Skip to content
/ terraform-aws-bastion-host-alternatives Public

Terraform sample module for demonstrating alternatives to the traditional Bastion Host concept.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

haakond/terraform-aws-bastion-host-alternatives

BranchesTags

Repository files navigation

terraform-aws-bastion-host-alternatives

About

Terraform AWS sample module to provision resources to demonstrate alternative workflows to the traditional Bastion Host pattern with SSH/RDP. For more information see https://hedrange.com/2024/07/03/bye-bye-bastion/.

Providers

Requires the aws provider.

Usage

See examples/main.tf.

Requirements

Name Version
aws ~> 5.56

Providers

Name Version
aws ~> 5.56

Modules

Name Source Version
db git::https://github.com/terraform-aws-modules/terraform-aws-rds-aurora.git?ref=7d46e900b31322fd7a0ab0d7f67006ba4836c995
ec2_instance git::https://github.com/terraform-aws-modules/terraform-aws-ec2-instance.git?ref=4f8387d0925510a83ee3cb88c541beb77ce4bad6
vpc git::https://github.com/terraform-aws-modules/terraform-aws-vpc.git?ref=25322b6b6be69db6cca7f167d7b0e5327156a595
vpc_endpoints git::https://github.com/terraform-aws-modules/terraform-aws-vpc.git//modules/vpc-endpoints?ref=4a2809c673afa13097af98c2e3c553da8db766a9

Resources

Name Type
aws_cloud9_environment_ec2.cloud9_ssm_instance resource
aws_security_group.private_access resource
aws_ami.amazon_linux_23 data source
aws_availability_zones.available data source
aws_caller_identity.current data source
aws_canonical_user_id.current data source
aws_cloudfront_log_delivery_canonical_user_id.cloudfront data source
aws_iam_policy_document.dynamodb_endpoint_policy data source
aws_iam_policy_document.generic_endpoint_policy data source
aws_region.current data source
aws_security_group.cloud9_security_group data source

Inputs

Name Description Type Default Required
cloud9_instance_owner_arn The ARN of the environment owner. This can be ARN of any AWS IAM principal. Defaults to the environment's creator, but if provisioned by CI/CD, it will not be visible in the AWS Console. string n/a yes
name_prefix Name prefix for provisioned resources. string "bastion-alternative-demo" no
vpc_cidr VPC CIDR range. string "10.1.0.0/16" no

Outputs

Name Description
cloud9_security_group_id Cloud9 Security Group ID

Note: The inputs and outputs sections are automatically generated by terraform-docs in a git pre-commit hook. This requires setup of pre-commit-terraform . Follow the install instructions to use, including the dependencies setup. pre-commit ensures correct formatting, linting and generation of documentation. It also check's for trailing whitespace, merge conflics and mixed line endings. See .pre-commit-config.yaml for more information. A full guide to the pre-commit framework can be found here.

Authors/contributors

See contributors.

License

MIT licensed. See LICENSE. Feel free to fork and make use of what you want.

About

Terraform sample module for demonstrating alternatives to the traditional Bastion Host concept.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages