Terraform module to create Bastion Host in AWS VPC running as Spot Instance/s
This module will create Bastion Host/s which will make use of Launch Template and Auto Scaling Group. Bastion host will run as a spot instance. In order to reduce the amount of Elastic IPs, module creates a route53 A record which points to the bastion host/s.
Terraform 0.12. Pin module version to ~> v1.0. Submit pull-requests to master branch.
module "bastion" {
source = "umotif-public/bastion/aws"
version = "~> 1.0"
name_prefix = "core-example"
vpc_id = "vpc-abasdasd132"
subnets = ["subnet-abasdasd132123", "subnet-abasdasd132123132"]
hosted_zone_id = "Z1IY32BQNIYX16"
ssh_key_name = "marcin-test"
tags = {
Project = "Test"
}
}
Module is to be used with Terraform > 0.12.
Module managed by Marcin Cuber LinkedIn.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| ami_id | AMI ID to be used for bastion host. If not provided, it will default to latest amazon linux 2 image. | string | "" |
no |
| asg_scale_down_desired_capacity | Auto Scalling Group value for desired capacity of bastion hosts. Scale down action. | number | "0" |
no |
| asg_scale_down_max_size | Auto Scalling Group value for maximum capacity of bastion hosts. Scale down action. | number | "0" |
no |
| asg_scale_down_min_size | Auto Scalling Group value for minimum capacity of bastion hosts. Scale down action. | number | "0" |
no |
| asg_scale_down_recurrence | The time when recurring future actions will start. Start time is specified by the user following the Unix cron syntax format. Scale down action. | string | "0 18 * * MON-FRI" |
no |
| asg_scale_up_desired_capacity | Auto Scalling Group value for desired capacity of bastion hosts. Scale up action. | number | "1" |
no |
| asg_scale_up_max_size | Auto Scalling Group value for maximum capacity of bastion hosts. Scale up action. | number | "1" |
no |
| asg_scale_up_min_size | Auto Scalling Group value for minimum capacity of bastion hosts. Scale up action. | number | "1" |
no |
| asg_scale_up_recurrence | The time when recurring future actions will start. Start time is specified by the user following the Unix cron syntax format. Scale up action. | string | "0 9 * * MON-FRI" |
no |
| availability_zones | Availability zones for the default Ireland region. | list(string) | [ "eu-west-1a", "eu-west-1b", "eu-west-1c" ] |
no |
| bastion_instance_types | Bastion instance types used for spot instances. | list(string) | [ "t3.nano", "t3.micro", "t3.small", "t2.nano", "t2.micro", "t2.small" ] |
no |
| desired_capacity | Auto Scalling Group value for desired capacity of bastion hosts. | number | "1" |
no |
| egress_cidr_blocks | List of CIDR ranges to allow outbound traffic at security group level. Defaults to 0.0.0.0/0 | list(string) | [ "0.0.0.0/0" ] |
no |
| enable_asg_scale_down | bool | "false" |
no | |
| enable_asg_scale_up | bool | "false" |
no | |
| hosted_zone_id | Hosted zone id where A record will be added for bastion host/s. | string | "" |
no |
| ingress_cidr_blocks | List of CIDR ranges to allow ssh access at security group level. Defaults to 0.0.0.0/0 | list(string) | [ "0.0.0.0/0" ] |
no |
| max_size | Auto Scalling Group value for maximum capacity of bastion hosts. | number | "1" |
no |
| min_size | Auto Scalling Group value for minimum capacity of bastion hosts. | number | "1" |
no |
| name_prefix | A prefix used for naming resources. | string | n/a | yes |
| private_subnets | Classless Inter-Domain Routing ranges for private subnets. | list(string) | [] |
no |
| public_subnets | Classless Inter-Domain Routing ranges for public subnets. | list(string) | n/a | yes |
| region | AWS region in which resources will get deployed. Defaults to Ireland. | string | "eu-west-1" |
no |
| ssh_key_name | SSH key used to connect to the bastion host | string | n/a | yes |
| ssh_port | SSH port used to access a bastion host. | string | "22" |
no |
| tags | Default tags attached to all resources. | map(string) | { "ServiceType": "ceng-eks" } |
no |
| termination_policies | A list of policies to decide how the instances in the auto scale group should be terminated. The allowed values are OldestInstance, NewestInstance, OldestLaunchConfiguration, ClosestToNextInstanceHour, OldestLaunchTemplate, AllocationStrategy. | list(string) | [ "OldestInstance" ] |
no |
| userdata_file_content | string | "" |
no | |
| vpc_id | VPC ID where bastion hosts and security groups will be created. | string | n/a | yes |
| Name | Description |
|---|---|
| auto_scaling_group_arn | The ARN of the bastion's auto scaling group. |
| auto_scaling_group_id | The ID of the bastion's auto scaling group. |
| iam_role_arn | The ARN of the bastion's IAM Role. |
| iam_role_id | The ID or name of the bastion's IAM Role. |
| launch_template_arn | The ARN of the bastion's launch template. |
| launch_template_id | The ID of the bastion's launch template. |
| security_group_id | The ID of the bastion's security group. |
See LICENSE for full details.
pre-committerraform-docsrequired forterraform_docshooks.TFLintrequired forterraform_tflinthook.
brew install pre-commit terraform-docs tflint