Extending the mighty managabilities of JumpCloud to the server assets.
- Create an environment with the number of servers you chose (public AMIs):
Windows Server 2022
.Ubuntu 22.04, REHL 9, and AmzonLinux 2
. (all tested, compatible with JumpCloud agent.)- These servers will sit in the same subnet with a security group set to allow communications between themselves by default.
- Auto detects and whitelists your public IP to be allowed for
RDP
,WinRM
, andSSH
. - Flexible provisioning via
prep-ad.ps1
script (featured AWSuser_data
). - The secrets defined as variables will have exposures in
user-data
(in the instance setting) by design, so pls think twice and implement a better obfuscation if you plan to go beyond testing, and remember to runterraform destroy
once the test is done.
- The latest version of Terraform
- Use profile based auth for AWS Cli.
- You may refer to this post if you haven't setup JumpCloud SSO for AWS to support this use caes.
- Rename file
example_secret_tf
tosecret.tf
. - Change the region if your preferred one is not Singapore, in
vars.tf
, at line 16. - Fill in the desired passwords, user names and your JumpCloud Connect Key in
secret.tf
.- Note: Never Ever expose this file anywhere.
- It will create a new VPC and use
10.10.0.0/16
CIDR, subsequently a subnet10.10.10.0/24
will be created for placing the VMs. Please make sure it has no conflict in your existing infra. - DO NOT expose
secret.tf
and your tf state file in any occasion, these files contain passwords and secrets. - Fire it UP!
# You might need to refresh your SSO token:
aws sso login --profile your-sso-profile
# For windows
Terraform plan -var your-jc-username=$USER \
-var my-aws-profile=your-sso-profile
Terraform apply -var your-jc-username=$USER \
-var my-aws-profile=your-sso-profile
# For Linux - an empty .pem file needs to be present
touch linux-key-pair.pem && Terraform plan -var your-jc-username=$USER \
-var my-aws-profile=your-sso-profile
Terraform apply -var your-jc-username=$USER \
-var my-aws-profile=your-sso-profile
- Instances' IPs and login info will be presented as output, like:
Outputs:
Admin_Password = "<concealed>"
Admin_Username = "<concealed>"
note = "Please give it 5~10 min before RDP-ing as the win prep script is busy doing its job, go grab a coffee! :-) "
private_ip_info = [
"Server Name: winSRV202-<yourUsername>-1, Private IP: <private_ip>",
"Server Name: winSRV202-<yourUsername>-2, Private IP: <private_ip>",
]
public_dns_info = [
"Server Name: winSRV202-<yourUsername>-1, Public DNS: ec2-public-ip.ap-southeast-1.compute.amazonaws.com",
"Server Name: winSRV202-<yourUsername>-2, Public DNS: ec2-public-ip.ap-southeast-1.compute.amazonaws.com",
]
public_ip_info = [
"Server Name: winSRV202-<yourUsername>-1, Public IP: <public_ip>",
"Server Name: winSRV202-<yourUsername>-2, Public IP: <public_ip>",
]