The ID of the security group for private instances The DNS name of the ELB for bastion hosts The name of the KMS key alias for the bucket The ID of the bastion host security group The name of the Auto Scaling Group for bastion hosts Use (IMDSv2) Instance Metadata Service V2 Set the SSH port to use from desktop to the bastion Set the SSH port to use between the bastion and private instance Number of days before moving logs to IA Storage Number of days before moving logs to Glacier If TRUE, the load balancer scheme will be "internal" else "internet-facing" List of IPv6 CIDRs that can access the bastion. The desired HTTP PUT response hop limit for instance metadata requests Whether the metadata service is available Name of the hosted zone where we'll register the bastion DNS name For example, this can include installing PostgreSQL for the psql command. List of subnets where the ELB will be deployedĮnables or disables the IPv6 endpoint for the instance metadata serviceĮnables or disables access to instance tags from the instance metadata serviceĪdditional scripting to pass to the bastion host. If true, you must set elb_subnets and is_lb_private Only select false if there is no need to SSH into bastion from outside. If true, 'hosted_zone_id' and 'bastion_record_name' are mandatoryĬhoose if you want to deploy an ELB for accessing bastion hosts. Default: 0.0.0.0/0Ĭhoose if you want to create a record name for the bastion (LB). List of CIDRs that can access the bastion. The bucket and all objects should be destroyed when using trueīucket name where the bastion will store the logs
IAM policy name to create for granting the instance role access to the bucketīastion Launch template Name, will also be used for the ASG IAM Role Permissions Boundary to constrain the bastion host role Select the key pair to use to launch the bastion host List of additional security groups to attach to the launch template List of subnets where the Auto Scaling Group will deploy the instances Warning: These commands are not logged and increase the vulnerability of the system. "description " = "my_bastion_description "Īws_autoscaling_group.bastion_auto_scaling_groupĪws_iam_instance_profile.bastion_host_profileĪws_iam_role_policy_attachment.bastion_hostĪws_launch_template.bastion_launch_templateĪws_lb_target_group.bastion_lb_target_groupĪws_s3_bucket_lifecycle_configuration.bucketĪws_s3_bucket_ownership_controls.bucket-acl-ownershipĪws_s3_bucket_server_side_encryption_configuration.bucketĪws_security_group.bastion_host_security_groupĪws_security_group.private_instances_security_groupĪws_security_group_rule.ingress_instancesĪws_iam_policy_document.assume_policy_documentĪws_iam_policy_document.bastion_host_policy_documentĪllows the SSH user to execute one-off commands.
"īastion_iam_policy_name = "myBastionHostPolicy "
0 kommentar(er)
