ec2-bastion-server

cloudposse/ec2-bastion-server/aws

Terraform Module HCL AWS

Terraform module to define a generic Bastion host with parameterized user_data and support for AWS SSM Session Manager for remote access with IAM authentication.

Install

module "ec2-bastion-server" {

source = "cloudposse/ec2-bastion-server/aws"

version = "0.31.2"

}

⭐ Source on GitHub 📦 Registry page

README

Terraform module to define a generic Bastion host with parameterized user_data and support for AWS SSM Session Manager for remote access with IAM authentication. > [!TIP] > #### 👽 Use Atmos with Terraform > Cloud Posse uses atmos to easily orchestrate multiple environments using Terraform. > Works with Github Actions, Atlantis, or Spacelift. > > > Watch demo of using Atmos with Terraform > > Example of running atmos to manage infrastructure from our Quick Start tutorial. > Requirements | Name | Version | |------|---------| | terraform | >= 0.13.0 | | aws | >= 2.55 | Providers | Name | Version | |------|---------| | aws | >= 2.55 | Modules | Name | Source | Version | |------|--------|---------| | dns | cloudposse/route53-cluster-hostname/aws | 0.12.2 | | security\_group | cloudposse/securit

Inputs (50)

Name	Type	Description	Default
subnets	list(string)	AWS subnet IDs	required
vpc_id	string	VPC ID	required
stage	string	ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'bu	`null`
delimiter	string	Delimiter to be used between ID elements. Defaults to `-` (hyphen). Set to `""`	`null`
attributes	list(string)	ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,	`[]`
regex_replace_chars	string	Terraform regular expression (regex) string. Characters matching the regex will	`null`
ami_owners	list(string)	The list of owners used to select the AMI of action runner instances.	`[ "amazon" ]`
ssm_enabled	bool	Enable SSM Agent on Host.	`true`
security_group_rules	list(any)	A list of maps of Security Group rules. The values of map is fully complated wi	`[ { "cidr_blocks": [ "0.0.0.`
context	any	Single object for setting entire context at once. See description of individual	`{ "additional_tag_map": {}, "attribu`
id_length_limit	number	Limit `id` to this many characters (minimum 6). Set to `0` for unlimited length.	`null`
label_key_case	string	Controls the letter case of the `tags` keys (label names) for tags generated by	`null`
descriptor_formats	any	Describe additional descriptors to be output in the `descriptors` output map. Ma	`{}`
monitoring	bool	Launched EC2 instance will have detailed monitoring enabled	`true`
metadata_http_endpoint_enabled	bool	Whether the metadata service is available	`true`
ami	string	AMI to use for the instance. Setting this will ignore `ami_filter` and `ami_owne	`null`
ebs_block_device_encrypted	bool	Whether to encrypt the EBS block device	`true`
label_value_case	string	Controls the letter case of ID elements (labels) as included in `id`, set as tag	`null`
zone_id	string	Route53 DNS Zone ID	`""`
ebs_block_device_volume_size	number	The volume size (in GiB) to provision for the EBS block device. Creation skipped	`0`
ebs_device_name	string	The name of the EBS block device to mount on the instance	`"/dev/sdh"`
name	string	ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'. Thi	`null`
… and 10 more inputs