Skip to content

Commit

Permalink
bastion and ssh keys
Browse files Browse the repository at this point in the history
  • Loading branch information
roncitrus committed Feb 8, 2024
1 parent 507dfdd commit 725881b
Show file tree
Hide file tree
Showing 2 changed files with 51 additions and 0 deletions.
13 changes: 13 additions & 0 deletions terraform/environments/cdpt-ifs/bastion.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
{
"keys": {
"development": {
"acurtis": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7Z+QprFiensJ1Kw08i9shm5lfritcI3/71nrDu2S3H [email protected]"
},
"preproduction": {
"acurtis": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7Z+QprFiensJ1Kw08i9shm5lfritcI3/71nrDu2S3H [email protected]"
},
"production": {
"acurtis": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7Z+QprFiensJ1Kw08i9shm5lfritcI3/71nrDu2S3H [email protected]"
}
}
}
38 changes: 38 additions & 0 deletions terraform/environments/cdpt-ifs/bastion_linux.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
locals {
public_key_data = jsondecode(file("./bastion_linux.json"))
}

module "bastion_linux" {
source = "github.com/ministryofjustice/modernisation-platform-terraform-bastion-linux?ref=v4.0.0"

providers = {
aws.share-host = aws.core-vpc # core-vpc-(environment) holds the networking for all accounts
aws.share-tenant = aws # The default provider (unaliased, `aws`) is the tenant
}

# s3 - used for logs and user ssh public keys
bucket_name = "bastion"
bucket_versioning = true
bucket_force_destroy = true
# public keys
public_key_data = local.public_key_data.keys[local.environment]
# logs
log_auto_clean = "Enabled"
log_standard_ia_days = 30 # days before moving to IA storage
log_glacier_days = 60 # days before moving to Glacier
log_expiry_days = 180 # days before log expiration
# bastion
allow_ssh_commands = false

app_name = var.networking[0].application
business_unit = local.vpc_name
subnet_set = local.subnet_set
environment = local.environment
region = "eu-west-2"

extra_user_data_content = "yum install -y openldap-clients"

# Tags
tags_common = local.tags
tags_prefix = terraform.workspace
}

0 comments on commit 725881b

Please sign in to comment.