Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/umotif-public/terraform-aws-bastion

Terraform module to create Bastion Host in AWS VPC.
https://github.com/umotif-public/terraform-aws-bastion

aws aws-vpc bastion terraform terraform-aws-bastion terraform-module

Last synced: about 2 months ago
JSON representation

Terraform module to create Bastion Host in AWS VPC.

Awesome Lists containing this project

README 

        
[![GitHub release (latest by date)](https://img.shields.io/github/v/release/umotif-public/terraform-aws-bastion)](https://github.com/umotif-public/terraform-aws-bastion/releases/latest)



# terraform-aws-bastion



Terraform module to create Bastion Host in AWS VPC running as Spot Instance/s or On Demand.



## Resources created



This module will create Bastion Host/s which will make use of Launch Template and Auto Scaling Group. Bastion host will run as a spot instance. In order to reduce the amount of Elastic IPs, module creates a route53 A record which points to the bastion host/s.



## Terraform versions



Terraform 0.13+. Pin module version to `~> v2.0`. Submit pull-requests to `master` branch.



## Usage



```hcl

module "bastion" {

  source = "umotif-public/bastion/aws"

  version = "~> 2.1.0"



  name_prefix = "core-example"



  vpc_id         = "vpc-abasdasd132"

  public_subnets = ["subnet-abasdasd132123", "subnet-abasdasd132123132"]



  hosted_zone_id = "Z1IY32BQNIYX16"

  ssh_key_name   = "test"



  tags = {

    Project = "Test"

  }

}

```



## Bastion Host Visual Architecture



![Bastion](bastion-arch.jpeg)



## Examples



* [Bastion Host](https://github.com/umotif-public/terraform-aws-bastion/tree/master/examples/core)



## Authors



Module managed by [uMotif](https://github.com/umotif-public).



## Requirements



| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | >= 1.3.0 |

|  [aws](#requirement\_aws) | >= 4.0.0 |



## Providers



| Name | Version |

|------|---------|

|  [aws](#provider\_aws) | >= 4.0.0 |



## Modules



No modules.



## Resources



| Name | Type |

|------|------|

| [aws_autoscaling_group.bastion](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group) | resource |

| [aws_autoscaling_schedule.asg_scale_down](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_schedule) | resource |

| [aws_autoscaling_schedule.asg_scale_up](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_schedule) | resource |

| [aws_iam_instance_profile.bastion](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_instance_profile) | resource |

| [aws_iam_role.bastion](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |

| [aws_iam_role_policy.iam_bastion_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |

| [aws_launch_template.bastion](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) | resource |

| [aws_security_group.bastion](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |

| [aws_ami.amazon_linux](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |

| [aws_iam_policy_document.bastion_role_assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |

| [aws_iam_policy_document.bastion_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |

| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |



## Inputs



| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [ami\_id](#input\_ami\_id) | AMI ID to be used for bastion host. If not provided, it will default to latest amazon linux 2 image. | `string` | `""` | no |

|  [asg\_scale\_down\_desired\_capacity](#input\_asg\_scale\_down\_desired\_capacity) | Auto Scalling Group value for desired capacity of bastion hosts. Scale down action. | `number` | `0` | no |

|  [asg\_scale\_down\_max\_size](#input\_asg\_scale\_down\_max\_size) | Auto Scalling Group value for maximum capacity of bastion hosts. Scale down action. | `number` | `0` | no |

|  [asg\_scale\_down\_min\_size](#input\_asg\_scale\_down\_min\_size) | Auto Scalling Group value for minimum capacity of bastion hosts. Scale down action. | `number` | `0` | no |

|  [asg\_scale\_down\_recurrence](#input\_asg\_scale\_down\_recurrence) | The time when recurring future actions will start. Start time is specified by the user following the Unix cron syntax format. Scale down action. | `string` | `"0 18 * * MON-FRI"` | no |

|  [asg\_scale\_up\_desired\_capacity](#input\_asg\_scale\_up\_desired\_capacity) | Auto Scalling Group value for desired capacity of bastion hosts. Scale up action. | `number` | `1` | no |

|  [asg\_scale\_up\_max\_size](#input\_asg\_scale\_up\_max\_size) | Auto Scalling Group value for maximum capacity of bastion hosts. Scale up action. | `number` | `1` | no |

|  [asg\_scale\_up\_min\_size](#input\_asg\_scale\_up\_min\_size) | Auto Scalling Group value for minimum capacity of bastion hosts. Scale up action. | `number` | `1` | no |

|  [asg\_scale\_up\_recurrence](#input\_asg\_scale\_up\_recurrence) | The time when recurring future actions will start. Start time is specified by the user following the Unix cron syntax format. Scale up action. | `string` | `"0 9 * * MON-FRI"` | no |

|  [bastion\_instance\_types](#input\_bastion\_instance\_types) | Bastion instance types used for spot instances. | `list(string)` | 
[
  "t4g.nano",
  "t4g.micro",
  "t4g.small"
]
 | no |

|  [block\_device\_mappings](#input\_block\_device\_mappings) | Specify volumes to attach to the instance besides the volumes specified by the AMI | 
list(object({
    device_name  = string
    no_device    = optional(string)
    virtual_name = optional(string)
    ebs = optional(object({
      delete_on_termination = optional(bool, true)
      encrypted             = optional(bool, true)
      iops                  = optional(number)
      kms_key_id            = optional(string)
      snapshot_id           = optional(string)
      volume_size           = optional(number)
      volume_type           = optional(string)
      throughput            = optional(number)
    }))
  }))
 | `[]` | no |

