Terraform module to create Bastion Host in AWS VPC running as Spot Instance/s or On Demand.
This module will create Bastion Host/s which will make use of Launch Template and Auto Scaling Group. Bastion host will run as a spot instance. In order to reduce the amount of Elastic IPs, module creates a route53 A record which points to the bastion host/s.
Terraform 0.13+. Pin module version to ~> v2.0. Submit pull-requests to master branch.
module "bastion" {
source = "umotif-public/bastion/aws"
version = "~> 2.1.0"
name_prefix = "core-example"
vpc_id = "vpc-abasdasd132"
subnets = ["subnet-abasdasd132123", "subnet-abasdasd132123132"]
hosted_zone_id = "Z1IY32BQNIYX16"
ssh_key_name = "test"
tags = {
Project = "Test"
}
}
Module managed by uMotif.
| Name | Version |
|---|---|
| terraform | >= 1.0.11 |
| aws | >= 4.0.0, < 5.0.0 |
| Name | Version |
|---|---|
| aws | >= 4.0.0, < 5.0.0 |
No modules.
| Name | Type |
|---|---|
| aws_autoscaling_group.bastion | resource |
| aws_autoscaling_schedule.asg_scale_down | resource |
| aws_autoscaling_schedule.asg_scale_up | resource |
| aws_iam_instance_profile.bastion | resource |
| aws_iam_role.bastion | resource |
| aws_iam_role_policy.iam_bastion_policy | resource |
| aws_launch_template.bastion | resource |
| aws_security_group.bastion | resource |
| aws_ami.amazon_linux | data source |
| aws_iam_policy_document.bastion_role_assume_role_policy | data source |
| aws_iam_policy_document.bastion_role_policy | data source |
| aws_partition.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| ami_id | AMI ID to be used for bastion host. If not provided, it will default to latest amazon linux 2 image. | string |
"" |
no |
| asg_scale_down_desired_capacity | Auto Scalling Group value for desired capacity of bastion hosts. Scale down action. | number |
0 |
no |
| asg_scale_down_max_size | Auto Scalling Group value for maximum capacity of bastion hosts. Scale down action. | number |
0 |
no |
| asg_scale_down_min_size | Auto Scalling Group value for minimum capacity of bastion hosts. Scale down action. | number |
0 |
no |
| asg_scale_down_recurrence | The time when recurring future actions will start. Start time is specified by the user following the Unix cron syntax format. Scale down action. | string |
"0 18 * * MON-FRI" |
no |
| asg_scale_up_desired_capacity | Auto Scalling Group value for desired capacity of bastion hosts. Scale up action. | number |
1 |
no |
| asg_scale_up_max_size | Auto Scalling Group value for maximum capacity of bastion hosts. Scale up action. | number |
1 |
no |
| asg_scale_up_min_size | Auto Scalling Group value for minimum capacity of bastion hosts. Scale up action. | number |
1 |
no |
| asg_scale_up_recurrence | The time when recurring future actions will start. Start time is specified by the user following the Unix cron syntax format. Scale up action. | string |
"0 9 * * MON-FRI" |
no |
| bastion_instance_types | Bastion instance types used for spot instances. | list(string) |
[ |
no |
| delete_on_termination | Whether the volume should be destroyed on instance termination. | bool |
true |
no |
| desired_capacity | Auto Scalling Group value for desired capacity of bastion hosts. | number |
1 |
no |
| device_name | The name of the device to mount. | string |
"/dev/xvda" |
no |
| egress_cidr_blocks | List of CIDR ranges to allow outbound traffic at security group level. Defaults to 0.0.0.0/0 | list(string) |
[ |
no |
| egress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to allow outbound traffic at security group level. Defaults to ::/0 | list(string) |
[ |
no |
| enable_asg_scale_down | n/a | bool |
false |
no |
| enable_asg_scale_up | n/a | bool |
false |
no |
| encrypted | Enables EBS encryption on the volume. | bool |
true |
no |
| hosted_zone_id | Hosted zone id where A record will be added for bastion host/s. | string |
"" |
no |
| ingress_cidr_blocks | List of CIDR ranges to allow ssh access at security group level. Defaults to 0.0.0.0/0 | list(string) |
[ |
no |
| ingress_ipv6_cidr_blocks | List of IPv6 CIDR ranges to allow ssh access at security group level. Defaults to ::/0 | list(string) |
[ |
no |
| max_size | Auto Scalling Group value for maximum capacity of bastion hosts. | number |
1 |
no |
| min_size | Auto Scalling Group value for minimum capacity of bastion hosts. | number |
1 |
no |
| name_prefix | A prefix used for naming resources. | string |
n/a | yes |
| on_demand_base_capacity | Auto Scalling Group value for desired capacity for instance lifecycle type on-demand of bastion hosts. | number |
0 |
no |
| public_subnets | Classless Inter-Domain Routing ranges for public subnets. | list(string) |
n/a | yes |
| ssh_key_name | SSH key used to connect to the bastion host | string |
n/a | yes |
| tags | Default tags attached to all resources. | map(string) |
{ |
no |
| termination_policies | A list of policies to decide how the instances in the auto scale group should be terminated. The allowed values are OldestInstance, NewestInstance, OldestLaunchConfiguration, ClosestToNextInstanceHour, OldestLaunchTemplate, AllocationStrategy. | list(string) |
[ |
no |
| time_zone | Used for ASG Scale Up/Down. Valid values are the canonical names of the IANA time zones (such as Etc/GMT+9 or London/Europe) | string |
"Etc/UTC" |
no |
| userdata_file_content | The user data to provide when launching the instance. | string |
"" |
no |
| volume_size | The size of the volume in gigabytes. | number |
20 |
no |
| volume_type | The volume type. Can be one of standard, 'gp2', 'gp3', 'io1', 'io2', 'sc1' or 'st1'. | string |
"gp3" |
no |
| vpc_id | VPC ID where bastion hosts and security groups will be created. | string |
n/a | yes |
| Name | Description |
|---|---|
| auto_scaling_group_arn | The ARN of the bastion's auto scaling group. |
| auto_scaling_group_id | The ID of the bastion's auto scaling group. |
| iam_role_arn | The ARN of the bastion's IAM Role. |
| iam_role_id | The ID or name of the bastion's IAM Role. |
| launch_template_arn | The ARN of the bastion's launch template. |
| launch_template_id | The ID of the bastion's launch template. |
| security_group_id | The ID of the bastion's security group. |
See LICENSE for full details.
pre-committerraform-docsrequired forterraform_docshooks.TFLintrequired forterraform_tflinthook.
brew install pre-commit terraform-docs tflint
brew tap git-chglog/git-chglog
brew install git-chglog