bastion-host-ssm
Hapag-Lloyd/bastion-host-ssm/aws
Terraform module to create an enterprise grade bastion host: High availability, SSM access only, encrypted disk and flexible resource naming.
terraform-aws-bastion-host-ssm   This Terraform module installs a bastion host accessible via SSM only. The underlying EC2 instance has no ports opened. All data is encrypted and a resource_prefix can be specified to integrate into your naming schema. The implemented connection method allows port forwarding for one port only. Multiple port forwardings can be realized by the user by creating multiple connections to the bastion host. Check the examples directory for the module usage. Cost Estimation (for version 2.4.0) ```text Name Monthly Qty Unit Monthly Cost module.bastion_host.aws_autoscaling_group.on_spot[0] └─ mod
| Name | Type | Description | Default |
|---|---|---|---|
| egress_open_tcp_ports | list(number) | The list of TCP ports to open for outgoing traffic. | |
| subnet_ids | list(string) | The subnets to place the bastion in. | |
| security_group_id | string | The security group ID to use for the bastion host. | |
| connect_bastion_role_name | string | The name of the role to assume to connect to the bastion host. | |
| bastion_access_tag_value | string | Value added as tag 'bastion-access' of the launched EC2 instance to be used to r | "developer" |
| resource_names | object({ prefix = strin | Settings for generating resource names. Set the prefix and the separator accordi | {
"prefix": "bastion",
"separator": |
| log_group_retention_days | number | Number of days for the Cloudwatch Log-Group retention period | 5 |
| ami_id | string | The AMI ID to use for the bastion host. If not set a default AMI is used which i | "ami-0f6f47ec74a449428" |
| enable_panic_switches | bool | If true, create the panic button Lambda switches to turn on/off the bastion host | true |
| kms_key_arn | string | The ARN of the KMS key used to encrypt the resources. | null |
| tags | map(string) | A list of tags to add to all resources. | {} |
| iam_role_path | string | Role path for the created bastion instance profile. Must end with '/'. Not used | "/" |
| schedule | object({ start = strin | Defines when to start and stop the instances. Use 'start' and 'stop' with a cron | null |
| instance | object({ type | Defines the basic parameters for the EC2 instance used as Bastion host | {
"desired_capacity": 1,
"enable_mon |
| instances_distribution | object({ on_demand_base_ca | Defines the parameters for mixed instances policy auto scaling | {
"on_demand_base_capacity": 0,
"on_ |
Azure landing zones Terraform module
Terraform supermodule for the Terraform platform engineering for Azure
Terraform module to deploy landing zone subscriptions (and much more) in Azure
Terraform Module to define a consistent naming convention by (namespace, stage,