session-manager

bridgecrewio/session-manager/aws

Terraform Module HCL AWS

Terraform module for deploying AWS Session Manager

Install

module "session-manager" {

source = "bridgecrewio/session-manager/aws"

version = "0.4.2"

}

⭐ Source on GitHub 📦 Registry page

README

Terraform AWS Session Manager A Terraform module to setup AWS Systems Manager Session Manager. This module creates the a SSM document to support encrypted session manager communication and logs. It also creates a KMS key, S3 bucket, and CloudWatch Log group to store logs. In addition, for EC2 instances without a public IP address it can create VPC endpoints to enable private session manager communication. However, the VPC endpoint creation can also be facilitated by other modules such as this. Be aware of the AWS PrivateLink pricing before deployment. Usage Update version to the latest release here: Instances with Public IPs do not need VPC endpoints ``terraform module "ssm" { source = "bridgecrewio/session-manager/aws" version = "0.2.0" bucket_name = "my-session-logs" access_log_bucket_na

Inputs (18)

Name	Type	Description	Default
access_log_bucket_name	string	Name prefix of S3 bucket to store access logs from session logs bucket	required
vpc_id	string	VPC ID to deploy endpoints into	required
bucket_name	string	Name prefix of S3 bucket to store session logs	required
access_log_expire_days	number	Number of days to wait before deleting access logs	`30`
subnet_ids	set(string)	Subnet Ids to deploy endpoints into	`[]`
vpc_endpoints_enabled	bool	Create VPC Endpoints	`false`
log_archive_days	number	Number of days to wait before archiving to Glacier	`30`
cloudwatch_logs_retention	number	Number of days to retain Session Logs in CloudWatch	`30`
enable_log_to_s3	bool	Enable Session Manager to Log to S3	`true`
linux_shell_profile	string	The ShellProfile to use for linux based machines.	`""`
windows_shell_profile	string	The ShellProfile to use for windows based machines.	`""`
kms_key_deletion_window	number	Waiting period for scheduled KMS Key deletion. Can be 7-30 days.	`7`
kms_key_alias	string	Alias prefix of the KMS key. Must start with alias/ followed by a name	`"alias/ssm-key"`
vpc_endpoint_private_dns_enabled	bool	Enable private dns for endpoints	`true`
log_expire_days	number	Number of days to wait before deleting	`365`
cloudwatch_log_group_name	string	Name of the CloudWatch Log Group for storing SSM Session Logs	`"/ssm/session-logs"`
tags	map(string)	A map of tags to add to all resources	`{}`
enable_log_to_cloudwatch	bool	Enable Session Manager to Log to CloudWatch Logs	`true`

Outputs (13)

vpc_endpoint_ssm

vpc_endpoint_s3

vpc_endpoint_logs

vpc_endpoint_kms

session_logs_bucket_name

iam_profile_name

ssm_security_group

iam_role_arn

vpc_endpoint_ec2messages

vpc_endpoint_ssmmessages

access_log_bucket_name

cloudwatch_log_group_arn

kms_key_arn

Resources (18)

aws_cloudwatch_log_groupaws_iam_instance_profileaws_iam_policyaws_iam_roleaws_iam_role_policy_attachmentaws_kms_aliasaws_kms_keyaws_s3_bucketaws_s3_bucket_aclaws_s3_bucket_lifecycle_configurationaws_s3_bucket_loggingaws_s3_bucket_public_access_blockaws_s3_bucket_server_side_encryption_configurationaws_s3_bucket_versioningaws_security_groupaws_ssm_documentaws_vpc_endpointaws_vpc_endpoint_route_table_association

Details

FrameworkTerraform Module

LanguageHCL

Version0.4.2

Cloud AWS

★ Stars43

Forks52

Total downloads65.7k

Inputs18

Outputs13

Resources18

LicenseApache-2.0

Namespacebridgecrewio

Updated