This module creates bastion host with TrustedCA Authorization wich allow to ssh via sigined certificates
module "bastion" {
source = "git@gihthub.com:thunderbird86/tf-aws-ca-bastion?ref=v1.0.0"
ca_public_key = var.ca_public_key
subnet_id = var.subnet_id
vpc_id = var.vpc_id
}
| Name | Version |
|---|---|
| terraform | 1.0.7 |
| aws | ~>3.39.0 |
| Name | Version |
|---|---|
| aws | ~>3.39.0 |
| template | n/a |
No modules.
| Name | Type |
|---|---|
| aws_eip.this | resource |
| aws_instance.this | resource |
| aws_route53_record.this | resource |
| aws_security_group.this | resource |
| aws_security_group_rule.egress | resource |
| aws_security_group_rule.internal | resource |
| aws_security_group_rule.ssh | resource |
| aws_ami.selected | data source |
| template_cloudinit_config.this | data source |
| template_file.runcmd | data source |
| template_file.sshd | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| allow_public_access | n/a | bool |
false |
no |
| ami_account_id | The AWS account ID: Default is Canonical Group Limited | string |
"099720109477" |
no |
| ami_filter_arch | Specifies the architecure of the AMI | string |
"x86_64" |
no |
| ami_filter_name | The name of the AMI | string |
"ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-20190212.1" |
no |
| ca_public_key | Public part of lambda_bless ssh key | any |
n/a | yes |
| cas_file_path | File to store public ssh key | string |
"/etc/ssh/cas.pub" |
no |
| cidr_blocks | n/a | list(string) |
[ |
no |
| instance_type | Default instance type to launch | string |
"t3.small" |
no |
| name | Lower DNS domain name | string |
"bastion" |
no |
| security_group_ids | List of additional security groups to attach | list(string) |
[] |
no |
| ssh_port | n/a | number |
22 |
no |
| sshd_conf_path | Path to sshd configuration file | string |
"/etc/ssh/sshd_config" |
no |
| subnet_id | Subnet ID define where lauch bastion | any |
n/a | yes |
| tags | Additional tags | map(string) |
{} |
no |
| vpc_id | VPC ID where to create Security Group | any |
n/a | yes |
| zone_id | Zone ID to create DNS record | string |
"" |
no |
| Name | Description |
|---|---|
| eip | n/a |
| fqdn | FQDN of bastion host |