/terraform-aws-bastion-1

Terraform module to create an AWS bastion host

Primary LanguageHCLMIT LicenseMIT

Terraform bastion module

Module to create a bastion host (or stepping stone). The module let you enable this host once needed. Be default the host is not created.

Terraform version

  • Terraform 0.12: Pin module to ~> 2+, submit pull request to branch develop
  • Terraform 0.11: Pin module to ~> 1.x, submit pull request to branch terrafomr011

Example usages:

See also the full examples.


module "vpc" {
  source = "git::https://github.com/philips-software/terraform-aws-vpc?ref=2.0.0"

  environment = var.environment
  aws_region  = var.aws_region
}

# Default bastion
module "bastion" {
  source = "git::https://github.com/philips-software/terraform-aws-bastion?ref=2.0.0"
  enable_bastion = true

  environment = var.environment
  project     = var.project

  aws_region = var.aws_region
  key_name   = aws_key_pair.bastion_key[0].key_name
  subnet_id  = element(module.vpc.public_subnets, 0)
  vpc_id     = module.vpc.vpc_id

  // add additional tags
  tags = {
    my-tag = "my-new-tag"
  }
}

Inputs

Name Description Type Default Required
admin_cidr CIDR pattern to access the bastion host string "0.0.0.0/0" no
amazon_optimized_amis Map from region to AMI. By default the latest Amazon Linux is used. map(string) <map> no
aws_region The Amazon region. string n/a yes
ebs_optimized If true, the launched EC2 instance will be EBS-optimized. bool "false" no
enable_bastion If true the bastion will be created. Be default the bastion host is not running, needs explicit set to true. bool "false" no
environment Logical name of the environment. string n/a yes
instance_type EC2 instance type. string "t2.micro" no
key_name SSH key name for the environment. string n/a yes
project Name of the project. string n/a yes
subnet_id Subnet in which the basion needs to be deployed. string n/a yes
tags Map of tags to apply on the resources map(string) <map> no
user_data Used data for bastion EC2 instance string "" no
vpc_id The VPC to launch the instance in (e.g. vpc-66ecaa02). string n/a yes

Outputs

Name Description
instance_id Id of the created instance.
public_ip Public ip of the created instance.

Automated checks

Currently the automated checks are limited. In CI the following checks are done for the root and each example.

  • lint: terraform validate and terraform fmt
  • basic init / get check: terraform init -get -backend=false -input=false

Generation variable documentation

A markdown table for variables can be generated as follow. Generation requires awk and terraform-docs installed.

 .ci/bin/terraform-docs.sh markdown .

Philips Forest

This module is part of the Philips Forest.

                                                     ___                   _
                                                    / __\__  _ __ ___  ___| |_
                                                   / _\/ _ \| '__/ _ \/ __| __|
                                                  / / | (_) | | |  __/\__ \ |_
                                                  \/   \___/|_|  \___||___/\__|  

                                                                 Infrastructure

Talk to the forestkeepers in the forest-channel on Slack.

Slack