|  [desired\_capacity](#input\_desired\_capacity) | Auto Scalling Group value for desired capacity of bastion hosts. | `number` | `1` | no |

|  [ebs\_optimized](#input\_ebs\_optimized) | If true, the launched EC2 instance will be EBS-optimized | `bool` | `null` | no |

|  [egress\_cidr\_blocks](#input\_egress\_cidr\_blocks) | List of CIDR ranges to allow outbound traffic at security group level. Defaults to 0.0.0.0/0 | `list(string)` | 
[
  "0.0.0.0/0"
]
 | no |

|  [egress\_ipv6\_cidr\_blocks](#input\_egress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to allow outbound traffic at security group level. Defaults to ::/0 | `list(string)` | 
[
  "::/0"
]
 | no |

|  [enable\_asg\_scale\_down](#input\_enable\_asg\_scale\_down) | n/a | `bool` | `false` | no |

|  [enable\_asg\_scale\_up](#input\_enable\_asg\_scale\_up) | n/a | `bool` | `false` | no |

|  [hosted\_zone\_id](#input\_hosted\_zone\_id) | Hosted zone id where A record will be added for bastion host/s. | `string` | `""` | no |

|  [ingress\_cidr\_blocks](#input\_ingress\_cidr\_blocks) | List of CIDR ranges to allow ssh access at security group level. Defaults to 0.0.0.0/0 | `list(string)` | 
[
  "0.0.0.0/0"
]
 | no |

|  [ingress\_ipv6\_cidr\_blocks](#input\_ingress\_ipv6\_cidr\_blocks) | List of IPv6 CIDR ranges to allow ssh access at security group level. Defaults to ::/0 | `list(string)` | 
[
  "::/0"
]
 | no |

|  [max\_size](#input\_max\_size) | Auto Scalling Group value for maximum capacity of bastion hosts. | `number` | `1` | no |

|  [min\_size](#input\_min\_size) | Auto Scalling Group value for minimum capacity of bastion hosts. | `number` | `1` | no |

|  [name\_prefix](#input\_name\_prefix) | A prefix used for naming resources. | `string` | n/a | yes |

|  [on\_demand\_base\_capacity](#input\_on\_demand\_base\_capacity) | Auto Scalling Group value for desired capacity for instance lifecycle type on-demand of bastion hosts. | `number` | `0` | no |

|  [public\_subnets](#input\_public\_subnets) | Classless Inter-Domain Routing ranges for public subnets. | `list(string)` | n/a | yes |

|  [ssh\_key\_name](#input\_ssh\_key\_name) | SSH key used to connect to the bastion host | `string` | n/a | yes |

|  [ssh\_port](#input\_ssh\_port) | SSH port used to access a bastion host. | `number` | `22` | no |

|  [tag\_specifications](#input\_tag\_specifications) | The tags to apply to the resources during launch. You can tag instances, volumes, elastic GPUs and spot instance requests. | `list(string)` | 
[
  "instance",
  "volume",
  "network-interface",
  "spot-instances-request"
]
 | no |

|  [tags](#input\_tags) | Default tags attached to all resources. | `map(string)` | 
{
  "ServiceType": "ceng-eks"
}
 | no |

|  [termination\_policies](#input\_termination\_policies) | A list of policies to decide how the instances in the auto scale group should be terminated. The allowed values are OldestInstance, NewestInstance, OldestLaunchConfiguration, ClosestToNextInstanceHour, OldestLaunchTemplate, AllocationStrategy. | `list(string)` | 
[
  "OldestInstance"
]
 | no |

|  [time\_zone](#input\_time\_zone) | Used for ASG Scale Up/Down. Valid values are the canonical names of the IANA time zones (such as Etc/GMT+9 or London/Europe) | `string` | `"Etc/UTC"` | no |

|  [userdata\_file\_content](#input\_userdata\_file\_content) | The user data to provide when launching the instance. | `string` | `""` | no |

|  [vpc\_id](#input\_vpc\_id) | VPC ID where bastion hosts and security groups will be created. | `string` | n/a | yes |



## Outputs



| Name | Description |

|------|-------------|

|  [auto\_scaling\_group\_arn](#output\_auto\_scaling\_group\_arn) | The ARN of the bastion's auto scaling group. |

|  [auto\_scaling\_group\_id](#output\_auto\_scaling\_group\_id) | The ID of the bastion's auto scaling group. |

|  [aws\_ami](#output\_aws\_ami) | n/a |

|  [iam\_role\_arn](#output\_iam\_role\_arn) | The ARN of the bastion's IAM Role. |

|  [iam\_role\_id](#output\_iam\_role\_id) | The ID or name of the bastion's IAM Role. |

|  [launch\_template\_arn](#output\_launch\_template\_arn) | The ARN of the bastion's launch template. |

|  [launch\_template\_id](#output\_launch\_template\_id) | The ID of the bastion's launch template. |

|  [security\_group\_id](#output\_security\_group\_id) | The ID of the bastion's security group. |



## License



See LICENSE for full details.



## Pre-commit hooks



### Install dependencies



* [`pre-commit`](https://pre-commit.com/#install)

* [`terraform-docs`](https://github.com/segmentio/terraform-docs) required for `terraform_docs` hooks.

* [`TFLint`](https://github.com/terraform-linters/tflint) required for `terraform_tflint` hook.



#### MacOS



```bash

brew install pre-commit terraform-docs tflint



brew tap git-chglog/git-chglog

brew install git-chglog

```