This Terraform module simplifies the creation of a secure bastion host for remote access to private instances within a network, with configurable options for security groups, instance type, and key pair authentication.
The main objective is to create a more logic data structure, achieved by combining and grouping related resources together in a complex object.
The structure of the module promotes reusability. It's intended to be a repeatable component, simplifying the process of building diverse workloads and platform accelerators consistently.
A primary goal is to utilize keys and values in the object that correspond to the REST API's structure. This enables us to carry out iterations, increasing its practical value as time goes on.
A last key goal is to separate logic from configuration in the module, thereby enhancing its scalability, ease of customization, and manageability.
- includes support for a predefined network security group and rules
- enables utilization of existing virtual networks
- utilization of terratest for robust validation.
The below examples shows the usage when consuming the module:
module "bastion" {
source = "github.com/aztfmods/terraform-azure-bastion?ref=v1.4.0"
workload = var.workload
environment = var.environment
bastion = {
location = module.rg.groups.demo.location
resourcegroup = module.rg.groups.demo.name
subnet_address_prefix = ["10.18.0.0/27"]
scale_units = 2
sku = "Standard"
enable = {
copy_paste = false
file_copy = false
ip_connect = true
}
vnet = {
name = module.network.vnet.name
rgname = module.network.vnet.resource_group_name
}
}
}| Name | Type |
|---|---|
| azurerm_resource_group | resource |
| azurerm_subnet | resource |
| azurerm_public_ip | resource |
| azurerm_bastion_host | resource |
| azurerm_network_security_group | resource |
| azurerm_subnet_network_security_group_association | resource |
| Name | Type |
|---|---|
| azurerm_virtual_network | datasource |
| Name | Description | Type | Required |
|---|---|---|---|
bastion |
describes bastion related configuration | object | yes |
workload |
contains the workload name used, for naming convention | string | yes |
environment |
contains shortname of the environment used for naming convention | string | yes |
| Name | Description |
|---|---|
bastion |
contains all bastion related configuration |
The github repository utilizes a Makefile to conduct tests to evaluate and validate different configurations of the module. These tests are designed to enhance its stability and reliability.
Before initiating the tests, please ensure that both go and terraform are properly installed on your system.
The Makefile incorporates three distinct test variations. The first one, a local deployment test, is designed for local deployments and allows the overriding of workload and environment values. It includes additional checks and can be initiated using the command make test_local.
The second variation is an extended test. This test performs additional validations and serves as the default test for the module within the github workflow.
The third variation allows for specific deployment tests. By providing a unique test name in the github workflow, it overrides the default extended test, executing the specific deployment test instead.
Each of these tests contributes to the robustness and resilience of the module. They ensure the module performs consistently and accurately under different scenarios and configurations.
Module is maintained by Dennis Kool.
MIT Licensed. See LICENSE for full details.