Awesome

Instance (AWS)

AWS Instance with multiple SSH Key support.

Usage

ssh-keygen -t rsa

module "bastion" {
  source = "github.com/opszero/terraform-aws-bastion"

  ssh_keys = [ "ssh-rsa ..." ]
  
  users = {
    "username" = {
      ssh-keys = [
         "ssh-rs ..."
      ]
    }
  }
}

Connect

Use MrMgr to setup IAM access to the Bastion
pip3 install pip3 install ec2instanceconnectcli
mssh --profile awsprofile ubuntu@i-1234566

Deployment

terraform init
terraform plan
terraform apply -auto-approve

Teardown

terraform destroy -auto-approve

Providers

Name	Version
<a name="provider_aws"></a> aws	n/a
<a name="provider_cloudinit"></a> cloudinit	n/a

Inputs

Name	Description	Type	Default	Required
<a name="input_ami_id"></a> ami_id	The AMI ID of the bastion host	`string`	`null`	no
<a name="input_efs_mounts"></a> efs_mounts	EFS multiple mounts	`map`	`{}`	no
<a name="input_ingress_cidrs"></a> ingress_cidrs	Configuration block for ingress rules	`any`	n/a	yes
<a name="input_instance_profile"></a> instance_profile	n/a	<pre>object({<br> role_name = string<br> assume_role_service = string<br> policy_arns = list(string)<br> })</pre>	`null`	no
<a name="input_instance_type"></a> instance_type	EC2 Instance Type of the bastion host	`string`	`"t3.micro"`	no
<a name="input_name"></a> name	The name of the bastion host	`string`	n/a	yes
<a name="input_security_group_ids"></a> security_group_ids	A list of security group names to associate with.	`list(any)`	`[]`	no
<a name="input_ssh_keys"></a> ssh_keys	SSH public keys to add to the image	`list(any)`	`[]`	no
<a name="input_subnet_id"></a> subnet_id	The VPC subnet ID to launch in EC2 bastion host	`string`	n/a	yes
<a name="input_tags"></a> tags	A map of tags to assign to the resource	`map(any)`	`{}`	no
<a name="input_ubuntu_version"></a> ubuntu_version	Ubuntu Server Version	`string`	`"24.04"`	no
<a name="input_user_data"></a> user_data	User data to provide when launching the instance	`string`	`""`	no
<a name="input_user_data_replace_on_change"></a> user_data_replace_on_change	To recreate the instance when user_data is changed	`bool`	`false`	no
<a name="input_userdata"></a> userdata	User data to provide when launching the instance	`string`	`""`	no
<a name="input_users"></a> users	Custom user accounts of the instance	`map`	<pre>{<br> "retool": {<br> "ssh-keys": []<br> }<br>}</pre>	no
<a name="input_volume_size"></a> volume_size	Size of the volume in gibibytes (GiB)	`number`	`20`	no
<a name="input_vpc_id"></a> vpc_id	The VPC ID to create security group for bastion host	`string`	n/a	yes

Resources

Name	Type
aws_cloudwatch_metric_alarm.aws_bastion_cpu_threshold	resource
aws_eip.this	resource
aws_iam_instance_profile.this	resource
aws_iam_role.this	resource
aws_iam_role_policy_attachment.this	resource
aws_instance.this	resource
aws_security_group.this	resource
aws_security_group_rule.this	resource
aws_ssm_parameter.ubuntu	data source
cloudinit_config.config	data source

Outputs

Name	Description
<a name="output_instance_id"></a> instance_id	n/a
<a name="output_public_ip"></a> public_ip	n/a

🚀 Built by opsZero!

Since 2016 opsZero has been providing Kubernetes expertise to companies of all sizes on any Cloud. With a focus on AI and Compliance we can say we seen it all whether SOC2, HIPAA, PCI-DSS, ITAR, FedRAMP, CMMC we have you and your customers covered.

We provide support to organizations in the following ways:

We do this with a high-touch support model where you:

Get access to us on Slack, Microsoft Teams or Email
Get 24/7 coverage of your infrastructure
Get an accelerated migration to Kubernetes

Please schedule a call if you need support.