Terraform module to create ASG bastion host using ssm session manager on top of golden bastion AMI baked by site-infra team. This module creates following resources:
- aws_autoscaling_group. To stop or start an instances, you can change the asg_capacity value.
- aws_launch_config.
- aws_security_group. Several security group will be created by this module, to give access from this bastion, you need to attach the share security group to your database.
- An existing vpc.
- An existing subnet, recommended using private subnet.
- IAM Policy to grants access to use session manager and send logs to s3.
This Terraform module uses another Terraform module, here is the list of Terraform module dependencies:
Created and tested using Terraform version 0.11.14
No requirements.
Name | Version |
---|---|
aws | n/a |
Name | Description | Type | Default | Required |
---|---|---|---|---|
additional_asg_tags | The created ASG (and spawned instances) will have these tags, merged over the default | list |
[] |
no |
ami_name_prefix | prefix for ami filter | string |
"tvlk/ubuntu-14/tsi/bastion*" |
no |
ami_owner_account_id | aws account id who owns the golden bastion AMI owner. | string |
n/a | yes |
asg_capacity | capacity of ec2 instances for autoscaling group | string |
n/a | yes |
asg_default_cooldown | Time, in seconds, the minimum interval of two scaling activities | string |
"300" |
no |
asg_health_check_grace_period | Time, in seconds, to wait for new instances before checking their health | string |
"300" |
no |
asg_health_check_type | healthchek type for autoscaling group | string |
"EC2" |
no |
asg_wait_for_capacity_timeout | A maximum duration that Terraform should wait for ASG instances to be healthy before timing out | string |
"0m" |
no |
description | description for this cluster | string |
n/a | yes |
ebs_optimized | whether ec2 instance using ebs optimized or not | string |
"false" |
no |
enable_detailed_monitoring | wheter to enable detailed monitoring for ec2 instances or not | string |
"false" |
no |
environment | environment for this resources. | string |
n/a | yes |
instance_type | instance type for bastion hosts. | string |
"t2.medium" |
no |
lc_user_data | The spawned instances will have this user data. Use the rendered value of a terraform's template_cloudinit_config data |
string |
" " |
no |
product_domain | product domain who own this ec2 instances. | string |
n/a | yes |
root_volume_size | size for root volume instances. | string |
"8" |
no |
service_name | service name for the instance | string |
n/a | yes |
subnet_tier | tier of subnet where bastion ec2 instance reside, we recommend to use the subnet with tier app, as it is private. | string |
"app" |
no |
vpc_id | vpc id where ec2 instances reside. | string |
n/a | yes |
Name | Description |
---|---|
asg_bastion_name | The name of the auto scaling group for bastion |
instance_role_name | role name for the instances. |
sg_bastion_id | id of security group for bastion instance. |
shared_sg_elasticsearch_id | id of shared security group for elasticsearch. |
shared_sg_memcached_id | id of shared security group for memcached. |
shared_sg_mongod_id | id of shared security group for mongod. |
shared_sg_mysql_id | id of shared security group for mysql. |
shared_sg_postgres_id | id of shared security group for postgres. |
shared_sg_redis_id | id of shared security group for redis. |
This module accepting or open for any contributions from anyone, please see the CONTRIBUTING.md for more detail about how to contribute to this module.
This module is under Apache License 2.0 - see the LICENSE file for details.