Merge branch 'main' into ND-510-DB-CLI-Update

modules/bastion/bastion.tf

@@ -7,11 +7,21 @@ terraform {
   }
 }
 
+data "template_file" "user_data" {
+  template = file("${path.module}/user_data/user_data.sh")
+
+  vars = {
+    project_name = var.ami_name
+  }
+}
+
 resource "aws_instance" "bastion" {
   ami           = data.aws_ami.ubuntu.id
   instance_type = "t3a.small"
   count         = var.number_of_bastions
 
+  user_data = data.template_file.user_data.rendered
+
   vpc_security_group_ids = setunion(var.security_group_ids, [aws_security_group.bastion.id])
 
   subnet_id                            = var.private_subnets[0]

modules/bastion/user_data/user_data.sh

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+set -x
+
+mkdir ~/.aws
+cat << 'EOF' > ~/.aws/config
+[profile s3-role]
+role_arn = arn:aws:iam::683290208331:role/s3-mojo-file-transfer-assume-role
+credential_source = Ec2InstanceMetadata
+EOF

modules/servers_vpc/endpoints.tf

@@ -55,10 +55,23 @@ resource "aws_vpc_endpoint" "monitoring" {
 
 
 resource "aws_vpc_endpoint" "s3" {
-  vpc_id          = module.vpc.vpc_id
-  route_table_ids = module.vpc.private_route_table_ids
-  service_name    = "com.amazonaws.${var.region}.s3"
-  tags            = var.tags
+  vpc_id = module.vpc.vpc_id
+  route_table_ids = concat(
+    module.vpc.private_route_table_ids,
+    module.vpc.public_route_table_ids
+  )
+  service_name = "com.amazonaws.${var.region}.s3"
+  tags         = var.tags
+}
+
+resource "aws_vpc_endpoint" "sts" {
+  vpc_id              = module.vpc.vpc_id
+  subnet_ids          = module.vpc.public_subnets
+  service_name        = "com.amazonaws.${var.region}.sts"
+  vpc_endpoint_type   = "Interface"
+  private_dns_enabled = true
+  security_group_ids  = [aws_security_group.endpoints.id]
+  tags                = var.tags
 }