Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/opszero/terraform-aws-instance


https://github.com/opszero/terraform-aws-instance

Last synced: 6 days ago
JSON representation

Awesome Lists containing this project

README 

        

# Instance (AWS)



AWS Instance with multiple SSH Key support.



## Usage



``` sh

ssh-keygen -t rsa

```



``` sh

module "bastion" {

  source = "github.com/opszero/terraform-aws-bastion"



  ssh_keys = [ "ssh-rsa ..." ]

  

  users = {

    "username" = {

      ssh-keys = [

         "ssh-rs ..."

      ]

    }

  }

}

```



## Connect



 - Use [MrMgr](https://github.com/opszero/terraform-aws-bastion) to setup IAM access to the Bastion

 - `pip3 install pip3 install ec2instanceconnectcli`

 - `mssh --profile awsprofile ubuntu@i-1234566`



## Deployment



```sh

terraform init

terraform plan

terraform apply -auto-approve

```



## Teardown



```sh

terraform destroy -auto-approve

```

## Providers



| Name | Version |

|------|---------|

|  [aws](#provider\_aws) | n/a |

|  [cloudinit](#provider\_cloudinit) | n/a |

## Inputs



| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [ami\_id](#input\_ami\_id) | The AMI ID of the bastion host | `string` | `null` | no |

|  [efs\_mounts](#input\_efs\_mounts) | EFS multiple mounts | `map` | `{}` | no |

|  [ingress\_cidrs](#input\_ingress\_cidrs) | Configuration block for ingress rules | `any` | n/a | yes |

|  [instance\_profile](#input\_instance\_profile) | n/a | 
object({
    role_name           = string
    assume_role_service = string
    policy_arns         = list(string)
  })
 | `null` | no |

|  [instance\_type](#input\_instance\_type) | EC2 Instance Type of the bastion host | `string` | `"t3.micro"` | no |

|  [name](#input\_name) | The name of the bastion host | `string` | n/a | yes |

|  [security\_group\_ids](#input\_security\_group\_ids) | A list of security group names to associate with. | `list(any)` | `[]` | no |

|  [ssh\_keys](#input\_ssh\_keys) | SSH public keys to add to the image | `list(any)` | `[]` | no |

|  [subnet\_id](#input\_subnet\_id) | The VPC subnet ID to launch in EC2 bastion host | `string` | n/a | yes |

|  [tags](#input\_tags) | A map of tags to assign to the resource | `map(any)` | `{}` | no |

|  [ubuntu\_version](#input\_ubuntu\_version) | Ubuntu Server Version | `string` | `"24.04"` | no |

|  [user\_data](#input\_user\_data) | User data to provide when launching the instance | `string` | `""` | no |

|  [user\_data\_replace\_on\_change](#input\_user\_data\_replace\_on\_change) | To recreate the instance when user\_data is changed | `bool` | `false` | no |

|  [userdata](#input\_userdata) | User data to provide when launching the instance | `string` | `""` | no |

|  [users](#input\_users) | Custom user accounts of the instance | `map` | 
{
  "retool": {
    "ssh-keys": []
  }
}
 | no |

|  [volume\_size](#input\_volume\_size) | Size of the volume in gibibytes (GiB) | `number` | `20` | no |

|  [vpc\_id](#input\_vpc\_id) | The VPC ID to create security group for bastion host | `string` | n/a | yes |

## Resources



| Name | Type |

|------|------|

| [aws_cloudwatch_metric_alarm.aws_bastion_cpu_threshold](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm) | resource |

| [aws_eip.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eip) | resource |

| [aws_iam_instance_profile.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource |

| [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |

| [aws_iam_role_policy_attachment.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |

| [aws_instance.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource |

| [aws_security_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |

| [aws_security_group_rule.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |

| [aws_ssm_parameter.ubuntu](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source |

| [cloudinit_config.config](https://registry.terraform.io/providers/hashicorp/cloudinit/latest/docs/data-sources/config) | data source |

## Outputs



| Name | Description |

|------|-------------|

|  [instance\_id](#output\_instance\_id) | n/a |

|  [public\_ip](#output\_public\_ip) | n/a |

# 🚀 Built by opsZero!






Since 2016 [opsZero](https://opszero.com) has been providing Kubernetes

expertise to companies of all sizes on any Cloud. With a focus on AI and

Compliance we can say we seen it all whether SOC2, HIPAA, PCI-DSS, ITAR,

FedRAMP, CMMC we have you and your customers covered.



We provide support to organizations in the following ways:



- [Modernize or Migrate to Kubernetes](https://opszero.com/solutions/modernization/)

- [Cloud Infrastructure with Kubernetes on AWS, Azure, Google Cloud, or Bare Metal](https://opszero.com/solutions/cloud-infrastructure/)

- [Building AI and Data Pipelines on Kubernetes](https://opszero.com/solutions/ai/)

- [Optimizing Existing Kubernetes Workloads](https://opszero.com/solutions/optimized-workloads/)



We do this with a high-touch support model where you:



- Get access to us on Slack, Microsoft Teams or Email

- Get 24/7 coverage of your infrastructure

- Get an accelerated migration to Kubernetes



Please [schedule a call](https://calendly.com/opszero-llc/discovery) if you need support.