}

no

ubuntu_version

Ubuntu Server Version

string

"20.04"

no

user_data

User data to provide when launching the instance

string

""

no

user_data_replace_on_change

To recreate the instance when user_data is changed

bool

false

no

userdata

User data to provide when launching the instance

string

""

no

volume_size

Size of the volume in gibibytes (GiB)

number

20

no

vpc_id

The VPC ID to create security group for bastion host

string

n/a

yes

Outputs

Name

Description

public_ip

n/a