This module creates bastion host with TrustedCA Authorization wich allow to ssh via sigined certificates
module "bastion" {
source = "git@gihthub.com:thunderbird86/tf-aws-ca-bastion?ref=v1.0.0"
ca_public_key = var.ca_public_key
subnet_id = var.subnet_id
vpc_id = var.vpc_id
}
Name | Version |
---|---|
terraform | 1.0.7 |
aws | ~>3.39.0 |
Name | Version |
---|---|
aws | ~>3.39.0 |
template | n/a |
No modules.
Name | Type |
---|---|
aws_eip.this | resource |
aws_instance.this | resource |
aws_route53_record.this | resource |
aws_security_group.this | resource |
aws_security_group_rule.egress | resource |
aws_security_group_rule.internal | resource |
aws_security_group_rule.ssh | resource |
aws_ami.selected | data source |
template_cloudinit_config.this | data source |
template_file.runcmd | data source |
template_file.sshd | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
allow_public_access | n/a | bool |
false |
no |
ami_account_id | The AWS account ID: Default is Canonical Group Limited | string |
"099720109477" |
no |
ami_filter_arch | Specifies the architecure of the AMI | string |
"x86_64" |
no |
ami_filter_name | The name of the AMI | string |
"ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-20190212.1" |
no |
ca_public_key | Public part of lambda_bless ssh key | any |
n/a | yes |
cas_file_path | File to store public ssh key | string |
"/etc/ssh/cas.pub" |
no |
cidr_blocks | n/a | list(string) |
[ |
no |
instance_type | Default instance type to launch | string |
"t3.small" |
no |
name | Lower DNS domain name | string |
"bastion" |
no |
security_group_ids | List of additional security groups to attach | list(string) |
[] |
no |
ssh_port | n/a | number |
22 |
no |
sshd_conf_path | Path to sshd configuration file | string |
"/etc/ssh/sshd_config" |
no |
subnet_id | Subnet ID define where lauch bastion | any |
n/a | yes |
tags | Additional tags | map(string) |
{} |
no |
vpc_id | VPC ID where to create Security Group | any |
n/a | yes |
zone_id | Zone ID to create DNS record | string |
"" |
no |
Name | Description |
---|---|
eip | n/a |
fqdn | FQDN of bastion host |