Skip to content
This repository has been archived by the owner on Jul 11, 2023. It is now read-only.

new module: bastion-host #214

Open
ketzacoatl opened this issue Jul 17, 2019 · 1 comment · May be fixed by #236
Open

new module: bastion-host #214

ketzacoatl opened this issue Jul 17, 2019 · 1 comment · May be fixed by #236
Assignees
@Magicloud
Labels
enhancement new module

Comments

@ketzacoatl
Copy link
Contributor

Create a new module that provides an easy and reliable workflow for the bastion use case.

Requirements

  • It's safe to assume we would limit to 1 bastion host / public subnet.
  • Use an ASG so we can easily terminate and recreate, or scale down, the instance.
  • Can use the single-node-asg module (no data persistence is necessary, but EIP is).
  • Default to t2.nano for instance type but define as a variable to allow a user of the module to override.
  • Include a security group.
  • Add an ingress rule that only allows SSH, and parametizes the CIDR block.
  • Add an egress rule that that defaults to allowing 0.0.0.0/0, but is parametized using a list variable (allowing the operator to override).
@ketzacoatl
Copy link
Contributor Author

Here is some example code to start with - https://github.com/fpco/terraform-aws-foundation/blob/master/examples/vpc-scenario-2/bastion.tf

@Magicloud Magicloud linked a pull request Aug 2, 2019 that will close this issue
Open
7 tasks
ketzacoatl pushed a commit to ketzacoatl/terraform-aws-foundation that referenced this issue Jun 3, 2021
@lpaulmp
Add DLM module to single-node-asg fpco#214
64ced13
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@Magicloud Magicloud

Labels
enhancement new module
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Bastion module. fpco/terraform-aws-foundation
2 participants
@Magicloud @ketzacoatl