| Name | Version |
|---|---|
| terraform | >= 0.13.0 |
| aws | >= 4.0 |
| tls | >= 4.0 |
| Name | Version |
|---|---|
| aws | >= 4.0 |
| tls | >= 4.0 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| allow_from_cidrs | List of CIDRs than can access to the bastion. Default : 0.0.0.0/0 | list(string) |
[ |
no |
| allow_from_cidrs_ipv6 | List of IPv6 CIDRs than can access to the bastion. Default : ::/0 | list(string) |
[] |
no |
| allow_ssh_commands | Allows the SSH user to execute one-off commands. Pass true to enable. Warning: These commands are not logged and increase the vulnerability of the system. Use at your own discretion. | bool |
false |
no |
| ami_id | The AMI that the Bastion Host will use. | string |
"" |
no |
| associate_public_ip_address | n/a | string |
false |
no |
| auto_scaling_group_subnets | List of subnet were the Auto Scalling Group will deploy the instances | list(string) |
n/a | yes |
| bastion_additional_security_groups | List of additional security groups to attach to the launch template | list(string) |
[] |
no |
| bastion_iam_permissions_boundary | IAM Role Permissions Boundary to constrain the bastion host role | string |
"" |
no |
| bastion_iam_policy_name | IAM policy name to create for granting the instance role access to the bucket | string |
"BastionHost" |
no |
| bastion_iam_role_name | IAM role name to create | string |
null |
no |
| bastion_instance_count | n/a | number |
1 |
no |
| bastion_name | Bastion Name, will also be used for the ASG | string |
"bastion" |
no |
| bastion_record_name | DNS record name to use for the bastion | string |
"" |
no |
| bastion_security_group_id | Custom security group to use | string |
"" |
no |
| bucket_force_destroy | The bucket and all objects should be destroyed when using true | bool |
false |
no |
| bucket_name | Bucket name were the bastion will store the logs | string |
n/a | yes |
| bucket_versioning | Enable bucket versioning or not | bool |
true |
no |
| create_dns_record | Choose if you want to create a record name for the bastion (LB). If true 'hosted_zone_id' and 'bastion_record_name' are mandatory | bool |
n/a | yes |
| create_eni | Create an ENI with a static IP for the bastion instance | bool |
false |
no |
| create_nacl_rule | Create a NACL rule to allow SSH traffic on ASG subnet | bool |
true |
no |
| disk_encrypt | Instance EBS encrypt | bool |
true |
no |
| disk_size | Root EBS size in GB | number |
8 |
no |
| ebs_device_name | The name of the device to mount | string |
"/dev/xvda" |
no |
| elb_subnets | List of subnet were the ELB will be deployed | list(string) |
n/a | yes |
| enable_logs_s3_sync | Enable cron job to copy logs to S3 | bool |
true |
no |
| eni_availability_zones | List of availability zones for ENI-based Auto Scaling Group. Required if create_eni is true | list(string) |
[] |
no |
| eni_private_ip | Private IP address for the ENI. Must be within the subnet CIDR range | string |
"" |
no |
| eni_subnet_id | Subnet ID where the ENI will be created. Required if create_eni is true | string |
"" |
no |
| extra_user_data_content | Additional scripting to pass to the bastion host. For example, this can include installing postgresql for the psql command. |
string |
"" |
no |
| hosted_zone_id | Name of the hosted zone were we'll register the bastion DNS name | string |
"" |
no |
| instance_type | Instance size of the bastion | string |
"t3.nano" |
no |
| kms_create_key | Create a KMS key for encrypting the bastion host logs S3 bucket | bool |
false |
no |
| log_auto_clean | Enable or not the lifecycle | bool |
false |
no |
| log_expiry_days | Number of days before logs expiration | number |
90 |
no |
| log_glacier_days | Number of days before moving logs to Glacier | number |
60 |
no |
| log_standard_ia_days | Number of days before moving logs to IA Storage | number |
30 |
no |
| public_ssh_port | Set the SSH port to use from desktop to the bastion | number |
22 |
no |
| tags | A mapping of tags to assign | map(string) |
{} |
no |
| volume_type | The volume type. Can be one of standard, gp2, gp3, io1, io2, sc1 or st1 | string |
"gp3" |
no |
| vpc_id | VPC id were we'll deploy the bastion | string |
n/a | yes |
| Name | Description |
|---|---|
| bastion_auto_scaling_group_name | n/a |
| bastion_host_security_group | n/a |
| bucket_arn | n/a |
| bucket_kms_key_alias | n/a |
| bucket_kms_key_arn | n/a |
| bucket_name | n/a |
| elb_arn | n/a |
| elb_ip | n/a |
| eni_id | ID of the ENI created for the bastion (if create_eni is true) |
| eni_private_ip | Private IP address of the ENI (if create_eni is true) |
| target_group_arn | n/a |
Module managed by DNX Solutions.
Apache 2 Licensed. See LICENSE for full details.