AWS Instance with multiple SSH Key support.
ssh-keygen -t rsamodule "bastion" {
source = "github.com/opszero/terraform-aws-bastion"
ssh_keys = [ "ssh-rsa ..." ]
users = {
"username" = {
ssh-keys = [
"ssh-rs ..."
]
}
}
}- Use MrMgr to setup IAM access to the Bastion
pip3 install pip3 install ec2instanceconnectclimssh --profile awsprofile ubuntu@i-1234566
terraform init
terraform plan
terraform apply -auto-approveterraform destroy -auto-approve| Name | Version |
|---|---|
| aws | n/a |
| cloudinit | n/a |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| ami_id | The AMI ID of the bastion host | string |
null |
no |
| efs_mounts | EFS multiple mounts | map |
{} |
no |
| ingress_cidrs | Configuration block for ingress rules | any |
n/a | yes |
| instance_profile | n/a | object({ |
null |
no |
| instance_type | EC2 Instance Type of the bastion host | string |
"t3.micro" |
no |
| name | The name of the bastion host | string |
n/a | yes |
| security_group_ids | A list of security group names to associate with. | list(any) |
[] |
no |
| ssh_keys | SSH public keys to add to the image | list(any) |
[] |
no |
| subnet_id | The VPC subnet ID to launch in EC2 bastion host | string |
n/a | yes |
| tags | A map of tags to assign to the resource | map(any) |
{} |
no |
| ubuntu_version | Ubuntu Server Version | string |
"24.04" |
no |
| user_data | User data to provide when launching the instance | string |
"" |
no |
| user_data_replace_on_change | To recreate the instance when user_data is changed | bool |
false |
no |
| userdata | User data to provide when launching the instance | string |
"" |
no |
| users | Custom user accounts of the instance | map |
{ |
no |
| volume_size | Size of the volume in gibibytes (GiB) | number |
20 |
no |
| vpc_id | The VPC ID to create security group for bastion host | string |
n/a | yes |
| Name | Type |
|---|---|
| aws_cloudwatch_metric_alarm.aws_bastion_cpu_threshold | resource |
| aws_eip.this | resource |
| aws_iam_instance_profile.this | resource |
| aws_iam_role.this | resource |
| aws_iam_role_policy_attachment.this | resource |
| aws_instance.this | resource |
| aws_security_group.this | resource |
| aws_security_group_rule.this | resource |
| aws_ssm_parameter.ubuntu | data source |
| cloudinit_config.config | data source |
| Name | Description |
|---|---|
| instance_id | n/a |
| public_ip | n/a |
Since 2016 opsZero has been providing Kubernetes expertise to companies of all sizes on any Cloud. With a focus on AI and Compliance we can say we seen it all whether SOC2, HIPAA, PCI-DSS, ITAR, FedRAMP, CMMC we have you and your customers covered.
We provide support to organizations in the following ways:
- Modernize or Migrate to Kubernetes
- Cloud Infrastructure with Kubernetes on AWS, Azure, Google Cloud, or Bare Metal
- Building AI and Data Pipelines on Kubernetes
- Optimizing Existing Kubernetes Workloads
We do this with a high-touch support model where you:
- Get access to us on Slack, Microsoft Teams or Email
- Get 24/7 coverage of your infrastructure
- Get an accelerated migration to Kubernetes
Please schedule a call if you need support.
