https://github.com/chinchalinchin/terraform-ec2-bastion

terraform module for setting up ec2 bastion host
https://github.com/chinchalinchin/terraform-ec2-bastion

Last synced: 7 months ago
JSON representation

terraform module for setting up ec2 bastion host

• Host: GitHub
• URL: https://github.com/chinchalinchin/terraform-ec2-bastion
• Owner: chinchalinchin
• Created: 2023-02-06T13:10:25.000Z (over 2 years ago)
• Default Branch: master
• Last Pushed: 2023-02-06T15:32:07.000Z (over 2 years ago)
• Last Synced: 2025-02-02T07:13:45.445Z (8 months ago)
• Size: 22.5 KB
• Stars: 0
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# aws-ec2-bastion

Refer to [raw docs](./docs/source/OVERVIEW.md) or [hosted docs](https://pages.github.boozallencsn.com/AutomationLibrary/aws-ec2-bastion/) for more information.

## Quickstart

1. Configure the **Terraform** backend in the _provider.tf_ file. By default, it points to the **AutomationLibrary** **S3** **Terraform** state bucket. If using a remote state, adjust appropriately, or if you are using a local state, comment out the `backend` block.

   

2. Adjust the _.tfvars_ file to your environment. In particular, the `source_ips` variable will need set. See next section for more information.

3. Deploy the modules,

``` shell

terraform init

terraform plan --var-file .tfvars

terraform apply --var-file .tfvars

```

## Configuration

### EC2 OS Image

By default, the EC2 Bastion Host uses an **ubuntu 16** image located in the `us-east-1`. The default username for this distro is `ubuntu`. If you want need a different OS image or need an image in a different region, refer to the [EC2 Ubuntu Catalogue](https://cloud-images.ubuntu.com/locator/ec2/).

The AMI image can be edited by setting overriding the `bastion_config.ami` variable.

### Source IPS

A security group is created around the EC2 bastion host and all access is explicitly denied. To access the EC2, you will need to add your IP to the whitelist. You can pass your IP and any other IPs that need whitelisted in through the `source_ips` list variable.

## Connect to EC2 Bastion Host

The Elastic IP of the bastion host can be easily retrieved with `terraform output`. 

The SSH key used to connect to the bastion host is output into the */keys/* directory (this files in this directory are excluded in the *.gitignore* and will never be committed to version control). Ensure the `chmod` permissions are set to 600 on the generated key,

```shell

chmox 600 ./keys/data_ops_key

```

Then you can connect to the EC2 with the following command,

```shell

ssh -i ./keys/data_ops_key ubuntu@

```